GitHub Access Token became invalid

It seems like the GitHub access token used for retrieving details about this repository from GitHub became invalid. This might prevent certain types of inspections from being run (in particular, everything related to pull requests).
Please ask an admin of your repository to re-new the access token on this website.
Completed
Pull Request — develop (#794)
by
unknown
02:06
created

Filter::XSSFilter()   B

Complexity

Conditions 5
Paths 3

Size

Total Lines 18
Code Lines 7

Duplication

Lines 0
Ratio 0 %
Metric Value
dl 0
loc 18
rs 8.8571
cc 5
eloc 7
nc 3
nop 1
1
<?php
2
3
/**
4
 * Class Filter
5
 *
6
 * This is the place to put filters, usually methods that cleans, sorts and, well, filters stuff.
7
 */
8
class Filter
0 ignored issues
show
Coding Style Compatibility introduced by
PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions.

You can fix this by adding a namespace to your class:

namespace YourVendor;

class YourClass { }

When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries.

Loading history...
9
{
10
    /**
11
     * The XSS filter: This simply removes "code" from any data, used to prevent Cross-Site Scripting Attacks.
12
     *
13
     * A very simple introduction: Let's say an attackers changes its username from "John" to these lines:
14
     * "<script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>"
15
     * This means, every user's browser would render "John" anymore, instead interpreting this JavaScript code, calling
16
     * the delete.php, in this case inside the project, in worse scenarios something like performing a bank transaction
17
     * or sending your cookie data (containing your remember-me-token) to somebody else.
18
     *
19
     * What is XSS ?
20
     * @see http://phpsecurity.readthedocs.org/en/latest/Cross-Site-Scripting-%28XSS%29.html
21
     *
22
     * Deeper information:
23
     * @see https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
24
     *
25
     * XSSFilter expects a value, checks if the value is a string, and if so, encodes typical script tag chars to
26
     * harmless HTML (you'll see the code, it wil not be interpreted). Note that this method uses reference to the
27
     * passed variable, not a copy, meaning you can use this methods like this:
28
     *
29
     * CORRECT: Filter::XSSFilter($myVariable);
30
     * WRONG: $myVariable = Filter::XSSFilter($myVariable);
31
     *
32
     * This works like some other popular PHP functions, for example sort().
33
     * @see http://php.net/manual/en/function.sort.php
34
     *
35
     * @see http://stackoverflow.com/questions/1676897/what-does-it-mean-to-start-a-php-function-with-an-ampersand
36
     * @see http://php.net/manual/en/language.references.pass.php
37
     *
38
     * FYI: htmlspecialchars() does this (from PHP docs):
39
     *
40
     * '&' (ampersand) becomes '&amp;'
41
     * '"' (double quote) becomes '&quot;' when ENT_NOQUOTES is not set.
42
     * "'" (single quote) becomes '&#039;' (or &apos;) only when ENT_QUOTES is set.
43
     * '<' (less than) becomes '&lt;'
44
     * '>' (greater than) becomes '&gt;'
45
     *
46
     * @see http://www.php.net/manual/en/function.htmlspecialchars.php
47
     *
48
     * @param $value
49
     * @return mixed
50
     */
51
    public static function XSSFilter(&$value)
52
    {
53
        if (is_string($value)) {
54
			
55
            $value = htmlspecialchars($value, ENT_QUOTES, 'UTF-8');
56
			
57
        }elseif(is_array($value) || is_object($value)) {
58
			
59
			foreach ($value as $key => &$array_value) {
60
				
61
				self::XSSFilter($array_value);
62
				
63
			}
64
			
65
		}
66
67
        return $value;
68
    }	
69
}
70