eliseuamaro/gnu-social
1
0
Fork 0
forked from GNUsocial/gnu-social
Code Issues Pull Requests Releases Wiki Activity

[TOOLS] Fix errors reported by updated PHPStan

Browse Source
This commit is contained in:
Hugo Sales
2021-12-26 19:08:56 +00:00
committed by Diogo Peralta Cordeiro
parent 52e2231661
commit 7eff22d548
4 changed files with 20 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/Util/HTML.php
View File

@@ -81,13 +81,13 @@ abstract class HTML
*/
private static function attr(array $attrs, array $options = []): string
{
return ' ' . implode(' ', F\map($attrs, [self::class, '_process_attribute']));
return ' ' . implode(' ', F\map($attrs, fn ($attr, $key) => self::process_attribute($attr, $key, $options)));
}
/**
* Convert an attr ($key), $val pair to an HTML attribute, but validate to exclude some vectors of injection
*/
public static function _process_attribute(string $val, string $key): string
private static function process_attribute(string $val, string $key, array $options): string
{
if (\in_array($key, array_merge($options['forbidden_attributes'] ?? [], self::FORBIDDEN_ATTRIBUTES))
|| str_starts_with($val, 'javascript:')) {