o2system /
security
@@ -33,7 +33,7 @@ discard block |
||
| 33 | 33 | // Is the string an array? |
| 34 | 34 | if (is_array($string)) {
|
| 35 | 35 | while (list($key) = each($string)) {
|
| 36 | - $string[ $key ] = self::clean($string[ $key ]); |
|
| 36 | + $string[$key] = self::clean($string[$key]); |
|
| 37 | 37 | } |
| 38 | 38 | |
| 39 | 39 | return $string; |
@@ -291,7 +291,7 @@ discard block |
||
| 291 | 291 | $config = require('../Config/Xss.php');
|
| 292 | 292 | } |
| 293 | 293 | |
| 294 | - return $config[ $index ]; |
|
| 294 | + return $config[$index]; |
|
| 295 | 295 | } |
| 296 | 296 | |
| 297 | 297 | // -------------------------------------------------------------------- |
@@ -310,7 +310,7 @@ discard block |
||
| 310 | 310 | */ |
| 311 | 311 | protected static function compactExplodedWords($matches) |
| 312 | 312 | {
|
| 313 | - return preg_replace('/\s+/s', '', $matches[ 1 ]) . $matches[ 2 ];
|
|
| 313 | + return preg_replace('/\s+/s', '', $matches[1]) . $matches[2];
|
|
| 314 | 314 | } |
| 315 | 315 | |
| 316 | 316 | // -------------------------------------------------------------------- |
@@ -329,13 +329,13 @@ discard block |
||
| 329 | 329 | protected static function sanitizeNaughtyHTML($matches) |
| 330 | 330 | {
|
| 331 | 331 | // First, escape unclosed tags |
| 332 | - if (empty($matches[ 'closeTag' ])) {
|
|
| 333 | - return '<' . $matches[ 1 ]; |
|
| 332 | + if (empty($matches['closeTag'])) {
|
|
| 333 | + return '<' . $matches[1]; |
|
| 334 | 334 | } // Is the element that we caught naughty? If so, escape it |
| 335 | - elseif (in_array(strtolower($matches[ 'tagName' ]), self::getConfig('naughty_tags'), true)) {
|
|
| 336 | - return '<' . $matches[ 1 ] . '>'; |
|
| 335 | + elseif (in_array(strtolower($matches['tagName']), self::getConfig('naughty_tags'), true)) {
|
|
| 336 | + return '<' . $matches[1] . '>'; |
|
| 337 | 337 | } // For other tags, see if their attributes are "evil" and strip those |
| 338 | - elseif (isset($matches[ 'attributes' ])) {
|
|
| 338 | + elseif (isset($matches['attributes'])) {
|
|
| 339 | 339 | // We'll store the already fitlered attributes here |
| 340 | 340 | $attributes = []; |
| 341 | 341 | |
@@ -356,37 +356,37 @@ discard block |
||
| 356 | 356 | // Strip any non-alpha characters that may preceed an attribute. |
| 357 | 357 | // Browsers often parse these incorrectly and that has been a |
| 358 | 358 | // of numerous XSS issues we've had. |
| 359 | - $matches[ 'attributes' ] = preg_replace('#^[^a-z]+#i', '', $matches[ 'attributes' ]);
|
|
| 359 | + $matches['attributes'] = preg_replace('#^[^a-z]+#i', '', $matches['attributes']);
|
|
| 360 | 360 | |
| 361 | - if ( ! preg_match($attributesPattern, $matches[ 'attributes' ], $attribute, PREG_OFFSET_CAPTURE)) {
|
|
| 361 | + if ( ! preg_match($attributesPattern, $matches['attributes'], $attribute, PREG_OFFSET_CAPTURE)) {
|
|
| 362 | 362 | // No (valid) attribute found? Discard everything else inside the tag |
| 363 | 363 | break; |
| 364 | 364 | } |
