Mercurial > hg > isophonics-drupal-site

annotate vendor/drupal/coder/coder_sniffer/DrupalPractice/Sniffs/FunctionCalls/DefaultValueSanitizeSniff.php @ 12:7a779792577d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update Drupal core to v8.4.5 (via Composer)
author Chris Cannam
date Fri, 23 Feb 2018 15:52:07 +0000
parents 4c8ae668cc8c
children 129ea1e6d783
rev   line source
Chris@0 1 <?php
Chris@0 2 /**
Chris@0 3 * DrupalPractice_Sniffs_FunctionCalls_DefaultValueSanitizeSniff
Chris@0 4 *
Chris@0 5 * @category PHP
Chris@0 6 * @package PHP_CodeSniffer
Chris@0 7 * @link http://pear.php.net/package/PHP_CodeSniffer
Chris@0 8 */
Chris@0 9
Chris@0 10 /**
Chris@0 11 * Check that sanitization functions such as check_plain() are not used on Form
Chris@0 12 * API #default_value elements.
Chris@0 13 *
Chris@0 14 * @category PHP
Chris@0 15 * @package PHP_CodeSniffer
Chris@0 16 * @link http://pear.php.net/package/PHP_CodeSniffer
Chris@0 17 */
Chris@0 18 class DrupalPractice_Sniffs_FunctionCalls_DefaultValueSanitizeSniff extends Drupal_Sniffs_Semantics_FunctionCall
Chris@0 19 {
Chris@0 20
Chris@0 21
Chris@0 22 /**
Chris@0 23 * Returns an array of function names this test wants to listen for.
Chris@0 24 *
Chris@0 25 * @return array
Chris@0 26 */
Chris@0 27 public function registerFunctionNames()
Chris@0 28 {
Chris@0 29 return array(
Chris@0 30 'check_markup',
Chris@0 31 'check_plain',
Chris@0 32 'check_url',
Chris@0 33 'filter_xss',
Chris@0 34 'filter_xss_admin',
Chris@0 35 );
Chris@0 36
Chris@0 37 }//end registerFunctionNames()
Chris@0 38
Chris@0 39
Chris@0 40 /**
Chris@0 41 * Processes this function call.
Chris@0 42 *
Chris@0 43 * @param PHP_CodeSniffer_File $phpcsFile The file being scanned.
Chris@0 44 * @param int $stackPtr The position of the function call in
Chris@0 45 * the stack.
Chris@0 46 * @param int $openBracket The position of the opening
Chris@0 47 * parenthesis in the stack.
Chris@0 48 * @param int $closeBracket The position of the closing
Chris@0 49 * parenthesis in the stack.
Chris@0 50 *
Chris@0 51 * @return void
Chris@0 52 */
Chris@0 53 public function processFunctionCall(
Chris@0 54 PHP_CodeSniffer_File $phpcsFile,
Chris@0 55 $stackPtr,
Chris@0 56 $openBracket,
Chris@0 57 $closeBracket
Chris@0 58 ) {
Chris@0 59 $tokens = $phpcsFile->getTokens();
Chris@0 60
Chris@0 61 // We assume that the sequence '#default_value' => check_plain(...) is
Chris@0 62 // wrong because the Form API already sanitizes #default_value.
Chris@0 63 $arrow = $phpcsFile->findPrevious(PHP_CodeSniffer_Tokens::$emptyTokens, ($stackPtr - 1), null, true);
Chris@0 64 if ($arrow === false || $tokens[$arrow]['code'] !== T_DOUBLE_ARROW) {
Chris@0 65 return;
Chris@0 66 }
Chris@0 67
Chris@0 68 $arrayKey = $phpcsFile->findPrevious(PHP_CodeSniffer_Tokens::$emptyTokens, ($arrow - 1), null, true);
Chris@0 69 if ($arrayKey === false
Chris@0 70 || $tokens[$arrayKey]['code'] !== T_CONSTANT_ENCAPSED_STRING
Chris@0 71 || substr($tokens[$arrayKey]['content'], 1, -1) !== '#default_value'
Chris@0 72 ) {
Chris@0 73 return;
Chris@0 74 }
Chris@0 75
Chris@0 76 $warning = 'Do not use the %s() sanitization function on Form API #default_value elements, they get escaped automatically';
Chris@0 77 $data = array($tokens[$stackPtr]['content']);
Chris@0 78 $phpcsFile->addWarning($warning, $stackPtr, 'DefaultValue', $data);
Chris@0 79
Chris@0 80 }//end processFunctionCall()
Chris@0 81
Chris@0 82
Chris@0 83 }//end class