diff --git a/.php-cs-fixer.php b/.php-cs-fixer.php index 29bc473..b423e7d 100644 --- a/.php-cs-fixer.php +++ b/.php-cs-fixer.php @@ -5,52 +5,396 @@ use PhpCsFixer\Config; use PhpCsFixer\Finder; -$rules = [ - '@Symfony' => true, - '@Symfony:risky' => true, - 'array_syntax' => [ - 'syntax' => 'short' - ], - 'binary_operator_spaces' => [ - 'operators' => [ - '=>' => 'align' - ] - ], - 'concat_space' => [ - 'spacing' => 'one' - ], - 'declare_strict_types' => true, - 'get_class_to_class_keyword' => false, - 'global_namespace_import' => false, - 'linebreak_after_opening_tag' => true, - 'mb_str_functions' => false, // specific for this repository - 'native_function_invocation' => [ - 'include' => [ - '@all' - ] +$aliasRules = [ + 'array_push' => true, + 'backtick_to_shell_exec' => true, + 'ereg_to_preg' => true, + 'mb_str_functions' => false, // specific for this repository + 'modernize_strpos' => ['modernize_stripos' => true], + 'no_alias_functions' => ['sets' => ['@all']], + 'no_alias_language_construct_call' => true, + 'no_mixed_echo_print' => ['use' => 'echo'], + 'pow_to_exponentiation' => true, + 'random_api_migration' => ['replacements' => ['getrandmax' => 'mt_getrandmax', 'srand' => 'mt_srand', 'mt_rand' => 'random_int', 'rand' => 'random_int']], + 'set_type_to_cast' => true +]; + +$arrayNotationRules = [ + 'array_syntax' => ['syntax' => 'short'], + 'no_multiline_whitespace_around_double_arrow' => true, + 'no_whitespace_before_comma_in_array' => ['after_heredoc' => true], + 'normalize_index_brace' => true, + 'return_to_yield_from' => true, + 'trim_array_spaces' => true, + 'whitespace_after_comma_in_array' => ['ensure_single_space' => true], + 'yield_from_array_to_yields' => true +]; + +$attributeNotationRules = [ + 'attribute_empty_parentheses' => ['use_parentheses' => false], + 'general_attribute_remove' => ['attributes' => []], + 'ordered_attributes' => ['order' => [], 'sort_algorithm' => 'alpha'] +]; + +$basicRules = [ + 'braces_position' => [ + 'allow_single_line_anonymous_functions' => true, + 'allow_single_line_empty_anonymous_classes' => true, + 'anonymous_classes_opening_brace' => 'same_line', + 'anonymous_functions_opening_brace' => 'same_line', + 'classes_opening_brace' => 'next_line_unless_newline_at_signature_end', + 'control_structures_opening_brace' => 'same_line', + 'functions_opening_brace' => 'next_line_unless_newline_at_signature_end' ], - 'no_php4_constructor' => true, - 'no_superfluous_phpdoc_tags' => true, + 'encoding' => true, + 'no_multiple_statements_per_line' => true, + 'no_trailing_comma_in_singleline' => ['elements' => ['arguments', 'array', 'array_destructuring', 'group_import']], + 'non_printable_character' => ['use_escape_sequences_in_strings' => true], + 'numeric_literal_separator' => false, + 'octal_notation' => true, + 'psr_autoloading' => ['dir' => null], + 'single_line_empty_body' => true +]; + +$casingRules = [ + 'class_reference_name_casing' => true, + 'constant_case' => ['case' => 'lower'], + 'integer_literal_case' => true, + 'lowercase_keywords' => true, + 'lowercase_static_reference' => true, + 'magic_constant_casing' => true, + 'magic_method_casing' => true, + 'native_function_casing' => true, + 'native_type_declaration_casing' => true +]; + +$castNotationRules = [ + 'cast_spaces' => ['space' => 'single'], + 'lowercase_cast' => true, + 'modernize_types_casting' => true, + 'no_short_bool_cast' => true, + 'no_unset_cast' => true, + 'short_scalar_cast' => true +]; + +$classNotationRules = [ + 'class_attributes_separation' => ['elements' => ['const' => 'one', 'method' => 'one', 'property' => 'one', 'trait_import' => 'none', 'case' => 'none']], + 'class_definition' => ['inline_constructor_arguments' => true, 'multi_line_extends_each_single_line' => false, 'single_item_single_line' => true, 'single_line' => true, 'space_before_parenthesis' => false], + 'final_class' => false, + 'final_internal_class' => false, + 'final_public_method_for_abstract_class' => false, + 'no_blank_lines_after_class_opening' => true, + 'no_null_property_initialization' => true, + 'no_php4_constructor' => true, + 'no_unneeded_final_method' => ['private_methods' => true], + 'ordered_class_elements' => ['case_sensitive' => false, 'order' => ['use_trait', 'case', 'constant_public', 'constant_protected', 'constant_private', 'property_public', 'property_protected', 'property_private', 'construct', 'destruct', 'magic', 'phpunit'], 'sort_algorithm' => 'none'], + 'ordered_interfaces' => ['case_sensitive' => false, 'direction' => 'ascend', 'order' => 'alpha'], + 'ordered_traits' => ['case_sensitive' => false], + 'ordered_types' => ['case_sensitive' => false, 'null_adjustment' => 'always_last', 'sort_algorithm' => 'alpha'], + 'phpdoc_readonly_class_comment_to_keyword' => true, + 'protected_to_private' => false, + 'self_accessor' => true, + 'self_static_accessor' => true, + 'single_class_element_per_statement' => ['elements' => ['const', 'property']], + 'single_trait_insert_per_statement' => true, + 'visibility_required' => ['elements' => ['const', 'method', 'property']] +]; + +$classUsageRules = [ + 'date_time_immutable' => true +]; + +$commentRules = [ + 'comment_to_phpdoc' => ['ignored_tags' => []], + 'header_comment' => false, + 