typos and Complex (curly) syntax fixed

cfc4n · cfc4n · commit 9383a4a262e9 · 2014-05-27T16:24:22.000+08:00
fixed typos.(Secend param of substr function "," by ".") fixed checklist with complex curly syntax. thanks to https://github.com/chinurho to report it.
diff --git a/Pecker/Scanner.php b/Pecker/Scanner.php
@@ -13,7 +13,7 @@
  * @license         http://www.fsf.org/copyleft/gpl.html GNU public license
  * @author          CFC4N <cfc4n@cnxct.com>
  * @package         Scanner
- * @version         $Id: Scanner.php 29 2014-03-06 12:55:31Z cfc4n $
+ * @version         $Id: Scanner.php 31 2014-05-27 08:09:52Z cfc4n $
  */
 class Pecker_Scanner
 {
@@ -56,7 +56,7 @@ public function setPath($path)
     {
         if (substr($path,-1) == '/' || substr($path,-1) == '\\')
         {
-            $path = substr($path, 0.-1);
+            $path = substr($path, 0,-1);
         }
         if (!is_dir($path))
         {
@@ -169,9 +169,12 @@ public function ScanCode($code)
     private function checkTokens(array $tokens)
     {
         $i = 0;
+        $curly = false;
+        $curly_str = '';
+        $curly_num = 0;
         foreach ($tokens as $k => $token)
         {
-            if (is_array($token))
+            if (!$curly && is_array($token))
             {
                 switch ($token[0])
                 {
@@ -186,7 +189,6 @@ private function checkTokens(array $tokens)
                         break;
                     case T_VARIABLE:
                         $ntoken = $this->parser->getNextToken($k);
-//                         var_dump($token,$ntoken);exit();
                         $ptoken = $this->parser->getPreToken($k);
                         if ($ntoken === '(' && $ptoken != '->' && $ptoken !== '::' && $ptoken !== 'function' && $ptoken !== 'new')
                         {
@@ -240,6 +242,32 @@ private function checkTokens(array $tokens)
                     default:
                 }
             }
+            elseif ($curly)
+            {
+                //Complex (curly) syntax
+                if (!is_array($token))
+                {
+                    if ($token === '{')
+                    {
+                        $curly_str .= '{';
+                        $curly_num ++;
+                    }
+                    elseif($token === '}')
+                    {
+                        $curly_str .= '}';
+                        $curly_num --;
+                    }
+                }
+                else 
+                {
+                    $curly_str .= $token[1];
+                }
+                if ($curly_num == 0)
+                {
+                    $curly = false;
+                    $this->report->catchLog($curly_str, 0,$this->parser->getPieceTokenAll($k));
+                }
+            }
             elseif($token === '$')
             {
                 /**
@@ -260,15 +288,9 @@ private function checkTokens(array $tokens)
                 $nt = $this->parser->getVariableToken($k);
                 if ($nt['token'] === '{')
                 {
-                    $nt1 = $this->parser->getVariableToken($k+$nt['key']+1);
-                    if ($nt1['token'] === '}' && $this->parser->getNextToken($k+$nt['key']+$nt1['key']+2) === '(')
-                    {
-                        $this->report->catchLog('${'.$nt1['func'].'}', 0,$this->parser->getPieceTokenAll($nt1['key']+$k+1));
