Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Fixing up some checkstyle issues. #221

Merged
merged 3 commits into from

2 participants

This page is out of date. Refresh to see the latest.
View
46 libraries/joomla/application/input/cookie.php
@@ -53,37 +53,37 @@ public function __construct($source = null, $options = array())
*
* @param string $name Name of the value to set.
* @param mixed $value Value to assign to the input.
- * @param int $expire The time the cookie expires. This is a Unix timestamp so is in number
- * of seconds since the epoch. In other words, you'll most likely set this
- * with the time() function plus the number of seconds before you want it
- * to expire. Or you might use mktime(). time()+60*60*24*30 will set the
- * cookie to expire in 30 days. If set to 0, or omitted, the cookie will
- * expire at the end of the session (when the browser closes).
+ * @param integer $expire The time the cookie expires. This is a Unix timestamp so is in number
+ * of seconds since the epoch. In other words, you'll most likely set this
+ * with the time() function plus the number of seconds before you want it
+ * to expire. Or you might use mktime(). time()+60*60*24*30 will set the
+ * cookie to expire in 30 days. If set to 0, or omitted, the cookie will
+ * expire at the end of the session (when the browser closes).
* @param string $path The path on the server in which the cookie will be available on. If set
- * to '/', the cookie will be available within the entire domain. If set to
- * '/foo/', the cookie will only be available within the /foo/ directory and
- * all sub-directories such as /foo/bar/ of domain. The default value is the
- * current directory that the cookie is being set in.
+ * to '/', the cookie will be available within the entire domain. If set to
+ * '/foo/', the cookie will only be available within the /foo/ directory and
+ * all sub-directories such as /foo/bar/ of domain. The default value is the
+ * current directory that the cookie is being set in.
* @param string $domain The domain that the cookie is available to. To make the cookie available
- * on all subdomains of example.com (including example.com itself) then you'd
- * set it to '.example.com'. Although some browsers will accept cookies without
- * the initial ., RFC 2109 requires it to be included. Setting the domain to
- * 'www.example.com' or '.www.example.com' will make the cookie only available
- * in the www subdomain.
+ * on all subdomains of example.com (including example.com itself) then you'd
+ * set it to '.example.com'. Although some browsers will accept cookies without
+ * the initial ., RFC 2109 requires it to be included. Setting the domain to
+ * 'www.example.com' or '.www.example.com' will make the cookie only available
+ * in the www subdomain.
* @param boolean $secure Indicates that the cookie should only be transmitted over a secure HTTPS
- * connection from the client. When set to TRUE, the cookie will only be set
- * if a secure connection exists. On the server-side, it's on the programmer
- * to send this kind of cookie only on secure connection (e.g. with respect
- * to $_SERVER["HTTPS"]).
+ * connection from the client. When set to TRUE, the cookie will only be set
+ * if a secure connection exists. On the server-side, it's on the programmer
+ * to send this kind of cookie only on secure connection (e.g. with respect
+ * to $_SERVER["HTTPS"]).
* @param boolean $httpOnly When TRUE the cookie will be made accessible only through the HTTP protocol.
- * This means that the cookie won't be accessible by scripting languages, such
- * as JavaScript. This setting can effectively help to reduce identity theft
- * through XSS attacks (although it is not supported by all browsers).
+ * This means that the cookie won't be accessible by scripting languages, such
+ * as JavaScript. This setting can effectively help to reduce identity theft
+ * through XSS attacks (although it is not supported by all browsers).
*
* @return void
*
- * @see setcookie()
* @link http://www.ietf.org/rfc/rfc2109.txt
+ * @see setcookie()
* @since 11.1
*/
public function set($name, $value, $expire = 0, $path = '', $domain = '', $secure = false, $httpOnly = false)
View
2  libraries/joomla/base/observable.php
@@ -155,7 +155,7 @@ public function attach($observer)
*
* @param object $observer An observer object to detach.
*
- * @return bool True if the observer object was detached.
+ * @return boolean True if the observer object was detached.
*
* @since 11.1
*/
View
46 libraries/joomla/database/database.php
@@ -24,7 +24,7 @@
/**
* Test to see if the connector is available.
*
- * @return bool True on success, false otherwise.
+ * @return boolean True on success, false otherwise.
*
* @since 11.2
*/
@@ -653,7 +653,7 @@ public function getPrefix()
/**
* Get the current or query, or new JDatabaseQuery object.
*
- * @param bool $new False to return the last query set, True to return a new JDatabaseQuery object.
+ * @param boolean $new False to return the last query set, True to return a new JDatabaseQuery object.
*
* @return mixed The current value of the internal SQL variable or a new JDatabaseQuery object.
*
@@ -665,8 +665,8 @@ public function getPrefix()
/**
* Retrieves field information about the given tables.
*
- * @param string $table The name of the database table.
- * @param bool $typeOnly True (default) to only return field types.
+ * @param string $table The name of the database table.
+ * @param boolean $typeOnly True (default) to only return field types.
*
* @return array An array of fields by table.
*
@@ -712,7 +712,7 @@ public function getPrefix()
/**
* Determine whether or not the database engine supports UTF-8 character encoding.
*
- * @return bool True if the database engine supports UTF-8 character encoding.
+ * @return boolean True if the database engine supports UTF-8 character encoding.
*
* @since 11.1
*/
@@ -755,7 +755,7 @@ public function getUTFSupport()
* @param object &$object A reference to an object whose public properties match the table fields.
* @param string $key The name of the primary key. If provided the object property is updated.
*
- * @return bool True on success.
+ * @return boolean True on success.
*
* @since 11.1
* @throws JDatabaseException
@@ -1182,8 +1182,8 @@ public function loadRowList($key = null)
/**
* Method to quote and optionally escape a string to database requirements for insertion into the database.
*
- * @param string $text The string to quote.
- * @param bool $escape True to escape the string, false to leave it unchanged.
+ * @param string $text The string to quote.
+ * @param boolean $escape True to escape the string, false to leave it unchanged.
*
* @return string The quoted input string.
*
@@ -1326,7 +1326,7 @@ public function replacePrefix($sql, $prefix = '#__')
*
* @param string $database The name of the database to select for use.
*
- * @return bool True if the database was successfully selected.
+ * @return boolean True if the database was successfully selected.