'multiline_comment_opening_closing' => true, + 'no_empty_comment' => true, + 'no_trailing_whitespace_in_comment' => true, + 'single_line_comment_spacing' => true, + 'single_line_comment_style' => ['comment_types' => ['asterisk', 'hash']] +]; + +$constantNotationRules = [ + 'native_constant_invocation' => ['exclude' => ['null', 'false', 'true'], 'fix_built_in' => true, 'include' => [], 'scope' => 'all', 'strict' => false], +]; + +$controlStructureRules = [ + 'control_structure_braces' => true, + 'control_structure_continuation_position' => ['position' => 'same_line'], + 'elseif' => true, + 'empty_loop_body' => ['style' => 'braces'], + 'empty_loop_condition' => ['style' => 'while'], + 'include' => true, + 'no_alternative_syntax' => ['fix_non_monolithic_code' => true], + 'no_break_comment' => ['comment_text' => 'no break'], + 'no_superfluous_elseif' => true, + 'no_unneeded_braces' => ['namespaces' => true], + 'no_unneeded_control_parentheses' => ['statements' => ['break', 'clone', 'continue', 'echo_print', 'others', 'return', 'switch_case', 'yield', 'yield_from']], + 'no_useless_else' => true, + 'simplified_if_return' => true, + 'switch_case_semicolon_to_colon' => true, + 'switch_case_space' => true, + 'switch_continue_to_break' => true, + 'trailing_comma_in_multiline' => false, + 'yoda_style' => false +]; + +$doctrineAnnotationRules = [ + 'doctrine_annotation_array_assignment' => false, + 'doctrine_annotation_braces' => false, + 'doctrine_annotation_indentation' => false, + 'doctrine_annotation_spaces' => false +]; + +$functionNotationRules = [ + 'combine_nested_dirname' => true, + 'date_time_create_from_format_call' => true, + 'fopen_flag_order' => true, + 'fopen_flags' => ['b_mode' => false], + 'function_declaration' => ['closure_fn_spacing' => 'one', 'closure_function_spacing' => 'one', 'trailing_comma_single_line' => false], + 'implode_call' => true, + 'lambda_not_used_import' => true, + 'method_argument_space' => ['after_heredoc' => false, 'attribute_placement' => 'ignore', 'keep_multiple_spaces_after_comma' => false, 'on_multiline' => 'ignore'], + 'native_function_invocation' => ['exclude' => [], 'include' => ['@all', '@compiler_optimized', '@internal'], 'scope' => 'all', 'strict' => false], + 'no_spaces_after_function_name' => true, 'no_unreachable_default_argument_value' => true, - 'no_useless_else' => true, - 'no_useless_return' => true, + 'no_useless_sprintf' => true, 'nullable_type_declaration_for_default_null_value' => true, - 'ordered_imports' => true, - 'php_unit_strict' => true, - 'phpdoc_order' => true, - 'semicolon_after_instruction' => true, - 'single_import_per_statement' => false, - 'strict_comparison' => true, - 'strict_param' => true, + 'phpdoc_to_param_type' => false, + 'phpdoc_to_property_type' => false, + 'phpdoc_to_return_type' => false, + 'regular_callable_call' => true, + 'return_type_declaration' => ['space_before' => 'none'], 'single_line_throw' => false, - 'trailing_comma_in_multiline' => false, - 'yoda_style' => [ - 'equal' => false, - 'identical' => false, - 'less_and_greater' => false - ], + 'static_lambda' => true, + 'use_arrow_functions' => false, + 'void_return' => true ]; +$importRules = [ + 'fully_qualified_strict_types' => ['import_symbols' => false, 'leading_backslash_in_global_namespace' => false, 'phpdoc_tags' => ['param', 'phpstan-param', 'phpstan-property', 'phpstan-property-read', 'phpstan-property-write', 'phpstan-return', 'phpstan-var', 'property', 'property-read', 'property-write', 'psalm-param', 'psalm-property', 'psalm-property-read', 'psalm-property-write', 'psalm-return', 'psalm-var', 'return', 'see', 'throws', 'var']], + 'global_namespace_import' => ['import_classes' => false, 'import_constants' => false, 'import_functions' => false], + 'group_import' => false, + 'no_leading_import_slash' => true, + 'no_unneeded_import_alias' => true, + 'no_unused_imports' => true, + 'ordered_imports' => ['case_sensitive' => false, 'imports_order' => ['class', 'function', 'const'], 'sort_algorithm' => 'alpha'], + 'single_import_per_statement' => ['group_to_single_imports' => true], + 'single_line_after_imports' => true +]; + +$languageConstructRules = [ + 'class_keyword' => true, + 'combine_consecutive_issets' => true, + 'combine_consecutive_unsets' => true, + 'declare_equal_normalize' => ['space' => 'none'], + 'declare_parentheses' => true, + 'dir_constant' => true, + 'error_suppression' => ['mute_deprecation_error' => true, 'noise_remaining_usages' => false, 'noise_remaining_usages_exclude' => []], + 'explicit_indirect_variable' => true, + 'function_to_constant' => ['functions' => ['get_called_class', 'get_class', 'get_class_this', 'php_sapi_name', 'phpversion', 'pi']], + 'get_class_to_class_keyword' => true, + 'is_null' => true, + 'no_unset_on_property' => true, + 'nullable_type_declaration' => ['syntax' => 'question_mark'], + 'single_space_around_construct' => ['constructs_contain_a_single_space' => ['yield_from'], 'constructs_followed_by_a_single_space' => ['abstract', 'as', 'attribute', 'break', 'case', 'catch', 'class', 'clone', 'comment', 'const', 'const_import', 'continue', 'do', 'echo', 'else', 'elseif', 'enum', 'extends', 'final', 'finally', 'for', 'foreach', 'function', 'function_import', 'global', 