Address PHPStan warnings in 'classes/sanitizer.php'.

This also includes some minor tweaks to things that call 'Sanitizer::sanitize()'.
This commit is contained in:
wn_ 2021-11-11 19:59:25 +00:00
parent 3f8aaffd34
commit 03495c11ed
6 changed files with 28 additions and 13 deletions

View File

@ -351,7 +351,7 @@ class API extends Handler {
$article['content'] = Sanitizer::sanitize(
$entry->content,
self::_param_to_bool($entry->hide_images),
false, $entry->site_url, false, $entry->id);
null, $entry->site_url, null, $entry->id);
} else {
$article['content'] = $entry->content;
}
@ -746,7 +746,7 @@ class API extends Handler {
$headline_row["content"] = Sanitizer::sanitize(
$line["content"],
self::_param_to_bool($line['hide_images']),
false, $line["site_url"], false, $line["id"]);
null, $line["site_url"], null, $line["id"]);
} else {
$headline_row["content"] = $line["content"];
}

View File

@ -271,7 +271,7 @@ class Feeds extends Handler_Protected {
$this->_mark_timestamp(" pre-sanitize");
$line["content"] = Sanitizer::sanitize($line["content"],
$line['hide_images'], false, $line["site_url"], $highlight_words, $line["id"]);
$line['hide_images'], null, $line["site_url"], $highlight_words, $line["id"]);
$this->_mark_timestamp(" sanitize");

View File

@ -109,7 +109,7 @@ class Handler_Public extends Handler {
$tpl->setVariable('ARTICLE_EXCERPT', $line["content_preview"], true);
$content = Sanitizer::sanitize($line["content"], false, $owner_uid,
$feed_site_url, false, $line["id"]);
$feed_site_url, null, $line["id"]);
$content = DiskCache::rewrite_urls($content);
@ -207,7 +207,7 @@ class Handler_Public extends Handler {
$article['link'] = $line['link'];
$article['title'] = $line['title'];
$article['excerpt'] = $line["content_preview"];
$article['content'] = Sanitizer::sanitize($line["content"], false, $owner_uid, $feed_site_url, false, $line["id"]);
$article['content'] = Sanitizer::sanitize($line["content"], false, $owner_uid, $feed_site_url, null, $line["id"]);
$article['updated'] = date('c', strtotime($line["updated"]));
if (!empty($line['note'])) $article['note'] = $line['note'];

View File

@ -1,6 +1,10 @@
<?php
class Sanitizer {
private static function strip_harmful_tags($doc, $allowed_elements, $disallowed_attributes) {
/**
* @param array<int, string> $allowed_elements
* @param array<int, string> $disallowed_attributes
*/
private static function strip_harmful_tags(DOMDocument $doc, array $allowed_elements, $disallowed_attributes): DOMDocument {
$xpath = new DOMXPath($doc);
$entries = $xpath->query('//*');
@ -40,7 +44,7 @@ class Sanitizer {
return $doc;
}
public static function iframe_whitelisted($entry) {
public static function iframe_whitelisted(DOMNode $entry): bool {
$src = parse_url($entry->getAttribute("src"), PHP_URL_HOST);
if (!empty($src))
@ -49,11 +53,16 @@ class Sanitizer {
return false;
}
private static function is_prefix_https() {
private static function is_prefix_https(): bool {
return parse_url(Config::get(Config::SELF_URL_PATH), PHP_URL_SCHEME) == 'https';
}
public static function sanitize($str, $force_remove_images = false, $owner = false, $site_url = false, $highlight_words = false, $article_id = false) {
/**
* @param array<int, string>|null $highlight_words Words to highlight in the HTML output.
*
* @return false|string The HTML, or false if an error occurred.
*/
public static function sanitize(string $str, bool $force_remove_images = false, int $owner = null, string $site_url = null, array $highlight_words = null, int $article_id = null) {
if (!$owner && isset($_SESSION["uid"]))
$owner = $_SESSION["uid"];
@ -183,7 +192,7 @@ class Sanitizer {
$div->appendChild($entry);
}
if ($highlight_words && is_array($highlight_words)) {
if (is_array($highlight_words)) {
foreach ($highlight_words as $word) {
// http://stackoverflow.com/questions/4081372/highlight-keywords-in-a-paragraph

View File

@ -181,8 +181,14 @@
return Feeds::_get_counters($feed, $is_cat, true, $_SESSION["uid"]);
}
/** function is @deprecated by Sanitizer::sanitize() */
function sanitize($str, $force_remove_images = false, $owner = false, $site_url = false, $highlight_words = false, $article_id = false) {
/**
* @deprecated by Sanitizer::sanitize()
*
* @param array<int, string>|null $highlight_words Words to highlight in the HTML output.
*
* @return false|string The HTML, or false if an error occurred.
*/
function sanitize(string $str, bool $force_remove_images = false, int $owner = null, string $site_url = null, array $highlight_words = null, int $article_id = null) {
return Sanitizer::sanitize($str, $force_remove_images, $owner, $site_url, $highlight_words, $article_id);
}

View File

@ -133,7 +133,7 @@ class Share extends Plugin {
$line["content"] = Sanitizer::sanitize($line["content"],
$line['hide_images'],
$owner_uid, $line["site_url"], false, $line["id"]);
$owner_uid, $line["site_url"], null, $line["id"]);
PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_RENDER_ARTICLE,
function ($result) use (&$line) {