Mercurial > hg > isophonics-drupal-site

annotate vendor/drupal/coder/coder_sniffer/DrupalPractice/Sniffs/FunctionCalls/VariableSetSanitizeSniff.php @ 0:4c8ae668cc8c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Initial import (non-working)
author Chris Cannam
date Wed, 29 Nov 2017 16:09:58 +0000
parents
children 129ea1e6d783
rev   line source
Chris@0 1 <?php
Chris@0 2 /**
Chris@0 3 * DrupalPractice_Sniffs_FunctionCalls_VariableSetSanitizeSniff
Chris@0 4 *
Chris@0 5 * @category PHP
Chris@0 6 * @package PHP_CodeSniffer
Chris@0 7 * @link http://pear.php.net/package/PHP_CodeSniffer
Chris@0 8 */
Chris@0 9
Chris@0 10 /**
Chris@0 11 * Check that variable_set() calls do not run check_plain() or other
Chris@0 12 * sanitization functions on the value.
Chris@0 13 *
Chris@0 14 * @category PHP
Chris@0 15 * @package PHP_CodeSniffer
Chris@0 16 * @link http://pear.php.net/package/PHP_CodeSniffer
Chris@0 17 */
Chris@0 18 class DrupalPractice_Sniffs_FunctionCalls_VariableSetSanitizeSniff extends Drupal_Sniffs_Semantics_FunctionCall
Chris@0 19 {
Chris@0 20
Chris@0 21
Chris@0 22 /**
Chris@0 23 * Returns an array of function names this test wants to listen for.
Chris@0 24 *
Chris@0 25 * @return array
Chris@0 26 */
Chris@0 27 public function registerFunctionNames()
Chris@0 28 {
Chris@0 29 return array('variable_set');
Chris@0 30
Chris@0 31 }//end registerFunctionNames()
Chris@0 32
Chris@0 33
Chris@0 34 /**
Chris@0 35 * Processes this function call.
Chris@0 36 *
Chris@0 37 * @param PHP_CodeSniffer_File $phpcsFile The file being scanned.
Chris@0 38 * @param int $stackPtr The position of the function call in
Chris@0 39 * the stack.
Chris@0 40 * @param int $openBracket The position of the opening
Chris@0 41 * parenthesis in the stack.
Chris@0 42 * @param int $closeBracket The position of the closing
Chris@0 43 * parenthesis in the stack.
Chris@0 44 *
Chris@0 45 * @return void
Chris@0 46 */
Chris@0 47 public function processFunctionCall(
Chris@0 48 PHP_CodeSniffer_File $phpcsFile,
Chris@0 49 $stackPtr,
Chris@0 50 $openBracket,
Chris@0 51 $closeBracket
Chris@0 52 ) {
Chris@0 53 $tokens = $phpcsFile->getTokens();
Chris@0 54
Chris@0 55 $argument = $this->getArgument(2);
Chris@0 56 if ($argument !== false && in_array(
Chris@0 57 $tokens[$argument['start']]['content'],
Chris@0 58 array(
Chris@0 59 'check_markup',
Chris@0 60 'check_plain',
Chris@0 61 'check_url',
Chris@0 62 'filter_xss',
Chris@0 63 'filter_xss_admin',
Chris@0 64 )
Chris@0 65 ) === true
Chris@0 66 ) {
Chris@0 67 $warning = 'Do not use the %s() sanitization function when writing values to the database, use it on output to HTML instead';
Chris@0 68 $data = array($tokens[$argument['start']]['content']);
Chris@0 69 $phpcsFile->addWarning($warning, $argument['start'], 'VariableSet', $data);
Chris@0 70 }
Chris@0 71
Chris@0 72 }//end processFunctionCall()
Chris@0 73
Chris@0 74
Chris@0 75 }//end class