'goto', 'if', 'implements', 'include', 'include_once', 'instanceof', 'insteadof', 'interface', 'match', 'named_argument', 'namespace', 'new', 'open_tag_with_echo', 'php_doc', 'php_open', 'print', 'private', 'protected', 'public', 'readonly', 'require', 'require_once', 'return', 'static', 'switch', 'throw', 'trait', 'try', 'type_colon', 'use', 'use_lambda', 'use_trait', 'var', 'while', 'yield', 'yield_from'], 'constructs_preceded_by_a_single_space' => ['as', 'else', 'elseif', 'use_lambda']] +]; + +$listNotationRules = [ + 'list_syntax' => ['syntax' => 'short'] +]; + +$namespaceNotationRules = [ + 'blank_line_after_namespace' => true, + 'blank_lines_before_namespace' => ['min_line_breaks' => 2, 'max_line_breaks' => 2], + 'clean_namespace' => true, + 'no_leading_namespace_whitespace' => true +]; + +$namingRules = [ + 'no_homoglyph_names' => true +]; + +$operatorRules = [ + 'assign_null_coalescing_to_coalesce_equal' => true, + 'binary_operator_spaces' => ['default' => 'single_space', 'operators' => ['=>' => 'align']], + 'concat_space' => ['spacing' => 'one'], + 'increment_style' => ['style' => 'pre'], + 'logical_operators' => true, + 'long_to_shorthand_operator' => true, + 'new_with_parentheses' => ['anonymous_class' => true, 'named_class' => true], + 'no_space_around_double_colon' => true, + 'no_useless_concat_operator' => ['juggle_simple_strings' => false], + 'no_useless_nullsafe_operator' => true, + 'not_operator_with_space' => false, + 'not_operator_with_successor_space' => false, + 'object_operator_without_whitespace' => true, + 'operator_linebreak' => ['only_booleans' => true, 'position' => 'beginning'], + 'standardize_increment' => true, + 'standardize_not_equals' => true, + 'ternary_operator_spaces' => true, + 'ternary_to_elvis_operator' => true, + 'ternary_to_null_coalescing' => true, + 'unary_operator_spaces' => ['only_dec_inc' => false] +]; + +$phpTagRules = [ + 'blank_line_after_opening_tag' => true, + 'echo_tag_syntax' => ['format' => 'long', 'long_function' => 'echo', 'shorten_simple_statements_only' => true], + 'full_opening_tag' => true, + 'linebreak_after_opening_tag' => true, + 'no_closing_tag' => true +]; + +$phpUnitRules = [ + 'php_unit_assert_new_names' => true, + 'php_unit_attributes' => ['keep_annotations' => false], + 'php_unit_construct' => ['assertions' => ['assertEquals', 'assertNotEquals', 'assertNotSame', 'assertSame']], + 'php_unit_data_provider_method_order' => ['placement' => 'before'], + 'php_unit_data_provider_name' => ['prefix' => 'provide', 'suffix' => 'DataCases'], + 'php_unit_data_provider_return_type' => true, + 'php_unit_data_provider_static' => ['force' => true], + 'php_unit_dedicate_assert' => ['target' => 'newest'], + 'php_unit_dedicate_assert_internal_type' => ['target' => 'newest'], + 'php_unit_expectation' => ['target' => 'newest'], + 'php_unit_fqcn_annotation' => true, + 'php_unit_internal_class' => ['types' => ['abstract', 'final', 'normal']], + 'php_unit_method_casing' => ['case' => 'camel_case'], + 'php_unit_mock' => ['target' => 'newest'], + 'php_unit_mock_short_will_return' => true, + 'php_unit_namespaced' => ['target' => 'newest'], + 'php_unit_no_expectation_annotation' => ['target' => 'newest', 'use_class_const' => true], + 'php_unit_set_up_tear_down_visibility' => true, + 'php_unit_size_class' => false, + 'php_unit_strict' => ['assertions' => ['assertAttributeEquals', 'assertAttributeNotEquals', 'assertEquals', 'assertNotEquals']], + 'php_unit_test_annotation' => ['style' => 'prefix'], + 'php_unit_test_case_static_method_calls' => ['call_type' => 'static', 'methods' => []], + 'php_unit_test_class_requires_covers' => false +]; + +$phpDocRules = [ + 'align_multiline_comment' => ['comment_type' => 'phpdocs_only'], + 'general_phpdoc_annotation_remove' => ['annotations' => [], 'case_sensitive' => false], + 'general_phpdoc_tag_rename' => ['case_sensitive' => false, 'fix_annotation' => true, 'fix_inline' => true, 'replacements' => ['inheritDocs' => 'inheritDoc']], + 'no_blank_lines_after_phpdoc' => true, + 'no_empty_phpdoc' => true, + 'no_superfluous_phpdoc_tags' => ['allow_hidden_params' => false, 'allow_mixed' => false, 'allow_unused_params' => false, 'remove_inheritdoc' => true], + 'phpdoc_add_missing_param_annotation' => ['only_untyped' => true], + 'phpdoc_align' => ['align' => 'vertical', 'spacing' => ['_default' => 1], 'tags' => ['method', 'param', 'property', 'property-read', 'property-write', 'return', 'throws', 'type', 'var']], + 'phpdoc_annotation_without_dot' => true, + 'phpdoc_array_type' => false, + 'phpdoc_indent' => true, + 'phpdoc_inline_tag_normalizer' => ['tags' => ['example', 'id', 'internal', 'inheritdoc', 'inheritdocs', 'link', 'source', 'toc', 'tutorial']], + 'phpdoc_line_span' => ['const' => 'single', 'method' => 'single', 'property' => 'single'], + 'phpdoc_list_type' => false, + 'phpdoc_no_access' => true, + 'phpdoc_no_alias_tag' => ['replacements' => ['property-read' => 'property', 'property-write' => 'property', 'type' => 'var', 'link' => 'see']], + 'phpdoc_no_empty_return' => true, + 'phpdoc_no_package' => true, + 'phpdoc_no_useless_inheritdoc' => true, + 'phpdoc_order_by_value' => ['annotations' => ['author', 'covers', 'coversNothing', 'dataProvider', 'depends', 'group', 