*
* @since 11.1
* @throws JDatabaseException
@@ -1336,9 +1336,9 @@ public function replacePrefix($sql, $prefix = '#__')
/**
* Sets the database debugging state for the driver.
*
- * @param bool $level True to enable debugging.
+ * @param boolean $level True to enable debugging.
*
- * @return bool The old debugging level.
+ * @return boolean The old debugging level.
*
* @since 11.1
*/
@@ -1373,7 +1373,7 @@ public function setQuery($query, $offset = 0, $limit = 0)
/**
* Set the connection to use UTF-8 character encoding.
*
- * @return bool True on success.
+ * @return boolean True on success.
*
* @since 11.1
*/
@@ -1412,12 +1412,12 @@ public function setQuery($query, $offset = 0, $limit = 0)
/**
* Updates a row in a table based on an object's properties.
*
- * @param string $table The name of the database table to update.
- * @param object &$object A reference to an object whose public properties match the table fields.
- * @param string $key The name of the primary key.
- * @param bool $nulls True to update null fields or false to ignore them.
+ * @param string $table The name of the database table to update.
+ * @param object &$object A reference to an object whose public properties match the table fields.
+ * @param string $key The name of the primary key.
+ * @param boolean $nulls True to update null fields or false to ignore them.
*
- * @return bool True on success.
+ * @return boolean True on success.
*
* @since 11.1
* @throws JDatabaseException
@@ -1517,7 +1517,7 @@ public function debug($level)
/**
* Gets the error message from the database connection.
*
- * @param bool $escaped True to escape the message string for use in JavaScript.
+ * @param boolean $escaped True to escape the message string for use in JavaScript.
*
* @return string The error message for the most recent query.
*
@@ -1558,8 +1558,8 @@ public function getErrorNum()
/**
* Method to escape a string for usage in an SQL statement.
*
- * @param string $text The string to be escaped.
- * @param bool $extra Optional parameter to provide extra escaping.
+ * @param string $text The string to be escaped.
+ * @param boolean $extra Optional parameter to provide extra escaping.
*
* @return string The escaped string.
*
@@ -1577,8 +1577,8 @@ public function getEscaped($text, $extra = false)
/**
* Retrieves field information about the given tables.
*
- * @param mixed $tables A table name or a list of table names.
- * @param bool $typeOnly True to only return field types.
+ * @param mixed $tables A table name or a list of table names.
+ * @param boolean $typeOnly True to only return field types.
*
* @return array An array of fields by table.
*
@@ -1699,7 +1699,7 @@ public function nameQuote($name)
/**
* Return the most recent error message for the database connector.
*
- * @param bool $showSQL True to display the SQL statement sent to the database as well as the error.
+ * @param boolean $showSQL True to display the SQL statement sent to the database as well as the error.
*
* @return string The error message for the most recent query.
*
View
10 libraries/joomla/database/database/mysql.php
@@ -136,8 +136,8 @@ public function __destruct()
/**
* Method to escape a string for usage in an SQL statement.
*
- * @param string $text The string to be escaped.
- * @param bool $extra Optional parameter to provide extra escaping.
+ * @param string $text The string to be escaped.
+ * @param boolean $extra Optional parameter to provide extra escaping.
*
* @return string The escaped string.
*
@@ -170,7 +170,7 @@ public static function test()
/**
* Determines if the connection to the server is active.
*
- * @return bool True if connected to the database engine.
+ * @return boolean True if connected to the database engine.
*
* @since 11.1
*/
@@ -354,8 +354,8 @@ public function getTableCreate($tables)
/**
* Retrieves field information about a given table.
*
- * @param string $table The name of the database table.
- * @param bool $typeOnly True to only return field types.
+ * @param string $table The name of the database table.
+ * @param boolean $typeOnly True to only return field types.
*
* @return array An array of fields for the database table.
*
View
10 libraries/joomla/database/database/mysqli.php
@@ -167,8 +167,8 @@ public function __destruct()
/**
* Method to escape a string for usage in an SQL statement.
*
- * @param string $text The string to be escaped.
- * @param bool $extra Optional parameter to provide extra escaping.
+ * @param string $text The string to be escaped.
+ * @param boolean $extra Optional parameter to provide extra escaping.
*
* @return string The escaped string.
*
@@ -382,8 +382,8 @@ public function getTableCreate($tables)
/**
* Retrieves field information about a given table.
*
- * @param string $table The name of the database table.
- * @param bool $typeOnly True to only return field types.
+ * @param string $table The name of the database table.
+ * @param boolean $typeOnly True to only return field types.
*
* @return array An array of fields for the database table.
*
@@ -615,7 +615,7 @@ public function select($database)
/**
* Set the connection to use UTF-8 character encoding.
*
- * @return bool True on success.
+ * @return boolean True on success.
*
* @since 11.1
*/
View
4 libraries/joomla/database/database/sqlsrv.php
@@ -374,8 +374,8 @@ public function getQuery($new = false)
/**
* Retrieves field information about the given tables.
*
- * @param mixed $tables A table name or a list of table names.
- * @param bool $typeOnly True to only return field types.
+ * @param mixed $tables A table name or a list of table names.
+ * @param boolean $typeOnly True to only return field types.
*
* @return array An array of fields by table.
*
View
8 libraries/joomla/database/databasequery.php
@@ -600,8 +600,8 @@ public function delete($table = null)
/**
* Method to escape a string for usage in an SQL statement.
*
- * @param string $text The string to be escaped.
- * @param bool $extra Optional parameter to provide extra escaping.
+ * @param string $text The string to be escaped.
+ * @param boolean $extra Optional parameter to provide extra escaping.
*
* @return string The escaped string.
*
@@ -847,8 +847,8 @@ public function outerJoin($conditions)
/**
* Method to quote and optionally escape a string to database requirements for insertion into the database.
*
- * @param string $text The string to quote.
- * @param bool $escape True to escape the string, false to leave it unchanged.
+ * @param string $text The string to quote.
+ * @param boolean $escape True to escape the string, false to leave it unchanged.
*
* @return string The quoted input string.
*
View
8 libraries/joomla/document/document.php
@@ -369,14 +369,14 @@ public function setBuffer($content, $options = array())
/**
* Gets a meta tag.
