sanitize.inc.php ➔ sanitize() - Code Metrics - Inspection of "2.1.27" - nilsteampassnet/TeamPass - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — development ( cdea1d...eda7c5 )

by Nils

created 2017-07-09 06:59 UTC

sanitize.inc.php ➔ sanitize() C

↳ Parent: Project

Complexity

Conditions	9
Paths	256

Size

Total Lines	12
Code Lines	10

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	9
eloc	10
nc	256
nop	4
dl	0
loc	12
rs	6.4615
c	0
b	0
f	0

<?php
/*
 * Copyright (c) 2002,2003 Free Software Foundation
 * developed under the custody of the
 * Open Web Application Security Project
 * (http://www.owasp.org)
 *
 * This file is part of the PHP Filters.
 * PHP Filters is free software; you can redistribute it and/or modify it 
 * under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 * 
 * PHP Filters is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 * See the GNU General Public License for more details.
 * 
 * If you are not able to view the LICENSE, which should
 * always be possible within a valid and working PHP Filters release,
 * please write to the Free Software Foundation, Inc.,
 * 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 * to get a copy of the GNU General Public License or to report a
 * possible license violation.
 */
///////////////////////////////////////
// sanitize.inc.php
// Sanitization functions for PHP
// by: Gavin Zuchlinski, Jamie Pratt, Hokkaido
// webpage: http://libox.net
// Last modified: December 21, 2003
//
// Many thanks to those on the webappsec list for helping me improve these functions
///////////////////////////////////////
// Function list:
// sanitize_paranoid_string($string) -- input string, returns string stripped of all non
//           alphanumeric
// sanitize_system_string($string) -- input string, returns string stripped of special
//           characters
// sanitize_sql_string($string) -- input string, returns string with slashed out quotes
// sanitize_html_string($string) -- input string, returns string with html replacements
//           for special characters
// sanitize_int($integer) -- input integer, returns ONLY the integer (no extraneous
//           characters
// sanitize_float($float) -- input float, returns ONLY the float (no extraneous
//           characters)
// sanitize($input, $flags) -- input any variable, performs sanitization
//           functions specified in flags. flags can be bitwise
//           combination of PARANOID, SQL, SYSTEM, HTML, INT, FLOAT, LDAP,
//           UTF8
//
//
///////////////////////////////////////
//
// 20031121 jp - added defines for magic_quotes and register_globals, added ; to replacements
//               in sanitize_sql_string() function, created rudimentary testing pages
// 20031221 gz - added nice_addslashes and changed sanitize_sql_string to use it
//
/////////////////////////////////////////

define("PARANOID", 1);
define("SQL", 2);
define("SYSTEM", 4);
define("HTML", 8);
define("INT", 16);
define("FLOAT", 32);
define("LDAP", 64);
define("UTF8", 128);

// get register_globals ini setting - jp
$register_globals = (bool) ini_get('register_gobals');
if ($register_globals == TRUE) { define("REGISTER_GLOBALS", 1); } else { define("REGISTER_GLOBALS", 0); }


// get magic_quotes_gpc ini setting - jp
$magic_quotes = (bool) ini_get('magic_quotes_gpc');
if ($magic_quotes == TRUE) { define("MAGIC_QUOTES", 1); } else { define("MAGIC_QUOTES", 0); }


// addslashes wrapper to check for gpc_magic_quotes - gz
function nice_addslashes($string)
{
  // if magic quotes is on the string is already quoted, just return it
  if(MAGIC_QUOTES)
    return $string;
  else
    return addslashes($string);
}

// internal function for utf8 decoding
// thanks to Hokkaido for noticing that PHP's utf8_decode function is a little
// screwy, and to jamie for the code
function my_utf8_decode($string)
{
return strtr($string,
  "???????�����������������������������������������������������������",
  "SOZsozYYuAAAAAAACEEEEIIIIDNOOOOOOUUUUYsaaaaaaaceeeeiiiionoooooouuuuyy");
}

// paranoid sanitization -- only let the alphanumeric set through
function sanitize_paranoid_string($string, $min='', $max='')

