terrylinooo /
shieldon
@@ -27,11 +27,11 @@ |
||
| 27 | 27 | parent::__construct($pdo, $debug); |
| 28 | 28 | } |
| 29 | 29 | |
| 30 | - /** |
|
| 31 | - * Create SQL tables that Shieldon needs. |
|
| 32 | - * |
|
| 33 | - * @return bool |
|
| 34 | - */ |
|
| 30 | + /** |
|
| 31 | + * Create SQL tables that Shieldon needs. |
|
| 32 | + * |
|
| 33 | + * @return bool |
|
| 34 | + */ |
|
| 35 | 35 | protected function installSql(): bool |
| 36 | 36 | { |
| 37 | 37 | try { |
@@ -257,7 +257,7 @@ discard block |
||
| 257 | 257 | $ip = $ipData[0]; |
| 258 | 258 | $cidr = (int) $ipData[1] ?? 32; |
| 259 | 259 | |
| 260 | - $result[0] = long2ip((ip2long($ip)) & ((-1 << (32 - $cidr)))); |
|
| 260 | + $result[0] = long2ip((ip2long($ip)) & ((-1 << (32 - $cidr)))); |
|
| 261 | 261 | $result[1] = long2ip((ip2long($ip)) + pow(2, (32 - $cidr)) - 1); |
| 262 | 262 | |
| 263 | 263 | if ($isDecimal) { |
@@ -265,7 +265,7 @@ discard block |
||
| 265 | 265 | $result[1] = ip2long($result[1]); |
| 266 | 266 | } |
| 267 | 267 | |
| 268 | - return $result; |
|
| 268 | + return $result; |
|
| 269 | 269 | } |
| 270 | 270 | |
| 271 | 271 | /** |
@@ -35,9 +35,9 @@ discard block |
||
| 35 | 35 | use function time; |
| 36 | 36 | use function version_compare; |
| 37 | 37 | |
| 38 | - /** |
|
| 39 | - * Cross-Site Scripting protection. |
|
| 40 | - */ |
|
| 38 | + /** |
|
| 39 | + * Cross-Site Scripting protection. |
|
| 40 | + */ |
|
| 41 | 41 | class Xss |
| 42 | 42 | { |
| 43 | 43 | /** |
@@ -284,7 +284,7 @@ discard block |
||
| 284 | 284 | unset($original); |
| 285 | 285 | |
| 286 | 286 | // Remove evil attributes such as style, onclick and xmlns |
| 287 | - $str = $this->removeEvilAttributes($str, $isImage); |
|
| 287 | + $str = $this->removeEvilAttributes($str, $isImage); |
|
| 288 | 288 | |
| 289 | 289 | /* |
| 290 | 290 | * Sanitize naughty HTML elements |
@@ -448,62 +448,62 @@ discard block |
||
| 448 | 448 | * @param boolean $is_image TRUE if this is an image |
| 449 | 449 | * @return string The string with the evil attributes removed |
| 450 | 450 | */ |
| 451 | - protected function removeEvilAttributes($str, $is_image) |
|
| 452 | - { |
|
| 453 | - // All javascript event handlers (e.g. onload, onclick, onmouseover), style, and xmlns |
|
| 454 | - $evilAttributes = array('on\w*', 'style', 'xmlns', 'formaction', 'form', 'xlink:href'); |
|
| 451 | + protected function removeEvilAttributes($str, $is_image) |
|
| 452 | + { |
|
| 453 | + // All javascript event handlers (e.g. onload, onclick, onmouseover), style, and xmlns |
|
| 454 | + $evilAttributes = array('on\w*', 'style', 'xmlns', 'formaction', 'form', 'xlink:href'); |
|
| 455 | 455 | |
| 456 | - if ($is_image) { |
|
| 457 | - /* |
|
| 456 | + if ($is_image) { |
|
| 457 | + /* |
|
| 458 | 458 | * Adobe Photoshop puts XML metadata into JFIF images, |
| 459 | 459 | * including namespacing, so we have to allow this for images. |
| 460 | 460 | */ |
| 461 | - unset($evilAttributes[array_search('xmlns', $evilAttributes)]); |
|
| 462 | - } |
|
| 461 | + unset($evilAttributes[array_search('xmlns', $evilAttributes)]); |
|
| 462 | + } |
|
| 463 | 463 | |
| 464 | - do { |
|
| 465 | - $count = 0; |
|
| 466 | - $attribs = array(); |
|
| 464 | + do { |
|
| 465 | + $count = 0; |
|
| 466 | + $attribs = array(); |
|
| 467 | 467 | |
| 468 | - // find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes) |
|
| 469 | - preg_match_all( |
|
| 468 | + // find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes) |
|
| 469 | + preg_match_all( |
|
| 470 | 470 | '/(?<!\w)(' . implode('|', $evilAttributes) . ')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', |
| 471 | 471 | $str, |
| 472 | 472 | $matches, |
| 473 | 473 | PREG_SET_ORDER |
| 474 | 474 | ); |
| 475 | 475 | |
| 476 | - foreach ($matches as $attr) { |