*
- * @param string $name Value of name or http-equiv tag
- * @param bool $http_equiv META type "http-equiv" defaults to null
+ * @param string $name Value of name or http-equiv tag
+ * @param boolean $httpEquiv META type "http-equiv" defaults to null
*
* @return string
*
* @since 11.1
*/
- public function getMetaData($name, $http_equiv = false)
+ public function getMetaData($name, $httpEquiv = false)
{
$result = '';
$name = strtolower($name);
@@ -390,7 +390,7 @@ public function getMetaData($name, $http_equiv = false)
}
else
{
- if ($http_equiv == true)
+ if ($httpEquiv == true)
{
$result = @$this->_metaTags['http-equiv'][$name];
}
View
2  libraries/joomla/environment/request.php
@@ -270,7 +270,7 @@ public static function getFloat($name, $default = 0.0, $hash = 'default')
* @param string $default Default value if the variable does not exist.
* @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD).
*
- * @return bool Requested variable.
+ * @return boolean Requested variable.
*
* @deprecated 12.1
* @since 11.1
View
8 libraries/joomla/filesystem/stream.php
@@ -170,11 +170,11 @@ function __destruct()
*
* @param string $filename Filename
* @param string $mode Mode string to use
- * @param bool $use_include_path Use the PHP include path
+ * @param boolean $use_include_path Use the PHP include path
* @param resource $context Context to use when opening
- * @param bool $use_prefix Use a prefix to open the file
- * @param bool $relative Filename is a relative path (if false, strips JPATH_ROOT to make it relative)
- * @param bool $detectprocessingmode Detect the processing method for the file and use the appropriate function
+ * @param boolean $use_prefix Use a prefix to open the file
+ * @param boolean $relative Filename is a relative path (if false, strips JPATH_ROOT to make it relative)
+ * @param boolean $detectprocessingmode Detect the processing method for the file and use the appropriate function
* to handle output automatically
*
* @return boolean
View
677 libraries/joomla/filter/filterinput.php
@@ -22,46 +22,46 @@
class JFilterInput extends JObject
{
/**
- * An array of permitted tags.
- * @var array
+ * @var array A container for JFilterInput instances.
+ * @since 11.3
+ */
+ protected static $instances = array();
+
+ /**
+ * @var array An array of permitted tags.
* @since 11.1
*/
- var $tagsArray;
+ public $tagsArray;
/**
- * An array of permitted tag attributes.
- * @var array
+ * @var array An array of permitted tag attributes.
* @since 11.1
*/
- var $attrArray;
+ public $attrArray;
/**
- * Method for tags
- * @var integer WhiteList method = 0 (default), BlackList method = 1
+ * @var integer Method for tags: WhiteList method = 0 (default), BlackList method = 1
* @since 11.1
*/
- var $tagsMethod;
+ public $tagsMethod;
/**
- * Method for attributes
- * @var integer WhiteList method = 0 (default), BlackList method = 1
- * @since 11.1
+ * @var integer Method for attributes: WhiteList method = 0 (default), BlackList method = 1
+ * @since 11.1
*/
- var $attrMethod;
+ public $attrMethod;
/**
- * Autoclean
- * @var integer Only auto clean essentials = 0, Allow clean blacklisted tags/attr = 1
+ * @var integer Only auto clean essentials = 0, Allow clean blacklisted tags/attr = 1
* @since 11.1
*/
- var $xssAuto;
+ public $xssAuto;
/**
- * Blacklisted tags
- * @var array A list of the default blacklisted tags.
+ * @var array A list of the default blacklisted tags.
* @since 11.1
*/
- var $tagBlacklist = array(
+ public $tagBlacklist = array(
'applet',
'body',
'bgsound',
@@ -83,15 +83,20 @@ class JFilterInput extends JObject
'script',
'style',
'title',
- 'xml');
+ 'xml'
+ );
/**
- * Black listed attributes
- * @var array A list of the default blacklisted tag attributes.
+ * @var array A list of the default blacklisted tag attributes. All event handlers implicit.
* @since 11.1
*/
- var $attrBlacklist = array('action', 'background', 'codebase', 'dynsrc', 'lowsrc'); // also will strip ALL event handlers
-
+ public $attrBlacklist = array(
+ 'action',
+ 'background',
+ 'codebase',
+ 'dynsrc',
+ 'lowsrc'
+ );
/**
* Constructor for inputFilter class. Only first parameter is required.
@@ -133,29 +138,22 @@ public function __construct($tagsArray = array(), $attrArray = array(), $tagsMet
*/
public static function &getInstance($tagsArray = array(), $attrArray = array(), $tagsMethod = 0, $attrMethod = 0, $xssAuto = 1)
{
- static $instances;
-
$sig = md5(serialize(array($tagsArray, $attrArray, $tagsMethod, $attrMethod, $xssAuto)));
- if (!isset($instances))
- {
- $instances = array();
- }
-
- if (empty($instances[$sig]))
+ if (empty(self::$instances[$sig]))
{
- $instances[$sig] = new JFilterInput($tagsArray, $attrArray, $tagsMethod, $attrMethod, $xssAuto);
+ self::$instances[$sig] = new JFilterInput($tagsArray, $attrArray, $tagsMethod, $attrMethod, $xssAuto);
}
- return $instances[$sig];
+ return self::$instances[$sig];
}
/**
* Method to be called by another php script. Processes for XSS and
* specified bad code.
