Address PHPStan warnings in 'classes/sanitizer.php'.

This also includes some minor tweaks to things that call 'Sanitizer::sanitize()'.

6 files changed, 28 insertions, 13 deletions

diff --git a/classes/api.php b/classes/api.php
index 033aa8654..7d6ac174c 100755
--- a/classes/api.php
+++ b/classes/api.php
@@ -351,7 +351,7 @@ class API extends Handler {
 					$article['content'] = Sanitizer::sanitize(
 						$entry->content,
 						self::_param_to_bool($entry->hide_images),
-						false, $entry->site_url, false, $entry->id);
+						null, $entry->site_url, null, $entry->id);
 				} else {
 					$article['content'] = $entry->content;
 				}
@@ -746,7 +746,7 @@ class API extends Handler {
 							$headline_row["content"] = Sanitizer::sanitize(
 								$line["content"],
 								self::_param_to_bool($line['hide_images']),
-								false, $line["site_url"], false, $line["id"]);
+								null, $line["site_url"], null, $line["id"]);
 						} else {
 							$headline_row["content"] = $line["content"];
 						}
diff --git a/classes/feeds.php b/classes/feeds.php
index cd2633ffb..20aa9c05d 100755
--- a/classes/feeds.php
+++ b/classes/feeds.php
@@ -271,7 +271,7 @@ class Feeds extends Handler_Protected {
 				$this->_mark_timestamp("   pre-sanitize");
 
 				$line["content"] = Sanitizer::sanitize($line["content"],
-					$line['hide_images'], false, $line["site_url"], $highlight_words, $line["id"]);
+					$line['hide_images'], null, $line["site_url"], $highlight_words, $line["id"]);
 
 				$this->_mark_timestamp("   sanitize");
 
diff --git a/classes/handler/public.php b/classes/handler/public.php
index 14474d0bb..9a9f7b892 100755
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -109,7 +109,7 @@ class Handler_Public extends Handler {
 				$tpl->setVariable('ARTICLE_EXCERPT', $line["content_preview"], true);
 
 				$content = Sanitizer::sanitize($line["content"], false, $owner_uid,
-					$feed_site_url, false, $line["id"]);
+					$feed_site_url, null, $line["id"]);
 
 				$content = DiskCache::rewrite_urls($content);
 
@@ -207,7 +207,7 @@ class Handler_Public extends Handler {
 				$article['link']	= $line['link'];
 				$article['title'] = $line['title'];
 				$article['excerpt'] = $line["content_preview"];
-				$article['content'] = Sanitizer::sanitize($line["content"], false, $owner_uid, $feed_site_url, false, $line["id"]);
+				$article['content'] = Sanitizer::sanitize($line["content"], false, $owner_uid, $feed_site_url, null, $line["id"]);
 				$article['updated'] = date('c', strtotime($line["updated"]));
 
 				if (!empty($line['note'])) $article['note'] = $line['note'];
diff --git a/classes/sanitizer.php b/classes/sanitizer.php
index 3f6e9504e..2770aece2 100644
--- a/classes/sanitizer.php
+++ b/classes/sanitizer.php
@@ -1,6 +1,10 @@
 <?php
 class Sanitizer {
-	private static function strip_harmful_tags($doc, $allowed_elements, $disallowed_attributes) {
+	/**
+	 * @param array<int, string> $allowed_elements
+	 * @param array<int, string> $disallowed_attributes
+	 */
+	private static function strip_harmful_tags(DOMDocument $doc, array $allowed_elements, $disallowed_attributes): DOMDocument {
 		$xpath = new DOMXPath($doc);
 		$entries = $xpath->query('//*');
 
@@ -40,7 +44,7 @@ class Sanitizer {
 		return $doc;
 	}
 
-	public static function iframe_whitelisted($entry) {
+	public static function iframe_whitelisted(DOMNode $entry): bool {
 		$src = parse_url($entry->getAttribute("src"), PHP_URL_HOST);
 
 		if (!empty($src))
@@ -49,11 +53,16 @@ class Sanitizer {
 		return false;
 	}
 
-	private static function is_prefix_https() {
+	private static function is_prefix_https(): bool {
 		return parse_url(Config::get(Config::SELF_URL_PATH), PHP_URL_SCHEME) == 'https';
 	}
 
-	public static function sanitize($str, $force_remove_images = false, $owner = false, $site_url = false, $highlight_words = false, $article_id = false) {
+	/**
+	 * @param array<int, string>|null $highlight_words Words to highlight in the HTML output.
+	 *
+	 * @return false|string The HTML, or false if an error occurred.
+	 */
+	public static function sanitize(string $str, bool $force_remove_images = false, int $owner = null, string $site_url = null, array $highlight_words = null, int $article_id = null) {
 
 		if (!$owner && isset($_SESSION["uid"]))
 			$owner = $_SESSION["uid"];
@@ -183,7 +192,7 @@ class Sanitizer {
 			$div->appendChild($entry);
 		}
 
-		if ($highlight_words && is_array($highlight_words)) {
+		if (is_array($highlight_words)) {
 			foreach ($highlight_words as $word) {
 
 				// http://stackoverflow.com/questions/4081372/highlight-keywords-in-a-paragraph
diff --git a/include/functions.php b/include/functions.php
index 36519fd44..238cbe7f5 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -181,8 +181,14 @@
 		return Feeds::_get_counters($feed, $is_cat, true, $_SESSION["uid"]);
 	}
 
-	/** function is @deprecated by Sanitizer::sanitize() */
-	function sanitize($str, $force_remove_images = false, $owner = false, $site_url = false, $highlight_words = false, $article_id = false) {
+	/**
+	 * @deprecated by Sanitizer::sanitize()
+	 *
+	 * @param array<int, string>|null $highlight_words Words to highlight in the HTML output.
+	 *
+	 * @return false|string The HTML, or false if an error occurred.
+	 */
+	function sanitize(string $str, bool $force_remove_images = false, int $owner = null, string $site_url = null, array $highlight_words = null, int $article_id = null) {
 		return Sanitizer::sanitize($str, $force_remove_images, $owner, $site_url, $highlight_words, $article_id);
 	}
 
diff --git a/plugins/share/init.php b/plugins/share/init.php
index 359d86802..8da417e52 100644
--- a/plugins/share/init.php
+++ b/plugins/share/init.php
@@ -133,7 +133,7 @@ class Share extends Plugin {
 
 			$line["content"] = Sanitizer::sanitize($line["content"],
 				$line['hide_images'],
-				$owner_uid, $line["site_url"], false, $line["id"]);
+				$owner_uid, $line["site_url"], null, $line["id"]);
 
 			PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_RENDER_ARTICLE,
 				function ($result) use (&$line) {