escape global constants and functions

* Add leading \ before function invocation to speed up resolving.
* Add leading \ before constant invocation of internal constant to speed up resolving. Constant name match is case-sensitive, except for null, false and true.
This commit is contained in:
Matthias Pfefferle 2020-05-12 19:42:09 +02:00
parent 60ad191fdc
commit 9945aa7cf8
12 changed files with 44 additions and 28 deletions

15
.php_cs Normal file
View file

@ -0,0 +1,15 @@
<?php
$finder = PhpCsFixer\Finder::create()
->exclude('vendor')
->exclude('node_modules')
->exclude('bin')
->in(__DIR__)
;
return PhpCsFixer\Config::create()
->setRules([
'native_function_invocation' => true,
'native_constant_invocation' => true,
])
->setFinder($finder)
;

View file

@ -8,6 +8,7 @@
.data .data
.svnignore .svnignore
.wordpress-org .wordpress-org
.php_cs
Gruntfile.js Gruntfile.js
LINGUAS LINGUAS
Makefile Makefile

View file

@ -53,7 +53,7 @@ class Signature {
$config = array( $config = array(
'digest_alg' => 'sha512', 'digest_alg' => 'sha512',
'private_key_bits' => 2048, 'private_key_bits' => 2048,
'private_key_type' => OPENSSL_KEYTYPE_RSA, 'private_key_type' => \OPENSSL_KEYTYPE_RSA,
); );
$key = \openssl_pkey_new( $config ); $key = \openssl_pkey_new( $config );
@ -91,7 +91,7 @@ class Signature {
$signed_string = "(request-target): post $path\nhost: $host\ndate: $date"; $signed_string = "(request-target): post $path\nhost: $host\ndate: $date";
$signature = null; $signature = null;
\openssl_sign( $signed_string, $signature, $key, OPENSSL_ALGO_SHA256 ); \openssl_sign( $signed_string, $signature, $key, \OPENSSL_ALGO_SHA256 );
$signature = \base64_encode( $signature ); // phpcs:ignore $signature = \base64_encode( $signature ); // phpcs:ignore
$key_id = \get_author_posts_url( $user_id ) . '#main-key'; $key_id = \get_author_posts_url( $user_id ) . '#main-key';

View file

@ -89,7 +89,7 @@ function get_webfinger_resource( $user_id ) {
$user = \get_user_by( 'id', $user_id ); $user = \get_user_by( 'id', $user_id );
return $user->user_login . '@' . \wp_parse_url( \home_url(), PHP_URL_HOST ); return $user->user_login . '@' . \wp_parse_url( \home_url(), \PHP_URL_HOST );
} }
/** /**
@ -253,7 +253,7 @@ function url_to_authorid( $url ) {
global $wp_rewrite; global $wp_rewrite;
// check if url hase the same host // check if url hase the same host
if ( wp_parse_url( site_url(), PHP_URL_HOST ) !== wp_parse_url( $url, PHP_URL_HOST ) ) { if ( wp_parse_url( site_url(), \PHP_URL_HOST ) !== wp_parse_url( $url, \PHP_URL_HOST ) ) {
return 0; return 0;
} }
@ -297,7 +297,7 @@ function url_to_authorid( $url ) {
*/ */
function get_blacklist() { function get_blacklist() {
$blacklist = \get_option( 'activitypub_blacklist' ); $blacklist = \get_option( 'activitypub_blacklist' );
$blacklist_hosts = \explode( PHP_EOL, $blacklist ); $blacklist_hosts = \explode( \PHP_EOL, $blacklist );
// if no values have been set, revert to the defaults // if no values have been set, revert to the defaults
if ( ! $blacklist || ! $blacklist_hosts || ! \is_array( $blacklist_hosts ) ) { if ( ! $blacklist || ! $blacklist_hosts || ! \is_array( $blacklist_hosts ) ) {

