Merge pull request #103 from mambax7/feature/improvements

Author: mambax7

src/FilterInput.php

@@ -29,7 +29,7 @@
  * @copyright 2005 Daniel Morris
  * @copyright 2005 - 2013 Open Source Matters, Inc. All rights reserved.
  * @copyright 2011-2023 XOOPS Project (https://xoops.org)
- * @license   GNU GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html)
+ * @license   GNU GPL 2.0 or later (https://www.gnu.org/licenses/gpl-2.0.html)
  * @link      https://xoops.org
  */
 class FilterInput
@@ -146,7 +146,7 @@ public static function getInstance(
      *
      * @param mixed $source - input string/array-of-string to be 'cleaned'
      *
-     * @return string $source - 'cleaned' version of input parameter
+     * @return string|array $source - 'cleaned' version of input parameter
      */
     public function process($source)
     {
@@ -159,7 +159,8 @@ public function process($source)
                 }
             }
             return $source;
-        } elseif (is_string($source)) {
+        }
+        if (is_string($source)) {
             // clean this string
             return $this->remove($this->decode($source));
         } else {
@@ -421,7 +422,7 @@ protected function filterTags($source)
             // appears in array specified by user
             $tagFound = in_array(strtolower($tagName), $this->tagsArray);
             // remove this tag on condition
-            if ((!$tagFound && $this->tagsMethod) || ($tagFound && !$this->tagsMethod)) {
+            if ($tagFound !== (bool) $this->tagsMethod) {
                 // reconstruct tag with allowed attributes
                 if (!$isCloseTag) {
                     $attrSet = $this->filterAttr($attrSet);
@@ -512,7 +513,7 @@ protected function filterAttr($attrSet)
             // if matches user defined array
             $attrFound = in_array(strtolower($attrSubSet[0]), $this->attrArray);
             // keep this attr on condition
-            if ((!$attrFound && $this->attrMethod) || ($attrFound && !$this->attrMethod)) {
+            if ($attrFound !== (bool) $this->attrMethod) {
                 if ($attrSubSet[1]) {
                     // attr has value
                     $newSet[] = $attrSubSet[0] . '="' . $attrSubSet[1] . '"';

src/Jwt/JsonWebToken.php

@@ -90,7 +90,9 @@ public function decode($jwtString, $assertClaims = array())
         foreach ($assertClaims as $claim => $assert) {
             if (!property_exists($values, $claim)) {
                 return false;
-            } elseif ($values->$claim != $assert) {
+            }
+
+            if ($values->$claim != $assert) {
                 return false;
             }
         }

src/ProxyCheck.php

@@ -18,7 +18,7 @@
  * @package   Xmf
  * @author    Richard Griffith <richard@geekwright.com>
  * @copyright 2019-2020 XOOPS Project (https://xoops.org)
- * @license   GNU GPL 2 or later (https://www.gnu.org/licenses/gpl-2.0.html)
+ * @license   GNU GPL 2.0 or later (https://www.gnu.org/licenses/gpl-2.0.html)
  */
 class ProxyCheck
 {
@@ -108,10 +108,12 @@ protected function getProxyEnvConfig()
      */
     protected function getProxyHeader()
     {
-        if (!isset($_SERVER[$this->proxyHeaderName]) || empty($_SERVER[$this->proxyHeaderName])) {
+        if (false === $this->proxyHeaderName || empty($_SERVER[$this->proxyHeaderName])) {
             return false;
         }
-        return $_SERVER[$this->proxyHeaderName];
+
+        // Use PHP 5.3 compatible type casting
+        return (string)$_SERVER[$this->proxyHeaderName];
     }
 
     /**

src/Random.php

@@ -18,7 +18,7 @@
  * @package   Xmf
  * @author    Richard Griffith <richard@geekwright.com>
  * @copyright 2015-2018 XOOPS Project (https://xoops.org)
- * @license   GNU GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html)
+ * @license   GNU GPL 2.0 or later (https://www.gnu.org/licenses/gpl-2.0.html)
  * @link      https://xoops.org
  */
 class Random
@@ -37,7 +37,29 @@ class Random
      */
     public static function generateOneTimeToken($hash = 'sha512', $bytes = 64)
     {
-        $token = hash($hash, random_bytes($bytes));
+        if (function_exists('random_bytes')) {
+            $randomData = random_bytes($bytes);
+        } elseif (function_exists('openssl_random_pseudo_bytes')) {
+            $crypto_strong = false;
+            $randomData = openssl_random_pseudo_bytes($bytes, $crypto_strong);
+
+            if ($randomData === false) {
+                throw new Exception("Could not generate secure random bytes.");
+            }
+
+            if (!$crypto_strong) {
+                throw new Exception("Non-cryptographically strong algorithm used for random bytes.");
+            }
+        } else {
+            $randomData = md5(uniqid(mt_rand(), true));
+        }
+
+        if ($randomData === null) {
+            throw new Exception("Failed to generate random data.");
+        }
+
+        $token = hash($hash, $randomData);
+
         return $token;
     }
 