*
- * @param mixed $source Input string/array-of-string to be 'cleaned'
- * @param string $type Return type for the variable (INT, UINT, FLOAT, BOOLEAN, WORD, ALNUM, CMD, BASE64, STRING, ARRAY, PATH, NONE)
+ * @param mixed $source Input string/array-of-string to be 'cleaned'
+ * @param string $type Return type for the variable (INT, UINT, FLOAT, BOOLEAN, WORD, ALNUM, CMD, BASE64, STRING, ARRAY, PATH, NONE)
*
* @return mixed 'Cleaned' version of input parameter
*
@@ -279,14 +277,14 @@ public static function checkAttribute($attrSubSet)
$attrSubSet[1] = strtolower($attrSubSet[1]);
return (((strpos($attrSubSet[1], 'expression') !== false) && ($attrSubSet[0]) == 'style') || (strpos($attrSubSet[1], 'javascript:') !== false) ||
- (strpos($attrSubSet[1], 'behaviour:') !== false) || (strpos($attrSubSet[1], 'vbscript:') !== false) ||
- (strpos($attrSubSet[1], 'mocha:') !== false) || (strpos($attrSubSet[1], 'livescript:') !== false));
+ (strpos($attrSubSet[1], 'behaviour:') !== false) || (strpos($attrSubSet[1], 'vbscript:') !== false) ||
+ (strpos($attrSubSet[1], 'mocha:') !== false) || (strpos($attrSubSet[1], 'livescript:') !== false));
}
/**
* Internal method to iteratively remove all unwanted tags and attributes
*
- * @param string $source Input string to be 'cleaned'
+ * @param string $source Input string to be 'cleaned'
*
* @return string 'Cleaned' version of input parameter
*
@@ -309,7 +307,7 @@ protected function _remove($source)
/**
* Internal method to strip a string of certain tags
*
- * @param string $source Input string to be 'cleaned'
+ * @param string $source Input string to be 'cleaned'
*
* @return string 'Cleaned' version of input parameter
*
@@ -394,359 +392,350 @@ protected function _cleanTags($source)
* OR no tagname
* OR remove if xssauto is on and tag is blacklisted
*/
- if ((!preg_match("/^[a-z][a-z0-9]*$/i", $tagName)) || (!$tagName) ||
- ((in_array(strtolower($tagName), $this->tagBlacklist)) && ($this->xssAuto)))
- {
- $postTag = substr($postTag, ($tagLength + 2));
- $tagOpen_start = strpos($postTag, '<');
- // Strip tag
- continue;
- }
+ if ((!preg_match("/^[a-z][a-z0-9]*$/i", $tagName)) || (!$tagName) || ((in_array(strtolower($tagName), $this->tagBlacklist)) && ($this->xssAuto)))
+ {
+ $postTag = substr($postTag, ($tagLength + 2));
+ $tagOpen_start = strpos($postTag, '<');
+ // Strip tag
+ continue;
+ }
- /*
+ /*
* Time to grab any attributes from the tag... need this section in
* case attributes have spaces in the values.
*/
- while ($currentSpace !== false)
+ while ($currentSpace !== false)
+ {
+ $attr = '';
+ $fromSpace = substr($tagLeft, ($currentSpace + 1));
+ $nextEqual = strpos($fromSpace, '=');
+ $nextSpace = strpos($fromSpace, ' ');
+ $openQuotes = strpos($fromSpace, '"');
+ $closeQuotes = strpos(substr($fromSpace, ($openQuotes + 1)), '"') + $openQuotes + 1;
+
+ $startAtt = '';
+ $startAttPosition = 0;
+
+ // Find position of equal and open quotes ignoring
+ if (preg_match('#\s*=\s*\"#', $fromSpace, $matches, PREG_OFFSET_CAPTURE))
+ {
+ $startAtt = $matches[0][0];
+ $startAttPosition = $matches[0][1];
+ $closeQuotes = strpos(substr($fromSpace, ($startAttPosition + strlen($startAtt))), '"') + $startAttPosition + strlen($startAtt);
+ $nextEqual = $startAttPosition + strpos($startAtt, '=');
+ $openQuotes = $startAttPosition + strpos($startAtt, '"');
+ $nextSpace = strpos(substr($fromSpace, $closeQuotes), ' ') + $closeQuotes;
+ }
+
+ // Do we have an attribute to process? [check for equal sign]
+ if ($fromSpace != '/' && (($nextEqual && $nextSpace && $nextSpace < $nextEqual) || !$nextEqual))
{
- $attr = '';
- $fromSpace = substr($tagLeft, ($currentSpace + 1));
- $nextEqual = strpos($fromSpace, '=');
- $nextSpace = strpos($fromSpace, ' ');
- $openQuotes = strpos($fromSpace, '"');
- $closeQuotes = strpos(substr($fromSpace, ($openQuotes + 1)), '"') + $openQuotes + 1;
-
- $startAtt = '';
- $startAttPosition = 0;
-
- // Find position of equal and open quotes ignoring
- if (preg_match('#\s*=\s*\"#', $fromSpace, $matches, PREG_OFFSET_CAPTURE))
+ if (!$nextEqual)
{
- $startAtt = $matches[0][0];
- $startAttPosition = $matches[0][1];
- $closeQuotes = strpos(substr($fromSpace, ($startAttPosition + strlen($startAtt))), '"') + $startAttPosition + strlen(
- $startAtt);
- $nextEqual = $startAttPosition + strpos($startAtt, '=');
- $openQuotes = $startAttPosition + strpos($startAtt, '"');
- $nextSpace = strpos(substr($fromSpace, $closeQuotes), ' ') + $closeQuotes;
+ $attribEnd = strpos($fromSpace, '/') - 1;
}
-
- // Do we have an attribute to process? [check for equal sign]
- if ($fromSpace != '/' && (($nextEqual && $nextSpace && $nextSpace < $nextEqual) || !$nextEqual))
+ else
{
- if (!$nextEqual)
- {
- $attribEnd = strpos($fromSpace, '/') - 1;
- }
- else
- {
- $attribEnd = $nextSpace - 1;
- }
- // If there is an ending, use this, if not, do not worry.
- if ($attribEnd > 0)
- {
- $fromSpace = substr($fromSpace, $attribEnd + 1);
- }
+ $attribEnd = $nextSpace - 1;
}
- if (strpos($fromSpace, '=') !== false)
+ // If there is an ending, use this, if not, do not worry.
+ if ($attribEnd > 0)
{
-
- // If the attribute value is wrapped in quotes we need to
- // grab the substring from the closing quote, otherwise grab
- // until the next space.
-
-
- if (($openQuotes !== false) && (strpos(substr($fromSpace, ($openQuotes + 1)), '"') !== false))
- {
- $attr = substr($fromSpace, 0, ($closeQuotes + 1));
- }
- else
- {
- $attr = substr($fromSpace, 0, $nextSpace);
- }
+ $fromSpace = substr($fromSpace, $attribEnd + 1);
+ }
+ }
+ if (strpos($fromSpace, '=') !== false)
+ {
+ // If the attribute value is wrapped in quotes we need to grab the substring from
+ // the closing quote, otherwise grab until the next space.