View file

@ -69,7 +69,7 @@ class Activity {
} }
public function to_json() { public function to_json() {
return \wp_json_encode( $this->to_array(), JSON_HEX_TAG | JSON_HEX_AMP | JSON_HEX_QUOT ); return \wp_json_encode( $this->to_array(), \JSON_HEX_TAG | \JSON_HEX_AMP | \JSON_HEX_QUOT );
} }
public function to_simple_array() { public function to_simple_array() {
@ -90,6 +90,6 @@ class Activity {
} }
public function to_simple_json() { public function to_simple_json() {
return \wp_json_encode( $this->to_simple_array(), JSON_HEX_TAG | JSON_HEX_AMP | JSON_HEX_QUOT ); return \wp_json_encode( $this->to_simple_array(), \JSON_HEX_TAG | \JSON_HEX_AMP | \JSON_HEX_QUOT );
} }
} }

View file

@ -53,7 +53,7 @@ class Post {
} }
public function to_json() { public function to_json() {
return \wp_json_encode( $this->to_array(), JSON_HEX_TAG | JSON_HEX_AMP | JSON_HEX_QUOT ); return \wp_json_encode( $this->to_array(), \JSON_HEX_TAG | \JSON_HEX_AMP | \JSON_HEX_QUOT );
} }
public function get_attachments() { public function get_attachments() {
@ -215,7 +215,7 @@ class Post {
if ( 'Article' === $this->get_object_type() ) { if ( 'Article' === $this->get_object_type() ) {
$title = \get_the_title( $this->post ); $title = \get_the_title( $this->post );
return \html_entity_decode( $title, ENT_QUOTES, 'UTF-8' ); return \html_entity_decode( $title, \ENT_QUOTES, 'UTF-8' );
} }
return null; return null;
@ -271,7 +271,7 @@ class Post {
$filtered_content = \apply_filters( 'the_content', $content ); $filtered_content = \apply_filters( 'the_content', $content );
$filtered_content = \apply_filters( 'activitypub_the_content', $filtered_content, $this->post ); $filtered_content = \apply_filters( 'activitypub_the_content', $filtered_content, $this->post );
$decoded_content = \html_entity_decode( $filtered_content, ENT_QUOTES, 'UTF-8' ); $decoded_content = \html_entity_decode( $filtered_content, \ENT_QUOTES, 'UTF-8' );
$allowed_html = \apply_filters( 'activitypub_allowed_html', '<a><p><ul><ol><li><code><blockquote><pre>' ); $allowed_html = \apply_filters( 'activitypub_allowed_html', '<a><p><ul><ol><li><code><blockquote><pre>' );
@ -291,7 +291,7 @@ class Post {
$filtered_summary = \apply_filters( 'the_excerpt', $summary ); $filtered_summary = \apply_filters( 'the_excerpt', $summary );
$filtered_summary = \apply_filters( 'activitypub_the_summary', $filtered_summary, $this->post ); $filtered_summary = \apply_filters( 'activitypub_the_summary', $filtered_summary, $this->post );
$decoded_summary = \html_entity_decode( $filtered_summary, ENT_QUOTES, 'UTF-8' ); $decoded_summary = \html_entity_decode( $filtered_summary, \ENT_QUOTES, 'UTF-8' );
$allowed_html = \apply_filters( 'activitypub_allowed_html', '<a><p>' ); $allowed_html = \apply_filters( 'activitypub_allowed_html', '<a><p>' );

View file

@ -21,7 +21,7 @@ class Followers {
isset( $follower['type'] ) && isset( $follower['type'] ) &&
'Person' === $follower['type'] && 'Person' === $follower['type'] &&
isset( $follower['id'] ) && isset( $follower['id'] ) &&
false !== \filter_var( $follower['id'], FILTER_VALIDATE_URL ) false !== \filter_var( $follower['id'], \FILTER_VALIDATE_URL )
) { ) {
$followers[ $key ] = $follower['id']; $followers[ $key ] = $follower['id'];
} }
@ -45,7 +45,7 @@ class Followers {
isset( $actor['type'] ) && isset( $actor['type'] ) &&
'Person' === $actor['type'] && 'Person' === $actor['type'] &&
isset( $actor['id'] ) && isset( $actor['id'] ) &&
false !== \filter_var( $actor['id'], FILTER_VALIDATE_URL ) false !== \filter_var( $actor['id'], \FILTER_VALIDATE_URL )
) { ) {
$actor = $actor['id']; $actor = $actor['id'];
} }