{
  $string = preg_replace("/[^a-zA-Z0-9]/", "", $string);
  $len = strlen($string);
  if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max)))
    return FALSE;
  return $string;
}

// sanitize a string in prep for passing a single argument to system() (or similar)
function sanitize_system_string($string, $min='', $max='')
{
  $pattern = '/(;|\||`|>|<|&|^|"|'."\n|\r|'".'|{|}|[|]|\)|\()/i'; // no piping, passing possible environment variables ($),
                           // seperate commands, nested execution, file redirection,
                           // background processing, special commands (backspace, etc.), quotes
                           // newlines, or some other special characters
  $string = preg_replace($pattern, '', $string);
  $string = '"'.preg_replace('/\$/', '\\\$', $string).'"'; //make sure this is only interpretted as ONE argument
  $len = strlen($string);
  if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max)))
    return FALSE;
  return $string;
}

// sanitize a string for SQL input (simple slash out quotes and slashes)
function sanitize_sql_string($string, $min='', $max='')
{
  $string = nice_addslashes($string); //gz
  $pattern = "/;/"; // jp
  $replacement = "";
  $len = strlen($string);
  if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max)))
    return FALSE;
  return preg_replace($pattern, $replacement, $string);
}

// sanitize a string for SQL input (simple slash out quotes and slashes)
function sanitize_ldap_string($string, $min='', $max='')

{
  $pattern = '/(\)|\(|\||&)/';
  $len = strlen($string);
  if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max)))
    return FALSE;
  return preg_replace($pattern, '', $string);
}


// sanitize a string for HTML (make sure nothing gets interpretted!)
function sanitize_html_string($string)
{
  $pattern[0] = '/\&/';
foreach ($collection as $item) {
    $myArray['foo'] = $item->getFoo();

    if ($item->hasBar()) {
        $myArray['bar'] = $item->getBar();
    }

    // do something with $myArray
}
  $pattern[1] = '/</';
  $pattern[2] = "/>/";
  $pattern[3] = '/\n/';
  $pattern[4] = '/"/';
  $pattern[5] = "/'/";
  $pattern[6] = "/%/";
  $pattern[7] = '/\(/';
  $pattern[8] = '/\)/';
  $pattern[9] = '/\+/';
  $pattern[10] = '/-/';
  $replacement[0] = '&amp;';
foreach ($collection as $item) {
    $myArray['foo'] = $item->getFoo();

    if ($item->hasBar()) {
        $myArray['bar'] = $item->getBar();
    }

    // do something with $myArray
}
  $replacement[1] = '&lt;';
  $replacement[2] = '&gt;';
  $replacement[3] = '<br>';
  $replacement[4] = '&quot;';
  $replacement[5] = '&#39;';
  $replacement[6] = '&#37;';
  $replacement[7] = '&#40;';
  $replacement[8] = '&#41;';
  $replacement[9] = '&#43;';
  $replacement[10] = '&#45;';
  return preg_replace($pattern, $replacement, $string);
}

// make int int!
function sanitize_int($integer, $min='', $max='')
{
  $int = intval($integer);
  if((($min != '') && ($int < $min)) || (($max != '') && ($int > $max)))
    return FALSE;
  return $int;
}

// make float float!
function sanitize_float($float, $min='', $max='')
{
  $float = floatval($float);
  if((($min != '') && ($float < $min)) || (($max != '') && ($float > $max)))
    return FALSE;
  return $float;
}

// glue together all the other functions
function sanitize($input, $flags, $min='', $max='')
{
  if($flags & UTF8) $input = my_utf8_decode($input);
  if($flags & PARANOID) $input = sanitize_paranoid_string($input, $min, $max);
  if($flags & INT) $input = sanitize_int($input, $min, $max);
  if($flags & FLOAT) $input = sanitize_float($input, $min, $max);
  if($flags & HTML) $input = sanitize_html_string($input, $min, $max);

  if($flags & SQL) $input = sanitize_sql_string($input, $min, $max);
  if($flags & LDAP) $input = sanitize_ldap_string($input, $min, $max);
  if($flags & SYSTEM) $input = sanitize_system_string($input, $min, $max);
  return $input;
}

