terrylinooo /
shieldon
@@ -27,11 +27,11 @@ |
||
| 27 | 27 | parent::__construct($pdo, $debug); |
| 28 | 28 | } |
| 29 | 29 | |
| 30 | - /** |
|
| 31 | - * Create SQL tables that Shieldon needs. |
|
| 32 | - * |
|
| 33 | - * @return bool |
|
| 34 | - */ |
|
| 30 | + /** |
|
| 31 | + * Create SQL tables that Shieldon needs. |
|
| 32 | + * |
|
| 33 | + * @return bool |
|
| 34 | + */ |
|
| 35 | 35 | protected function installSql(): bool |
| 36 | 36 | { |
| 37 | 37 | try { |
@@ -45,7 +45,7 @@ |
||
| 45 | 45 | public function isDenied(): bool |
| 46 | 46 | { |
| 47 | 47 | if (!empty($this->deniedList)) { |
| 48 | - if (preg_match('/(' . implode('|', $this->deniedList). ')/i', $this->rdns)) { |
|
| 48 | + if (preg_match('/(' . implode('|', $this->deniedList) . ')/i', $this->rdns)) { |
|
| 49 | 49 | return true; |
| 50 | 50 | } |
| 51 | 51 | } |
@@ -49,19 +49,19 @@ discard block |
||
| 49 | 49 | $this->deniedList = [ |
| 50 | 50 | |
| 51 | 51 | // Backlink crawlers |
| 52 | - 'Ahrefs', // http://ahrefs.com/robot/ |
|
| 53 | - 'roger', // rogerbot (SEOMOZ) |
|
| 54 | - 'moz.com', // SEOMOZ crawlers |
|
| 55 | - 'MJ12bot', // Majestic crawlers |
|
| 56 | - 'findlinks', // http://wortschatz.uni-leipzig.de/findlinks |
|
| 57 | - 'Semrush', // http://www.semrush.com/bot.html |
|
| 52 | + 'Ahrefs', // http://ahrefs.com/robot/ |
|
| 53 | + 'roger', // rogerbot (SEOMOZ) |
|
| 54 | + 'moz.com', // SEOMOZ crawlers |
|
| 55 | + 'MJ12bot', // Majestic crawlers |
|
| 56 | + 'findlinks', // http://wortschatz.uni-leipzig.de/findlinks |
|
| 57 | + 'Semrush', // http://www.semrush.com/bot.html |
|
| 58 | 58 | |
| 59 | 59 | // Web information crawlers |
| 60 | - 'domain', // Domain name information crawlers. |
|
| 61 | - 'copyright', // Copyright information crawlers. |
|
| 60 | + 'domain', // Domain name information crawlers. |
|
| 61 | + 'copyright', // Copyright information crawlers. |
|
| 62 | 62 | |
| 63 | 63 | // Others |
| 64 | - 'archive', // Wayback machine |
|
| 64 | + 'archive', // Wayback machine |
|
| 65 | 65 | ]; |
| 66 | 66 | } |
| 67 | 67 | |
@@ -71,7 +71,7 @@ discard block |
||
| 71 | 71 | public function isDenied(): bool |
| 72 | 72 | { |
| 73 | 73 | if (!empty($this->deniedList)) { |
| 74 | - if (preg_match('/(' . implode('|', $this->deniedList). ')/i', $this->userAgent)) { |
|
| 74 | + if (preg_match('/(' . implode('|', $this->deniedList) . ')/i', $this->userAgent)) { |
|
| 75 | 75 | return true; |
| 76 | 76 | } |
| 77 | 77 | } |
@@ -257,7 +257,7 @@ discard block |
||
| 257 | 257 | $ip = $ipData[0]; |
| 258 | 258 | $cidr = (int) $ipData[1] ?? 32; |
| 259 | 259 | |
| 260 | - $result[0] = long2ip((ip2long($ip)) & ((-1 << (32 - $cidr)))); |
|
| 260 | + $result[0] = long2ip((ip2long($ip)) & ((-1 << (32 - $cidr)))); |
|
| 261 | 261 | $result[1] = long2ip((ip2long($ip)) + pow(2, (32 - $cidr)) - 1); |
| 262 | 262 | |
| 263 | 263 | if ($isDecimal) { |
@@ -265,7 +265,7 @@ discard block |
||
| 265 | 265 | $result[1] = ip2long($result[1]); |
| 266 | 266 | } |
| 267 | 267 | |
| 268 | - return $result; |
|
| 268 | + return $result; |
|
| 269 | 269 | } |
