HEX
Server: LiteSpeed
System: Linux d8 4.18.0-553.121.1.lve.el8.x86_64 #1 SMP Thu Apr 30 16:40:41 UTC 2026 x86_64
User: wbwebdes (3015)
PHP: 8.1.31
Disabled: exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
$ pwd: /home/wbwebdes/domains/uren-registratie.blankevoort.net/public_html/src/Utils/
Upload Files
File: /home/wbwebdes/domains/uren-registratie.blankevoort.net/public_html/src/Utils/StringHelper.php
<?php

/*
 * This file is part of the Kimai time-tracking app.
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace App\Utils;

final class StringHelper
{
    // @see https://github.com/payloadbox/csv-injection-payloads
    private const DDE_PAYLOADS = ['=', '-', '@', '+', "\t", "\n", "\r", "\r\n"];

    public static function ensureMaxLength(?string $string, int $length): ?string
    {
        if (null === $string) {
            return null;
        }

        if (mb_strlen($string) > $length) {
            $string = mb_substr($string, 0, $length);
        }

        return $string;
    }

    public static function sanitizeDDE(string $text): string
    {
        // see #3189
        if (\strlen($text) === 0) {
            return $text;
        }

        $sanitize = false;

        if (\in_array($text[0], self::DDE_PAYLOADS)) {
            $sanitize = true;
        } elseif (stripos($text, 'DDE') !== false) {
            $sanitize = true;
        }

        if ($sanitize) {
            // trying to prevent fucking Microsoft "feature" DDE
            $text = "' " . $text;
        }

        return $text;
    }
}
@ Telegram