3v4l.org

run code in 150+ php & hhvm versions
Bugs & Features
<?php namespace Security\Sanitize;class SanitizeInput { protected $strCode = '', $arrTokens = array(); public static $arrInvalidTokens = array( T_BAD_CHARACTER, T_ENDDECLARE, T_END_HEREDOC, T_EVAL, T_FILE, T_GLOBAL, T_HALT_COMPILER, T_GOTO, T_IMPLEMENTS, T_INCLUDE, T_INCLUDE_ONCE, T_LINE, T_PRIVATE, T_PUBLIC, T_PROTECTED, T_REQUIRE, T_REQUIRE_ONCE, T_STRING_VARNAME, T_YIELD, ); public function __construct($arrExtraInvalidTokens = array()) { if(!function_exists('token_get_all') || !function_exists('token_name')) { throw new \Exception(__CLASS__ . ' requirements not met. "token_get_all" and "token_name" functions are required'); return new \stdClass(); } if(is_array($arrExtraInvalidTokens) && !empty($arrExtraInvalidTokens)) { foreach($arrExtraInvalidTokens as $intInvalidToken) { self::$arrInvalidTokens[] = $intInvalidToken; } } } protected function getRegexPatternFromToken($intToken) { $strOut = ''; switch(token_name($intToken)) { case 'T_ABSTRACT' : { $strOut .= '(abstract)+/i'; break; } case 'T_AND_EQUAL': { $strOut .= '([\&\=])+'; break; } case 'T_ARRAY': { $strOut .= '(array)+/i'; } case 'T_ARRAY_CAST' : { $strOut .= '(\(array\)/i)+'; } case 'T_AS': { $strOut .= '(as)+/i'; break; } case 'T_BAD_CHARACTER' : { $strOut .= '([\x00-\x32])+'; break; } case 'T_WHITESPACE' : { $strOut .= '(\s|\t)+'; break; } } return $strOut; } protected function stripTokenValues() { $strOut = ''; $arrTokens = $this->arrTokens; foreach($arrTokens as $arrToken) { foreach($arrToken as $arrTokenDetails) { if(!empty($arrTokenDetails[0]) && is_long($arrTokenDetails[0])) { if(in_array($arrTokenDetails[0], self::$arrInvalidTokens)) { $strPattern = $this->getRegexPatternFromToken($arrTokenDetails[0]); /** @warning Assignment in check */ if(($strOut = preg_replace('/' . $strPattern . '/', '', $this->strCode))) { continue; } else { throw new \Exception('Could not fix patterns matched in template'); } } } } } $this->strCode = $strOut; return $strOut; } protected function findTokens() { $arrOut = array(); $arrTokens = token_get_all($this->strCode); // Ensure we have an array of tokens if(is_array($arrTokens)) { $this->arrTokens[] = $arrTokens; } return $arrTokens; } // Need to fix the second parameter functionality public function secureInput($strCode = '', $blIsFile = false) { $strOut = ''; // Check if we are using a file or plain input if($blIsFile) { // Ensure the file exists and is readable if(file_exists($strCode) && is_readable($strCode)) { $this->strCode = file_get_contents($strCode); } } else { $this->strCode = $strCode; } if(!(empty($this->findTokens()))) { $strOut = $this->stripTokenValues(); } return $strOut; }}// $x = new SanitizeInput();$x = new SanitizeInput(array(T_WHITESPACE));try { var_dump($x->secureInput('<?php echo "your mom"; ?