| 270 | 270 | |
| 271 | 271 | /** |
@@ -40,19 +40,19 @@ discard block |
||
| 40 | 40 | protected $deniedList = [ |
| 41 | 41 | |
| 42 | 42 | // Backlink crawlers |
| 43 | - 'Ahrefs', // http://ahrefs.com/robot/ |
|
| 44 | - 'roger', // rogerbot (SEOMOZ) |
|
| 45 | - 'moz.com', // SEOMOZ crawlers |
|
| 46 | - 'MJ12bot', // Majestic crawlers |
|
| 47 | - 'findlinks', // http://wortschatz.uni-leipzig.de/findlinks |
|
| 48 | - 'Semrush', // http://www.semrush.com/bot.html |
|
| 43 | + 'Ahrefs', // http://ahrefs.com/robot/ |
|
| 44 | + 'roger', // rogerbot (SEOMOZ) |
|
| 45 | + 'moz.com', // SEOMOZ crawlers |
|
| 46 | + 'MJ12bot', // Majestic crawlers |
|
| 47 | + 'findlinks', // http://wortschatz.uni-leipzig.de/findlinks |
|
| 48 | + 'Semrush', // http://www.semrush.com/bot.html |
|
| 49 | 49 | |
| 50 | 50 | // Web information crawlers |
| 51 | - 'domain', // Domain name information crawlers. |
|
| 52 | - 'copyright', // Copyright information crawlers. |
|
| 51 | + 'domain', // Domain name information crawlers. |
|
| 52 | + 'copyright', // Copyright information crawlers. |
|
| 53 | 53 | |
| 54 | 54 | // Others |
| 55 | - 'archive', // Wayback machine |
|
| 55 | + 'archive', // Wayback machine |
|
| 56 | 56 | ]; |
| 57 | 57 | |
| 58 | 58 | /** |
@@ -65,7 +65,7 @@ discard block |
||
| 65 | 65 | public function __construct(array $deniedList = []) |
| 66 | 66 | { |
| 67 | 67 | if (!empty($deniedList)) { |
| 68 | - $this->deniedList =$deniedList; |
|
| 68 | + $this->deniedList = $deniedList; |
|
| 69 | 69 | } |
| 70 | 70 | } |
| 71 | 71 | |
@@ -86,7 +86,7 @@ discard block |
||
| 86 | 86 | } |
| 87 | 87 | |
| 88 | 88 | if (!empty($this->deniedList)) { |
| 89 | - if (preg_match('/(' . implode('|', $this->deniedList). ')/i', $userAgent)) { |
|
| 89 | + if (preg_match('/(' . implode('|', $this->deniedList) . ')/i', $userAgent)) { |
|
| 90 | 90 | return (new Response)->withStatus(self::HTTP_STATUS_CODE); |
| 91 | 91 | } |
| 92 | 92 | } |
@@ -51,7 +51,7 @@ |
||
| 51 | 51 | public function __construct(array $fieldList = []) |
| 52 | 52 | { |
| 53 | 53 | if (!empty($fieldList)) { |
| 54 | - $this->fieldList =$fieldList; |
|
| 54 | + $this->fieldList = $fieldList; |
|
| 55 | 55 | } |
| 56 | 56 | } |
| 57 | 57 | |
@@ -53,8 +53,8 @@ |
||
| 53 | 53 | |
| 54 | 54 | // Check if your IP is from localhost, perhaps your are in development environment? |
| 55 | 55 | if ( |
| 56 | - (substr($this->ip, 0 , 8) === '192.168.') || |
|
| 57 | - (substr($this->ip, 0 , 6) === '127.0.') |
|
| 56 | + (substr($this->ip, 0, 8) === '192.168.') || |
|
| 57 | + (substr($this->ip, 0, 6) === '127.0.') |
|
| 58 | 58 | ) { |
| 59 | 59 | $this->setRdns('localhost'); |
| 60 | 60 | } else { |
@@ -33,7 +33,7 @@ |
||
| 33 | 33 | */ |
| 34 | 34 | public function __construct(array &$data = []) |
| 35 | 35 | { |
| 36 | - $this->data =& $data; |
|
| 36 | + $this->data = & $data; |
|
| 37 | 37 | } |
| 38 | 38 | |
| 39 | 39 | /** |
@@ -35,9 +35,9 @@ discard block |
||
| 35 | 35 | use function time; |
| 36 | 36 | use function version_compare; |
| 37 | 37 | |
| 38 | - /** |
|