-                    }
-                }
-                elseif($nt['token'] === '(')
-                {
-                    $this->report->catchLog('$'.$nt['func'], 0,$this->parser->getPieceTokenAll($nt['key']+$k));
+                    $curly = true;
+                    $curly_str = '$';
+                    $curly_num = 0;
                 }
             }
         }
diff --git a/PeckerLite/PeckerScanner.lite.php b/PeckerLite/PeckerScanner.lite.php
@@ -15,7 +15,7 @@
  * @license         http://www.fsf.org/copyleft/gpl.html GNU public license
  * @author          CFC4N <cfc4n@cnxct.com>
  * @package         Lexer All
- * @version         $Id: PeckerScanner.lite.php 29 2014-03-06 12:55:31Z cfc4n $
+ * @version         $Id: PeckerScanner.lite.php 31 2014-05-27 08:09:52Z cfc4n $
  */
 
 class Pecker_Scanner
@@ -59,7 +59,7 @@ public function setPath($path)
     {
         if (substr($path,-1) == '/' || substr($path,-1) == '\\')
         {
-            $path = substr($path, 0.-1);
+            $path = substr($path, 0,-1);
         }
         if (!is_dir($path))
         {
@@ -172,9 +172,12 @@ public function ScanCode($code)
     private function checkTokens(array $tokens)
     {
         $i = 0;
+        $curly = false;
+        $curly_str = '';
+        $curly_num = 0;
         foreach ($tokens as $k => $token)
         {
-            if (is_array($token))
+            if (!$curly && is_array($token))
             {
                 switch ($token[0])
                 {
@@ -243,6 +246,32 @@ private function checkTokens(array $tokens)
                     default:
                 }
             }
+            elseif ($curly)
+            {
+                //Complex (curly) syntax
+                if (!is_array($token))
+                {
+                    if ($token === '{')
+                    {
+                        $curly_str .= '{';
+                        $curly_num ++;
+                    }
+                    elseif($token === '}')
+                    {
+                        $curly_str .= '}';
+                        $curly_num --;
+                    }
+                }
+                else
+                {
+                    $curly_str .= $token[1];
+                }
+                if ($curly_num == 0)
+                {
+                    $curly = false;
+                    $this->report->catchLog($curly_str, 0,$this->parser->getPieceTokenAll($k));
+                }
+            }
             elseif($token === '$')
             {
                 /**
@@ -263,15 +292,9 @@ private function checkTokens(array $tokens)
                 $nt = $this->parser->getVariableToken($k);
                 if ($nt['token'] === '{')
                 {
-                    $nt1 = $this->parser->getVariableToken($k+$nt['key']+1);
-                    if ($nt1['token'] === '}' && $this->parser->getNextToken($k+$nt['key']+$nt1['key']+2) === '(')
-                    {
-                        $this->report->catchLog('${'.$nt1['func'].'}', 0,$this->parser->getPieceTokenAll($nt1['key']+$k+1));
-                    }
-                }
-                elseif($nt['token'] === '(')
-                {
-                    $this->report->catchLog('$'.$nt['func'], 0,$this->parser->getPieceTokenAll($nt['key']+$k));
+                    $curly = true;