|
| 477 | - $attribs[] = preg_quote($attr[0], '/'); |
|
| 478 | - } |
|
| 476 | + foreach ($matches as $attr) { |
|
| 477 | + $attribs[] = preg_quote($attr[0], '/'); |
|
| 478 | + } |
|
| 479 | 479 | |
| 480 | - // find occurrences of illegal attribute strings without quotes |
|
| 481 | - preg_match_all( |
|
| 480 | + // find occurrences of illegal attribute strings without quotes |
|
| 481 | + preg_match_all( |
|
| 482 | 482 | '/(?<!\w)(' . implode('|', $evilAttributes) . ')\s*=\s*([^\s>]*)/is', |
| 483 | 483 | $str, |
| 484 | 484 | $matches, |
| 485 | 485 | PREG_SET_ORDER |
| 486 | 486 | ); |
| 487 | 487 | |
| 488 | - foreach ($matches as $attr) { |
|
| 489 | - $attribs[] = preg_quote($attr[0], '/'); |
|
| 490 | - } |
|
| 488 | + foreach ($matches as $attr) { |
|
| 489 | + $attribs[] = preg_quote($attr[0], '/'); |
|
| 490 | + } |
|
| 491 | 491 | |
| 492 | - // replace illegal attribute strings that are inside an html tag |
|
| 493 | - if (count($attribs) > 0) { |
|
| 494 | - $str = preg_replace( |
|
| 492 | + // replace illegal attribute strings that are inside an html tag |
|
| 493 | + if (count($attribs) > 0) { |
|
| 494 | + $str = preg_replace( |
|
| 495 | 495 | '/(<?)(\/?[^><]+?)([^A-Za-z<>\-])(.*?)(' . implode('|', $attribs) . ')(.*?)([\s><]?)([><]*)/i', |
| 496 | 496 | '$1$2 $4$6$7$8', |
| 497 | 497 | $str, |
| 498 | 498 | -1, |
| 499 | 499 | $count |
| 500 | 500 | ); |
| 501 | - } |
|
| 501 | + } |
|
| 502 | 502 | |
| 503 | - } while ($count); |
|
| 503 | + } while ($count); |
|
| 504 | 504 | |
| 505 | - return $str; |
|
| 506 | - } |
|
| 505 | + return $str; |
|
| 506 | + } |
|
| 507 | 507 | |
| 508 | 508 | /** |
| 509 | 509 | * Random Hash for protecting URLs |
@@ -856,16 +856,16 @@ discard block |
||
| 856 | 856 | * @return bool |
| 857 | 857 | */ |
| 858 | 858 | protected function isPHP($version): bool |
| 859 | - { |
|
| 859 | + { |
|
| 860 | 860 | static $_isPHP; |
| 861 | 861 | |
| 862 | - $version = (string) $version; |
|
| 862 | + $version = (string) $version; |
|
| 863 | 863 | |
| 864 | - if (!isset($_isPHP[$version])) { |
|
| 865 | - $_isPHP[$version] = version_compare(PHP_VERSION, $version, '>='); |
|
| 866 | - } |
|
| 864 | + if (!isset($_isPHP[$version])) { |
|
| 865 | + $_isPHP[$version] = version_compare(PHP_VERSION, $version, '>='); |
|
| 866 | + } |
|
| 867 | 867 | |
| 868 | - return $_isPHP[$version]; |
|
| 869 | - } |
|
| 868 | + return $_isPHP[$version]; |
|
| 869 | + } |
|
| 870 | 870 | } |
| 871 | 871 | |
@@ -96,7 +96,7 @@ |
||
| 96 | 96 | return $this->{$method}($ip); |
| 97 | 97 | } |
| 98 | 98 | |
| 99 | - /** |
|
| 99 | + /** |
|
| 100 | 100 | * {@inheritDoc} |
| 101 | 101 | */ |
| 102 | 102 | protected function doFetchAll(string $type = 'filter'): array |
@@ -35,14 +35,14 @@ |
||
| 35 | 35 | */ |
| 36 | 36 | trait ConfigMethodsTrait |
| 37 | 37 | { |
| 38 | - /** |
|
| 39 | - * Parse the POST fields and set them into configuration data structure. |
|
| 40 | - * Used for saveConfig method only. |
|
| 41 | - * |
|
| 42 | - * @param array $postParams |
|
| 43 | - * |
|
| 44 | - * @return void |
|
| 45 | - */ |
|
| 38 | + /** |
|
| 39 | + * Parse the POST fields and set them into configuration data structure. |
|
| 40 | + * Used for saveConfig method only. |
|
| 41 | + * |
|
| 42 | + * @param array $postParams |
|
| 43 | + * |
|
| 44 | + * @return void |
|
| 45 | + */ |
|
| 46 | 46 | protected function saveConfigPrepareSettings(array $postParams): void |
| 47 | 47 | { |
| 48 | 48 | foreach ($postParams as $postKey => $postData) { |
@@ -22,7 +22,7 @@ |
||
| 22 | 22 | */ |
| 23 | 23 | trait SessionTrait |
| 24 | 24 | { |
| 25 | - /** |
|
| 25 | + /** |
|
| 26 | 26 | * Are you willing to limit the online session amount? |
| 27 | 27 | * |
| 28 | 28 | * @var array |