| 39 | - * Cross-Site Scripting protection. |
|
| 40 | - */ |
|
| 38 | + /** |
|
| 39 | + * Cross-Site Scripting protection. |
|
| 40 | + */ |
|
| 41 | 41 | class Xss |
| 42 | 42 | { |
| 43 | 43 | /** |
@@ -284,7 +284,7 @@ discard block |
||
| 284 | 284 | unset($original); |
| 285 | 285 | |
| 286 | 286 | // Remove evil attributes such as style, onclick and xmlns |
| 287 | - $str = $this->removeEvilAttributes($str, $isImage); |
|
| 287 | + $str = $this->removeEvilAttributes($str, $isImage); |
|
| 288 | 288 | |
| 289 | 289 | /* |
| 290 | 290 | * Sanitize naughty HTML elements |
@@ -448,62 +448,62 @@ discard block |
||
| 448 | 448 | * @param boolean $is_image TRUE if this is an image |
| 449 | 449 | * @return string The string with the evil attributes removed |
| 450 | 450 | */ |
| 451 | - protected function removeEvilAttributes($str, $is_image) |
|
| 452 | - { |
|
| 453 | - // All javascript event handlers (e.g. onload, onclick, onmouseover), style, and xmlns |
|
| 454 | - $evilAttributes = array('on\w*', 'style', 'xmlns', 'formaction', 'form', 'xlink:href'); |
|
| 451 | + protected function removeEvilAttributes($str, $is_image) |
|
| 452 | + { |
|
| 453 | + // All javascript event handlers (e.g. onload, onclick, onmouseover), style, and xmlns |
|
| 454 | + $evilAttributes = array('on\w*', 'style', 'xmlns', 'formaction', 'form', 'xlink:href'); |
|
| 455 | 455 | |
| 456 | - if ($is_image) { |
|
| 457 | - /* |
|
| 456 | + if ($is_image) { |
|
| 457 | + /* |
|
| 458 | 458 | * Adobe Photoshop puts XML metadata into JFIF images, |
| 459 | 459 | * including namespacing, so we have to allow this for images. |
| 460 | 460 | */ |
| 461 | - unset($evilAttributes[array_search('xmlns', $evilAttributes)]); |
|
| 462 | - } |
|
| 461 | + unset($evilAttributes[array_search('xmlns', $evilAttributes)]); |
|
| 462 | + } |
|
| 463 | 463 | |
| 464 | - do { |
|
| 465 | - $count = 0; |
|
| 466 | - $attribs = array(); |
|
| 464 | + do { |
|
| 465 | + $count = 0; |
|
| 466 | + $attribs = array(); |
|
| 467 | 467 | |
| 468 | - // find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes) |
|
| 469 | - preg_match_all( |
|
| 468 | + // find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes) |
|
| 469 | + preg_match_all( |
|
| 470 | 470 | '/(?<!\w)(' . implode('|', $evilAttributes) . ')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', |
| 471 | 471 | $str, |
| 472 | 472 | $matches, |
| 473 | 473 | PREG_SET_ORDER |
| 474 | 474 | ); |
| 475 | 475 | |
| 476 | - foreach ($matches as $attr) { |
|
| 477 | - $attribs[] = preg_quote($attr[0], '/'); |
|
| 478 | - } |
|
| 476 | + foreach ($matches as $attr) { |
|
| 477 | + $attribs[] = preg_quote($attr[0], '/'); |
|
| 478 | + } |
|
| 479 | 479 | |
| 480 | - // find occurrences of illegal attribute strings without quotes |
|
| 481 | - preg_match_all( |
|
| 480 | + // find occurrences of illegal attribute strings without quotes |
|
| 481 | + preg_match_all( |
|
| 482 | 482 | '/(?<!\w)(' . implode('|', $evilAttributes) . ')\s*=\s*([^\s>]*)/is', |
| 483 | 483 | $str, |
| 484 | 484 | $matches, |
| 485 | 485 | PREG_SET_ORDER |