| 365 | 365 | |
| 366 | 366 | if ( |
| 367 | 367 | // Is it indeed an "evil" attribute? |
| 368 | - preg_match($is_evil_pattern, $attribute[ 'name' ][ 0 ]) |
|
| 368 | + preg_match($is_evil_pattern, $attribute['name'][0]) |
|
| 369 | 369 | // Or does it have an equals sign, but no value and not quoted? Strip that too! |
| 370 | - OR (trim($attribute[ 'value' ][ 0 ]) === '') |
|
| 370 | + OR (trim($attribute['value'][0]) === '') |
|
| 371 | 371 | ) {
|
| 372 | 372 | $attributes[] = 'xss=removed'; |
| 373 | 373 | } else {
|
| 374 | - $attributes[] = $attribute[ 0 ][ 0 ]; |
|
| 374 | + $attributes[] = $attribute[0][0]; |
|
| 375 | 375 | } |
| 376 | 376 | |
| 377 | - $matches[ 'attributes' ] = substr( |
|
| 378 | - $matches[ 'attributes' ], |
|
| 379 | - $attribute[ 0 ][ 1 ] + strlen($attribute[ 0 ][ 0 ]) |
|
| 377 | + $matches['attributes'] = substr( |
|
| 378 | + $matches['attributes'], |
|
| 379 | + $attribute[0][1] + strlen($attribute[0][0]) |
|
| 380 | 380 | ); |
| 381 | - } while ($matches[ 'attributes' ] !== ''); |
|
| 381 | + } while ($matches['attributes'] !== ''); |
|
| 382 | 382 | $attributes = empty($attributes) |
| 383 | 383 | ? '' |
| 384 | 384 | : ' ' . implode(' ', $attributes);
|
| 385 | 385 | |
| 386 | - return '<' . $matches[ 'slash' ] . $matches[ 'tagName' ] . $attributes . '>'; |
|
| 386 | + return '<' . $matches['slash'] . $matches['tagName'] . $attributes . '>'; |
|
| 387 | 387 | } |
| 388 | 388 | |
| 389 | - return $matches[ 0 ]; |
|
| 389 | + return $matches[0]; |
|
| 390 | 390 | } |
| 391 | 391 | |
| 392 | 392 | // -------------------------------------------------------------------- |
@@ -409,13 +409,13 @@ discard block |
||
| 409 | 409 | protected static function jsLinkRemoval($match) |
| 410 | 410 | {
|
| 411 | 411 | return str_replace( |
| 412 | - $match[ 1 ], |
|
| 412 | + $match[1], |
|
| 413 | 413 | preg_replace( |
| 414 | 414 | '#href=.*?(?:(?:alert|prompt|confirm)(?:\(|&\#40;)|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si', |
| 415 | 415 | '', |
| 416 | - self::filterAttributes(str_replace(['<', '>'], '', $match[ 1 ])) |
|
| 416 | + self::filterAttributes(str_replace(['<', '>'], '', $match[1])) |
|
| 417 | 417 | ), |
| 418 | - $match[ 0 ] |
|
| 418 | + $match[0] |
|
| 419 | 419 | ); |
| 420 | 420 | } |
| 421 | 421 | |
@@ -437,7 +437,7 @@ discard block |
||
| 437 | 437 | {
|
| 438 | 438 | $out = ''; |
| 439 | 439 | if (preg_match_all('#\s*[a-z\-]+\s*=\s*(\042|\047)([^\\1]*?)\\1#is', $str, $matches)) {
|
| 440 | - foreach ($matches[ 0 ] as $match) {
|
|
| 440 | + foreach ($matches[0] as $match) {
|
|
| 441 | 441 | $out .= preg_replace('#/\*.*?\*/#s', '', $match);
|
| 442 | 442 | } |
| 443 | 443 | } |
@@ -465,13 +465,13 @@ discard block |
||
| 465 | 465 | protected static function jsImgRemoval($match) |
| 466 | 466 | {
|
| 467 | 467 | return str_replace( |
| 468 | - $match[ 1 ], |
|
| 468 | + $match[1], |
|
| 469 | 469 | preg_replace( |
| 470 | 470 | '#src=.*?(?:(?:alert|prompt|confirm)(?:\(|&\#40;)|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si', |