+                    $curly_str = '$';
+                    $curly_num = 0;
                 }
             }
         }
diff --git a/test/1.php b/test/1.php
@@ -13,7 +13,7 @@
  * @license         http://www.fsf.org/copyleft/gpl.html GNU public license
  * @author          CFC4N <cfc4n@cnxct.com>
  * @package         demo
- * @version         $Id: 1.php 29 2014-03-06 12:55:31Z cfc4n $
+ * @version         $Id: 1.php 31 2014-05-27 08:09:52Z cfc4n $
  */
 
 $str = 'base64_decode';
@@ -65,8 +65,9 @@ function exec()                 //pass
 ${2+1}();    //get it
 ${2+1};    //pass
 ${@func};    //pass
-
-
+$evil = '';
+${ $ {func}}($evil);    //get it
+${(array)function(){}}($evil);    //get it
 @preg_replace("/[pageerror]/e",$_POST['error'],"cfc");    //get it
 header('HTTP/1.1 404 Not Found');
 

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@`
`13`	`13`	`* @license http://www.fsf.org/copyleft/gpl.html GNU public license`
`14`	`14`	`* @author CFC4N <[email protected]>`
`15`	`15`	`* @package Scanner`
`16`		`- * @version $Id: Scanner.php 29 2014-03-06 12:55:31Z cfc4n $`
	`16`	`+ * @version $Id: Scanner.php 31 2014-05-27 08:09:52Z cfc4n $`
`17`	`17`	`*/`
`18`	`18`	`class Pecker_Scanner`
`19`	`19`	`{`
`@@ -56,7 +56,7 @@ public function setPath($path)`
`56`	`56`	`{`
`57`	`57`	`if (substr($path,-1) == '/' \|\| substr($path,-1) == '\\')`
`58`	`58`	`{`
`59`		`- $path = substr($path, 0.-1);`
	`59`	`+ $path = substr($path, 0,-1);`
`60`	`60`	`}`
`61`	`61`	`if (!is_dir($path))`
`62`	`62`	`{`
`@@ -169,9 +169,12 @@ public function ScanCode($code)`
`169`	`169`	`private function checkTokens(array $tokens)`
`170`	`170`	`{`
`171`	`171`	`$i = 0;`
	`172`	`+ $curly = false;`
	`173`	`+ $curly_str = '';`
	`174`	`+ $curly_num = 0;`
`172`	`175`	`foreach ($tokens as $k => $token)`
`173`	`176`	`{`
`174`		`- if (is_array($token))`
	`177`	`+ if (!$curly && is_array($token))`
`175`	`178`	`{`
`176`	`179`	`switch ($token[0])`
`177`	`180`	`{`
`@@ -186,7 +189,6 @@ private function checkTokens(array $tokens)`
`186`	`189`	`break;`
`187`	`190`	`case T_VARIABLE:`
`188`	`191`	`$ntoken = $this->parser->getNextToken($k);`
`189`		`-// var_dump($token,$ntoken);exit();`
`190`	`192`	`$ptoken = $this->parser->getPreToken($k);`
`191`	`193`	`if ($ntoken === '(' && $ptoken != '->' && $ptoken !== '::' && $ptoken !== 'function' && $ptoken !== 'new')`
`192`	`194`	`{`
`@@ -240,6 +242,32 @@ private function checkTokens(array $tokens)`
`240`	`242`	`default:`
`241`	`243`	`}`
`242`	`244`	`}`
	`245`	`+ elseif ($curly)`
	`246`	`+ {`
	`247`	`+ //Complex (curly) syntax`
	`248`	`+ if (!is_array($token))`
	`249`	`+ {`
	`250`	`+ if ($token === '{')`
	`251`	`+ {`
	`252`	`+ $curly_str .= '{';`
	`253`	`+ $curly_num ++;`
	`254`	`+ }`
	`255`	`+ elseif($token === '}')`
	`256`	`+ {`
	`257`	`+ $curly_str .= '}';`
	`258`	`+ $curly_num --;`
	`259`	`+ }`
	`260`	`+ }`
	`261`	`+ else`
	`262`	`+ {`
	`263`	`+ $curly_str .= $token[1];`
	`264`	`+ }`
	`265`	`+ if ($curly_num == 0)`
	`266`	`+ {`
	`267`	`+ $curly = false;`
	`268`	`+ $this->report->catchLog($curly_str, 0,$this->parser->getPieceTokenAll($k));`
	`269`	`+ }`
	`270`	`+ }`
`243`	`271`	`elseif($token === '$')`
`244`	`272`	`{`
`245`	`273`	`/**`
`@@ -260,15 +288,9 @@ private function checkTokens(array $tokens)`
`260`	`288`	`$nt = $this->parser->getVariableToken($k);`
`261`	`289`	`if ($nt['token'] === '{')`
`262`	`290`	`{`
