Address PHPStan warnings in 'classes/sanitizer.php'.
This also includes some minor tweaks to things that call 'Sanitizer::sanitize()'.
This commit is contained in:
wn_
parent
3f8aaffd34
commit
03495c11ed
|
|
@ -351,7 +351,7 @@ class API extends Handler {
|
||||||
$article['content'] = Sanitizer::sanitize(
|
$article['content'] = Sanitizer::sanitize(
|
||||||
$entry->content,
|
$entry->content,
|
||||||
self::_param_to_bool($entry->hide_images),
|
self::_param_to_bool($entry->hide_images),
|
||||||
false, $entry->site_url, false, $entry->id);
|
null, $entry->site_url, null, $entry->id);
|
||||||
} else {
|
} else {
|
||||||
$article['content'] = $entry->content;
|
$article['content'] = $entry->content;
|
||||||
}
|
}
|
||||||
|
|
@ -746,7 +746,7 @@ class API extends Handler {
|
||||||
$headline_row["content"] = Sanitizer::sanitize(
|
$headline_row["content"] = Sanitizer::sanitize(
|
||||||
$line["content"],
|
$line["content"],
|
||||||
self::_param_to_bool($line['hide_images']),
|
self::_param_to_bool($line['hide_images']),
|
||||||
false, $line["site_url"], false, $line["id"]);
|
null, $line["site_url"], null, $line["id"]);
|
||||||
} else {
|
} else {
|
||||||
$headline_row["content"] = $line["content"];
|
$headline_row["content"] = $line["content"];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -271,7 +271,7 @@ class Feeds extends Handler_Protected {
|
||||||
$this->_mark_timestamp(" pre-sanitize");
|
$this->_mark_timestamp(" pre-sanitize");
|
||||||
|
|
||||||
$line["content"] = Sanitizer::sanitize($line["content"],
|
$line["content"] = Sanitizer::sanitize($line["content"],
|
||||||
$line['hide_images'], false, $line["site_url"], $highlight_words, $line["id"]);
|
$line['hide_images'], null, $line["site_url"], $highlight_words, $line["id"]);
|
||||||
|
|
||||||
$this->_mark_timestamp(" sanitize");
|
$this->_mark_timestamp(" sanitize");
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -109,7 +109,7 @@ class Handler_Public extends Handler {
|
||||||
$tpl->setVariable('ARTICLE_EXCERPT', $line["content_preview"], true);
|
$tpl->setVariable('ARTICLE_EXCERPT', $line["content_preview"], true);
|
||||||
|
|
||||||
$content = Sanitizer::sanitize($line["content"], false, $owner_uid,
|
$content = Sanitizer::sanitize($line["content"], false, $owner_uid,
|
||||||
$feed_site_url, false, $line["id"]);
|
$feed_site_url, null, $line["id"]);
|
||||||
|
|
||||||
$content = DiskCache::rewrite_urls($content);
|
$content = DiskCache::rewrite_urls($content);
|
||||||
|
|
||||||
|
|
@ -207,7 +207,7 @@ class Handler_Public extends Handler {
|
||||||
$article['link'] = $line['link'];
|
$article['link'] = $line['link'];
|
||||||
$article['title'] = $line['title'];
|
$article['title'] = $line['title'];
|
||||||
$article['excerpt'] = $line["content_preview"];
|
$article['excerpt'] = $line["content_preview"];
|
||||||
$article['content'] = Sanitizer::sanitize($line["content"], false, $owner_uid, $feed_site_url, false, $line["id"]);
|
$article['content'] = Sanitizer::sanitize($line["content"], false, $owner_uid, $feed_site_url, null, $line["id"]);
|
||||||
$article['updated'] = date('c', strtotime($line["updated"]));
|
$article['updated'] = date('c', strtotime($line["updated"]));
|
||||||
|
|
||||||
if (!empty($line['note'])) $article['note'] = $line['note'];
|
if (!empty($line['note'])) $article['note'] = $line['note'];
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,10 @@
|
||||||
<?php
|
<?php
|
||||||
class Sanitizer {
|
class Sanitizer {
|
||||||
private static function strip_harmful_tags($doc, $allowed_elements, $disallowed_attributes) {
|
/**
|
||||||
|
* @param array<int, string> $allowed_elements
|
||||||
|
* @param array<int, string> $disallowed_attributes
|
||||||
|
*/
|
||||||
|
private static function strip_harmful_tags(DOMDocument $doc, array $allowed_elements, $disallowed_attributes): DOMDocument {
|
||||||
$xpath = new DOMXPath($doc);
|
$xpath = new DOMXPath($doc);
|
||||||