| 471 | 471 | '', |
| 472 | - self::filterAttributes(str_replace(['<', '>'], '', $match[ 1 ])) |
|
| 472 | + self::filterAttributes(str_replace(['<', '>'], '', $match[1])) |
|
| 473 | 473 | ), |
| 474 | - $match[ 0 ] |
|
| 474 | + $match[0] |
|
| 475 | 475 | ); |
| 476 | 476 | } |
| 477 | 477 | |
@@ -488,7 +488,7 @@ discard block |
||
| 488 | 488 | */ |
| 489 | 489 | protected static function convertAttribute($match) |
| 490 | 490 | {
|
| 491 | - return str_replace(['>', '<', '\\'], ['>', '<', '\\\\'], $match[ 0 ]); |
|
| 491 | + return str_replace(['>', '<', '\\'], ['>', '<', '\\\\'], $match[0]); |
|
| 492 | 492 | } |
| 493 | 493 | |
| 494 | 494 | // ------------------------------------------------------------------------ |
@@ -506,7 +506,7 @@ discard block |
||
| 506 | 506 | {
|
| 507 | 507 | // Protect GET variables in URLs |
| 508 | 508 | // 901119URL5918AMP18930PROTECT8198 |
| 509 | - $match = preg_replace('|\&([a-z\_0-9\-]+)\=([a-z\_0-9\-/]+)|i', self::token . '\\1=\\2', $match[ 0 ]);
|
|
| 509 | + $match = preg_replace('|\&([a-z\_0-9\-]+)\=([a-z\_0-9\-/]+)|i', self::token . '\\1=\\2', $match[0]);
|
|
| 510 | 510 | |
| 511 | 511 | $charset = 'UTF-8'; |
| 512 | 512 | if (function_exists('config')) {
|
@@ -570,10 +570,10 @@ discard block |
||
| 570 | 570 | } |
| 571 | 571 | |
| 572 | 572 | $replace = []; |
| 573 | - $matches = array_unique(array_map('strtolower', $matches[ 0 ]));
|
|
| 573 | + $matches = array_unique(array_map('strtolower', $matches[0]));
|
|
| 574 | 574 | for ($i = 0; $i < $c; $i++) {
|
| 575 | - if (($char = array_search($matches[ $i ] . ';', $entities, true)) !== false) {
|
|
| 576 | - $replace[ $matches[ $i ] ] = $char; |
|
| 575 | + if (($char = array_search($matches[$i] . ';', $entities, true)) !== false) {
|
|
| 576 | + $replace[$matches[$i]] = $char; |
|
| 577 | 577 | } |
| 578 | 578 | } |
| 579 | 579 | |
@@ -104,7 +104,7 @@ discard block |
||
| 104 | 104 | */ |
| 105 | 105 | public function addSource($key, $value) |
| 106 | 106 | { |
| 107 | - $this->sourceVars[ $key ] = $value; |
|
| 107 | + $this->sourceVars[$key] = $value; |
|
| 108 | 108 | } |
| 109 | 109 | |
| 110 | 110 | // -------------------------------------------------------------------- |
@@ -117,7 +117,7 @@ discard block |
||
| 117 | 117 | public function sets(array $rules) |
| 118 | 118 | { |
| 119 | 119 | foreach ($rules as $rule) { |
| 120 | - $this->add($rule[ 'field' ], $rule[ 'label' ], $rule[ 'rules' ], $rule[ 'messages' ]); |
|
| 120 | + $this->add($rule['field'], $rule['label'], $rule['rules'], $rule['messages']); |
|
| 121 | 121 | } |
| 122 | 122 | } |
| 123 | 123 | |
@@ -133,7 +133,7 @@ discard block |
||
| 133 | 133 | */ |
| 134 | 134 | public function add($field, $label, $rules, $messages = []) |
| 135 | 135 | { |
| 136 | - $this->clauses[ $field ] = [ |
|
| 136 | + $this->clauses[$field] = [ |
|
| 137 | 137 | 'field' => $field, |
| 138 | 138 | 'label' => $label, |
| 139 | 139 | 'rules' => $rules, |