+ if (($openQuotes !== false) && (strpos(substr($fromSpace, ($openQuotes + 1)), '"') !== false))
+ {
+ $attr = substr($fromSpace, 0, ($closeQuotes + 1));
}
else
{
- // No more equal signs so add any extra text in the tag into
- // the attribute array [eg. checked]
-
-
- if ($fromSpace != '/')
- {
- $attr = substr($fromSpace, 0, $nextSpace);
- }
+ $attr = substr($fromSpace, 0, $nextSpace);
}
-
- // Last Attribute Pair
- if (!$attr && $fromSpace != '/')
+ }
+ // No more equal signs so add any extra text in the tag into the attribute array [eg. checked]
+ else
+ {
+ if ($fromSpace != '/')
{
- $attr = $fromSpace;
+ $attr = substr($fromSpace, 0, $nextSpace);
}
+ }
- // Add attribute pair to the attribute array
- $attrSet[] = $attr;
-
- // Move search point and continue iteration
- $tagLeft = substr($fromSpace, strlen($attr));
- $currentSpace = strpos($tagLeft, ' ');
+ // Last Attribute Pair
+ if (!$attr && $fromSpace != '/')
+ {
+ $attr = $fromSpace;
}
- // Is our tag in the user input array?
- $tagFound = in_array(strtolower($tagName), $this->tagsArray);
+ // Add attribute pair to the attribute array
+ $attrSet[] = $attr;
+
+ // Move search point and continue iteration
+ $tagLeft = substr($fromSpace, strlen($attr));
+ $currentSpace = strpos($tagLeft, ' ');
+ }
+
+ // Is our tag in the user input array?
+ $tagFound = in_array(strtolower($tagName), $this->tagsArray);
- // If the tag is allowed let's append it to the output string.
- if ((!$tagFound && $this->tagsMethod) || ($tagFound && !$this->tagsMethod))
+ // If the tag is allowed let's append it to the output string.
+ if ((!$tagFound && $this->tagsMethod) || ($tagFound && !$this->tagsMethod))
+ {
+ // Reconstruct tag with allowed attributes
+ if (!$isCloseTag)
{
- // Reconstruct tag with allowed attributes
- if (!$isCloseTag)
+ // Open or single tag
+ $attrSet = $this->_cleanAttributes($attrSet);
+ $preTag .= '<' . $tagName;
+ for ($i = 0, $count = count($attrSet); $i < $count; $i++)
{
- // Open or single tag
- $attrSet = $this->_cleanAttributes($attrSet);
- $preTag .= '<' . $tagName;
- for ($i = 0, $count = count($attrSet); $i < $count; $i++)
- {
- $preTag .= ' ' . $attrSet[$i];
- }
+ $preTag .= ' ' . $attrSet[$i];
+ }
- // Reformat single tags to XHTML
- if (strpos($fromTagOpen, '</' . $tagName))
- {
- $preTag .= '>';
- }
- else
- {
- $preTag .= ' />';
- }
+ // Reformat single tags to XHTML
+ if (strpos($fromTagOpen, '</' . $tagName))
+ {
+ $preTag .= '>';
}
else
{
- // Closing tag
- $preTag .= '</' . $tagName . '>';
+ $preTag .= ' />';
}
}
-
- // Find next tag's start and continue iteration
- $postTag = substr($postTag, ($tagLength + 2));
- $tagOpen_start = strpos($postTag, '<');
- }
-
- // Append any code after the end of tags and return
- if ($postTag != '<')
- {
- $preTag .= $postTag;
+ // Closing tag
+ else
+ {
+ $preTag .= '</' . $tagName . '>';
+ }
}
- return $preTag;
+ // Find next tag's start and continue iteration
+ $postTag = substr($postTag, ($tagLength + 2));
+ $tagOpen_start = strpos($postTag, '<');
}
- /**
- * Internal method to strip a tag of certain attributes
- *
- * @param array $attrSet Array of attribute pairs to filter
- *
- * @return array Filtered array of attribute pairs
- *
- * @since 11.1
- */
- protected function _cleanAttributes($attrSet)
+ // Append any code after the end of tags and return
+ if ($postTag != '<')
{
- // Initialise variables.
- $newSet = array();
+ $preTag .= $postTag;
+ }
- $count = count($attrSet);
- // Iterate through attribute pairs
- for ($i = 0; $i < $count; $i++)
- {
- // Skip blank spaces
- if (!$attrSet[$i])
- {
- continue;
- }
+ return $preTag;
+ }
- // Split into name/value pairs
- $attrSubSet = explode('=', trim($attrSet[$i]), 2);
- // Take the last attribute in case there is an attribute with no value
- $attrSubSet[0] = array_pop(explode(' ', trim($attrSubSet[0])));
+ /**
+ * Internal method to strip a tag of certain attributes
+ *
+ * @param array $attrSet Array of attribute pairs to filter
+ *
+ * @return array Filtered array of attribute pairs
+ *
+ * @since 11.1
+ */
+ protected function _cleanAttributes($attrSet)
+ {
+ // Initialise variables.
+ $newSet = array();
- // Remove all "non-regular" attribute names
- // AND blacklisted attributes
+ $count = count($attrSet);
+ // Iterate through attribute pairs
+ for ($i = 0; $i < $count; $i++)
+ {
+ // Skip blank spaces
+ if (!$attrSet[$i])
+ {
+ continue;
+ }
+ // Split into name/value pairs
+ $attrSubSet = explode('=', trim($attrSet[$i]), 2);
+ // Take the last attribute in case there is an attribute with no value
+ $attrSubSet[0] = array_pop(explode(' ', trim($attrSubSet[0])));
- if ((!preg_match('/[a-z]*$/i', $attrSubSet[0])) ||
- (($this->xssAuto) && ((in_array(strtolower($attrSubSet[0]), $this->attrBlacklist)) || (substr($attrSubSet[0], 0, 2) == 'on'))))
- {
- continue;
- }
+ // Remove all "non-regular" attribute names
+ // AND blacklisted attributes
- // XSS attribute value filtering
- if (isset($attrSubSet[1]))
- {
- // trim leading and trailing spaces
- $attrSubSet[1] = trim($attrSubSet[1]);
- // strips unicode, hex, etc
- $attrSubSet[1] = str_replace('&#', '', $attrSubSet[1]);
- // Strip normal newline within attr value
- $attrSubSet[1] = preg_replace('/[\n\r]/', '', $attrSubSet[1]);
- // Strip double quotes
- $attrSubSet[1] = str_replace('"', '', $attrSubSet[1]);
- // Convert single quotes from either side to doubles (Single quotes shouldn't be used to pad attr values)
- if ((substr($attrSubSet[1], 0, 1) == "'") &&
- (substr($attrSubSet[1], (strlen($attrSubSet[1]) - 1), 1) == "'"))
- {
- $attrSubSet[1] = substr($attrSubSet[1], 1, (strlen($attrSubSet[1]) - 2));
- }
- // Strip slashes
- $attrSubSet[1] = stripslashes($attrSubSet[1]);
- }
- else
- {
- continue;
- }
- // Autostrip script tags
- if (self::checkAttribute($attrSubSet))
- {
- continue;
- }
+ if ((!preg_match('/[a-z]*$/i', $attrSubSet[0])) || (($this->xssAuto) && ((in_array(strtolower($attrSubSet[0]), $this->attrBlacklist)) || (substr($attrSubSet[0], 0, 2) == 'on'))))
+ {
+ continue;
+ }
- // Is our attribute in the user input array?