| 486 | 486 | ); |
| 487 | 487 | |
| 488 | - foreach ($matches as $attr) { |
|
| 489 | - $attribs[] = preg_quote($attr[0], '/'); |
|
| 490 | - } |
|
| 488 | + foreach ($matches as $attr) { |
|
| 489 | + $attribs[] = preg_quote($attr[0], '/'); |
|
| 490 | + } |
|
| 491 | 491 | |
| 492 | - // replace illegal attribute strings that are inside an html tag |
|
| 493 | - if (count($attribs) > 0) { |
|
| 494 | - $str = preg_replace( |
|
| 492 | + // replace illegal attribute strings that are inside an html tag |
|
| 493 | + if (count($attribs) > 0) { |
|
| 494 | + $str = preg_replace( |
|
| 495 | 495 | '/(<?)(\/?[^><]+?)([^A-Za-z<>\-])(.*?)(' . implode('|', $attribs) . ')(.*?)([\s><]?)([><]*)/i', |
| 496 | 496 | '$1$2 $4$6$7$8', |
| 497 | 497 | $str, |
| 498 | 498 | -1, |
| 499 | 499 | $count |
| 500 | 500 | ); |
| 501 | - } |
|
| 501 | + } |
|
| 502 | 502 | |
| 503 | - } while ($count); |
|
| 503 | + } while ($count); |
|
| 504 | 504 | |
| 505 | - return $str; |
|
| 506 | - } |
|
| 505 | + return $str; |
|
| 506 | + } |
|
| 507 | 507 | |
| 508 | 508 | /** |
| 509 | 509 | * Random Hash for protecting URLs |
@@ -856,16 +856,16 @@ discard block |
||
| 856 | 856 | * @return bool |
| 857 | 857 | */ |
| 858 | 858 | protected function isPHP($version): bool |
| 859 | - { |
|
| 859 | + { |
|
| 860 | 860 | static $_isPHP; |
| 861 | 861 | |
| 862 | - $version = (string) $version; |
|
| 862 | + $version = (string) $version; |
|
| 863 | 863 | |
| 864 | - if (!isset($_isPHP[$version])) { |
|
| 865 | - $_isPHP[$version] = version_compare(PHP_VERSION, $version, '>='); |
|
| 866 | - } |
|
| 864 | + if (!isset($_isPHP[$version])) { |
|
| 865 | + $_isPHP[$version] = version_compare(PHP_VERSION, $version, '>='); |
|
| 866 | + } |
|
| 867 | 867 | |
| 868 | - return $_isPHP[$version]; |
|
| 869 | - } |
|
| 868 | + return $_isPHP[$version]; |
|
| 869 | + } |
|
| 870 | 870 | } |
| 871 | 871 | |
@@ -89,13 +89,13 @@ discard block |
||
| 89 | 89 | |
| 90 | 90 | $this->deniedRegexList = [ |
| 91 | 91 | 'javascript\s*:', |
| 92 | - '\bon\w+=\S+(?=.*>)', // Inline JavaScript. |
|
| 92 | + '\bon\w+=\S+(?=.*>)', // Inline JavaScript. |
|
| 93 | 93 | '(document|(document\.)?window)\.(location|on\w*)', |
| 94 | 94 | 'expression\s*(\(|&\#40;)', // CSS and IE |
| 95 | - 'vbscript\s*:', // IE, surprise! |
|
| 96 | - 'wscript\s*:', // IE |
|
| 97 | - 'jscript\s*:', // IE |
|
| 98 | - 'vbs\s*:', // IE |
|
| 95 | + 'vbscript\s*:', // IE, surprise! |
|
| 96 | + 'wscript\s*:', // IE |
|
| 97 | + 'jscript\s*:', // IE |
|
| 98 | + 'vbs\s*:', // IE |
|
| 99 | 99 | 'Redirect\s+30\d:', |
| 100 | 100 | "([\"'])?data\s*:[^\\1]*?base64[^\\1]*?,[^\\1]*?\\1?", |
| 101 | 101 | ]; |
@@ -222,9 +222,9 @@ discard block |
||
| 222 | 222 | */ |
| 223 | 223 | $words = [ |
| 224 | 224 | 'javascript', 'expression', 'vbscript', 'jscript', 'wscript', |
| 225 | - 'vbs', 'script', 'base64', 'applet', 'alert', |
|
| 226 | - 'document', 'write', 'cookie', 'window', 'confirm', |
|
| 227 | - 'prompt', 'eval', |
|
| 225 | + 'vbs', 'script', 'base64', 'applet', 'alert', |
|
| 226 | + 'document', 'write', 'cookie', 'window', 'confirm', |