@@ -169,7 +169,7 @@ discard block |
||
| 169 | 169 | */ |
| 170 | 170 | public function setMessage($field, $message) |
| 171 | 171 | { |
| 172 | - $this->customErrors[ $field ] = $message; |
|
| 172 | + $this->customErrors[$field] = $message; |
|
| 173 | 173 | } |
| 174 | 174 | |
| 175 | 175 | // ------------------------------------------------------------------------ |
@@ -195,15 +195,15 @@ discard block |
||
| 195 | 195 | throw new OutOfRangeException('SECURITY_RULES_E_HEADER_OUTOFRANGEEXCEPTION', 1); |
| 196 | 196 | } |
| 197 | 197 | |
| 198 | - if (is_string($fieldParams[ 'rules' ])) { |
|
| 198 | + if (is_string($fieldParams['rules'])) { |
|
| 199 | 199 | /** |
| 200 | 200 | * Explode field rules by | as delimiter |
| 201 | 201 | */ |
| 202 | - $fieldRules = explode('|', $fieldParams[ 'rules' ]); |
|
| 202 | + $fieldRules = explode('|', $fieldParams['rules']); |
|
| 203 | 203 | |
| 204 | 204 | foreach ($fieldRules as $fieldRuleMethod) { |
| 205 | 205 | /* Get parameter from given data */ |
| 206 | - $fieldValue = $this->sourceVars[ $fieldName ]; |
|
| 206 | + $fieldValue = $this->sourceVars[$fieldName]; |
|
| 207 | 207 | if ( ! is_array($fieldValue)) { |
| 208 | 208 | $fieldValue = [$fieldValue]; |
| 209 | 209 | } |
@@ -219,12 +219,12 @@ discard block |
||
| 219 | 219 | $fieldRuleMethod = preg_replace("/\[.*\]/", '', $fieldRuleMethod); |
| 220 | 220 | |
| 221 | 221 | /* Explode rule parameter */ |
| 222 | - $fieldRuleParams = explode(',', preg_replace("/,[ ]+/", ',', $fieldRuleParams[ 1 ][ 0 ])); |
|
| 222 | + $fieldRuleParams = explode(',', preg_replace("/,[ ]+/", ',', $fieldRuleParams[1][0])); |
|
| 223 | 223 | |
| 224 | 224 | if ($fieldRuleMethod === 'match') { |
| 225 | 225 | foreach ($fieldRuleParams as $fieldRuleParamKey => $fieldRuleParamValue) { |
| 226 | 226 | if (array_key_exists($fieldRuleParamValue, $this->sourceVars)) { |
| 227 | - $fieldRuleParams[ $fieldRuleParamKey ] = $this->sourceVars[ $fieldRuleParamValue ]; |
|
| 227 | + $fieldRuleParams[$fieldRuleParamKey] = $this->sourceVars[$fieldRuleParamValue]; |
|
| 228 | 228 | } |
| 229 | 229 | } |
| 230 | 230 | } elseif ($fieldRuleMethod === 'listed') { |
@@ -249,33 +249,33 @@ discard block |
||
| 249 | 249 | } |
| 250 | 250 | |
| 251 | 251 | if ($validationStatus === false) { |
| 252 | - if ( ! empty($fieldParams[ 'messages' ])) { |
|
| 253 | - $message = $fieldParams[ 'messages' ]; |
|
| 252 | + if ( ! empty($fieldParams['messages'])) { |
|
| 253 | + $message = $fieldParams['messages']; |
|
| 254 | 254 | |
| 255 | 255 | /* If $rule message is array, replace $message with specified message */ |
| 256 | - if (is_array($fieldParams[ 'messages' ])) { |
|
| 257 | - if (isset($fieldParams[ 'messages' ][ $fieldRuleMethod ])) { |
|
| 258 | - $message = $fieldParams[ 'messages' ][ $fieldRuleMethod ]; |
|
| 256 | + if (is_array($fieldParams['messages'])) { |
|
| 257 | + if (isset($fieldParams['messages'][$fieldRuleMethod])) { |
|
| 258 | + $message = $fieldParams['messages'][$fieldRuleMethod]; |
|