`263`		`- $nt1 = $this->parser->getVariableToken($k+$nt['key']+1);`
`264`		`- if ($nt1['token'] === '}' && $this->parser->getNextToken($k+$nt['key']+$nt1['key']+2) === '(')`
`265`		`- {`
`266`		`- $this->report->catchLog('${'.$nt1['func'].'}', 0,$this->parser->getPieceTokenAll($nt1['key']+$k+1));`
`267`		`- }`
`268`		`- }`
`269`		`- elseif($nt['token'] === '(')`
`270`		`- {`
`271`		`- $this->report->catchLog('$'.$nt['func'], 0,$this->parser->getPieceTokenAll($nt['key']+$k));`
	`291`	`+ $curly = true;`
	`292`	`+ $curly_str = '$';`
	`293`	`+ $curly_num = 0;`
`272`	`294`	`}`
`273`	`295`	`}`
`274`	`296`	`}`
Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@`
`15`	`15`	`* @license http://www.fsf.org/copyleft/gpl.html GNU public license`
`16`	`16`	`* @author CFC4N <[email protected]>`
`17`	`17`	`* @package Lexer All`
`18`		`- * @version $Id: PeckerScanner.lite.php 29 2014-03-06 12:55:31Z cfc4n $`
	`18`	`+ * @version $Id: PeckerScanner.lite.php 31 2014-05-27 08:09:52Z cfc4n $`
`19`	`19`	`*/`
`20`	`20`
`21`	`21`	`class Pecker_Scanner`
`@@ -59,7 +59,7 @@ public function setPath($path)`
`59`	`59`	`{`
`60`	`60`	`if (substr($path,-1) == '/' \|\| substr($path,-1) == '\\')`
`61`	`61`	`{`
`62`		`- $path = substr($path, 0.-1);`
	`62`	`+ $path = substr($path, 0,-1);`
`63`	`63`	`}`
`64`	`64`	`if (!is_dir($path))`
`65`	`65`	`{`
`@@ -172,9 +172,12 @@ public function ScanCode($code)`
`172`	`172`	`private function checkTokens(array $tokens)`
`173`	`173`	`{`
`174`	`174`	`$i = 0;`
	`175`	`+ $curly = false;`
	`176`	`+ $curly_str = '';`
	`177`	`+ $curly_num = 0;`
`175`	`178`	`foreach ($tokens as $k => $token)`
`176`	`179`	`{`
`177`		`- if (is_array($token))`
	`180`	`+ if (!$curly && is_array($token))`
`178`	`181`	`{`
`179`	`182`	`switch ($token[0])`
`180`	`183`	`{`
`@@ -243,6 +246,32 @@ private function checkTokens(array $tokens)`
`243`	`246`	`default:`
`244`	`247`	`}`
`245`	`248`	`}`
	`249`	`+ elseif ($curly)`
	`250`	`+ {`
	`251`	`+ //Complex (curly) syntax`
	`252`	`+ if (!is_array($token))`
	`253`	`+ {`
	`254`	`+ if ($token === '{')`
	`255`	`+ {`
	`256`	`+ $curly_str .= '{';`
	`257`	`+ $curly_num ++;`
	`258`	`+ }`
	`259`	`+ elseif($token === '}')`
	`260`	`+ {`
	`261`	`+ $curly_str .= '}';`
	`262`	`+ $curly_num --;`
	`263`	`+ }`
	`264`	`+ }`
	`265`	`+ else`
	`266`	`+ {`
	`267`	`+ $curly_str .= $token[1];`
	`268`	`+ }`
	`269`	`+ if ($curly_num == 0)`
	`270`	`+ {`
	`271`	`+ $curly = false;`
	`272`	`+ $this->report->catchLog($curly_str, 0,$this->parser->getPieceTokenAll($k));`
	`273`	`+ }`
	`274`	`+ }`
`246`	`275`	`elseif($token === '$')`
`247`	`276`	`{`
`248`	`277`	`/**`
`@@ -263,15 +292,9 @@ private function checkTokens(array $tokens)`
`263`	`292`	`$nt = $this->parser->getVariableToken($k);`
`264`	`293`	`if ($nt['token'] === '{')`
`265`	`294`	`{`
`266`		`- $nt1 = $this->parser->getVariableToken($k+$nt['key']+1);`
`267`		`- if ($nt1['token'] === '}' && $this->parser->getNextToken($k+$nt['key']+$nt1['key']+2) === '(')`
`268`		`- {`
`269`		`- $this->report->catchLog('${'.$nt1['func'].'}', 0,$this->parser->getPieceTokenAll($nt1['key']+$k+1));`
`270`		`- }`
`271`		`- }`
`272`		`- elseif($nt['token'] === '(')`
`273`		`- {`
`274`		`- $this->report->catchLog('$'.$nt['func'], 0,$this->parser->getPieceTokenAll($nt['key']+$k));`
	`295`	`+ $curly = true;`
	`296`	`+ $curly_str = '$';`
	`297`	`+ $curly_num = 0;`
`275`	`298`	`}`
`276`	`299`	`}`
`277`	`300`	`}`