* @param array $extWhitelist Extensions which are allowed, assumed harmless.
* @return bool
*/
- public static function areServerVarsBad( $vars, $extWhitelist = array() ) {
+ public static function areServerVarsBad( $vars, $extWhitelist = [] ) {
// Check QUERY_STRING or REQUEST_URI
if ( isset( $vars['SERVER_SOFTWARE'] )
&& isset( $vars['REQUEST_URI'] )
- && self::haveUndecodedRequestUri( $vars['SERVER_SOFTWARE'] ) )
- {
+ && self::haveUndecodedRequestUri( $vars['SERVER_SOFTWARE'] )
+ ) {
$urlPart = $vars['REQUEST_URI'];
} elseif ( isset( $vars['QUERY_STRING'] ) ) {
$urlPart = $vars['QUERY_STRING'];
// Some servers have PATH_INFO but not REQUEST_URI, so we check both
// to be on the safe side.
if ( isset( $vars['PATH_INFO'] )
- && self::isUrlExtensionBad( $vars['PATH_INFO'], $extWhitelist ) )
- {
+ && self::isUrlExtensionBad( $vars['PATH_INFO'], $extWhitelist )
+ ) {
return true;
}
* URL, and which should be allowed.
* @return bool
*/
- public static function isUrlExtensionBad( $urlPart, $extWhitelist = array() ) {
+ public static function isUrlExtensionBad( $urlPart, $extWhitelist = [] ) {
if ( strval( $urlPart ) === '' ) {
return false;
}
return false;
}
- if ( in_array( $extension, array( 'php', 'php5' ) ) ) {
+ if ( in_array( $extension, [ 'php', 'php5' ] ) ) {
// Script extension, OK
return false;
}
* @param $extWhitelist array
* @return bool|string
*/
- public static function fixUrlForIE6( $url, $extWhitelist = array() ) {
+ public static function fixUrlForIE6( $url, $extWhitelist = [] ) {
$questionPos = strpos( $url, '?' );
if ( $questionPos === false ) {
$beforeQuery = $url . '?';
// If the extension is NOT exe, dll or cgi, return it
$extension = substr( $url, $pos, $nextPos - $pos );
if ( strcasecmp( $extension, 'exe' ) && strcasecmp( $extension, 'dll' ) &&
- strcasecmp( $extension, 'cgi' ) )
- {
+ strcasecmp( $extension, 'cgi' )
+ ) {
return $extension;
}
// Else continue looking
*
* @param $serverSoftware
* @return bool
- *
*/
public static function haveUndecodedRequestUri( $serverSoftware ) {
- static $whitelist = array(
+ static $whitelist = [
'Apache',
'Zeus',
- 'LiteSpeed' );
+ 'LiteSpeed' ];
if ( preg_match( '/^(.*?)($|\/| )/', $serverSoftware, $m ) ) {
return in_array( $m[1], $whitelist );
} else {