View file

@ -51,7 +51,7 @@ class Webfinger {
$resource_identifier = $matches[1]; $resource_identifier = $matches[1];
$resource_host = $matches[2]; $resource_host = $matches[2];
if ( \wp_parse_url( \home_url( '/' ), PHP_URL_HOST ) !== $resource_host ) { if ( \wp_parse_url( \home_url( '/' ), \PHP_URL_HOST ) !== $resource_host ) {
return new \WP_Error( 'activitypub_wrong_host', \__( 'Resource host does not match blog host', 'activitypub' ), array( 'status' => 404 ) ); return new \WP_Error( 'activitypub_wrong_host', \__( 'Resource host does not match blog host', 'activitypub' ), array( 'status' => 404 ) );
} }

View file

@ -9,7 +9,7 @@ $json->type = 'Person';
$json->name = \get_the_author_meta( 'display_name', $author_id ); $json->name = \get_the_author_meta( 'display_name', $author_id );
$json->summary = \html_entity_decode( $json->summary = \html_entity_decode(
\get_the_author_meta( 'description', $author_id ), \get_the_author_meta( 'description', $author_id ),
ENT_QUOTES, \ENT_QUOTES,
'UTF-8' 'UTF-8'
); );
$json->preferredUsername = \get_the_author_meta( 'login', $author_id ); // phpcs:ignore $json->preferredUsername = \get_the_author_meta( 'login', $author_id ); // phpcs:ignore
@ -47,8 +47,8 @@ $json->attachment[] = array(
'type' => 'PropertyValue', 'type' => 'PropertyValue',
'name' => __( 'Blog', 'activitypub' ), 'name' => __( 'Blog', 'activitypub' ),
'value' => \html_entity_decode( 'value' => \html_entity_decode(
'<a rel="me" title="' . \esc_attr( \home_url( '/' ) ) . '" target="_blank" href="' . \home_url( '/' ) . '">' . \wp_parse_url( \home_url( '/' ), PHP_URL_HOST ) . '</a>', '<a rel="me" title="' . \esc_attr( \home_url( '/' ) ) . '" target="_blank" href="' . \home_url( '/' ) . '">' . \wp_parse_url( \home_url( '/' ), \PHP_URL_HOST ) . '</a>',
ENT_QUOTES, \ENT_QUOTES,
'UTF-8' 'UTF-8'
), ),
); );
@ -57,8 +57,8 @@ $json->attachment[] = array(
'type' => 'PropertyValue', 'type' => 'PropertyValue',
'name' => __( 'Profile', 'activitypub' ), 'name' => __( 'Profile', 'activitypub' ),
'value' => \html_entity_decode( 'value' => \html_entity_decode(
'<a rel="me" title="' . \esc_attr( \get_author_posts_url( $author_id ) ) . '" target="_blank" href="' . \get_author_posts_url( $author_id ) . '">' . \wp_parse_url( \get_author_posts_url( $author_id ), PHP_URL_HOST ) . '</a>', '<a rel="me" title="' . \esc_attr( \get_author_posts_url( $author_id ) ) . '" target="_blank" href="' . \get_author_posts_url( $author_id ) . '">' . \wp_parse_url( \get_author_posts_url( $author_id ), \PHP_URL_HOST ) . '</a>',
ENT_QUOTES, \ENT_QUOTES,
'UTF-8' 'UTF-8'
), ),
); );
@ -68,8 +68,8 @@ if ( \get_the_author_meta( 'user_url', $author_id ) ) {
'type' => 'PropertyValue', 'type' => 'PropertyValue',
'name' => __( 'Website', 'activitypub' ), 'name' => __( 'Website', 'activitypub' ),
'value' => \html_entity_decode( 'value' => \html_entity_decode(
'<a rel="me" title="' . \esc_attr( \get_the_author_meta( 'user_url', $author_id ) ) . '" target="_blank" href="' . \get_the_author_meta( 'user_url', $author_id ) . '">' . \wp_parse_url( \get_the_author_meta( 'user_url', $author_id ), PHP_URL_HOST ) . '</a>', '<a rel="me" title="' . \esc_attr( \get_the_author_meta( 'user_url', $author_id ) ) . '" target="_blank" href="' . \get_the_author_meta( 'user_url', $author_id ) . '">' . \wp_parse_url( \get_the_author_meta( 'user_url', $author_id ), \PHP_URL_HOST ) . '</a>',
ENT_QUOTES, \ENT_QUOTES,
'UTF-8' 'UTF-8'
), ),
); );
@ -92,10 +92,10 @@ $json = \apply_filters( 'activitypub_json_author_array', $json );
$options = 0; $options = 0;
// JSON_PRETTY_PRINT added in PHP 5.4 // JSON_PRETTY_PRINT added in PHP 5.4
if ( \get_query_var( 'pretty' ) ) { if ( \get_query_var( 'pretty' ) ) {
$options |= JSON_PRETTY_PRINT; // phpcs:ignore $options |= \JSON_PRETTY_PRINT; // phpcs:ignore
} }
$options |= JSON_HEX_TAG | JSON_HEX_AMP | JSON_HEX_QUOT; $options |= \JSON_HEX_TAG | \JSON_HEX_AMP | \JSON_HEX_QUOT;
/* /*
* Options to be passed to json_encode() * Options to be passed to json_encode()

