Enforce string type for string operations

phug-php · Nov 9, 2021 · b40122a · b40122a
1 parent 9dcb857
commit b40122a
Show file tree

Hide file tree

Showing 16 changed files with 34 additions and 26 deletions.
diff --git a/src/Phug/Compiler/Compiler/NodeCompiler/ImportNodeCompiler.php b/src/Phug/Compiler/Compiler/NodeCompiler/ImportNodeCompiler.php
@@ -23,7 +23,7 @@ class ImportNodeCompiler extends AbstractNodeCompiler
     protected function isPugImport($path)
     {
         $compiler = $this->getCompiler();
-        $extension = pathinfo($path, PATHINFO_EXTENSION) ?: '';
+        $extension = pathinfo((string) $path, PATHINFO_EXTENSION);
         $extensions = $compiler->getOption('extensions');
 
         if ($extension === '') {
@@ -72,7 +72,7 @@ public function compileNode(NodeInterface $node, ElementInterface $parent = null
 
         $paths = $isAbsolutePath
             ? null
-            : [dirname($compiler->getPath()) ?: '.'];
+            : [dirname((string) $compiler->getPath()) ?: '.'];
 
         $path = $compiler->resolve($node->getPath(), $paths);
         $compiler->registerImportPath($path);

diff --git a/src/Phug/Formatter/Formatter/AbstractFormat.php b/src/Phug/Formatter/Formatter/AbstractFormat.php
@@ -51,7 +51,7 @@ abstract class AbstractFormat implements FormatInterface, OptionInterface
         is_object($_pug_temp = %s) && method_exists($_pug_temp, "__toBoolean")
             ? $_pug_temp->__toBoolean()
             : $_pug_temp';
-    const HTML_EXPRESSION_ESCAPE = 'htmlspecialchars(%s)';
+    const HTML_EXPRESSION_ESCAPE = 'htmlspecialchars((string) (%s))';
     const HTML_TEXT_ESCAPE = 'htmlspecialchars';
     const PAIR_TAG = '%s%s%s';
     const TRANSFORM_EXPRESSION = '%s';

diff --git a/src/Phug/Formatter/Formatter/Format/XmlFormat.php b/src/Phug/Formatter/Formatter/Format/XmlFormat.php
@@ -166,7 +166,7 @@ protected function formatAttributeElement(AttributeElement $element)
         $nonEmptyAttribute = ($name === 'class' || $name === 'id');
         if ($nonEmptyAttribute && (
             !$value ||
-            ($value instanceof TextElement && ($value->getValue() ?: '') === '') ||
+            ($value instanceof TextElement && ((string) $value->getValue()) === '') ||
             (is_string($value) && in_array(trim($value), ['', '""', "''"]))
         )) {
             return '';

diff --git a/src/Phug/Formatter/Formatter/Partial/AssignmentHelpersTrait.php b/src/Phug/Formatter/Formatter/Partial/AssignmentHelpersTrait.php
@@ -202,11 +202,14 @@ protected function provideStyleAttributeAssignment()
             if (is_string($value) && mb_substr($value, 0, 7) === '{&quot;') {
                 $value = json_decode(htmlspecialchars_decode($value));
             }
+
             $styles = isset($attributes['style']) ? array_filter(explode(';', $attributes['style'])) : [];
+
             foreach ((array) $value as $propertyName => $propertyValue) {
                 if (!is_int($propertyName)) {
                     $propertyValue = $propertyName.':'.$propertyValue;
                 }
+
                 $styles[] = $propertyValue;
             }
 

diff --git a/src/Phug/Lexer/Lexer/Scanner/AttributeScanner.php b/src/Phug/Lexer/Lexer/Scanner/AttributeScanner.php
@@ -30,7 +30,7 @@ private function isTruncatedValue($expression)
         $expression = preg_replace('/
                 "(?:\\\\[\\S\\s]|[^"\\\\])*"|
                 \'(?:\\\\[\\S\\s]|[^\'\\\\])*\'
-            /x', '0', $expression);
+            /x', '0', (string) $expression);
         $expression = preg_replace('/\\s*(
                 (\\[([^\\[\\]]+|(?1))*\\]) |
                 (\\(([^\\(\\)]+|(?1))*\\)) |
@@ -42,6 +42,8 @@ private function isTruncatedValue($expression)
 
     private function isTruncatedExpression(Reader $reader, &$expression)
     {
+        $expression = (string) $expression;
+
         if (mb_substr($expression, -3) === 'new' || mb_substr($expression, -5) === 'clone') {
             $expression .= $reader->getLastPeekResult();
             $reader->consume();

