[refactor] Use range() function instead of string increment (#367)

This was found during the analysis for https://wiki.php.net/rfc/saner-inc-dec-operators

I don't know what is the minimal version targeted, so the line which defines ``$c`` may need to be changes to use ``array_merge()``

library/HTMLPurifier/AttrDef/CSS/FontFamily.php

@@ -10,23 +10,21 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
 
     public function __construct()
     {
-        $this->mask = '_- ';
+        // Lowercase letters
-        for ($c = 'a'; $c <= 'z'; $c++) {
+        $l = range('a', 'z');
-            $this->mask .= $c;
+        // Uppercase letters
-        }
+        $u = range('A', 'Z');
-        for ($c = 'A'; $c <= 'Z'; $c++) {
+        // Digits
-            $this->mask .= $c;
+        $d = range('0', '9');
-        }
+        // Special bytes used by UTF-8
-        for ($c = '0'; $c <= '9'; $c++) {
+        $b = array_map('chr', range(0x80, 0xFF));
-            $this->mask .= $c;
+        // All valid characters for the mask
-        } // cast-y, but should be fine
+        $c = array_merge($l, $u, $d, $b);
-        // special bytes used by UTF-8
+        // Concatenate all valid characters into a string 
-        for ($i = 0x80; $i <= 0xFF; $i++) {
+        // Use '_- ' as an initial value
-            // We don't bother excluding invalid bytes in this range,
+        $this->mask = array_reduce($c, function ($carry, $value) {
-            // because the our restriction of well-formed UTF-8 will
+            return $carry . $value;
-            // prevent these from ever occurring.
+        }, '_- ');
-            $this->mask .= chr($i);
-        }
 
         /*
             PHP's internal strcspn implementation is