$entries = $xpath->query('//*');
|
$entries = $xpath->query('//*');
|
||||||
|
|
||||||
|
|
@ -40,7 +44,7 @@ class Sanitizer {
|
||||||
return $doc;
|
return $doc;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function iframe_whitelisted($entry) {
|
public static function iframe_whitelisted(DOMNode $entry): bool {
|
||||||
$src = parse_url($entry->getAttribute("src"), PHP_URL_HOST);
|
$src = parse_url($entry->getAttribute("src"), PHP_URL_HOST);
|
||||||
|
|
||||||
if (!empty($src))
|
if (!empty($src))
|
||||||
|
|
@ -49,11 +53,16 @@ class Sanitizer {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
private static function is_prefix_https() {
|
private static function is_prefix_https(): bool {
|
||||||
return parse_url(Config::get(Config::SELF_URL_PATH), PHP_URL_SCHEME) == 'https';
|
return parse_url(Config::get(Config::SELF_URL_PATH), PHP_URL_SCHEME) == 'https';
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function sanitize($str, $force_remove_images = false, $owner = false, $site_url = false, $highlight_words = false, $article_id = false) {
|
/**
|
||||||
|
* @param array<int, string>|null $highlight_words Words to highlight in the HTML output.
|
||||||
|
*
|
||||||
|
* @return false|string The HTML, or false if an error occurred.
|
||||||
|
*/
|
||||||
|
public static function sanitize(string $str, bool $force_remove_images = false, int $owner = null, string $site_url = null, array $highlight_words = null, int $article_id = null) {
|
||||||
|
|
||||||
if (!$owner && isset($_SESSION["uid"]))
|
if (!$owner && isset($_SESSION["uid"]))
|
||||||
$owner = $_SESSION["uid"];
|
$owner = $_SESSION["uid"];
|
||||||
|
|
@ -183,7 +192,7 @@ class Sanitizer {
|
||||||
$div->appendChild($entry);
|
$div->appendChild($entry);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($highlight_words && is_array($highlight_words)) {
|
if (is_array($highlight_words)) {
|
||||||
foreach ($highlight_words as $word) {
|
foreach ($highlight_words as $word) {
|
||||||
|
|
||||||
// http://stackoverflow.com/questions/4081372/highlight-keywords-in-a-paragraph
|
// http://stackoverflow.com/questions/4081372/highlight-keywords-in-a-paragraph
|
||||||
|
|
|
||||||
|
|
@ -181,8 +181,14 @@
|
||||||
return Feeds::_get_counters($feed, $is_cat, true, $_SESSION["uid"]);
|
return Feeds::_get_counters($feed, $is_cat, true, $_SESSION["uid"]);
|
||||||
}
|
}
|
||||||
|
|
||||||
/** function is @deprecated by Sanitizer::sanitize() */
|
/**
|
||||||
function sanitize($str, $force_remove_images = false, $owner = false, $site_url = false, $highlight_words = false, $article_id = false) {
|
* @deprecated by Sanitizer::sanitize()
|
||||||
|
*
|
||||||
|
* @param array<int, string>|null $highlight_words Words to highlight in the HTML output.
|
||||||
|
*
|
||||||
|
* @return false|string The HTML, or false if an error occurred.
|
||||||
|
*/
|
||||||
|
function sanitize(string $str, bool $force_remove_images = false, int $owner = null, string $site_url = null, array $highlight_words = null, int $article_id = null) {
|
||||||
return Sanitizer::sanitize($str, $force_remove_images, $owner, $site_url, $highlight_words, $article_id);
|
return Sanitizer::sanitize($str, $force_remove_images, $owner, $site_url, $highlight_words, $article_id);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -133,7 +133,7 @@ class Share extends Plugin {
|
||||||
|
|
||||||
$line["content"] = Sanitizer::sanitize($line["content"],
|
$line["content"] = Sanitizer::sanitize($line["content"],
|
||||||
$line['hide_images'],
|
$line['hide_images'],
|
||||||
$owner_uid, $line["site_url"], false, $line["id"]);
|
$owner_uid, $line["site_url"], null, $line["id"]);
|
||||||
|
|
||||||
PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_RENDER_ARTICLE,
|
PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_RENDER_ARTICLE,
|
||||||
function ($result) use (&$line) {
|
function ($result) use (&$line) {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue