From 91478fc53d48c5c0b5507dbb849d21d7987b4c31 Mon Sep 17 00:00:00 2001
From: Visman <visman2008@googlemail.com>
Date: Thu, 5 May 2022 16:37:28 +0700
Subject: [PATCH] Update Core\Secury

Change the logic of the replInvalidChars() method.
---
 app/Core/Secury.php | 39 ++++++++++++++++++++++++++-------------
 1 file changed, 26 insertions(+), 13 deletions(-)

diff --git a/app/Core/Secury.php b/app/Core/Secury.php
index 0dedda3d..93627146 100644
--- a/app/Core/Secury.php
+++ b/app/Core/Secury.php
@@ -31,9 +31,11 @@ class Secury
         ) {
             throw new InvalidArgumentException('Algorithm and salt can not be empty');
         }
+
         if (! \in_array($hmac['algo'], \hash_hmac_algos(), true)) {
             throw new UnexpectedValueException('Algorithm not supported');
         }
+
         $this->hmac = $hmac;
     }
 
@@ -71,9 +73,10 @@ class Secury
      */
     public function randomPass(int $len): string
     {
-        $key = \random_bytes($len);
-        $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_';
+        $key    = \random_bytes($len);
+        $chars  = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_';
         $result = '';
+
         for ($i = 0; $i < $len; ++$i) {
             $result .= $chars[\ord($key[$i]) % 64];
         }
@@ -82,23 +85,33 @@ class Secury
     }
 
     /**
-     * Replacing invalid UTF-8 characters and remove control characters
+     * For string: Replacing invalid UTF-8 characters and remove control characters
+     * For other scalar or null: unchanged
      */
     public function replInvalidChars(/* mixed */ $data) /* : mixed */
     {
         if (\is_array($data)) {
             return \array_map([$this, 'replInvalidChars'], $data);
-        } elseif (\is_int($data)) {
+
+        } elseif (\is_string($data)) {
+            // Replacing invalid UTF-8 characters
+            // slow, small memory
+            //$data = mb_convert_encoding((string) $data, 'UTF-8', 'UTF-8');
+            // fast, large memory
+            $data = \htmlspecialchars_decode(\htmlspecialchars((string) $data, \ENT_SUBSTITUTE, 'UTF-8'));
+            // Canonical Decomposition followed by Canonical Composition
+            $data = Normalizer::normalize($data, Normalizer::FORM_C);
+            // Remove control characters
+            return \preg_replace('%(?:[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]|\xC2[\x80-\x9F])%', '', $data);
+
+        } elseif (
+            null === $data
+            || \is_scalar($data)
+        ) {
             return $data;
+
+        } else {
+            throw new InvalidArgumentException('Unexpected variable type: ' . \gettype($data));
         }
-        // Replacing invalid UTF-8 characters
-        // slow, small memory
-        //$data = mb_convert_encoding((string) $data, 'UTF-8', 'UTF-8');
-        // fast, large memory
-        $data = \htmlspecialchars_decode(\htmlspecialchars((string) $data, \ENT_SUBSTITUTE, 'UTF-8'));
-        // Canonical Decomposition followed by Canonical Composition
-        $data = Normalizer::normalize($data, Normalizer::FORM_C);
-        // Remove control characters
-        return \preg_replace('%(?:[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]|\xC2[\x80-\x9F])%', '', $data);
     }
 }