function check_paranoid_string($input, $min='', $max='')
{
  if($input != sanitize_paranoid_string($input, $min, $max))
    return FALSE;
  return TRUE;
}

function check_int($input, $min='', $max='')
{
  if($input != sanitize_int($input, $min, $max))
    return FALSE;
  return TRUE;
}

function check_float($input, $min='', $max='')
{
  if($input != sanitize_float($input, $min, $max))
    return FALSE;
  return TRUE;
}

function check_html_string($input, $min='', $max='')
{
  if($input != sanitize_html_string($input, $min, $max))

    return FALSE;
  return TRUE;
}

function check_sql_string($input, $min='', $max='')
{
  if($input != sanitize_sql_string($input, $min, $max))
    return FALSE;
  return TRUE;
}

function check_ldap_string($input, $min='', $max='')
{
  if($input != sanitize_string($input, $min, $max))
    return FALSE;
  return TRUE;
}

function check_system_string($input, $min='', $max='')
{
  if($input != sanitize_system_string($input, $min, $max, TRUE))

    return FALSE;
  return TRUE;
}

// glue together all the other functions
function check($input, $flags, $min='', $max='')
{
  $oldput = $input;
  if($flags & UTF8) $input = my_utf8_decode($input);
  if($flags & PARANOID) $input = sanitize_paranoid_string($input, $min, $max);
  if($flags & INT) $input = sanitize_int($input, $min, $max);
  if($flags & FLOAT) $input = sanitize_float($input, $min, $max);
  if($flags & HTML) $input = sanitize_html_string($input, $min, $max);

  if($flags & SQL) $input = sanitize_sql_string($input, $min, $max);
  if($flags & LDAP) $input = sanitize_ldap_string($input, $min, $max);
  if($flags & SYSTEM) $input = sanitize_system_string($input, $min, $max, TRUE);

