rosell-dk /
webp-convert
@@ -49,10 +49,10 @@ discard block |
||
| 49 | 49 | parent::createOptions(); |
| 50 | 50 | |
| 51 | 51 | $this->options2->addOptions( |
| 52 | - new SensitiveStringOption('api-key', ''), /* for communicating with wpc api v.1+ */ |
|
| 53 | - new SensitiveStringOption('secret', ''), /* for communicating with wpc api v.0 */ |
|
| 52 | + new SensitiveStringOption('api-key', ''), /* for communicating with wpc api v.1+ */ |
|
| 53 | + new SensitiveStringOption('secret', ''), /* for communicating with wpc api v.0 */ |
|
| 54 | 54 | new SensitiveStringOption('api-url', ''), |
| 55 | - new SensitiveStringOption('url', ''), /* DO NOT USE. Only here to keep the protection */ |
|
| 55 | + new SensitiveStringOption('url', ''), /* DO NOT USE. Only here to keep the protection */ |
|
| 56 | 56 | new IntegerOption('api-version', 2, 0, 2), |
| 57 | 57 | new BooleanOption('crypt-api-key-in-transfer', false) /* new in api v.1 */ |
| 58 | 58 | ); |
@@ -68,7 +68,7 @@ discard block |
||
| 68 | 68 | ['.', '/'] |
| 69 | 69 | ); |
| 70 | 70 | |
| 71 | - for ($i=0; $i<22; $i++) { |
|
| 71 | + for ($i = 0; $i < 22; $i++) { |
|
| 72 | 72 | $salt .= $validCharsForSalt[array_rand($validCharsForSalt)]; |
| 73 | 73 | } |
| 74 | 74 | return $salt; |
@@ -43,7 +43,7 @@ |
||
| 43 | 43 | $this->addOption($option); |
| 44 | 44 | } |
| 45 | 45 | } |
| 46 | - /* |
|
| 46 | + /* |
|
| 47 | 47 | In some years, we can use the splat instead (requires PHP 5.6): |
| 48 | 48 | @param Option[] ...$options Array of options objects to add |
| 49 | 49 | public function addOptions(...$options) |
@@ -482,7 +482,7 @@ |
||
| 482 | 482 | if ($this->options[$optionName]) { |
| 483 | 483 | $this->logLn( |
| 484 | 484 | 'Discovering binaries ' . $description . ' ' . |
| 485 | - '(to skip this step, disable the "' . $optionName . '" option)' |
|
| 485 | + '(to skip this step, disable the "' . $optionName . '" option)' |
|
| 486 | 486 | ); |
| 487 | 487 | } else { |
| 488 | 488 | $this->logLn( |
@@ -277,7 +277,7 @@ discard block |
||
| 277 | 277 | // otherwise encoding=auto would not work as expected |
| 278 | 278 | |
| 279 | 279 | if ($options['encoding'] == 'lossless') { |
| 280 | - $cmdOptions[] ='-near_lossless ' . $options['near-lossless']; |
|
| 280 | + $cmdOptions[] = '-near_lossless ' . $options['near-lossless']; |
|
| 281 | 281 | } else { |
| 282 | 282 | $this->logLn( |
| 283 | 283 | 'The near-lossless option ignored for lossy' |
@@ -427,7 +427,7 @@ discard block |
||
| 427 | 427 | } else { |
| 428 | 428 | $this->log('. Result: '); |
| 429 | 429 | if ($returnCode == 127) { |
| 430 | - $this->logLn('*Exec failed* (the cwebp binary was not found at path: ' . $binary. ')'); |
|
| 430 | + $this->logLn('*Exec failed* (the cwebp binary was not found at path: ' . $binary . ')'); |
|
| 431 | 431 | } else { |
| 432 | 432 | if ($returnCode == 126) { |
| 433 | 433 | $this->logLn( |
@@ -443,7 +443,7 @@ discard block |
||
| 443 | 443 | } |
| 444 | 444 | return $returnCode; |
| 445 | 445 | } |
| 446 | - return ''; // Will not happen. Just so phpstan doesn't complain |
|
| 446 | + return ''; // Will not happen. Just so phpstan doesn't complain |
|
| 447 | 447 | } |
| 448 | 448 | |
| 449 | 449 | /** |
@@ -683,7 +683,7 @@ discard block |
||
| 683 | 683 | 'Binaries ordered by version number.' |
| 684 | 684 | ); |
| 685 | 685 | foreach ($binaryVersions as $binary => $version) { |
| 686 | - $this->logLn('- ' . $binary . ': (version: ' . $version .')'); |
|
| 686 | + $this->logLn('- ' . $binary . ': (version: ' . $version . ')'); |
|
| 687 | 687 | } |
| 688 | 688 | |
| 689 | 689 | // Execute! |
@@ -15,22 +15,22 @@ |
||
| 15 | 15 | class PathChecker |
| 16 | 16 | { |
| 17 | 17 | |
| 18 | - /** |
|
| 19 | - * Check absolute file path to prevent attacks. |
|
| 20 | - * |
|
| 21 | - * - Prevents non printable characters |
|
| 22 | - * - Prevents stream wrappers |
|
| 23 | - * - Prevents directory traversal |
|
| 24 | - * |
|
| 25 | - * Preventing non printable characters is especially done to prevent the NUL character, which can be used |
|
| 26 | - * to bypass other tests. See https://st-g.de/2011/04/doing-filename-checks-securely-in-PHP. |
|
| 27 | - * |
|
| 28 | - * Preventeng stream wrappers is especially done to protect against Phar Deserialization. |
|
| 29 | - * See https://blog.ripstech.com/2018/new-php-exploitation-technique/ |
|
| 30 | - * |
|
| 31 | - * @param string $absFilePath |
|
| 32 | - * @return void |
|
| 33 | - */ |
|
| 18 | + /** |
|
| 19 | + * Check absolute file path to prevent attacks. |
|
| 20 | + * |
|
| 21 | + * - Prevents non printable characters |
|
| 22 | + * - Prevents stream wrappers |
|
| 23 | + * - Prevents directory traversal |
|
| 24 | + * |
|
| 25 | + * Preventing non printable characters is especially done to prevent the NUL character, which can be used |
|
| 26 | + * to bypass other tests. See https://st-g.de/2011/04/doing-filename-checks-securely-in-PHP. |
|
| 27 | + * |
|
| 28 | + * Preventeng stream wrappers is especially done to protect against Phar Deserialization. |
|
| 29 | + * See https://blog.ripstech.com/2018/new-php-exploitation-technique/ |
|
| 30 | + * |
|
| 31 | + * @param string $absFilePath |
|
| 32 | + * @return void |
|
| 33 | + */ |
|
| 34 | 34 | public static function checkAbsolutePath($absFilePath, $text = 'file') |
| 35 | 35 | { |
| 36 | 36 | if (empty($absFilePath)) { |
