* @param array $extWhitelist Extensions which are allowed, assumed harmless.
* @return bool
*/
- public static function areServerVarsBad( $vars, $extWhitelist = array() ) {
+ public static function areServerVarsBad( $vars, $extWhitelist = [] ) {
// Check QUERY_STRING or REQUEST_URI
if ( isset( $vars['SERVER_SOFTWARE'] )
&& isset( $vars['REQUEST_URI'] )
- && self::haveUndecodedRequestUri( $vars['SERVER_SOFTWARE'] ) )
- {
+ && self::haveUndecodedRequestUri( $vars['SERVER_SOFTWARE'] )
+ ) {
$urlPart = $vars['REQUEST_URI'];
} elseif ( isset( $vars['QUERY_STRING'] ) ) {
$urlPart = $vars['QUERY_STRING'];
// Some servers have PATH_INFO but not REQUEST_URI, so we check both
// to be on the safe side.
if ( isset( $vars['PATH_INFO'] )
- && self::isUrlExtensionBad( $vars['PATH_INFO'], $extWhitelist ) )
- {
+ && self::isUrlExtensionBad( $vars['PATH_INFO'], $extWhitelist )
+ ) {
return true;
}
* URL, and which should be allowed.
* @return bool
*/
- public static function isUrlExtensionBad( $urlPart, $extWhitelist = array() ) {
+ public static function isUrlExtensionBad( $urlPart, $extWhitelist = [] ) {
if ( strval( $urlPart ) === '' ) {
return false;
}
return false;
}
- if ( in_array( $extension, array( 'php', 'php5' ) ) ) {
+ if ( in_array( $extension, [ 'php', 'php5' ] ) ) {
// Script extension, OK
return false;
}
/**
* Returns a variant of $url which will pass isUrlExtensionBad() but has the
* same GET parameters, or false if it can't figure one out.
- * @param $url
- * @param $extWhitelist array
+ * @param string $url
+ * @param array $extWhitelist
* @return bool|string
*/
- public static function fixUrlForIE6( $url, $extWhitelist = array() ) {
+ public static function fixUrlForIE6( $url, $extWhitelist = [] ) {
$questionPos = strpos( $url, '?' );
if ( $questionPos === false ) {
$beforeQuery = $url . '?';
* - if we find a possible extension followed by a dot or another illegal
* character, we ignore it and continue searching
*
- * @param string $url URL
+ * @param string $url
* @return mixed Detected extension (string), or false if none found
*/
public static function findIE6Extension( $url ) {
// If the extension is NOT exe, dll or cgi, return it
$extension = substr( $url, $pos, $nextPos - $pos );
if ( strcasecmp( $extension, 'exe' ) && strcasecmp( $extension, 'dll' ) &&
- strcasecmp( $extension, 'cgi' ) )
- {
+ strcasecmp( $extension, 'cgi' )
+ ) {
return $extension;
}
// Else continue looking
* or a specification in the style of a User-Agent header, such as
* "Apache/1.3.34 (Unix) mod_ssl/2.8.25 OpenSSL/0.9.8a PHP/4.4.2"
*
- * @param $serverSoftware
+ * @param string $serverSoftware
* @return bool
- *
*/
public static function haveUndecodedRequestUri( $serverSoftware ) {
- static $whitelist = array(
+ static $whitelist = [
'Apache',
'Zeus',
- 'LiteSpeed' );
+ 'LiteSpeed' ];
if ( preg_match( '/^(.*?)($|\/| )/', $serverSoftware, $m ) ) {
return in_array( $m[1], $whitelist );
} else {
dépôts / lhc / web / wiklou.git / blobdiff