  if($input != $oldput)
    return FALSE;
  return TRUE;
}
?>


1		<?php
2		/*
3		* Copyright (c) 2002,2003 Free Software Foundation
4		* developed under the custody of the
5		* Open Web Application Security Project
6		* (http://www.owasp.org)
7		*
8		* This file is part of the PHP Filters.
9		* PHP Filters is free software; you can redistribute it and/or modify it
10		* under the terms of the GNU General Public License as published by
11		* the Free Software Foundation; either version 2 of the License, or
12		* (at your option) any later version.
13		*
14		* PHP Filters is distributed in the hope that it will be useful,
15		* but WITHOUT ANY WARRANTY; without even the implied warranty of
16		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
17		* See the GNU General Public License for more details.
18		*
19		* If you are not able to view the LICENSE, which should
20		* always be possible within a valid and working PHP Filters release,
21		* please write to the Free Software Foundation, Inc.,
22		* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23		* to get a copy of the GNU General Public License or to report a
24		* possible license violation.
25		*/
26		///////////////////////////////////////
27		// sanitize.inc.php
28		// Sanitization functions for PHP
29		// by: Gavin Zuchlinski, Jamie Pratt, Hokkaido
30		// webpage: http://libox.net
31		// Last modified: December 21, 2003
32		//
33		// Many thanks to those on the webappsec list for helping me improve these functions
34		///////////////////////////////////////
35		// Function list:
36		// sanitize_paranoid_string($string) -- input string, returns string stripped of all non
37		// alphanumeric
38		// sanitize_system_string($string) -- input string, returns string stripped of special
39		// characters
40		// sanitize_sql_string($string) -- input string, returns string with slashed out quotes
41		// sanitize_html_string($string) -- input string, returns string with html replacements
42		// for special characters
43		// sanitize_int($integer) -- input integer, returns ONLY the integer (no extraneous
44		// characters
45		// sanitize_float($float) -- input float, returns ONLY the float (no extraneous
46		// characters)
47		// sanitize($input, $flags) -- input any variable, performs sanitization
48		// functions specified in flags. flags can be bitwise
49		// combination of PARANOID, SQL, SYSTEM, HTML, INT, FLOAT, LDAP,
50		// UTF8
51		//
52		//
53		///////////////////////////////////////
54		//
55		// 20031121 jp - added defines for magic_quotes and register_globals, added ; to replacements
56		// in sanitize_sql_string() function, created rudimentary testing pages
57		// 20031221 gz - added nice_addslashes and changed sanitize_sql_string to use it
58		//
59		/////////////////////////////////////////
60
61		define("PARANOID", 1);
62		define("SQL", 2);
63		define("SYSTEM", 4);
64		define("HTML", 8);
65		define("INT", 16);
66		define("FLOAT", 32);
67		define("LDAP", 64);
68		define("UTF8", 128);
69
70		// get register_globals ini setting - jp
71		$register_globals = (bool) ini_get('register_gobals');
72		if ($register_globals == TRUE) { define("REGISTER_GLOBALS", 1); } else { define("REGISTER_GLOBALS", 0); }
		0 ignored issues – show Coding Style Best Practice introduced 2017-07-09 07:04 UTC by Report Bug Copy Issue Report It seems like you are loosely comparing two booleans. Considering using the strict comparison `===` instead. When comparing two booleans, it is generally considered safer to use the strict comparison operator. Loading history...
73
74		// get magic_quotes_gpc ini setting - jp
75		$magic_quotes = (bool) ini_get('magic_quotes_gpc');
76		if ($magic_quotes == TRUE) { define("MAGIC_QUOTES", 1); } else { define("MAGIC_QUOTES", 0); }
		0 ignored issues – show Coding Style Best Practice introduced 2017-07-09 07:04 UTC by Report Bug Copy Issue Report It seems like you are loosely comparing two booleans. Considering using the strict comparison `===` instead. When comparing two booleans, it is generally considered safer to use the strict comparison operator. Loading history...
77
78		// addslashes wrapper to check for gpc_magic_quotes - gz
79		function nice_addslashes($string)
80		{
81		// if magic quotes is on the string is already quoted, just return it
82		if(MAGIC_QUOTES)
83		return $string;
84		else
85		return addslashes($string);
86		}
87
88		// internal function for utf8 decoding
89		// thanks to Hokkaido for noticing that PHP's utf8_decode function is a little
90		// screwy, and to jamie for the code
91		function my_utf8_decode($string)
92		{
93		return strtr($string,
94		"???????��",
95		"SOZsozYYuAAAAAAACEEEEIIIIDNOOOOOOUUUUYsaaaaaaaceeeeiiiionoooooouuuuyy");
96		}
97
98		// paranoid sanitization -- only let the alphanumeric set through
99	View Code Duplication	function sanitize_paranoid_string($string, $min='', $max='')