@@ -55,7 +77,28 @@ public static function generateOneTimeToken($hash = 'sha512', $bytes = 64)
      */
     public static function generateKey($hash = 'sha512', $bytes = 128)
     {
-        $token = hash($hash, random_bytes($bytes));
+        if (function_exists('random_bytes')) {
+            $randomData = random_bytes($bytes);
+        } elseif (function_exists('openssl_random_pseudo_bytes')) {
+            $crypto_strong = false;
+            $randomData = openssl_random_pseudo_bytes($bytes, $crypto_strong);
+
+            if ($randomData === false) {
+                throw new Exception("Could not generate secure random bytes.");
+            }
+
+            if (!$crypto_strong) {
+                throw new Exception("Non-cryptographically strong algorithm used for random bytes.");
+            }
+        } else {
+            $randomData = md5(uniqid(mt_rand(), true));
+        }
+
+        if ($randomData === null) {
+            throw new Exception("Failed to generate random data.");
+        }
+
+        $token = hash($hash, $randomData);
         return $token;
     }
 }

src/Request.php

@@ -24,7 +24,7 @@
  * @author    trabis <lusopoemas@gmail.com>
  * @author    Joomla!
  * @copyright 2011-2023 XOOPS Project (https://xoops.org)
- * @license   GNU GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html)
+ * @license   GNU GPL 2.0 or later (https://www.gnu.org/licenses/gpl-2.0.html)
  * @link      https://xoops.org
  */
 class Request
@@ -338,6 +338,7 @@ public static function getIP($name, $default = '', $hash = 'default')
      */
     public static function getHeader($headerName, $default = '')
     {
+        /** @var string[] $headers */
         static $headers = null;
 
         if (null === $headers) {
@@ -348,10 +349,10 @@ public static function getHeader($headerName, $default = '')
                     $headers[strtolower($name)] = $value;
                 }
             } else {
-                // From joyview - http://php.net/manual/en/function.getallheaders.php
+                // From joyview - https://php.net/manual/en/function.getallheaders.php
                 foreach ($_SERVER as $name => $value) {
                     if ('HTTP_' === substr($name, 0, 5)) {
-                        $translatedName = str_replace(' ', '-', strtolower(str_replace('_', ' ', substr($name, 5))));
+                        $translatedName = (string)str_replace(' ', '-', strtolower(str_replace('_', ' ', substr($name, 5))));
                         $headers[$translatedName] = $value;
                     }
                 }
@@ -371,7 +372,7 @@ public static function getHeader($headerName, $default = '')
      * @param string $name variable to look for
      * @param string $hash hash to check
      *
-     * @return boolean True if hash has an element 'name', otherwise false
+     * @return bool True if hash has an element 'name', otherwise false
      */
     public static function hasVar($name, $hash = 'default')
     {
@@ -391,10 +392,10 @@ public static function hasVar($name, $hash = 'default')
     /**
      * Set a variable in one of the request variables
      *
-     * @param string  $name      Name
-     * @param string  $value     Value
-     * @param string  $hash      Hash
-     * @param boolean $overwrite Boolean
+     * @param string $name      Name
+     * @param string $value     Value
+     * @param string $hash      Hash
+     * @param bool   $overwrite Boolean
      *
      * @return string Previous value
      */
@@ -516,9 +517,9 @@ public static function get($hash = 'default', $mask = 0)
     /**
      * Sets a request variable
      *
-     * @param array   $array     An associative array of key-value pairs
-     * @param string  $hash      The request variable to set (POST, GET, FILES, METHOD)
-     * @param boolean $overwrite If true and an existing key is found, the value is overwritten,
+     * @param array  $array       An associative array of key-value pairs
+     * @param string $hash        The request variable to set (POST, GET, FILES, METHOD)
+     * @param bool   $overwrite   If true and an existing key is found, the value is overwritten,
      *                            otherwise it is ignored
      *
      * @return void
@@ -575,7 +576,7 @@ protected static function cleanVar($var, $mask = 0, $type = null)
                 if (null === $noHtmlFilter) {
                     $noHtmlFilter = FilterInput::getInstance();
                 }
-                $var = $noHtmlFilter->clean($var, $type);
+                $var = $noHtmlFilter::clean($var, $type);
             }
         }