Deprecated each in code igniter xssclean helper

I have a codeigniter helper called xssclean for input validating form data

If i give array it show each deprecated error.

Here is my function in my xssclean_helper.php

function xssclean($str) {
if (is_array($str)) {
    while (list($key) = each($str)) {
        $str[$key] = $xssclean($str[$key]);
    }
    return $str;
}
$str = _remove_invisible_characters($str);
$str = preg_replace('|&([a-z_0-9]+)=([a-z_0-9]+)|i', _xss_hash() . "\1=\2", $str);
$str = preg_replace('#(&#?[0-9a-z]{2,})([x00-x20])*;?#i', "\1;\2", $str);
$str = preg_replace('#(&#x?)([0-9A-F]+);?#i', "\1\2;", $str);
$str = str_replace(_xss_hash(), '&', $str);
$str = rawurldecode($str);
$str = preg_replace_callback("/[a-z]+=(['"]).*?\1/si", '_convert_attribute', $str);
$str = preg_replace_callback("/<w+.*?(?=>|<|$)/si", '_html_entity_decode_callback', $str);
$str = _remove_invisible_characters($str);
$str = _remove_tabs($str);
$str = _never_allowed_str($str);
$str = _never_allowed_regx($str);
$str = str_replace(array('<?', '?' . '>'), array('&lt;?', '?&gt;'), $str);
$str = _never_allowed_words($str);
do {
    $original = $str;
    if (preg_match("/<a/i", $str)) {
        $str = preg_replace_callback("#<as+([^>]*?)(>|$)#si", '_js_link_removal', $str);
    }
    if (preg_match("/<img/i", $str)) {
        $str = preg_replace_callback("#<imgs+([^>]*?)(s?/?>|$)#si", '_js_img_removal', $str);
    }
    if (preg_match("/script/i", $str) OR preg_match("/xss/i", $str)) {
        $str = preg_replace("#<(/*)(script|xss)(.*?)>#si", '', $str);
    }
} while ($original != $str);
unset($original);
$event_handlers = array('[^a-z_-]onw*', 'xmlns');
$str            = preg_replace("#<([^><]+?)(" . implode('|', $event_handlers) . ")(s*=s*[^><]*)([><]*)#i", "<\1\4", $str);
$naughty        = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|isindex|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss';
$str            = preg_replace_callback('#<(/*s*)(' . $naughty . ')([^><]*)([><]*)#is', '_sanitize_naughty_html', $str);
$str            = preg_replace('#(alert|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(s*)((.*?))#si', "\1\2(\3)", $str);
$str            = _never_allowed_str($str);
$str            = _never_allowed_regx($str);
return $str;

}

JavaScript
​x
 
function xssclean($str) {if (is_array($str)) {    while (list($key) = each($str)) {        $str[$key] = $xssclean($str[$key]);    }    return $str;}$str = _remove_invisible_characters($str);$str = preg_replace('|&([a-z_0-9]+)=([a-z_0-9]+)|i', _xss_hash() . "\1=\2", $str);$str = preg_replace('#(&#?[0-9a-z]{2,})([x00-x20])*;?#i', "\1;\2", $str);$str = preg_replace('#(&#x?)([0-9A-F]+);?#i', "\1\2;", $str);$str = str_replace(_xss_hash(), '&', $str);$str = rawurldecode($str);$str = preg_replace_callback("/[a-z]+=(['"]).*?\1/si", '_convert_attribute', $str);$str = preg_replace_callback("/<w+.*?(?=>|<|$)/si", '_html_entity_decode_callback', $str);$str = _remove_invisible_characters($str);$str = _remove_tabs($str);$str = _never_allowed_str($str);$str = _never_allowed_regx($str);$str = str_replace(array('<?', '?' . '>'), array('&lt;?', '?&gt;'), $str);$str = _never_allowed_words($str);do {    $original = $str;    if (preg_match("/<a/i", $str)) {        $str = preg_replace_callback("#<as+([^>]*?)(>|$)#si", '_js_link_removal', $str);    }    if (preg_match("/<img/i", $str)) {        $str = preg_replace_callback("#<imgs+([^>]*?)(s?/?>|$)#si", '_js_img_removal', $str);    }    if (preg_match("/script/i", $str) OR preg_match("/xss/i", $str)) {        $str = preg_replace("#<(/*)(script|xss)(.*?)>#si", '', $str);    }} while ($original != $str);unset($original);$event_handlers = array('[^a-z_-]onw*', 'xmlns');$str            = preg_replace("#<([^><]+?)(" . implode('|', $event_handlers) . ")(s*=s*[^><]*)([><]*)#i", "<\1\4", $str);$naughty        = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|isindex|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss';$str            = preg_replace_callback('#<(/*s*)(' . $naughty . ')([^><]*)([><]*)#is', '_sanitize_naughty_html', $str);$str            = preg_replace('#(alert|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(s*)((.*?))#si', "\1\2(\3)", $str);$str            = _never_allowed_str($str);$str            = _never_allowed_regx($str);return $str;​}​

At line no 3 i get error

Answer

The each() function is deprecated with PHP 7.2. But you can replace your while-loop with a foreach-loop:

function xssclean($str) {
    if (is_array($str)) {
        foreach($str as &$value){
            $value = xssclean($value);
        }

        return $str;
    }
    // …
}

JavaScript
 
function xssclean($str) {    if (is_array($str)) {        foreach($str as &$value){            $value = xssclean($value);        }​        return $str;    }    // …}​

The $value variable is per default a copy of the array value. The & makes it a reference, this way you can update the value. Manipulating the array while iterating over it, is not a good idea and can lead to errors.

Advertisement

Answer