		0 ignored issues – show Duplication introduced 2017-07-09 07:04 UTC by Report Bug Copy Issue Report This function seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
100		{
101		$string = preg_replace("/[^a-zA-Z0-9]/", "", $string);
102		$len = strlen($string);
103		if((($min != '') && ($len < $min)) \|\| (($max != '') && ($len > $max)))
104		return FALSE;
105		return $string;
106		}
107
108		// sanitize a string in prep for passing a single argument to system() (or similar)
109		function sanitize_system_string($string, $min='', $max='')
110		{
111		$pattern = '/(;\|\\|\|`\|>\|<\|&\|^\|"\|'."\n\|\r\|'".'\|{\|}\|[\|]\|\)\|\()/i'; // no piping, passing possible environment variables ($),
112		// seperate commands, nested execution, file redirection,
113		// background processing, special commands (backspace, etc.), quotes
114		// newlines, or some other special characters
115		$string = preg_replace($pattern, '', $string);
116		$string = '"'.preg_replace('/\$/', '\\\$', $string).'"'; //make sure this is only interpretted as ONE argument
117		$len = strlen($string);
118		if((($min != '') && ($len < $min)) \|\| (($max != '') && ($len > $max)))
119		return FALSE;
120		return $string;
121		}
122
123		// sanitize a string for SQL input (simple slash out quotes and slashes)
124		function sanitize_sql_string($string, $min='', $max='')
125		{
126		$string = nice_addslashes($string); //gz
127		$pattern = "/;/"; // jp
128		$replacement = "";
129		$len = strlen($string);
130		if((($min != '') && ($len < $min)) \|\| (($max != '') && ($len > $max)))
131		return FALSE;
132		return preg_replace($pattern, $replacement, $string);
133		}
134
135		// sanitize a string for SQL input (simple slash out quotes and slashes)
136	View Code Duplication	function sanitize_ldap_string($string, $min='', $max='')
		0 ignored issues – show Duplication introduced 2017-07-09 07:04 UTC by Report Bug Copy Issue Report This function seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
137		{
138		$pattern = '/(\)\|\(\|\\|\|&)/';
139		$len = strlen($string);
140		if((($min != '') && ($len < $min)) \|\| (($max != '') && ($len > $max)))
141		return FALSE;
142		return preg_replace($pattern, '', $string);
143		}
144
145
146		// sanitize a string for HTML (make sure nothing gets interpretted!)
147		function sanitize_html_string($string)
148		{
149		$pattern[0] = '/\&/';
		0 ignored issues – show Coding Style Comprehensibility introduced 2017-07-09 07:04 UTC by Report Bug Copy Issue Report `$pattern` was never initialized. Although not strictly required by PHP, it is generally a good practice to add `$pattern = array();` before regardless. Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) { $myArray['foo'] = $item->getFoo(); if ($item->hasBar()) { $myArray['bar'] = $item->getBar(); } // do something with $myArray } As you can see in this example, the array `$myArray` is initialized the first time when the foreach loop is entered. You can also see that the value of the `bar` key is only written conditionally; thus, its value might result from a previous iteration. This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization `$myArray = array()` either outside or inside the foreach loop. Loading history...
150		$pattern[1] = '/</';
151		$pattern[2] = "/>/";
152		$pattern[3] = '/\n/';
153		$pattern[4] = '/"/';
154		$pattern[5] = "/'/";
155		$pattern[6] = "/%/";
156		$pattern[7] = '/\(/';
157		$pattern[8] = '/\)/';
158		$pattern[9] = '/\+/';
159		$pattern[10] = '/-/';
160		$replacement[0] = '&';
		0 ignored issues – show Coding Style Comprehensibility introduced 2017-07-09 07:04 UTC by Report Bug Copy Issue Report `$replacement` was never initialized. Although not strictly required by PHP, it is generally a good practice to add `$replacement = array();` before regardless. Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) { $myArray['foo'] = $item->getFoo(); if ($item->hasBar()) { $myArray['bar'] = $item->getBar(); } // do something with $myArray } As you can see in this example, the array `$myArray` is initialized the first time when the foreach loop is entered. You can also see that the value of the `bar` key is only written conditionally; thus, its value might result from a previous iteration. This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization `$myArray = array()` either outside or inside the foreach loop. Loading history...
161		$replacement[1] = '<';
162		$replacement[2] = '>';
163		$replacement[3] = '<br>';
164		$replacement[4] = '"';
165		$replacement[5] = ''';
166		$replacement[6] = '%';
167		$replacement[7] = '(';
168		$replacement[8] = ')';
169		$replacement[9] = '+';
170		$replacement[10] = '-';
171		return preg_replace($pattern, $replacement, $string);
172		}
173
174		// make int int!
175		function sanitize_int($integer, $min='', $max='')
176		{
177		$int = intval($integer);
178		if((($min != '') && ($int < $min)) \|\| (($max != '') && ($int > $max)))
