From ae47891ac5be6501a7c56c2dff949d5bfc0441e2 Mon Sep 17 00:00:00 2001 From: Roy R Date: Fri, 31 May 2024 18:47:02 -0400 Subject: [PATCH 1/2] Provide filter to simple polyfill For use with filtering down to low simple alphanumerics, getting rid of ugly html-likes, and similar. --- deploy/lib/Filter.php | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/deploy/lib/Filter.php b/deploy/lib/Filter.php index e2ca99559..f703fc487 100644 --- a/deploy/lib/Filter.php +++ b/deploy/lib/Filter.php @@ -5,8 +5,7 @@ /** * Filter & Sanitation wrappers */ -class Filter -{ +class Filter { /** * Return a casting with a result of a positive int, or else zero. * @@ -14,35 +13,31 @@ class Filter * this function will cast strings with leading integers to those integers. * E.g. 555'sql-injection becomes 555 */ - public static function toNonNegativeInt($num) - { + public static function toNonNegativeInt($num) { return ((int)$num == $num && (int)$num > 0 ? (int)$num : 0); } /** * Casts to an integer anything that can be cast that way non-destructively, otherwise null. */ - public static function toInt($dirty) - { + public static function toInt($dirty) { return $dirty == (int) $dirty ? (int) $dirty : null; // Cast anything that can be non-destructively cast. } - public static function filter_string_polyfill(string $string): string - { + public static function filter_string_polyfill(string $string): string { $str = preg_replace('/\x00|<[^>]*>?/', '', $string); - return str_replace(["'", '"'], ['', ''], $str); + return str_replace(["'", '"'], [''', '"'], $str); } /** * Strip low and high ascii characters, leave standard keyboard characters */ - public static function toSimple($dirty) - { - return filter_var( - str_replace(['"', '\''], '', Filter::filter_string_polyfill($dirty)), - FILTER_UNSAFE_RAW, + public static function toSimple($dirty) { + return static::filter_string_polyfill(filter_var( + str_replace(['"', '\''], '', $dirty), + FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH - ); + )); } } From 04fbaf78479cfe51900e5ba3afd3435ee184c8b7 Mon Sep 17 00:00:00 2001 From: "deepsource-autofix[bot]" <62050782+deepsource-autofix[bot]@users.noreply.github.com> Date: Fri, 31 May 2024 22:47:58 +0000 Subject: [PATCH 2/2] style: format code with PHP CS Fixer This commit fixes the style issues introduced in ae47891 according to the output from PHP CS Fixer. Details: https://github.com/BitLucid/ninjawars/pull/1758 --- deploy/lib/Filter.php | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/deploy/lib/Filter.php b/deploy/lib/Filter.php index f703fc487..15e704d95 100644 --- a/deploy/lib/Filter.php +++ b/deploy/lib/Filter.php @@ -5,7 +5,8 @@ /** * Filter & Sanitation wrappers */ -class Filter { +class Filter +{ /** * Return a casting with a result of a positive int, or else zero. * @@ -13,19 +14,22 @@ class Filter { * this function will cast strings with leading integers to those integers. * E.g. 555'sql-injection becomes 555 */ - public static function toNonNegativeInt($num) { + public static function toNonNegativeInt($num) + { return ((int)$num == $num && (int)$num > 0 ? (int)$num : 0); } /** * Casts to an integer anything that can be cast that way non-destructively, otherwise null. */ - public static function toInt($dirty) { + public static function toInt($dirty) + { return $dirty == (int) $dirty ? (int) $dirty : null; // Cast anything that can be non-destructively cast. } - public static function filter_string_polyfill(string $string): string { + public static function filter_string_polyfill(string $string): string + { $str = preg_replace('/\x00|<[^>]*>?/', '', $string); return str_replace(["'", '"'], [''', '"'], $str); } @@ -33,7 +37,8 @@ public static function filter_string_polyfill(string $string): string { /** * Strip low and high ascii characters, leave standard keyboard characters */ - public static function toSimple($dirty) { + public static function toSimple($dirty) + { return static::filter_string_polyfill(filter_var( str_replace(['"', '\''], '', $dirty), FILTER_SANITIZE_FULL_SPECIAL_CHARS,