| 259 | 259 | } else { |
| 260 | - $message = $fieldParams[ 'messages' ][ $fieldName ]; |
|
| 260 | + $message = $fieldParams['messages'][$fieldName]; |
|
| 261 | 261 | } |
| 262 | 262 | } |
| 263 | 263 | } elseif (array_key_exists($fieldName, $this->customErrors)) { |
| 264 | - $message = $this->customErrors[ $fieldName ]; |
|
| 264 | + $message = $this->customErrors[$fieldName]; |
|
| 265 | 265 | } elseif (array_key_exists($fieldRuleMethod, $this->customErrors)) { |
| 266 | - $message = $this->customErrors[ $fieldRuleMethod ]; |
|
| 266 | + $message = $this->customErrors[$fieldRuleMethod]; |
|
| 267 | 267 | } else { |
| 268 | 268 | $message = 'RULE_' . strtoupper($fieldRuleMethod); |
| 269 | 269 | } |
| 270 | 270 | |
| 271 | 271 | /* Replace message placeholder, :attribute, :params */ |
| 272 | 272 | $message = str_replace(':attribute', |
| 273 | - (isset($fieldParams[ 'label' ]) ? $fieldParams[ 'label' ] : $fieldName), $message); |
|
| 274 | - if (isset($fieldRuleParams) AND ! empty($fieldRuleParams[ 0 ])) { |
|
| 273 | + (isset($fieldParams['label']) ? $fieldParams['label'] : $fieldName), $message); |
|
| 274 | + if (isset($fieldRuleParams) AND ! empty($fieldRuleParams[0])) { |
|
| 275 | 275 | $message = str_replace(':params', implode(',', $fieldRuleParams), $message); |
| 276 | 276 | } |
| 277 | 277 | |
| 278 | - $this->setFieldError($fieldName, language($fieldParams[ 'label' ]), |
|
| 278 | + $this->setFieldError($fieldName, language($fieldParams['label']), |
|
| 279 | 279 | language($message, [$fieldValue])); |
| 280 | 280 | } |
| 281 | 281 | |
@@ -297,7 +297,7 @@ discard block |
||
| 297 | 297 | */ |
| 298 | 298 | protected function setFieldError($field, $label, $message) |
| 299 | 299 | { |
| 300 | - $this->errors[ $field ] = [ |
|
| 300 | + $this->errors[$field] = [ |
|
| 301 | 301 | 'label' => $label, |
| 302 | 302 | 'message' => $message, |
| 303 | 303 | ]; |
@@ -316,7 +316,7 @@ discard block |
||
| 316 | 316 | $ul = new \O2System\Framework\Libraries\Ui\Contents\Lists\Unordered(); |
| 317 | 317 | |
| 318 | 318 | foreach ($this->getErrors() as $field => $errorParams) { |
| 319 | - $ul->createList($errorParams[ 'label' ] . ': ' . $errorParams[ 'message' ]); |
|
| 319 | + $ul->createList($errorParams['label'] . ': ' . $errorParams['message']); |
|
| 320 | 320 | } |
| 321 | 321 | |
| 322 | 322 | return $ul->render(); |
@@ -143,7 +143,7 @@ discard block |
||
| 143 | 143 | $max = strlen($codeAlphabet); |
| 144 | 144 | |
| 145 | 145 | for ($i = 0; $i < $length; $i++) { |
| 146 | - $token .= $codeAlphabet[ random_int(0, $max - 1) ]; |
|
| 146 | + $token .= $codeAlphabet[random_int(0, $max - 1)]; |
|
| 147 | 147 | } |
| 148 | 148 | |
| 149 | 149 | return $token; |
@@ -275,7 +275,7 @@ discard block |
||
| 275 | 275 | */ |
| 276 | 276 | public function addHeader($key, $value) |
| 277 | 277 | { |
| 278 | - $this->headers[ $key ] = $value; |
|
| 278 | + $this->headers[$key] = $value; |
|
| 279 | 279 | |
| 280 | 280 | return $this; |
| 281 | 281 | } |
