Improve escaping.

Author: Maikuolan

Changelog.md

@@ -139,3 +139,7 @@ __*Why "v3.0.0" instead of "v1.0.0?"*__ Prior to phpMussel v3, the "phpMussel Co
 ### 3.4.2
 
 [2022.11.22; Maikuolan]: Maintenance release.
+
+### v3.5.0
+
+[2023.12.01; Maikuolan]: Improve escaping.

src/Loader.php

@@ -8,7 +8,7 @@
  * License: GNU/GPLv2
  * @see LICENSE.txt
  *
- * This file: The loader (last modified: 2023.10.12).
+ * This file: The loader (last modified: 2023.12.01).
  */
 
 namespace phpMussel\Core;
@@ -802,15 +802,15 @@ public function buildPath(string $Path, bool $PointsToFile = true): string
         $Restrictions = strlen(ini_get('open_basedir')) > 0;
 
         /** Split path into steps. */
-        $Steps = preg_split('~[\\\/]~', $Path, -1, PREG_SPLIT_NO_EMPTY);
+        $Steps = preg_split('~[\\\\/]~', $Path, -1, PREG_SPLIT_NO_EMPTY);
 
         /** Separate file from path. */
         $File = $PointsToFile ? array_pop($Steps) : '';
 
         /** Build directories. */
         foreach ($Steps as $Step) {
             if (!isset($Rebuilt)) {
-                $Rebuilt = preg_match('~^[\\\/]~', $Path) ? DIRECTORY_SEPARATOR . $Step : $Step;
+                $Rebuilt = preg_match('~^[\\\\/]~', $Path) ? DIRECTORY_SEPARATOR . $Step : $Step;
             } else {
                 $Rebuilt .= DIRECTORY_SEPARATOR . $Step;
             }
@@ -1102,7 +1102,7 @@ public function logRotation(string $Pattern): bool
      */
     public function resolvePaths(string $Base, bool $LastIsFile = true, bool $GZ = true): \Generator
     {
-        $Steps = preg_split('~[\\\/]~', $Base, -1, PREG_SPLIT_NO_EMPTY);
+        $Steps = preg_split('~[\\\\/]~', $Base, -1, PREG_SPLIT_NO_EMPTY);
         $LastStep = $LastIsFile ? array_pop($Steps) : '';
         $BaseFrom = '';
         $Remainder = '';
@@ -1120,8 +1120,8 @@ public function resolvePaths(string $Base, bool $LastIsFile = true, bool $GZ = t
             $LastStep = DIRECTORY_SEPARATOR . $LastStep;
         }
         $Steps = preg_replace(
-            ['~\\\{(?:dd|mm|yy|hh|ii|ss)\\\}~i', '~\\\{yyyy\\\}~i', '~\\\{(?:Day|Mon)\\\}~i', '~\\\{tz\\\}~i', '~\\\{t\\\:z\\\}~i'],
-            ['\d{2}', '\d{4}', '\w{3}', '.{1,2}\d{4}', '.{1,2}\d{2}\:\d{2}'],
+            ['~\\{(?:dd|mm|yy|hh|ii|ss)\\}~i', '~\\{yyyy\\}~i', '~\\{(?:Day|Mon)\\}~i', '~\\{tz\\}~i', '~\\{t:z\\}~i'],
+            ['\d{2}', '\d{4}', '\w{3}', '.{1,2}\d{4}', '.{1,2}\d{2}:\d{2}'],
             preg_quote($Remainder) . ($LastStep ? preg_quote($LastStep) . ($GZ ? '(?:\.gz)?' : '') . '$' : '')
         );
         $Pattern = '~^' . preg_quote($BaseFrom) . $Steps . '~i';
@@ -1179,7 +1179,7 @@ public function updateConfiguration(): bool
                     } elseif (is_string($DirValue)) {
                         /** Multiline support. */
                         $DirValue = preg_replace('~[^\x00-\xFF]~', '', str_replace(
-                            ["\\", "\0", "\7", "\8", "\t", "\n", "\x0B", "\x0C", "\r", "\x1B"],
+                            ['\\', "\0", "\7", "\8", "\t", "\n", "\x0B", "\x0C", "\r", "\x1B"],
                             ["\\\\", '\0', '\a', '\b', '\t', '\n', '\v', '\f', '\r', '\e'],
                             $DirValue
                         ));
@@ -1241,7 +1241,7 @@ private function decodeForMultilineSupport(): void
                 }
                 $DirVal = str_replace(
                     ["\\\\", '\0', '\a', '\b', '\t', '\n', '\v', '\f', '\r', '\e'],
-                    ["\\", "\0", "\7", "\8", "\t", "\n", "\x0B", "\x0C", "\r", "\x1B"],
+                    ['\\', "\0", "\7", "\8", "\t", "\n", "\x0B", "\x0C", "\r", "\x1B"],
                     $DirVal
                 );
             }