'internal', 'method', 'mixin', 'property', 'property-read', 'property-write', 'requires', 'throws', 'uses']], + 'phpdoc_order' => ['order' => ['param', 'throws', 'return']], + 'phpdoc_param_order' => true, + 'phpdoc_return_self_reference' => ['replacements' => ['this' => '$this', '@this' => '$this', '$self' => 'self', '@self' => 'self', '$static' => 'static', '@static' => 'static']], + 'phpdoc_scalar' => ['types' => ['boolean', 'callback', 'double', 'integer', 'real', 'str']], + 'phpdoc_separation' => ['groups' => [['author', 'copyright', 'license'], ['category', 'package', 'subpackage'], ['property', 'property-read', 'property-write'], ['deprecated', 'link', 'see', 'since']], 'skip_unlisted_annotations' => true], + 'phpdoc_single_line_var_spacing' => true, + 'phpdoc_summary' => true, + 'phpdoc_tag_casing' => ['tags' => ['inheritDoc']], + 'phpdoc_tag_type' => ['tags' => ['inheritDoc' => 'inline']], + 'phpdoc_to_comment' => ['allow_before_return_statement' => false, 'ignored_tags' => []], + 'phpdoc_trim_consecutive_blank_line_separation' => true, + 'phpdoc_trim' => true, + 'phpdoc_types' => ['groups' => ['alias', 'meta', 'simple']], + 'phpdoc_types_order' => ['case_sensitive' => false, 'null_adjustment' => 'always_last', 'sort_algorithm' => 'alpha'], + 'phpdoc_var_annotation_correct_order' => true, + 'phpdoc_var_without_name' => true +]; + +$returnNotationRules = [ + 'no_useless_return' => true, + 'return_assignment' => true, + 'simplified_null_return' => true +]; + +$semicolonRules = [ + 'multiline_whitespace_before_semicolons' => ['strategy' => 'no_multi_line'], + 'no_empty_statement' => true, + 'no_singleline_whitespace_before_semicolons' => true, + 'semicolon_after_instruction' => true, + 'space_after_semicolon' => ['remove_in_empty_for_expressions' => true] +]; + +$strictRules = [ + 'declare_strict_types' => true, + 'strict_comparison' => true, + 'strict_param' => true +]; + +$stringNotationRules = [ + 'explicit_string_variable' => true, + 'heredoc_closing_marker' => ['closing_marker' => 'EOD', 'explicit_heredoc_style' => false, 'reserved_closing_markers' => ['CSS', 'DIFF', 'HTML', 'JS', 'JSON', 'MD', 'PHP', 'PYTHON', 'RST', 'TS', 'SQL', 'XML', 'YAML']], + 'heredoc_to_nowdoc' => true, + 'multiline_string_to_heredoc' => true, + 'no_binary_string' => true, + 'no_trailing_whitespace_in_string' => true, + 'simple_to_complex_string_variable' => true, + 'single_quote' => ['strings_containing_single_quote_chars' => false], + 'string_implicit_backslashes' => false, + 'string_length_to_empty' => true, + 'string_line_ending' => true +]; + +$whitespaceRules = [ + 'array_indentation' => true, + 'blank_line_before_statement' => ['statements' => ['break', 'continue', 'declare', 'phpdoc', 'return', 'throw', 'try', 'yield', 'yield_from']], + 'blank_line_between_import_groups' => true, + 'compact_nullable_type_declaration' => true, + 'heredoc_indentation' => ['indentation' => 'same_as_start'], + 'indentation_type' => true, + 'line_ending' => true, + 'method_chaining_indentation' => true, + 'no_extra_blank_lines' => ['tokens' => ['attribute', 'break', 'case', 'continue', 'curly_brace_block', 'default', 'extra', 'parenthesis_brace_block', 'return', 'square_brace_block', 'switch', 'throw', 'use']], + 'no_spaces_around_offset' => ['positions' => ['inside', 'outside']], + 'no_trailing_whitespace' => true, + 'no_whitespace_in_blank_line' => true, + 'single_blank_line_at_eof' => true, + 'spaces_inside_parentheses' => ['space' => 'none'], + 'statement_indentation' => ['stick_comment_to_next_continuous_control_statement' => false], + 'type_declaration_spaces' => ['elements' => ['constant', 'function', 'property']], + 'types_spaces' => ['space' => 'none', 'space_multiple_catch' => 'none'] +]; + +$rules = \array_merge( + $aliasRules, + $arrayNotationRules, + $attributeNotationRules, + $basicRules, + $casingRules, + $castNotationRules, + $classNotationRules, + $classUsageRules, + $commentRules, + $constantNotationRules, + $controlStructureRules, + $doctrineAnnotationRules, + $functionNotationRules, + $importRules, + $languageConstructRules, + $listNotationRules, + $namespaceNotationRules, + $namingRules, + $operatorRules, + $phpTagRules, + $phpUnitRules, + $phpDocRules, + $returnNotationRules, + $semicolonRules, + $strictRules, + $stringNotationRules, + $whitespaceRules +); + $finder = Finder::create() ->in([ __DIR__ . '/src', diff --git a/composer.json b/composer.json index 0bb2e23..8792db6 100644 --- a/composer.json +++ b/composer.json @@ -34,7 +34,7 @@ "@test" ], "lint": [ - "php-cs-fixer fix" + "php-cs-fixer fix -vvv" ], "test": [ "phpunit --colors --coverage-html ./coverage" diff --git a/src/Security.php b/src/Security.php index 5ddfe0e..30a3dd6 100644 --- a/src/Security.php +++ b/src/Security.php @@ -60,9 +60,7 @@ protected static function generateSupportedCharsets(): array return \array_combine($charsets, $aliases); } - /** - * Checks if charset is supported. - */ + /** Checks if charset is supported. */ public static function isSupportedCharset(string $charset): bool { if (static::$supportedCharsets === null) { @@ -99,7 +97,7 @@ protected static function throwExceptionIfCharsetIsUnsupported(string $charset): * * @throws SecurityException */ - protected static function convertStringToUTF8($string, string $charset = 'UTF-8'): string + protected static function convertStringToUTF8(mixed $string, string $charset = 'UTF-8'): string { static::throwExceptionIfCharsetIsUnsupported($charset); @@ -114,8 +112,7 @@ protected static function convertStringToUTF8($string, string $charset = 'UTF-8' } // @codeCoverageIgnoreStart - /* I don't know how to reach this statement - */ + // I don't know how to reach this statement if ($string !