- $attrFound = in_array(strtolower($attrSubSet[0]), $this->attrArray);
+ // XSS attribute value filtering
+ if (isset($attrSubSet[1]))
+ {
+ // trim leading and trailing spaces
+ $attrSubSet[1] = trim($attrSubSet[1]);
+ // strips unicode, hex, etc
+ $attrSubSet[1] = str_replace('&#', '', $attrSubSet[1]);
+ // Strip normal newline within attr value
+ $attrSubSet[1] = preg_replace('/[\n\r]/', '', $attrSubSet[1]);
+ // Strip double quotes
+ $attrSubSet[1] = str_replace('"', '', $attrSubSet[1]);
+ // Convert single quotes from either side to doubles (Single quotes shouldn't be used to pad attr values)
+ if ((substr($attrSubSet[1], 0, 1) == "'") && (substr($attrSubSet[1], (strlen($attrSubSet[1]) - 1), 1) == "'"))
+ {
+ $attrSubSet[1] = substr($attrSubSet[1], 1, (strlen($attrSubSet[1]) - 2));
+ }
+ // Strip slashes
+ $attrSubSet[1] = stripslashes($attrSubSet[1]);
+ }
+ else
+ {
+ continue;
+ }
- // If the tag is allowed lets keep it
- if ((!$attrFound && $this->attrMethod) || ($attrFound && !$this->attrMethod))
- {
- // Does the attribute have a value?
- if (empty($attrSubSet[1]) === false)
- {
- $newSet[] = $attrSubSet[0] . '="' . $attrSubSet[1] . '"';
- }
- else if ($attrSubSet[1] === "0")
- {
- // Special Case
- // Is the value 0?
- $newSet[] = $attrSubSet[0] . '="0"';
- }
- else
- {
- // Leave empty attributes alone
- $newSet[] = $attrSubSet[0] . '=""';
- }
- }
- }
+ // Autostrip script tags
+ if (self::checkAttribute($attrSubSet))
+ {
+ continue;
+ }
- return $newSet;
- }
+ // Is our attribute in the user input array?
+ $attrFound = in_array(strtolower($attrSubSet[0]), $this->attrArray);
- /**
- * Try to convert to plaintext
- *
- * @param string $source The source string.
- *
- * @return string Plaintext string
- *
- * @since 11.1
- */
- protected function _decode($source)
+ // If the tag is allowed lets keep it
+ if ((!$attrFound && $this->attrMethod) || ($attrFound && !$this->attrMethod))
+ {
+ // Does the attribute have a value?
+ if (empty($attrSubSet[1]) === false)
{
- static $ttr;
-
- if (!is_array($ttr))
- {
- // Entity decode
- $trans_tbl = get_html_translation_table(HTML_ENTITIES);
- foreach ($trans_tbl as $k => $v)
- {
- $ttr[$v] = utf8_encode($k);
- }
- }
- $source = strtr($source, $ttr);
- // Convert decimal
- $source = preg_replace('/&#(\d+);/me', "utf8_encode(chr(\\1))", $source); // decimal notation
- // Convert hex
- $source = preg_replace('/&#x([a-f0-9]+);/mei', "utf8_encode(chr(0x\\1))", $source); // hex notation
- return $source;
+ $newSet[] = $attrSubSet[0] . '="' . $attrSubSet[1] . '"';
}
-
- /**
- * Escape < > and " inside attribute values
- *
- * @param string $source The source string.
- *
- * @return string Filtered string
- * @since 11.1
- */
- protected function _escapeAttributeValues($source)
+ else if ($attrSubSet[1] === "0")
{
- $alreadyFiltered = '';
- $remainder = $source;
- $badChars = array('<', '"', '>');
- $escapedChars = array('&lt;', '&quot;', '&gt;');
- // Process each portion based on presence of =" and "<space>, "/>, or ">
- // See if there are any more attributes to process
- while (preg_match('#\s*=\s*(\"|\')#', $remainder, $matches, PREG_OFFSET_CAPTURE))
- {
- // get the portion before the attribute value
- $quotePosition = $matches[0][1];
- $nextBefore = $quotePosition + strlen($matches[0][0]);
+ // Special Case
+ // Is the value 0?
+ $newSet[] = $attrSubSet[0] . '="0"';
+ }
+ else
+ {
+ // Leave empty attributes alone
+ $newSet[] = $attrSubSet[0] . '=""';
+ }
+ }
+ }
- // Figure out if we have a single or double quote and look for the matching closing quote
- // Closing quote should be "/>, ">, "<space>, or " at the end of the string
- $quote = substr($matches[0][0], -1);
- $pregMatch = ($quote == '"') ? '#(\"\s*/\s*>|\"\s*>|\"\s+|\"$)#' : "#(\'\s*/\s*>|\'\s*>|\'\s+|\'$)#";
+ return $newSet;
+ }
- // get the portion after attribute value
- if (preg_match($pregMatch, substr($remainder, $nextBefore), $matches, PREG_OFFSET_CAPTURE))
- {
- // We have a closing quote
- $nextAfter = $nextBefore + $matches[0][1];
- }
- else
- {
- // No closing quote
- $nextAfter = strlen($remainder);
- }
- // Get the actual attribute value
- $attributeValue = substr($remainder, $nextBefore, $nextAfter - $nextBefore);
- // Escape bad chars
- $attributeValue = str_replace($badChars, $escapedChars, $attributeValue);
- $attributeValue = $this->_stripCSSExpressions($attributeValue);
- $alreadyFiltered .= substr($remainder, 0, $nextBefore) . $attributeValue . $quote;
- $remainder = substr($remainder, $nextAfter + 1);
- }
+ /**
+ * Try to convert to plaintext
+ *
+ * @param string $source The source string.
