-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathSanitization.php
More file actions
121 lines (98 loc) · 3.3 KB
/
Copy pathSanitization.php
File metadata and controls
121 lines (98 loc) · 3.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
<?php
declare(strict_types=1);
namespace DebugBundleWp;
final class Sanitization
{
/** @return array<string, mixed> */
public static function serverInputArray(): array
{
$server = filter_input_array(INPUT_SERVER, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
return is_array($server) ? $server : [];
}
/** @param array<string, mixed> $server
* @return array<string, string>
*/
public static function requestHeadersFromServer(array $server): array
{
$headers = [];
foreach ($server as $name => $value) {
if (!is_string($name) || !is_scalar($value)) {
continue;
}
$headerName = null;
$serverName = strtoupper($name);
if (!preg_match('/^[A-Z0-9_]+$/', $serverName)) {
continue;
}
if (str_starts_with($serverName, 'HTTP_')) {
$headerName = str_replace('_', '-', strtolower(substr($serverName, 5)));
} elseif (in_array($serverName, ['CONTENT_TYPE', 'CONTENT_LENGTH'], true)) {
$headerName = str_replace('_', '-', strtolower($serverName));
}
if ($headerName !== null && preg_match('/^[a-z0-9-]+$/', $headerName) === 1) {
$headers[$headerName] = self::sanitizeText((string) $value);
}
}
return $headers;
}
public static function requestMethod(string $default): string
{
$method = self::serverValue('REQUEST_METHOD');
if ($method === null || $method === '') {
return $default;
}
return strtoupper($method);
}
public static function requestUri(string $default): string
{
$requestUri = self::serverValue('REQUEST_URI');
if ($requestUri === null || $requestUri === '') {
return $default;
}
return $requestUri;
}
public static function ipAddress(): ?string
{
$candidates = [
self::serverValue('REMOTE_ADDR'),
];
foreach ($candidates as $candidate) {
if (!is_string($candidate) || $candidate === '') {
continue;
}
$validated = filter_var($candidate, FILTER_VALIDATE_IP);
if (is_string($validated)) {
return $validated;
}
}
return null;
}
public static function hashIp(?string $ipAddress): string
{
return hash('sha256', $ipAddress ?? 'unknown');
}
private static function serverValue(string $key): ?string
{
$server = self::serverInputArray();
$candidate = $server[$key] ?? null;
if (!is_scalar($candidate)) {
return null;
}
$value = (string) $candidate;
if (function_exists('wp_unslash')) {
$value = (string) \wp_unslash($value);
}
return $value;
}
private static function sanitizeText(string $value): string
{
if (function_exists('wp_unslash')) {
$value = (string) \wp_unslash($value);
}
if (function_exists('sanitize_text_field')) {
return (string) \sanitize_text_field($value);
}
$withoutHtml = preg_replace('/<[^>]*>/', '', $value);
return trim(is_string($withoutHtml) ? $withoutHtml : $value);
}
}