== '' && \preg_match('/^./su', $string) !== 1) { throw new SecurityException('After conversion string is not a valid UTF-8 sequence'); } @@ -124,10 +121,8 @@ protected static function convertStringToUTF8($string, string $charset = 'UTF-8' return $string; } - /** - * Converts string from UTF-8 to any charset. - */ - protected static function convertStringFromUTF8($string, string $charset = 'UTF-8'): string + /** Converts string from UTF-8 to any charset. */ + protected static function convertStringFromUTF8(mixed $string, string $charset = 'UTF-8'): string { $string = (string) $string; @@ -143,7 +138,7 @@ protected static function convertStringFromUTF8($string, string $charset = 'UTF- * * @throws SecurityException */ - public static function escHTML($text, string $charset = 'UTF-8'): string + public static function escHTML(mixed $text, string $charset = 'UTF-8'): string { $text = static::convertStringToUTF8($text, $charset); @@ -158,7 +153,7 @@ public static function escHTML($text, string $charset = 'UTF-8'): string * * @throws SecurityException */ - public static function escAttr($text, string $charset = 'UTF-8'): string + public static function escAttr(mixed $text, string $charset = 'UTF-8'): string { $text = static::convertStringToUTF8($text, $charset); @@ -199,7 +194,7 @@ public static function escAttr($text, string $charset = 'UTF-8'): string * * @throws SecurityException */ - public static function escJS($text, string $charset = 'UTF-8'): string + public static function escJS(mixed $text, string $charset = 'UTF-8'): string { $text = static::convertStringToUTF8($text, $charset); @@ -244,7 +239,7 @@ public static function escJS($text, string $charset = 'UTF-8'): string * * @throws SecurityException */ - public static function escURL($text, string $charset = 'UTF-8'): string + public static function escURL(mixed $text, string $charset = 'UTF-8'): string { $text = static::convertStringToUTF8($text, $charset); @@ -258,7 +253,7 @@ public static function escURL($text, string $charset = 'UTF-8'): string * * @throws SecurityException */ - public static function escCSS($text, string $charset = 'UTF-8'): string + public static function escCSS(mixed $text, string $charset = 'UTF-8'): string { $text = static::convertStringToUTF8($text, $charset); diff --git a/src/SecurityException.php b/src/SecurityException.php index 2dd70c1..d6acaf7 100644 --- a/src/SecurityException.php +++ b/src/SecurityException.php @@ -4,11 +4,7 @@ namespace Rancoud\Security; -use Exception; - /** * Class SecurityException. */ -class SecurityException extends Exception -{ -} +class SecurityException extends \Exception {} diff --git a/tests/SecurityTest.php b/tests/SecurityTest.php index 0f9bda0..27647c7 100644 --- a/tests/SecurityTest.php +++ b/tests/SecurityTest.php @@ -11,251 +11,377 @@ /** * Class SecurityTest. + * + * @internal */ class SecurityTest extends TestCase { - public static function dataHTML(): array + public static function provideEscHTMLDataCases(): iterable { - return [ - 'backtick' => ['`', '`'], - 'single quote' => ["'", '''], - 'double quote' => ['"', '"'], - 'open tag' => ['<', '<'], - 'close tag' => ['>', '>'], - 'ampersand' => ['&', '&'], - 'emoji' => ['😀', '😀'], - 'characters beyond unicode BMP' => ["\xF0\x90\x80\x80", "\xF0\x90\x80\x80"], - 'comma' => [',', ','], - 'period' => ['.', '.'], - 'dash' => ['-', '-'], - 'underscore' => ['_', '_'], - 'a' => ['a', 'a'], - 'A' => ['A', 'A'], - 'z' => ['z', 'z'], - 'Z' => ['Z', 'Z'], - '0' => ['0', '0'], - '9' => ['9', '9'], - 'return carriage' => ["\r", "\r"], - 'new line' => ["\n", "\n"], - 'tabulation' => ["\t", "\t"], - 'backspace' => ["\x08", ''], - 'form feed' => ["\f", \chr(0xC)], - 'null' => ["\0", "\0"], - 'space' => [' ', ' '], - 'slash' => ['/', '/'], - 'antislash' => ['\\', '\\'], - 'chinese' => ['你好', '你好'], - 'hindi' => ['नमस्ते', 'नमस्ते'], - 'japanese' => ['こんにちは', 'こんにちは'], - 'russian' => ['привет', 'привет'], - 'arabic' => ['صباح الخير', 'صباح الخير'], - 'cypriot' => ['𐠀', '𐠀'], - 'ideo' => ['嶲', '嶲'], - 'ideo2' => ['金', '金'], - 'ideo3' => ['숍訊昱穿刷奄剔㏆穽侘㈊섞昌侄從쒜', '숍訊昱穿刷奄剔㏆穽侘㈊섞昌侄從쒜'], - 'empty' => ['', ''] - ]; + yield 'backtick' => ['`', '`']; + + yield 'single quote' => ["'", ''']; + + yield 'double quote' => ['"', '"']; + + yield 'open tag' => ['<', '<']; + + yield 'close tag' => ['>', '>']; + + yield 'ampersand' => ['&', '&']; + + yield 'emoji' => ['😀', '😀']; + + yield 'characters beyond unicode BMP' => ["\xF0\x90\x80\x80", "\xF0\x90\x80\x80"]; + + yield 'comma' => [',', ',']; + + yield 'period' => ['.', '.']; + + yield 'dash' => ['-', '-']; + + yield 'underscore' => ['_', '_']; + + yield 'a' => ['a', 'a']; + + yield 'A' => ['A', 'A']; + + yield 'z' => ['z', 'z']; + + yield 'Z' => ['Z', 'Z']; + + yield '0' => ['0', '0']; + + yield '9' => ['9', '9']; + + yield 'return carriage' => ["\r", "\r"]; + + yield 'new line' => ["\n", "\n"]; + + yield 'tabulation' => ["\t", "\t"]; + + yield 'backspace' => ["\x08", '']; + + yield 'form feed' => ["\f", \chr(0xC)]; + + yield 'null' => ["\0", "\0"]; + + yield 'space' => [' ', ' ']; + + yield 'slash' => ['/', '/']; + + yield 'antislash' => ['\\', '\\']; + + yield 'chinese' => ['你好', '你好']; + + yield 'hindi' => ['नमस्ते', 'नमस्ते']; + + yield 'japanese' => ['こんにちは', 'こんにちは']; + + yield 'russian' => ['привет', 'привет']; + + yield 'arabic' => ['صباح الخير', 'صباح الخير']; + + yield 'cypriot' => ['𐠀', '𐠀']; + + yield 'ideo' => ['嶲', '嶲']; + + yield 'ideo2' => ['金', '金']; + + yield 'ideo3' => ['숍訊昱穿刷奄剔㏆穽侘㈊섞昌侄從쒜', '숍訊昱穿刷奄剔㏆穽侘㈊섞昌侄從쒜']; + + yield 'empty' => ['', '']; } - public static function dataAttr(): array + /** @throws SecurityException */ + #[DataProvider('provideEscHTMLDataCases')] + public function testEscHTML(string $input, string $expected): void { - return [ - 'backtick' => ['`', '`'], - 'single quote' => ['\'', '''], - 'double quote' => ['"', '"'], - 'open tag' => ['<', '<'], - 'close tag' => ['>', '>'], - 'ampersand' => ['&', '&'], - 'characters beyond value 255' => ['Ā', 'Ā'], - 'emoji' => ['😀', '😀'], - 'characters beyond unicode BMP' => ["\xF0\x90\x80\x80", '𐀀'], - 'comma' => [',', ','], - 'period' => ['.', '.'], - 'dash' => ['-', '-'], - 'underscore' => ['_', '_'], - 'a' => ['a', 'a'], - 'A' => ['A', 'A'], - 'z' => ['z', 'z'], - 'Z' => ['Z', 'Z'], - '0' => ['0', '0'], - '9' => ['9', '9'], - 'return carriage' => ["\r", ' '], - 'new line' => ["\n", ' '], - 'tabulation' => ["\t", ' '], - 'backspace' => ["\x08", '�'], - 'form feed' => ["\f", '�'], - 'null' => ["\0", '�'], - 'space' => [' ', ' '], - 'slash' => ['/', '/'], - 'antislash' => ['\\', '\'], - 'chinese' => ['你好', '你好'], - 'hindi' => ['नमस्ते', 'नमस्ते'], - 'japanese' => ['こんにちは', 'こんにちは'], - 'russian' => ['привет', 'привет'], - 'arabic' => ['صباح الخير', 'صباح الخير'], // phpcs:ignore - 'cypriot' => ['𐠀', '𐠀'], - 'ideo' => ['嶲', '嶲'], - 'ideo2' => ['金', '金'], - 'ideo3' => ['숍訊昱穿刷奄剔㏆穽侘㈊섞昌侄從쒜', '숍訊昱穿刷奄剔㏆穽侘㈊섞昌侄從쒜'], // phpcs:ignore - 'empty' => ['', ''] - ]; + static::assertSame($expected, Security::escHTML($input)); } - public static function dataJS(): array + public static function provideEscAttrDataCases(): iterable { - return [ - 'backtick' => ['`', '\\x60'], - 'single quote' => ['\'', '\\x27'], - 'double quote' => ['"', '\\x22'], - 'open tag' => ['<', '\\x3C'], - 'close tag' => ['>', '\\x3E'], - 'ampersand' => ['&', '\\x26'], - 'characters beyond value 255' => ['Ā', '\\u0100'], - 'characters beyond unicode BMP' => ["\xF0\x90\x80\x80", '\\uD800\\uDC00'], - 'comma' => [',', ','], - 'period' => ['.', '.'], - 'dash' => ['-', '\\x2D'], - 'underscore' => ['_', '_'], - 'a' => ['a', 'a'], - 'A' => ['A', 'A'], - 'z' => ['z', 'z'], - 'Z' => ['Z', 'Z'], - '0' => ['0', '0'], - '9' => ['9', '9'], - 'return carriage' => ["\r", '\\r'], - 'new line' => ["\n", '\\n'], - 'tabulation' => ["\t", '\\t'], - 'backspace' => ["\x08", '\\b'], - 'form feed' => ["\f", '\\f'], - 'null' => ["\0", '\\x00'], - 'space' => [' ', '\\x20'], - 'slash' => ['/', '\\/'], - 'antislash' => ['\\', '\\\\'], - 'chinese' => ['你好', '\\u4F60\\u597D'], - 'hindi' => ['नमस्ते', '\\u0928\\u092E\\u0938\\u094D\\u0924\\u0947'], - 'japanese' => ['こんにちは', '\\u3053\\u3093\\u306B\\u3061\\u306F'], - 'russian' => ['привет', '\\u043F\\u0440\\u0438\\u0432\\u0435\\u0442'], - 'arabic' => ['صباح الخير', '\\u0635\\u0628\\u0627\\u062D\\x20\\u0627\\u0644\\u062E\\u064A\\u0631'], // phpcs:ignore - 'cypriot' => ['𐠀', '\\uD802\\uDC00'], - 'ideo' => ['嶲', '\\uD87E\\uDDF4'], - 'ideo2' => ['金', '\\u91D1'], - 'ideo3' => ['숍訊昱穿刷奄剔㏆穽侘㈊섞昌侄從쒜', '\\uC20D\\u8A0A\\u6631\\u7A7F\\u5237\\u5944\\u5254\\u33C6\\u7A7D\\u4F98\\u320A\\uC11E\\u660C\\u4F84\\u5F9E\\uC49C'], // phpcs:ignore - 'empty' => ['', ''] - ]; + yield 'backtick' => ['`', '`']; + + yield 'single quote' => ['\'', ''']; + + yield 'double quote' => ['"', '"']; + + yield 'open tag' => ['<', '<']; + + yield 'close tag' => ['>', '>']; + + yield 'ampersand' => ['&', '&']; + + yield 'characters beyond value 255' => ['Ā', 'Ā']; + + yield 'emoji' => ['😀', '😀']; + + yield 'characters beyond unicode BMP' => ["\xF0\x90\x80\x80", '𐀀']; + + yield 'comma' => [',', ',']; + + yield 'period' => ['.', '.']; + + yield 'dash' => ['-', '-']; + + yield 'underscore' => ['_', '_']; + + yield 'a' => ['a', 'a']; + + yield 'A' => ['A', 'A']; + + yield 'z' => ['z', 'z']; + + yield 'Z' => ['Z', 'Z']; + + yield '0' => ['0', '0']; + + yield '9' => ['9', '9']; + + yield 'return carriage' => ["\r", ' ']; + + yield 'new line' => ["\n", ' ']; + + yield 'tabulation' => ["\t", ' ']; + + yield 'backspace' => ["\x08", '�']; + + yield 'form feed' => ["\f", '�']; + + yield 'null' => ["\0", '�']; + + yield 'space' => [' ', ' ']; + + yield 'slash' => ['/', '/']; + + yield 'antislash' => ['\\', '\']; + + yield 'chinese' => ['你好', '你好']; + + yield 'hindi' => ['नमस्ते', 'नमस्ते']; + + yield 'japanese' => ['こんにちは', 'こんにちは']; + + yield 'russian' => ['привет', 'привет']; + + yield 'arabic' => ['صباح الخير', 'صباح الخير']; // phpcs:ignore + + yield 'cypriot' => ['𐠀', '𐠀']; + + yield 'ideo' => ['嶲', '嶲']; + + yield 'ideo2' => ['金', '金']; + + yield 