Passed
Push — 2.x ( c3afe0...a336cc )
by Terry
01:49
created

XssProtectionTrait::cleanProtectedList()   B

Complexity

Conditions 9
Paths 2

Size

Total Lines 26
Code Lines 18

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
cc 9
eloc 18
nc 2
nop 2
dl 0
loc 26
rs 8.0555
c 0
b 0
f 0
1
<?php
2
/*
3
 * This file is part of the Shieldon package.
4
 *
5
 * (c) Terry L. <[email protected]>
6
 *
7
 * For the full copyright and license information, please view the LICENSE
8
 * file that was distributed with this source code.
9
 */
10
11
declare(strict_types=1);
12
13
namespace Shieldon\Firewall\Firewall;
14
15
use Shieldon\Firewall\Security\Xss;
16
17
use function array_keys;
18
19
/*
20
 * Xss Protection Trait is loaded in Firewall instance only.
21
 */
22
trait XssProtectionTrait
23
{
24
    /**
25
     * Set XSS protection.
26
     *
27
     * @return void
28
     */
29
    protected function setXssProtection(): void
30
    {
31
        $enable = $this->getOption('xss_protection');
0 ignored issues
show
Bug introduced by
It seems like getOption() must be provided by classes using this trait. How about adding it as abstract method to this trait? ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-call  annotation

31
        /** @scrutinizer ignore-call */ 
32
        $enable = $this->getOption('xss_protection');
Loading history...
32
        $protectedList = $this->getOption('xss_protected_list');
33
        $key = array_search(true, $enable);
34
35
        if (empty($key) && empty($protectedList)) {
36
            return;
37
        }
38
39
        $xss = new Xss();
40
41
        $this->cleanPost($enable, $xss);
42
        $this->cleanGet($enable, $xss);
43
        $this->cleanCookie($enable, $xss);
44
        $this->cleanProtectedList($protectedList, $xss);
45
    }
46
47
    /**
48
     * Clean the $_POST superglobal.
49
     *
50
     * @param array $enable
51
     * @param Xss   $xss
52
     *
53
     * @return void
54
     */
55
    private function cleanPost(array $enable, Xss $xss): void
56
    {
57
        if ($enable['post']) {
58
            $this->kernel->setClosure('xss_post', function() use ($xss) {
59
                if (!empty($_POST)) {
60
                    foreach (array_keys($_POST) as $k) {
61
                        $_POST[$k] = $xss->clean($_POST[$k]);
62
                    }
63
                }
64
            });
65
        }
66
    }
67
68
    /**
69
     * Clean the $_GET superglobal.
70
     *
71
     * @param array $enable
72
     * @param Xss   $xss
73
     *
74
     * @return void
75
     */
76
    private function cleanGet(array $enable, Xss $xss): void
77
    {
78
        if ($enable['get']) {
79
            $this->kernel->setClosure('xss_get', function() use ($xss) {
80
                if (!empty($_GET)) {
81
                    foreach (array_keys($_GET) as $k) {
82
                        $_GET[$k] = $xss->clean($_GET[$k]);
83
                    }
84
                }
85
            });
86
        }
87
    }
88
89
    /**
90
     * Clean the $_COOKIE superglobal.
91
     *
92
     * @param array $enable
93
     * @param Xss   $xss
94
     *
95
     * @return void
96
     */
97
    private function cleanCookie(array $enable, Xss $xss): void
98
    {
99
        if ($enable['cookie']) {
100
            $this->kernel->setClosure('xss_cookie', function() use ($xss) {
101
                if (!empty($_COOKIE)) {
102
                    foreach (array_keys($_COOKIE) as $k) {
103
                        $_COOKIE[$k] = $xss->clean($_COOKIE[$k]);
104
                    }
105
                }
106
            });
107
        }
108
    }
109
110
    /**
111
     * Clean the specific protected varibles.
112
     *
113
     * @param array $protectedLis
114
     * @param Xss   $xss
115
     *
116
     * @return void
117
     */
118
    private function cleanProtectedList(array $protectedList, Xss $xss): void
119
    {
120
        if (!empty($protectedList)) {
121
            $this->kernel->setClosure('xss_protection', 
122
                function() use ($xss, $protectedList) {
123
                    foreach ($protectedList as $v) {
124
                        $k = $v['variable'] ?? 'undefined';
125
        
126
                        switch ($v['type']) {
127
                            case 'get':
128
                                if (!empty($_GET[$k])) {
129
                                    $_GET[$k] = $xss->clean($_GET[$k]);
130
                                }
131
                                break;
132
        
133
                            case 'post':
134
                                if (!empty($_POST[$k])) {
135
                                    $_POST[$k] = $xss->clean($_POST[$k]);
136
                                }
137
                                break;
138
        
139
                            case 'cookie':
140
                                if (!empty($_COOKIE[$k])) {
141
                                    $_COOKIE[$k] = $xss->clean($_COOKIE[$k]);
142
                                }
143
                                break;
144
                        }
145
                    }
146
                }
147
            );
148
        }
149
    }
150
}
151