+ *
+ * @return string Plaintext string
+ *
+ * @since 11.1
+ */
+ protected function _decode($source)
+ {
+ static $ttr;
- // At this point, we just have to return the $alreadyFiltered and the $remainder
- return $alreadyFiltered . $remainder;
- }
+ if (!is_array($ttr))
+ {
+ // Entity decode
+ $trans_tbl = get_html_translation_table(HTML_ENTITIES);
+ foreach ($trans_tbl as $k => $v)
+ {
+ $ttr[$v] = utf8_encode($k);
+ }
+ }
+ $source = strtr($source, $ttr);
+ // Convert decimal
+ $source = preg_replace('/&#(\d+);/me', "utf8_encode(chr(\\1))", $source); // decimal notation
+ // Convert hex
+ $source = preg_replace('/&#x([a-f0-9]+);/mei', "utf8_encode(chr(0x\\1))", $source); // hex notation
+ return $source;
+ }
- /**
- * Remove CSS Expressions in the form of <property>:expression(...)
- *
- * @param string $source The source string.
- *
- * @return string Filtered string
- * @since 11.1
- */
- protected function _stripCSSExpressions($source)
- {
- // Strip any comments out (in the form of /*...*/)
- $test = preg_replace('#\/\*.*\*\/#U', '', $source);
- // Test for :expression
- if (!stripos($test, ':expression'))
- {
- // Not found, so we are done
- $return = $source;
- }
- else
- {
- // At this point, we have stripped out the comments and have found :expression
- // Test stripped string for :expression followed by a '('
- if (preg_match_all('#:expression\s*\(#', $test, $matches))
- {
- // If found, remove :expression
- $test = str_ireplace(':expression', '', $test);
- $return = $test;
- }
- }
- return $return;
- }
+ /**
+ * Escape < > and " inside attribute values
+ *
+ * @param string $source The source string.
+ *
+ * @return string Filtered string
+ *
+ * @since 11.1
+ */
+ protected function _escapeAttributeValues($source)
+ {
+ $alreadyFiltered = '';
+ $remainder = $source;
+ $badChars = array('<', '"', '>');
+ $escapedChars = array('&lt;', '&quot;', '&gt;');
+ // Process each portion based on presence of =" and "<space>, "/>, or ">
+ // See if there are any more attributes to process
+ while (preg_match('#\s*=\s*(\"|\')#', $remainder, $matches, PREG_OFFSET_CAPTURE))
+ {
+ // get the portion before the attribute value
+ $quotePosition = $matches[0][1];
+ $nextBefore = $quotePosition + strlen($matches[0][0]);
+
+ // Figure out if we have a single or double quote and look for the matching closing quote
+ // Closing quote should be "/>, ">, "<space>, or " at the end of the string
+ $quote = substr($matches[0][0], -1);
+ $pregMatch = ($quote == '"') ? '#(\"\s*/\s*>|\"\s*>|\"\s+|\"$)#' : "#(\'\s*/\s*>|\'\s*>|\'\s+|\'$)#";
+
+ // get the portion after attribute value
+ if (preg_match($pregMatch, substr($remainder, $nextBefore), $matches, PREG_OFFSET_CAPTURE))
+ {
+ // We have a closing quote
+ $nextAfter = $nextBefore + $matches[0][1];
+ }
+ else
+ {
+ // No closing quote
+ $nextAfter = strlen($remainder);
}
+ // Get the actual attribute value
+ $attributeValue = substr($remainder, $nextBefore, $nextAfter - $nextBefore);
+ // Escape bad chars
+ $attributeValue = str_replace($badChars, $escapedChars, $attributeValue);
+ $attributeValue = $this->_stripCSSExpressions($attributeValue);
+ $alreadyFiltered .= substr($remainder, 0, $nextBefore) . $attributeValue . $quote;
+ $remainder = substr($remainder, $nextAfter + 1);
+ }
+
+ // At this point, we just have to return the $alreadyFiltered and the $remainder
+ return $alreadyFiltered . $remainder;
+ }
+
+ /**
+ * Remove CSS Expressions in the form of <property>:expression(...)
+ *
+ * @param string $source The source string.
+ *
+ * @return string Filtered string
+ *
+ * @since 11.1
+ */
+ protected function _stripCSSExpressions($source)
+ {
+ // Strip any comments out (in the form of /*...*/)
+ $test = preg_replace('#\/\*.*\*\/#U', '', $source);
+ // Test for :expression
+ if (!stripos($test, ':expression'))
+ {
+ // Not found, so we are done
+ $return = $source;
+ }
+ else
+ {
+ // At this point, we have stripped out the comments and have found :expression
+ // Test stripped string for :expression followed by a '('
+ if (preg_match_all('#:expression\s*\(#', $test, $matches))
+ {
+ // If found, remove :expression
+ $test = str_ireplace(':expression', '', $test);
+ $return = $test;
+ }
+ }
+ return $return;
+ }
+}
View
31 libraries/joomla/filter/filteroutput.php
@@ -24,10 +24,13 @@ class JFilterOutput
* Object parameters that are non-string, array, object or start with underscore
* will be converted
*
- * @param object &$mixed An object to be parsed
- * @param integer $quote_style The optional quote style for the htmlspecialchars function
- * @param mixed $exclude_keys An optional string single field name or array of field names not
- * to be parsed (eg, for a textarea)
+ * @param object &$mixed An object to be parsed
+ * @param integer $quote_style The optional quote style for the htmlspecialchars function
+ * @param mixed $exclude_keys An optional string single field name or array of field names not
+ * to be parsed (eg, for a textarea)
+ *
+ * @return void
+ *
* @since 11.1
*/
public static function objectHTMLSafe(&$mixed, $quote_style = ENT_QUOTES, $exclude_keys = '')
@@ -58,7 +61,7 @@ public static function objectHTMLSafe(&$mixed, $quote_style = ENT_QUOTES, $exclu
/**
* This method processes a string and replaces all instances of & with &amp; in links only.