'ideo3' => ['숍訊昱穿刷奄剔㏆穽侘㈊섞昌侄從쒜', '숍訊昱穿刷奄剔㏆穽侘㈊섞昌侄從쒜']; // phpcs:ignore + + yield 'empty' => ['', '']; } - public static function dataURL(): array + /** @throws SecurityException */ + #[DataProvider('provideEscAttrDataCases')] + public function testEscAttr(string $input, string $expected): void { - return [ - '<' => ['<', '%3C'], - '>' => ['>', '%3E'], - '\'' => ['\'', '%27'], - '"' => ['"', '%22'], - '&' => ['&', '%26'], - 'Ā' => ['Ā', '%C4%80'], - ',' => [',', '%2C'], - '.' => ['.', '.'], - '_' => ['_', '_'], - '-' => ['-', '-'], - ':' => [':', '%3A'], - ';' => [';', '%3B'], - '!' => ['!', '%21'], - 'a' => ['a', 'a'], - 'A' => ['A', 'A'], - 'z' => ['z', 'z'], - 'Z' => ['Z', 'Z'], - '0' => ['0', '0'], - '9' => ['9', '9'], - "\r" => ["\r", '%0D'], - "\n" => ["\n", '%0A'], - "\t" => ["\t", '%09'], - "\0" => ["\0", '%00'], - ' ' => [' ', '%20'], - '~' => ['~', '~'], - '+' => ['+', '%2B'] - ]; + static::assertSame($expected, Security::escAttr($input)); } - public static function dataCSS(): array + public static function provideEscJSDataCases(): iterable { - return [ - '<' => ['<', '\\3C '], - '>' => ['>', '\\3E '], - '\'' => ['\'', '\\27 '], - '"' => ['"', '\\22 '], - '&' => ['&', '\\26 '], - 'Ā' => ['Ā', '\\100 '], - "\xF0\x90\x80\x80" => ["\xF0\x90\x80\x80", '\\10000 '], - ',' => [',', '\\2C '], - '.' => ['.', '\\2E '], - '_' => ['_', '\\5F '], - 'a' => ['a', 'a'], - 'A' => ['A', 'A'], - 'z' => ['z', 'z'], - 'Z' => ['Z', 'Z'], - '0' => ['0', '0'], - '9' => ['9', '9'], - "\r" => ["\r", '\\D '], - "\n" => ["\n", '\\A '], - "\t" => ["\t", '\\9 '], - "\0" => ["\0", '\\0 '], - ' ' => [' ', '\\20 '], - ]; + yield 'backtick' => ['`', '\\x60']; + + yield 'single quote' => ['\'', '\\x27']; + + yield 'double quote' => ['"', '\\x22']; + + yield 'open tag' => ['<', '\\x3C']; + + yield 'close tag' => ['>', '\\x3E']; + + yield 'ampersand' => ['&', '\\x26']; + + yield 'characters beyond value 255' => ['Ā', '\\u0100']; + + yield 'characters beyond unicode BMP' => ["\xF0\x90\x80\x80", '\\uD800\\uDC00']; + + yield 'comma' => [',', ',']; + + yield 'period' => ['.', '.']; + + yield 'dash' => ['-', '\\x2D']; + + yield 'underscore' => ['_', '_']; + + yield 'a' => ['a', 'a']; + + yield 'A' => ['A', 'A']; + + yield 'z' => ['z', 'z']; + + yield 'Z' => ['Z', 'Z']; + + yield '0' => ['0', '0']; + + yield '9' => ['9', '9']; + + yield 'return carriage' => ["\r", '\\r']; + + yield 'new line' => ["\n", '\\n']; + + yield 'tabulation' => ["\t", '\\t']; + + yield 'backspace' => ["\x08", '\\b']; + + yield 'form feed' => ["\f", '\\f']; + + yield 'null' => ["\0", '\\x00']; + + yield 'space' => [' ', '\\x20']; + + yield 'slash' => ['/', '\\/']; + + yield 'antislash' => ['\\', '\\\\']; + + yield 'chinese' => ['你好', '\\u4F60\\u597D']; + + yield 'hindi' => ['नमस्ते', '\\u0928\\u092E\\u0938\\u094D\\u0924\\u0947']; + + yield 'japanese' => ['こんにちは', '\\u3053\\u3093\\u306B\\u3061\\u306F']; + + yield 'russian' => ['привет', '\\u043F\\u0440\\u0438\\u0432\\u0435\\u0442']; + + yield 'arabic' => ['صباح الخير', '\\u0635\\u0628\\u0627\\u062D\\x20\\u0627\\u0644\\u062E\\u064A\\u0631']; // phpcs:ignore + + yield 'cypriot' => ['𐠀', '\\uD802\\uDC00']; + + yield 'ideo' => ['嶲', '\\uD87E\\uDDF4']; + + yield 'ideo2' => ['金', '\\u91D1']; + + yield 'ideo3' => ['숍訊昱穿刷奄剔㏆穽侘㈊섞昌侄從쒜', '\\uC20D\\u8A0A\\u6631\\u7A7F\\u5237\\u5944\\u5254\\u33C6\\u7A7D\\u4F98\\u320A\\uC11E\\u660C\\u4F84\\u5F9E\\uC49C']; // phpcs:ignore + + yield 'empty' => ['', '']; } - /** - * @dataProvider dataHTML - * - * @throws SecurityException - */ - #[DataProvider('dataHTML')] - public function testEscHTML(string $input, string $expected): void + /** @throws SecurityException */ + #[DataProvider('provideEscJSDataCases')] + public function testEscJS(string $input, string $expected): void { - self::assertSame($expected, Security::escHTML($input)); + static::assertSame($expected, Security::escJS($input)); } - /** - * @dataProvider dataAttr - * - * @throws SecurityException - */ - #[DataProvider('dataAttr')] - public function testEscAttr(string $input, string $expected): void + public static function provideEscURLDataCases(): iterable { - self::assertSame($expected, Security::escAttr($input)); + yield '<' => ['<', '%3C']; + + yield '>' => ['>', '%3E']; + + yield '\'' => ['\'', '%27']; + + yield '"' => ['"', '%22']; + + yield '&' => ['&', '%26']; + + yield 'Ā' => ['Ā', '%C4%80']; + + yield ',' => [',', '%2C']; + + yield '.' => ['.', '.']; + + yield '_' => ['_', '_']; + + yield '-' => ['-', '-']; + + yield ':' => [':', '%3A']; + + yield ';' => [';', '%3B']; + + yield '!' => ['!', '%21']; + + yield 'a' => ['a', 'a']; + + yield 'A' => ['A', 'A']; + + yield 'z' => ['z', 'z']; + + yield 'Z' => ['Z', 'Z']; + + yield '0' => ['0', '0']; + + yield '9' => ['9', '9']; + + yield "\r" => ["\r", '%0D']; + + yield "\n" => ["\n", '%0A']; + + yield "\t" => ["\t", '%09']; + + yield "\0" => ["\0", '%00']; + + yield ' ' => [' ', '%20']; + + yield '~' => ['~', '~']; + + yield '+' => ['+', '%2B']; } - /** - * @dataProvider dataJS - * - * @throws SecurityException - */ - #[DataProvider('dataJS')] - public function testEscJS(string $input, string $expected): void + /** @throws SecurityException */ + #[DataProvider('provideEscURLDataCases')] + public function