src/Scanner.php

@@ -8,7 +8,7 @@
  * License: GNU/GPLv2
  * @see LICENSE.txt
  *
- * This file: The scanner (last modified: 2023.09.25).
+ * This file: The scanner (last modified: 2023.12.01).
  */
 
 namespace phpMussel\Core;
@@ -380,7 +380,7 @@ public function directoryRecursiveList(string $Base, bool $Directories = false):
         $Offset = strlen($Base);
         $List = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($Base), \RecursiveIteratorIterator::SELF_FIRST);
         foreach ($List as $Item => $List) {
-            if (preg_match('~^(?:/\.\.|./\.|\.{3})$~', str_replace("\\", '/', substr($Item, -3))) || !is_readable($Item)) {
+            if (preg_match('~^(?:/\.\.|./\.|\.{3})$~', str_replace('\\', '/', substr($Item, -3))) || !is_readable($Item)) {
                 continue;
             }
             if (is_dir($Item) && !$Directories) {
@@ -783,7 +783,7 @@ private function recursor($Files = '', int $Depth = -1): void
         if (is_dir($Files)) {
             if (!is_readable($Files)) {
                 $this->Loader->InstanceCache['ScanErrors']++;
-                $this->atHit('', -1, preg_replace(['~[\x00-\x1F]~', '~^[\\\/]~'], '', $Files), sprintf(
+                $this->atHit('', -1, preg_replace(['~[\x00-\x1F]~', '~^[\\\\/]~'], '', $Files), sprintf(
                     $this->Loader->L10N->getString('grammar_exclamation_mark'),
                     sprintf($this->Loader->L10N->getString('response.Failed to access %s'), $OriginalFilename)
                 ), -5, $Depth);
@@ -810,7 +810,7 @@ private function recursor($Files = '', int $Depth = -1): void
         $this->resetHeuristics();
 
         /** Ensure that the original filename doesn't break lines and clean it up. */
-        $OriginalFilenameClean = preg_replace(['~[\x00-\x1F]~', '~^[\\\/]~'], '', $OriginalFilename);
+        $OriginalFilenameClean = preg_replace(['~[\x00-\x1F]~', '~^[\\\\/]~'], '', $OriginalFilename);
 
         /** Indenting to apply for "checking" . */
         $Indent = str_pad('→ ', ($Depth < 1 ? 4 : ($Depth * 3) + 4), '─', STR_PAD_LEFT);
@@ -1728,7 +1728,7 @@ private function dataHandler(string $str = '', int $Depth = 0, string $OriginalF
         ) {
             $this->Loader->InstanceCache['LookupCount'] = 0;
             $URLScanner = [
-                'FixedSource' => preg_replace('~(data|f(ile|tps?)|https?|sftp):~i', "\x01\\1:", str_replace("\\", '/', $str_norm)) . "\1",
+                'FixedSource' => preg_replace('~(data|f(ile|tps?)|https?|sftp):~i', "\x01\\1:", str_replace('\\', '/', $str_norm)) . "\1",
                 'DomainsNoLookup' => [],
                 'DomainsCount' => 0,
                 'Domains' => [],
@@ -3003,8 +3003,8 @@ private function archiveRecursor(string $Data, string $File = '', int $ScanDepth
 
                     /** Fetch and prepare filename. */
                     if ($Filename = $ArchiveObject->EntryName()) {
-                        while (strpos($Filename, "\\") !== false || strpos($Filename, '/') !== false) {
-                            $Filename = $this->Loader->substrAfterLast($Filename, "\\");
+                        while (strpos($Filename, '\\') !== false || strpos($Filename, '/') !== false) {
+                            $Filename = $this->Loader->substrAfterLast($Filename, '\\');
                             $Filename = $this->Loader->substrAfterLast($Filename, '/');
                         }
                     }
@@ -3017,7 +3017,7 @@ private function archiveRecursor(string $Data, string $File = '', int $ScanDepth
                     $Hash = hash('sha256', $Content);
                     $DataCRC32 = hash('crc32b', $Content);
                     $InternalCRC = $ArchiveObject->EntryCRC();
-                    $ThisItemRef = $ItemRef . '→' . preg_replace(['~[\x00-\x1F]~', '~^[\\\/]~'], '', $Filename);
+                    $ThisItemRef = $ItemRef . '→' . preg_replace(['~[\x00-\x1F]~', '~^[\\\\/]~'], '', $Filename);
 