>'));} catch(\Exception $e) { var_dump($e->getMessage());}<?php namespace Security\Sanitize;class SanitizeInput { protected $strCode = '', $arrTokens = array(); public static $arrInvalidTokens = array( T_BAD_CHARACTER, T_ENDDECLARE, T_END_HEREDOC, T_EVAL, T_FILE, T_GLOBAL, T_HALT_COMPILER, T_GOTO, T_IMPLEMENTS, T_INCLUDE, T_INCLUDE_ONCE, T_LINE, T_PRIVATE, T_PUBLIC, T_PROTECTED, T_REQUIRE, T_REQUIRE_ONCE, T_STRING_VARNAME, T_YIELD, ); public function __construct($arrExtraInvalidTokens = array()) { if(!function_exists('token_get_all') || !function_exists('token_name')) { throw new \Exception(__CLASS__ . ' requirements not met. "token_get_all" and "token_name" functions are required'); return new \stdClass(); } if(is_array($arrExtraInvalidTokens) && !empty($arrExtraInvalidTokens)) { foreach($arrExtraInvalidTokens as $intInvalidToken) { self::$arrInvalidTokens[] = $intInvalidToken; } } } protected function getRegexPatternFromToken($intToken) { $strOut = ''; switch(token_name($intToken)) { case 'T_ABSTRACT' : { $strOut .= '(abstract)+/i'; break; } case 'T_AND_EQUAL': { $strOut .= '([\&\=])+'; break; } case 'T_ARRAY': { $strOut .= '(array)+/i'; } case 'T_ARRAY_CAST' : { $strOut .= '(\(array\)/i)+'; } case 'T_AS': { $strOut .= '(as)+/i'; break; } case 'T_BAD_CHARACTER' : { $strOut .= '([\x00-\x32])+'; break; } case 'T_WHITESPACE' : { $strOut .= '(\s|\t)+'; break; } } return $strOut; } protected function stripTokenValues() { $strOut = ''; $arrTokens = $this->arrTokens; foreach($arrTokens as $arrToken) { foreach($arrToken as $arrTokenDetails) { if(!empty($arrTokenDetails[0]) && is_long($arrTokenDetails[0])) { if(in_array($arrTokenDetails[0], self::$arrInvalidTokens)) { $strPattern = $this->getRegexPatternFromToken($arrTokenDetails[0]); /** @warning Assignment in check */ if(($strOut = preg_replace('/' . $strPattern . '/', '', $this->strCode))) { continue; } else { throw new \Exception('Could not fix patterns matched in template'); } } } } } $this->strCode = $strOut; return $strOut; } protected function findTokens() { $arrOut = array(); $arrTokens = token_get_all($this->strCode); // Ensure we have an array of tokens if(is_array($arrTokens)) { $this->arrTokens[] = $arrTokens; } return $arrTokens; } // Need to fix the second parameter functionality public function secureInput($strCode = '', $blIsFile = false) { $strOut = ''; // Check if we are using a file or plain input if($blIsFile) { // Ensure the file exists and is readable if(file_exists($strCode) && is_readable($strCode)) { $this->strCode = file_get_contents($strCode); } } else { $this->strCode = $strCode; } if(!(empty($this->findTokens()))) { $strOut = $this->stripTokenValues(); } return $strOut; }}// $x = new SanitizeInput();$x = new SanitizeInput(array(T_WHITESPACE));try { var_dump($x->secureInput(file_get_contents('/home/rclifford/Desktop/tokenizer_test.php')));} catch(\Exception $e) { var_dump($e->getMessage());}<?php
based on kOvbG
Output for 5.4.0 - 5.4.31
Parse error: syntax error, unexpected 'Security' (T_STRING), expecting \\ (T_NS_SEPARATOR) in /in/uuv4V on line 1
Process exited with code 255.
Output for 5.3.0 - 5.3.28
Parse error: syntax error, unexpected T_STRING, expecting T_NS_SEPARATOR in /in/uuv4V on line 1
Process exited with code 255.
Output for 4.4.2 - 4.4.9, 5.1.0 - 5.2.17
Parse error: syntax error, unexpected T_STRING in /in/uuv4V on line 1
Process exited with code 255.
Output for 4.3.0 - 4.3.1, 4.3.5 - 4.4.1, 5.0.0 - 5.0.5
Parse error: parse error, unexpected T_STRING in /in/uuv4V on line 1
Process exited with code 255.
Output for 4.3.2 - 4.3.4
Parse error: parse error in /in/uuv4V on line 1
Process exited with code 255.