View file

@ -15,10 +15,10 @@ $json = \apply_filters( 'activitypub_json_post_array', $json );
$options = 0; $options = 0;
// JSON_PRETTY_PRINT added in PHP 5.4 // JSON_PRETTY_PRINT added in PHP 5.4
if ( \get_query_var( 'pretty' ) ) { if ( \get_query_var( 'pretty' ) ) {
$options |= JSON_PRETTY_PRINT; // phpcs:ignore $options |= \JSON_PRETTY_PRINT; // phpcs:ignore
} }
$options |= JSON_HEX_TAG | JSON_HEX_AMP | JSON_HEX_QUOT; $options |= \JSON_HEX_TAG | \JSON_HEX_AMP | \JSON_HEX_QUOT;
/* /*
* Options to be passed to json_encode() * Options to be passed to json_encode()

View file

@ -96,7 +96,7 @@
<?php <?php
// load the existing blacklist from the WordPress options table // load the existing blacklist from the WordPress options table
$activitypub_blacklist = \trim( \implode( PHP_EOL, \ActivityPub\get_blacklist() ), PHP_EOL ); $activitypub_blacklist = \trim( \implode( \PHP_EOL, \ActivityPub\get_blacklist() ), \PHP_EOL );
?> ?>
<table class="form-table"> <table class="form-table">

View file

@ -1,6 +1,6 @@
<?php <?php
\error_reporting( E_ALL & ~E_NOTICE & ~E_STRICT & ~E_WARNING ); \error_reporting( \E_ALL & ~\E_NOTICE & ~\E_STRICT & ~\E_WARNING );
\define( 'WP_DEBUG', false ); \define( 'WP_DEBUG', false );
@ -18,4 +18,4 @@ tests_add_filter( 'muplugins_loaded', '_manually_load_plugin' );
require $_tests_dir . '/includes/bootstrap.php'; require $_tests_dir . '/includes/bootstrap.php';
\error_reporting( E_ALL & ~E_NOTICE & ~E_STRICT & ~E_WARNING ); \error_reporting( \E_ALL & ~\E_NOTICE & ~\E_STRICT & ~\E_WARNING );