diff --git a/src/Phug/Lexer/Lexer/Scanner/FilterScanner.php b/src/Phug/Lexer/Lexer/Scanner/FilterScanner.php
@@ -55,7 +55,7 @@ public function scan(State $state)
             $token = $state->createToken(TextToken::class);
             if ($maxIndent > 0 && $maxIndent < INF) {
                 foreach ($lines as &$line) {
-                    $line = mb_substr($line, $maxIndent) ?: '';
+                    $line = mb_substr((string) $line, $maxIndent);
                 }
             }
             $token->setValue(implode("\n", $lines));

diff --git a/src/Phug/Lexer/Lexer/Scanner/MultilineScanner.php b/src/Phug/Lexer/Lexer/Scanner/MultilineScanner.php
@@ -92,7 +92,7 @@ private function yieldLines(State $state, array $lines, LineAnalyzer $analyzer)
         if ($maxIndent > 0 && $maxIndent < INF) {
             foreach ($lines as &$line) {
                 if (count($line) && is_string($line[0])) {
-                    $line[0] = mb_substr($line[0], $maxIndent) ?: '';
+                    $line[0] = mb_substr((string) $line[0], $maxIndent);
                 }
             }
         }

diff --git a/src/Phug/Lexer/Lexer/Scanner/TextScanner.php b/src/Phug/Lexer/Lexer/Scanner/TextScanner.php
@@ -19,15 +19,15 @@ class TextScanner implements ScannerInterface
 
     private function isTextStartToTrim(State $state, $text)
     {
-        return in_array(mb_substr($text, 0, 1), [' ', "\t"]) && !$state->isAfterInterpolation();
+        return in_array(mb_substr((string) $text, 0, 1), [' ', "\t"]) && !$state->isAfterInterpolation();
     }
 
     private function leftTrimValueIfNotAfterInterpolation(State $state, TextToken $token)
     {
         $text = $token->getValue();
 
         if ($this->isTextStartToTrim($state, $text)) {
-            $token->setValue(mb_substr($text, 1) ?: '');
+            $token->setValue(mb_substr((string) $text, 1));
         }
     }
 
@@ -87,7 +87,7 @@ public function scan(State $state)
             $text = mb_substr($text, 1);
         }
 
-        $text = preg_replace('/\\\\([#!]\\[|#\\{)/', '$1', $text);
+        $text = preg_replace('/\\\\([#!]\\[|#{)/', '$1', $text);
         $token->setValue($text);
 
         yield $state->endToken($token);

diff --git a/src/Phug/Reader/Reader.php b/src/Phug/Reader/Reader.php
@@ -323,7 +323,7 @@ public function peek($length = null, $start = null)
      */
     public function match($pattern, $modifiers = null, $ignoredSuffixes = null)
     {
-        $modifiers = $modifiers ?: '';
+        $modifiers = (string) $modifiers;
         $ignoredSuffixes = $ignoredSuffixes ?: "\n";
         $matches = null;
         $this->lastMatchResult = null;
@@ -572,7 +572,7 @@ public function peekQuote()
      */
     public function peekSpace()
     {
-        return ctype_space($this->peek());
+        return ctype_space((string) $this->peek());
     }
 
     /**
@@ -584,7 +584,7 @@ public function peekSpace()
      */
     public function peekDigit()
     {
-        return ctype_digit($this->peek());
+        return ctype_digit((string) $this->peek());
     }
 
     /**
@@ -596,7 +596,7 @@ public function peekDigit()
      */
     public function peekAlpha()
     {
-        return ctype_alpha($this->peek());
+        return ctype_alpha((string) $this->peek());
     }
 
     /**
@@ -608,7 +608,7 @@ public function peekAlpha()
      */
     public function peekAlphaNumeric()
     {
-        return ctype_alnum($this->peek());
+        return ctype_alnum((string) $this->peek());
     }
 
     /**
@@ -658,7 +658,7 @@ public function readIndentation()
      */
     public function readUntilNewLine()
     {
-        return $this->readUntil([$this, 'peekNewLine']);
+        return (string) $this->readUntil([$this, 'peekNewLine']);
     }
 
