* @param array $extWhitelist Extensions which are allowed, assumed harmless.
* @return bool
*/
- public static function areServerVarsBad( $vars, $extWhitelist = array() ) {
+ public static function areServerVarsBad( $vars, $extWhitelist = [] ) {
// Check QUERY_STRING or REQUEST_URI
if ( isset( $vars['SERVER_SOFTWARE'] )
&& isset( $vars['REQUEST_URI'] )
* URL, and which should be allowed.
* @return bool
*/
- public static function isUrlExtensionBad( $urlPart, $extWhitelist = array() ) {
+ public static function isUrlExtensionBad( $urlPart, $extWhitelist = [] ) {
if ( strval( $urlPart ) === '' ) {
return false;
}
return false;
}
- if ( in_array( $extension, array( 'php', 'php5' ) ) ) {
+ if ( in_array( $extension, [ 'php', 'php5' ] ) ) {
// Script extension, OK
return false;
}
if ( !preg_match( '/^[a-zA-Z0-9_-]+$/', $extension ) ) {
// Non-alphanumeric extension, unlikely to be registered.
- //
// The regex above is known to match all registered file extensions
// in a default Windows XP installation. It's important to allow
// extensions with ampersands and percent signs, since that reduces
* @param $extWhitelist array
* @return bool|string
*/
- public static function fixUrlForIE6( $url, $extWhitelist = array() ) {
+ public static function fixUrlForIE6( $url, $extWhitelist = [] ) {
$questionPos = strpos( $url, '?' );
if ( $questionPos === false ) {
$beforeQuery = $url . '?';
}
// We found an illegal character or another dot
// Skip to that character and continue the loop
- $pos = $nextPos + 1;
+ $pos = $nextPos;
$remainingLength = $urlLength - $pos;
}
return false;
*
*/
public static function haveUndecodedRequestUri( $serverSoftware ) {
- static $whitelist = array(
+ return true; // Ori 13-Apr-2016
+ static $whitelist = [
'Apache',
'Zeus',
- 'LiteSpeed' );
+ 'LiteSpeed' ];
if ( preg_match( '/^(.*?)($|\/| )/', $serverSoftware, $m ) ) {
return in_array( $m[1], $whitelist );
} else {