testEscURL(string $input, string $expected): void { - self::assertSame($expected, Security::escJS($input)); + static::assertSame($expected, Security::escURL($input)); } - /** - * @dataProvider dataURL - * - * @throws SecurityException - */ - #[DataProvider('dataURL')] - public function testEscURL(string $input, string $expected): void + public static function provideEscCSSDataCases(): iterable { - self::assertSame($expected, Security::escURL($input)); + yield '<' => ['<', '\\3C ']; + + yield '>' => ['>', '\\3E ']; + + yield '\'' => ['\'', '\\27 ']; + + yield '"' => ['"', '\\22 ']; + + yield '&' => ['&', '\\26 ']; + + yield 'Ā' => ['Ā', '\\100 ']; + + yield "\xF0\x90\x80\x80" => ["\xF0\x90\x80\x80", '\\10000 ']; + + yield ',' => [',', '\\2C ']; + + yield '.' => ['.', '\\2E ']; + + yield '_' => ['_', '\\5F ']; + + yield 'a' => ['a', 'a']; + + yield 'A' => ['A', 'A']; + + yield 'z' => ['z', 'z']; + + yield 'Z' => ['Z', 'Z']; + + yield '0' => ['0', '0']; + + yield '9' => ['9', '9']; + + yield "\r" => ["\r", '\\D ']; + + yield "\n" => ["\n", '\\A ']; + + yield "\t" => ["\t", '\\9 ']; + + yield "\0" => ["\0", '\\0 ']; + + yield ' ' => [' ', '\\20 ']; } - /** - * @dataProvider dataCSS - * - * @throws SecurityException - */ - #[DataProvider('dataCSS')] + /** @throws SecurityException */ + #[DataProvider('provideEscCSSDataCases')] public function testEscCSS(string $input, string $expected): void { - self::assertSame($expected, Security::escCSS($input)); + static::assertSame($expected, Security::escCSS($input)); } public function testCharsetNotSupportedException(): void @@ -265,39 +391,39 @@ public function testCharsetNotSupportedException(): void try { Security::escHTML('a', 'nope'); } catch (SecurityException $e) { - self::assertSame("Charset 'nope' is not supported", $e->getMessage()); + static::assertSame("Charset 'nope' is not supported", $e->getMessage()); ++$countThrownExceptions; } try { Security::escAttr('a', 'nope'); } catch (SecurityException $e) { - self::assertSame("Charset 'nope' is not supported", $e->getMessage()); + static::assertSame("Charset 'nope' is not supported", $e->getMessage()); ++$countThrownExceptions; } try { Security::escJS('a', 'nope'); } catch (SecurityException $e) { - self::assertSame("Charset 'nope' is not supported", $e->getMessage()); + static::assertSame("Charset 'nope' is not supported", $e->getMessage()); ++$countThrownExceptions; } try { Security::escURL('a', 'nope'); } catch (SecurityException $e) { - self::assertSame("Charset 'nope' is not supported", $e->getMessage()); + static::assertSame("Charset 'nope' is not supported", $e->getMessage()); ++$countThrownExceptions; } try { Security::escCSS('a', 'nope'); } catch (SecurityException $e) { - self::assertSame("Charset 'nope' is not supported", $e->getMessage()); + static::assertSame("Charset 'nope' is not supported", $e->getMessage()); ++$countThrownExceptions; } - self::assertSame(5, $countThrownExceptions); + static::assertSame(5, $countThrownExceptions); } public function testInvalidCharacter(): void @@ -308,48 +434,46 @@ public function testInvalidCharacter(): void try { Security::escHTML($invalidChar); } catch (SecurityException $e) { - self::assertSame('String to convert is not valid for the specified charset', $e->getMessage()); + static::assertSame('String to convert is not valid for the specified charset', $e->getMessage()); ++$countThrownExceptions; } try { Security::escAttr($invalidChar); } catch (SecurityException $e) { - self::assertSame('String to convert is not valid for the specified charset', $e->getMessage()); + static::assertSame('String to convert is not valid for the specified charset', $e->getMessage()); ++$countThrownExceptions; } try { Security::escJS($invalidChar); } catch (SecurityException $e) { - self::assertSame('String to convert is not valid for the specified charset', $e->getMessage()); + static::assertSame('String to convert is not valid for the specified charset', $e->getMessage()); ++$countThrownExceptions; } try { Security::escURL($invalidChar); } catch (SecurityException $e) { - self::assertSame('String to convert is not valid for the specified charset', $e->getMessage()); + static::assertSame('String to convert is not valid for the specified charset', $e->getMessage()); ++$countThrownExceptions; } try { Security::escCSS($invalidChar); } catch (SecurityException $e) { - self::assertSame('String to convert is not valid for the specified charset', $e->getMessage()); + static::assertSame('String to convert is not valid for the specified charset', $e->getMessage()); ++$countThrownExceptions; } - self::assertSame(5, $countThrownExceptions); + static::assertSame(5, $countThrownExceptions); } - /** - * @throws SecurityException - */ + /** @throws SecurityException */ public function testLatin1Encoding(): void { - self::assertSame('été', Security::escHTML('été', 'latin1')); - self::assertSame('été', Security::escAttr('été', 'latin1')); - self::assertSame("\u00C3\u00A9t\u00C3\u00A9", Security::escJS('été', 'latin1')); + static::assertSame('été', Security::escHTML('été', 'latin1')); + static::assertSame('été', Security::escAttr('été', 'latin1')); + static::assertSame("\u00C3\u00A9t\u00C3\u00A9", Security::escJS('été', 'latin1')); } }