                     /** Verify filesize, integrity, etc. Exit early in case of problems. */
                     if ($Filesize !== strlen($Content) || (
@@ -3264,7 +3264,7 @@ private function memoryUse(string $Path, int $Delete = 0, int $DeleteFiles = 0):
         $Files = [];
         $List = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($Path), \RecursiveIteratorIterator::SELF_FIRST);
         foreach ($List as $Item => $List) {
-            $File = str_replace("\\", '/', substr($Item, $Offset));
+            $File = str_replace('\\', '/', substr($Item, $Offset));
             if ($File && strtolower(substr($Item, -4)) === '.qfu' && is_file($Item) && !is_link($Item) && is_readable($Item)) {
                 $Files[$File] = filemtime($Item);
             }
@@ -3308,7 +3308,7 @@ private function normalise(string $str, bool $html = false, bool $decode = false
             while (true) {
                 if (
                     function_exists('gzinflate') &&
-                    $c = preg_match_all('/(gzinflate\s*\(\s*["\'])(.{1,4096})(,\d)?(["\']\s*\))/i', $str, $matches)
+                    $c = preg_match_all('/(gzinflate\s*\\(\s*["\'])(.{1,4096})(,\d)?(["\']\s*\\))/i', $str, $matches)
                 ) {
                     for ($i = 0; $c > $i; $i++) {
                         $str = str_ireplace(
@@ -3321,8 +3321,8 @@ function_exists('gzinflate') &&
                 }
                 if ($c = preg_match_all(
                     '/(base64_decode|decode_base64|base64\.b64decode|atob|Base64\.decode64)(\s*' .
-                    '\(\s*["\'\`])([\da-z+\/]{4})*([\da-z+\/]{4}|[\da-z+\/]{3}=|[\da-z+\/]{2}==)(["\'\`]' .
-                    '\s*\))/i',
+                    '\\(\s*["\'\`])([\da-z+\/]{4})*([\da-z+\/]{4}|[\da-z+\/]{3}=|[\da-z+\/]{2}==)(["\'\`]' .
+                    '\s*\\))/i',
                     $str,
                     $matches
                 )) {
@@ -3336,7 +3336,7 @@ function_exists('gzinflate') &&
                     continue;
                 }
                 if ($c = preg_match_all(
-                    '/(str_rot13\s*\(\s*["\'])([^\'"\(\)]{1,4096})(["\']\s*\))/i',
+                    '/(str_rot13\s*\\(\s*["\'])([^\'"\\(\\)]{1,4096})(["\']\s*\\))/i',
                     $str,
                     $matches
                 )) {
@@ -3350,7 +3350,7 @@ function_exists('gzinflate') &&
                     continue;
                 }
                 if ($c = preg_match_all(
-                    '/(hex2bin\s*\(\s*["\'])([\da-f]{1,4096})(["\']\s*\))/i',
+                    '/(hex2bin\s*\\(\s*["\'])([\da-f]{1,4096})(["\']\s*\\))/i',
                     $str,
                     $matches
                 )) {
@@ -3364,7 +3364,7 @@ function_exists('gzinflate') &&
                     continue;
                 }
                 if ($c = preg_match_all(
-                    '/([Uu][Nn][Pp][Aa][Cc][Kk]\s*\(\s*["\']\s*H\*\s*["\']\s*,\s*["\'])([\da-fA-F]{1,4096})(["\']\s*\))/',
+                    '/([Uu][Nn][Pp][Aa][Cc][Kk]\s*\\(\s*["\']\s*H\*\s*["\']\s*,\s*["\'])([\da-fA-F]{1,4096})(["\']\s*\\))/',
                     $str,
                     $matches
                 )) {
@@ -3833,7 +3833,7 @@ private function matchVarInSigFile($Actual, $Expected): bool
      */
     private function splitSigParts(string $Sig, int $Max = -1): array
     {
-        return preg_split('~(?<!\?|\<)\:~', $Sig, $Max, PREG_SPLIT_NO_EMPTY);
+        return preg_split('~(?<!\?|\<):~', $Sig, $Max, PREG_SPLIT_NO_EMPTY);
     }
 
     /**

src/TarHandler.php

@@ -8,7 +8,7 @@
  * License: GNU/GPLv2
  * @see LICENSE.txt
  *
- * This file: Tar handler (last modified: 2021.07.10).
+ * This file: Tar handler (last modified: 2023.12.01).
  */
 
 namespace phpMussel\Core;
@@ -104,7 +104,7 @@ public function EntryIsDirectory(): bool
     {
         $Name = $this->EntryName();
         $Separator = substr($Name, -1, 1);
-        return (($Separator === "\\" || $Separator === '/') && $this->EntryActualSize() === 0);
+        return (($Separator === '\\' || $Separator === '/') && $this->EntryActualSize() === 0);
     }
 
     /**

src/TemporaryFileHandler.php

@@ -8,7 +8,7 @@
  * License: GNU/GPLv2
  * @see LICENSE.txt
  *
- * This file: Temporary file handler (last modified: 2021.07.10).
+ * This file: Temporary file handler (last modified: 2023.12.01).
  */
 
 namespace phpMussel\Core;
@@ -30,7 +30,7 @@ class TemporaryFileHandler
     public function __construct(string $Content, string $Location)
     {
         /** Pad the location if necessary. */
-        if (($Pad = substr($Location, -1)) && ($Pad !== '/') && ($Pad !== "\\") && ($Pad !== DIRECTORY_SEPARATOR)) {
+        if (($Pad = substr($Location, -1)) && ($Pad !== '/') && ($Pad !== '\\') && ($Pad !== DIRECTORY_SEPARATOR)) {
             $Location .= DIRECTORY_SEPARATOR;
         }