179		return FALSE;
180		return $int;
181		}
182
183		// make float float!
184		function sanitize_float($float, $min='', $max='')
185		{
186		$float = floatval($float);
187		if((($min != '') && ($float < $min)) \|\| (($max != '') && ($float > $max)))
188		return FALSE;
189		return $float;
190		}
191
192		// glue together all the other functions
193		function sanitize($input, $flags, $min='', $max='')
194		{
195		if($flags & UTF8) $input = my_utf8_decode($input);
196		if($flags & PARANOID) $input = sanitize_paranoid_string($input, $min, $max);
197		if($flags & INT) $input = sanitize_int($input, $min, $max);
198		if($flags & FLOAT) $input = sanitize_float($input, $min, $max);
199		if($flags & HTML) $input = sanitize_html_string($input, $min, $max);
		0 ignored issues – show Unused Code introduced 2017-07-09 07:04 UTC by Report Bug Copy Issue Report The call to `sanitize_html_string()` has too many arguments starting with `$min`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
200		if($flags & SQL) $input = sanitize_sql_string($input, $min, $max);
201		if($flags & LDAP) $input = sanitize_ldap_string($input, $min, $max);
202		if($flags & SYSTEM) $input = sanitize_system_string($input, $min, $max);
203		return $input;
204		}
205
206		function check_paranoid_string($input, $min='', $max='')
207		{
208		if($input != sanitize_paranoid_string($input, $min, $max))
209		return FALSE;
210		return TRUE;
211		}
212
213		function check_int($input, $min='', $max='')
214		{
215		if($input != sanitize_int($input, $min, $max))
216		return FALSE;
217		return TRUE;
218		}
219
220		function check_float($input, $min='', $max='')
221		{
222		if($input != sanitize_float($input, $min, $max))
223		return FALSE;
224		return TRUE;
225		}
226
227		function check_html_string($input, $min='', $max='')
228		{
229		if($input != sanitize_html_string($input, $min, $max))
		0 ignored issues – show Unused Code introduced 2017-07-09 07:04 UTC by Report Bug Copy Issue Report The call to `sanitize_html_string()` has too many arguments starting with `$min`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
230		return FALSE;
231		return TRUE;
232		}
233
234		function check_sql_string($input, $min='', $max='')
235		{
236		if($input != sanitize_sql_string($input, $min, $max))
237		return FALSE;
238		return TRUE;
239		}
240
241		function check_ldap_string($input, $min='', $max='')
242		{
243		if($input != sanitize_string($input, $min, $max))
244		return FALSE;
245		return TRUE;
246		}
247
248		function check_system_string($input, $min='', $max='')
249		{
250		if($input != sanitize_system_string($input, $min, $max, TRUE))
		0 ignored issues – show Unused Code introduced 2017-07-09 07:04 UTC by Report Bug Copy Issue Report The call to `sanitize_system_string()` has too many arguments starting with `TRUE`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
251		return FALSE;
252		return TRUE;
253		}
254
255		// glue together all the other functions
256		function check($input, $flags, $min='', $max='')
257		{
258		$oldput = $input;
259		if($flags & UTF8) $input = my_utf8_decode($input);
260		if($flags & PARANOID) $input = sanitize_paranoid_string($input, $min, $max);
261		if($flags & INT) $input = sanitize_int($input, $min, $max);
262		if($flags & FLOAT) $input = sanitize_float($input, $min, $max);
263		if($flags & HTML) $input = sanitize_html_string($input, $min, $max);
		0 ignored issues – show Unused Code introduced 2017-07-09 07:04 UTC by Report Bug Copy Issue Report The call to `sanitize_html_string()` has too many arguments starting with `$min`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
264		if($flags & SQL) $input = sanitize_sql_string($input, $min, $max);
265		if($flags & LDAP) $input = sanitize_ldap_string($input, $min, $max);
266		if($flags & SYSTEM) $input = sanitize_system_string($input, $min, $max, TRUE);
		0 ignored issues – show Unused Code introduced 2017-07-09 07:04 UTC by Report Bug Copy Issue Report The call to `sanitize_system_string()` has too many arguments starting with `TRUE`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
267		if($input != $oldput)
268		return FALSE;
269		return TRUE;
270		}
271		?>
		0 ignored issues – show Best Practice introduced 2017-07-09 07:04 UTC by Report Bug Copy Issue Report It is not recommended to use PHP's closing tag `?>` in files other than templates. Using a closing tag in PHP files that only contain PHP code is not recommended as you might accidentally add whitespace after the closing tag which would then be output by PHP. This can cause severe problems, for example headers cannot be sent anymore. A simple precaution is to leave off the closing tag as it is not required, and it also has no negative effects whatsoever. Loading history...

nilsteampassnet / TeamPass

Push — development ( cdea1d...eda7c5 )

sanitize.inc.php ➔ sanitize() C

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like