|
| 227 | + 'prompt', 'eval', |
|
| 228 | 228 | ]; |
| 229 | 229 | |
| 230 | 230 | foreach ($words as $word) { |
@@ -279,7 +279,7 @@ discard block |
||
| 279 | 279 | ); |
| 280 | 280 | } |
| 281 | 281 | |
| 282 | - } while($original !== $str); |
|
| 282 | + } while ($original !== $str); |
|
| 283 | 283 | |
| 284 | 284 | unset($original); |
| 285 | 285 | |
@@ -581,17 +581,17 @@ discard block |
||
| 581 | 581 | "'", '"', '&', '$', '#', |
| 582 | 582 | '{', '}', '[', ']', '=', |
| 583 | 583 | ';', '?', '%20', '%22', |
| 584 | - '%3c', // < |
|
| 585 | - '%253c', // < |
|
| 586 | - '%3e', // > |
|
| 587 | - '%0e', // > |
|
| 588 | - '%28', // ( |
|
| 589 | - '%29', // ) |
|
| 590 | - '%2528', // ( |
|
| 591 | - '%26', // & |
|
| 592 | - '%24', // $ |
|
| 593 | - '%3f', // ? |
|
| 594 | - '%3b', // ; |
|
| 584 | + '%3c', // < |
|
| 585 | + '%253c', // < |
|
| 586 | + '%3e', // > |
|
| 587 | + '%0e', // > |
|
| 588 | + '%28', // ( |
|
| 589 | + '%29', // ) |
|
| 590 | + '%2528', // ( |
|
| 591 | + '%26', // & |
|
| 592 | + '%24', // $ |
|
| 593 | + '%3f', // ? |
|
| 594 | + '%3b', // ; |
|
| 595 | 595 | '%3d' // = |
| 596 | 596 | ]; |
| 597 | 597 | |
@@ -637,19 +637,19 @@ discard block |
||
| 637 | 637 | protected function sanitizeNaughtyHtml(array $matches): string |
| 638 | 638 | { |
| 639 | 639 | static $naughtyTags = [ |
| 640 | - 'alert', 'prompt', 'confirm', 'applet', 'audio', |
|
| 641 | - 'basefont', 'base', 'behavior', 'bgsound', 'blink', |
|
| 642 | - 'body', 'embed', 'expression', 'form', 'frameset', |
|
| 643 | - 'frame', 'head', 'html', 'ilayer', 'iframe', |
|
| 644 | - 'input', 'button', 'select', 'isindex', 'layer', |
|
| 645 | - 'link', 'meta', 'keygen', 'object', 'plaintext', |
|
| 646 | - 'style', 'script', 'textarea', 'title', 'math', |
|
| 647 | - 'video', 'svg', 'xml', 'xss', |
|
| 640 | + 'alert', 'prompt', 'confirm', 'applet', 'audio', |
|
| 641 | + 'basefont', 'base', 'behavior', 'bgsound', 'blink', |
|
| 642 | + 'body', 'embed', 'expression', 'form', 'frameset', |
|
| 643 | + 'frame', 'head', 'html', 'ilayer', 'iframe', |
|
| 644 | + 'input', 'button', 'select', 'isindex', 'layer', |
|
| 645 | + 'link', 'meta', 'keygen', 'object', 'plaintext', |
|
| 646 | + 'style', 'script', 'textarea', 'title', 'math', |
|
| 647 | + 'video', 'svg', 'xml', 'xss', |
|
| 648 | 648 | ]; |
| 649 | 649 | |
| 650 | 650 | static $evilAttributes = [ |
| 651 | - 'on\w+', 'style', 'xmlns', 'seekSegmentTime', |
|
| 652 | - 'form', 'xlink:href', 'FSCommand', 'formaction', |
|
| 651 | + 'on\w+', 'style', 'xmlns', 'seekSegmentTime', |
|
| 652 | + 'form', 'xlink:href', 'FSCommand', 'formaction', |
|
| 653 | 653 | ]; |
| 654 | 654 | |
| 655 | 655 | // First, escape unclosed tags |
@@ -706,7 +706,7 @@ discard block |
||
| 706 | 706 | |
| 707 | 707 | $attributes = empty($attributes) |
| 708 | 708 | ? '' |
| 709 | - : ' '.implode(' ', $attributes); |
|
| 709 | + : ' ' . implode(' ', $attributes); |
|
| 710 | 710 | return '<' . $matches['slash'] . $matches['tagName'] . $attributes . '>'; |
| 711 | 711 | } |
| 712 | 712 | |