     /**

diff --git a/src/Phug/Renderer/Renderer/Partial/Debug/DebuggerTrait.php b/src/Phug/Renderer/Renderer/Partial/Debug/DebuggerTrait.php
@@ -105,7 +105,7 @@ private function getErrorMessage($error, SourceLocation $location, $data)
         $contextLines = $data->options['error_context_lines'];
         $code = '';
         $sourceOffset = max(0, $line - 1);
-        $untilOffset = isset($source[$sourceOffset]) ? (mb_substr($source[$sourceOffset], 0, $offset ?: 0) ?: '') : '';
+        $untilOffset = isset($source[$sourceOffset]) ? mb_substr((string) $source[$sourceOffset], 0, $offset ?: 0) : '';
         $htmlError = $data->options['html_error'];
         $start = null;
         foreach ($source as $index => $lineText) {

diff --git a/tests/Phug/Compiler/NodeCompiler/ExpressionNodeCompilerTest.php b/tests/Phug/Compiler/NodeCompiler/ExpressionNodeCompilerTest.php
@@ -22,7 +22,7 @@ public function testCompile()
             'p?!=$foo'
         );
         $this->assertCompile(
-            '<p><?= htmlspecialchars((isset($foo) ? $foo : null)) ?></p>',
+            '<p><?= htmlspecialchars((string) ((isset($foo) ? $foo : null))) ?></p>',
             'p=$foo'
         );
     }

diff --git a/tests/Phug/Compiler/NodeCompiler/VariableNodeCompilerTest.php b/tests/Phug/Compiler/NodeCompiler/VariableNodeCompilerTest.php
@@ -19,7 +19,7 @@ public function testCompile()
     {
         $this->assertCompile('<?php $answer=42 ?>', '$answer != 42');
         $this->assertCompile(
-            '<?php $answer=htmlspecialchars($foo) ?>',
+            '<?php $answer=htmlspecialchars((string) ($foo)) ?>',
             '$answer ?= $foo'
         );
     }

diff --git a/tests/Phug/Compiler/NodeCompiler/WhileNodeCompilerTest.php b/tests/Phug/Compiler/NodeCompiler/WhileNodeCompilerTest.php
@@ -48,7 +48,7 @@ public function testCompile()
                 '<ul>',
                 '<?php while (x < 10) { ?>',
                 '<?php x++; ?>',
-                '<li><?= htmlspecialchars(x) ?></li>',
+                '<li><?= htmlspecialchars((string) (x)) ?></li>',
                 '<?php } ?>',
                 '</ul>',
             ],

diff --git a/tests/Phug/Element/VariableElementTest.php b/tests/Phug/Element/VariableElementTest.php
@@ -46,6 +46,9 @@ public function testVariableElement()
         $document = new DocumentElement();
         $document->appendChild($variable);
 
-        self::assertSame('<?php $foo=htmlspecialchars((isset($bar) ? $bar : null)) ?>', $formatter->format($document));
+        self::assertSame(
+            '<?php $foo=htmlspecialchars((string) ((isset($bar) ? $bar : null))) ?>',
+            $formatter->format($document)
+        );
     }
 }
diff --git a/tests/Phug/Format/HtmlFormatTest.php b/tests/Phug/Format/HtmlFormatTest.php
@@ -53,7 +53,7 @@ public function testDependencies()
     {
         $formatter = new HtmlFormat();
 
-        self::assertSame('htmlspecialchars("<")', $formatter->escapeHtml('"<"'));
+        self::assertSame('htmlspecialchars((string) ("<"))', $formatter->escapeHtml('"<"'));
     }
 
     /**

diff --git a/tests/Phug/FormatterTest.php b/tests/Phug/FormatterTest.php
@@ -557,17 +557,17 @@ public function testExpressionElement()
         $formatter = new Formatter();
 
         self::assertSame(
-            '<?= htmlspecialchars((is_bool($_pug_temp = "<".(isset($tag) ? $tag : null).">") '.
-            '? var_export($_pug_temp, true) : $_pug_temp)) ?>',
+            '<?= htmlspecialchars((string) ((is_bool($_pug_temp = "<".(isset($tag) ? $tag : null).">") '.
+            '? var_export($_pug_temp, true) : $_pug_temp))) ?>',
             $formatter->format($answer, HtmlFormat::class)
         );
 
         $answer->uncheck();
         $formatter = new Formatter();
 
         self::assertSame(
-            '<?= htmlspecialchars((is_bool($_pug_temp = "<".$tag.">") '.
-            '? var_export($_pug_temp, true) : $_pug_temp)) ?>',
+            '<?= htmlspecialchars((string) ((is_bool($_pug_temp = "<".$tag.">") '.
+            '? var_export($_pug_temp, true) : $_pug_temp))) ?>',
             $formatter->format($answer, HtmlFormat::class)
         );
-Original file line number
+Diff line change
@@ Expand Up / @@ -53,7 +53,7 @@ public function testDependencies() @@
         {
             $formatter = new HtmlFormat();
-            self::assertSame('htmlspecialchars("<")', $formatter->escapeHtml('"<"'));
+            self::assertSame('htmlspecialchars((string) ("<"))', $formatter->escapeHtml('"<"'));
         }
         /**
@@ Expand Down @@