*
- * @param string $input String to process
+ * @param string $input String to process
*
* @return string Processed string
*
@@ -74,7 +77,7 @@ public static function linkXHTMLSafe($input)
* This method processes a string and replaces all accented UTF-8 characters by unaccented
* ASCII-7 "equivalents", whitespaces are replaced by hyphens and the string is lowercased.
*
- * @param string $input String to process
+ * @param string $string String to process
*
* @return string Processed string
*
@@ -103,7 +106,7 @@ public static function stringURLSafe($string)
/**
* This method implements unicode slugs instead of transliteration.
*
- * @param string $input String to process
+ * @param string $string String to process
*
* @return string Processed string
*
@@ -138,9 +141,9 @@ public static function stringURLUnicodeSlug($string)
/**
* Replaces &amp; with & for XHTML compliance
*
- * @param string $text Text to process
+ * @param string $text Text to process
*
- * @return string Processed string.
+ * @return string Processed string.
*
* @since 11.1
*
@@ -161,7 +164,7 @@ public static function ampReplace($text)
/**
* Callback method for replacing & with &amp; in a string
*
- * @param string $m String to process
+ * @param string $m String to process
*
* @return string Replaced string
*
@@ -177,9 +180,9 @@ public static function _ampReplaceCallback($m)
/**
* Cleans text of all formating and scripting code
*
- * @param string &$text Text to clean
+ * @param string &$text Text to clean
*
- * @return string Cleaned text.
+ * @return string Cleaned text.
*
* @since 11.1
*/
@@ -201,9 +204,9 @@ public static function cleanText(&$text)
/**
* Strip img-tags from string
*
- * @param string $string Sting to be cleaned.
+ * @param string $string Sting to be cleaned.
*
- * @return string Cleaned string
+ * @return string Cleaned string
*
* @since 11.1
*/
View
14 libraries/joomla/language/language.php
@@ -280,9 +280,9 @@ public static function getInstance($lang, $debug = false)
*
* The function checks if $jsSafe is true, then if $interpretBackslashes is true.
*
- * @param string $string The string to translate
- * @param bool $jsSafe Make the result javascript safe
- * @param bool $interpretBackSlashes Interpret \t and \n
+ * @param string $string The string to translate
+ * @param boolean $jsSafe Make the result javascript safe
+ * @param boolean $interpretBackSlashes Interpret \t and \n
*
* @return string The translation of the string
*
@@ -432,7 +432,7 @@ public function getPluralSufficesCallback()
{
// Deprecation warning.
JLog::add('JLanguage::_getPluralSufficesCallback() is deprecated.', JLog::WARNING, 'deprecated');
-
+
return $this->getPluralSuffixesCallback();
}
@@ -1130,7 +1130,7 @@ public function getUsed()
*
* @param string $string The key to check.
*
- * @return bool True, if the key exists.
+ * @return boolean True, if the key exists.
*
* @since 11.1
*/
@@ -1277,7 +1277,7 @@ public static function _parseLanguageFiles($dir = null)
{
// Deprecation warning.
JLog::add('JLanguage::_parseLanguageFiles() is deprecated.', JLog::WARNING, 'deprecated');
-
+
return self::parseLanguageFiles($dir);
}
@@ -1323,7 +1323,7 @@ public static function _parseXMLLanguageFiles($dir = null)
{
// Deprecation warning.
JLog::add('JLanguage::_parseXMLLanguageFiles() is deprecated.', JLog::WARNING, 'deprecated');
-
+
return self::parseXMLLanguageFiles($dir);
}
View
6 libraries/loader.php
@@ -162,9 +162,9 @@ public static function getClassList()
/**
* Directly register a class to the autoload list.
*
- * @param string $class The class name to register.
- * @param string $path Full path to the file that holds the class to register.
- * @param bool $force True to overwrite the autoload path value for the class if it already exists.
+ * @param string $class The class name to register.
+ * @param string $path Full path to the file that holds the class to register.
+ * @param boolean $force True to overwrite the autoload path value for the class if it already exists.
*
* @return void
*
View
4 tests/suite/joomla/database/database/JDatabaseMySQLTest.php
@@ -99,8 +99,8 @@ public function testConnected()
/**
* Tests the JDatabaseMySQL escape method.
*
- * @param string $text The string to be escaped.
- * @param bool $extra Optional parameter to provide extra escaping.
+ * @param string $text The string to be escaped.
+ * @param boolean $extra Optional parameter to provide extra escaping.
*
* @return void
*
View
4 tests/suite/joomla/database/database/JDatabaseMySQLiTest.php
@@ -70,8 +70,8 @@ public function testConnected()
/**
* Tests the JDatabaseMySQL escape method.
*
- * @param string $text The string to be escaped.
- * @param bool $extra Optional parameter to provide extra escaping.
+ * @param string $text The string to be escaped.
+ * @param boolean $extra Optional parameter to provide extra escaping.
*
* @return void
*
View
4 tests/suite/joomla/database/database/JDatabaseQueryInspector.php
@@ -57,8 +57,8 @@ public function get($property)
/**
* Dummy method to just return the text.
*
- * @param string The string to be escaped.
- * @param bool Optional parameter to provide extra escaping.
+ * @param string $text The string to be escaped.
+ * @param boolean $extra Optional parameter to provide extra escaping.
*
* @return string The escaped string.
*
View
10 tests/suite/joomla/database/database/JDatabaseQueryTest.php
@@ -442,8 +442,8 @@ public function testLeftJoin()
/**
* Tests the quoteName method.
*
- * @param bool $quoted The value of the quoted argument.
- * @param string $expected The expected result.
+ * @param boolean $quoted The value of the quoted argument.
+ * @param string $expected The expected result.
*
* @return void
*
@@ -481,9 +481,9 @@ public function testOuterJoin()
/**
* Tests the quoteName method.
*
- * @param bool $text The value to be quoted.
- * @param bool $escape True to escape the string, false to leave it unchanged.
- * @param string $expected The expected result.
+ * @param boolean $text The value to be quoted.
+ * @param boolean $escape True to escape the string, false to leave it unchanged.
+ * @param string $expected The expected result.
*
* @return void
*
Something went wrong with that request. Please try again.