Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
40.00% |
2 / 5 |
|
66.67% |
2 / 3 |
CRAP | |
0.00% |
0 / 1 |
| Sanitize | |
40.00% |
2 / 5 |
|
66.67% |
2 / 3 |
4.94 | |
0.00% |
0 / 1 |
| removeNUL | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
| removeStreamWrappers | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
| path | |
0.00% |
0 / 3 |
|
0.00% |
0 / 1 |
2 | |||
| 1 | <?php |
| 2 | |
| 3 | namespace WebPConvert\Helpers; |
| 4 | |
| 5 | class Sanitize |
| 6 | { |
| 7 | |
| 8 | /** |
| 9 | * The NUL character is a demon, because it can be used to bypass other tests |
| 10 | * See https://st-g.de/2011/04/doing-filename-checks-securely-in-PHP. |
| 11 | * |
| 12 | * @param string $string string remove NUL characters in |
| 13 | */ |
| 14 | public static function removeNUL($string) |
| 15 | { |
| 16 | return str_replace(chr(0), '', $string); |
| 17 | } |
| 18 | |
| 19 | public static function removeStreamWrappers($string) |
| 20 | { |
| 21 | return preg_replace('#^\\w+://#', '', $string); |
| 22 | } |
| 23 | |
| 24 | public static function path($string) |
| 25 | { |
| 26 | $string = self::removeNUL($string); |
| 27 | $string = self::removeStreamWrappers($string); |
| 28 | return $string; |
| 29 | } |
| 30 | } |