Mercurial > hg > isophonics-drupal-site

annotate vendor/drupal/coder/coder_sniffer/DrupalPractice/Sniffs/FunctionCalls/DefaultValueSanitizeSniff.php @ 19:fa3358dc1485 tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add ndrum files
author Chris Cannam
date Wed, 28 Aug 2019 13:14:47 +0100
parents 129ea1e6d783
children
rev   line source
Chris@0 1 <?php
Chris@0 2 /**
Chris@17 3 * \DrupalPractice\Sniffs\FunctionCalls\DefaultValueSanitizeSniff
Chris@0 4 *
Chris@0 5 * @category PHP
Chris@0 6 * @package PHP_CodeSniffer
Chris@0 7 * @link http://pear.php.net/package/PHP_CodeSniffer
Chris@0 8 */
Chris@0 9
Chris@17 10 namespace DrupalPractice\Sniffs\FunctionCalls;
Chris@17 11
Chris@17 12 use PHP_CodeSniffer\Files\File;
Chris@17 13 use Drupal\Sniffs\Semantics\FunctionCall;
Chris@17 14 use PHP_CodeSniffer\Util\Tokens;
Chris@17 15
Chris@0 16 /**
Chris@0 17 * Check that sanitization functions such as check_plain() are not used on Form
Chris@0 18 * API #default_value elements.
Chris@0 19 *
Chris@0 20 * @category PHP
Chris@0 21 * @package PHP_CodeSniffer
Chris@0 22 * @link http://pear.php.net/package/PHP_CodeSniffer
Chris@0 23 */
Chris@17 24 class DefaultValueSanitizeSniff extends FunctionCall
Chris@0 25 {
Chris@0 26
Chris@0 27
Chris@0 28 /**
Chris@0 29 * Returns an array of function names this test wants to listen for.
Chris@0 30 *
Chris@0 31 * @return array
Chris@0 32 */
Chris@0 33 public function registerFunctionNames()
Chris@0 34 {
Chris@0 35 return array(
Chris@0 36 'check_markup',
Chris@0 37 'check_plain',
Chris@0 38 'check_url',
Chris@0 39 'filter_xss',
Chris@0 40 'filter_xss_admin',
Chris@0 41 );
Chris@0 42
Chris@0 43 }//end registerFunctionNames()
Chris@0 44
Chris@0 45
Chris@0 46 /**
Chris@0 47 * Processes this function call.
Chris@0 48 *
Chris@17 49 * @param \PHP_CodeSniffer\Files\File $phpcsFile The file being scanned.
Chris@17 50 * @param int $stackPtr The position of the function call in
Chris@17 51 * the stack.
Chris@17 52 * @param int $openBracket The position of the opening
Chris@17 53 * parenthesis in the stack.
Chris@17 54 * @param int $closeBracket The position of the closing
Chris@17 55 * parenthesis in the stack.
Chris@0 56 *
Chris@0 57 * @return void
Chris@0 58 */
Chris@0 59 public function processFunctionCall(
Chris@17 60 File $phpcsFile,
Chris@0 61 $stackPtr,
Chris@0 62 $openBracket,
Chris@0 63 $closeBracket
Chris@0 64 ) {
Chris@0 65 $tokens = $phpcsFile->getTokens();
Chris@0 66
Chris@0 67 // We assume that the sequence '#default_value' => check_plain(...) is
Chris@0 68 // wrong because the Form API already sanitizes #default_value.
Chris@17 69 $arrow = $phpcsFile->findPrevious(Tokens::$emptyTokens, ($stackPtr - 1), null, true);
Chris@0 70 if ($arrow === false || $tokens[$arrow]['code'] !== T_DOUBLE_ARROW) {
Chris@0 71 return;
Chris@0 72 }
Chris@0 73
Chris@17 74 $arrayKey = $phpcsFile->findPrevious(Tokens::$emptyTokens, ($arrow - 1), null, true);
Chris@0 75 if ($arrayKey === false
Chris@0 76 || $tokens[$arrayKey]['code'] !== T_CONSTANT_ENCAPSED_STRING
Chris@0 77 || substr($tokens[$arrayKey]['content'], 1, -1) !== '#default_value'
Chris@0 78 ) {
Chris@0 79 return;
Chris@0 80 }
Chris@0 81
Chris@0 82 $warning = 'Do not use the %s() sanitization function on Form API #default_value elements, they get escaped automatically';
Chris@0 83 $data = array($tokens[$stackPtr]['content']);
Chris@0 84 $phpcsFile->addWarning($warning, $stackPtr, 'DefaultValue', $data);
Chris@0 85
Chris@0 86 }//end processFunctionCall()
Chris@0 87
Chris@0 88
Chris@0 89 }//end class