annotate vendor/drupal/coder/coder_sniffer/DrupalPractice/Sniffs/FunctionCalls/VariableSetSanitizeSniff.php @ 19:fa3358dc1485 tip

Add ndrum files
author Chris Cannam
date Wed, 28 Aug 2019 13:14:47 +0100
parents 129ea1e6d783
children
rev   line source
Chris@0 1 <?php
Chris@0 2 /**
Chris@17 3 * \DrupalPractice\Sniffs\FunctionCalls\VariableSetSanitizeSniff
Chris@0 4 *
Chris@0 5 * @category PHP
Chris@0 6 * @package PHP_CodeSniffer
Chris@0 7 * @link http://pear.php.net/package/PHP_CodeSniffer
Chris@0 8 */
Chris@0 9
Chris@17 10 namespace DrupalPractice\Sniffs\FunctionCalls;
Chris@17 11
Chris@17 12 use PHP_CodeSniffer\Files\File;
Chris@17 13 use Drupal\Sniffs\Semantics\FunctionCall;
Chris@17 14
Chris@0 15 /**
Chris@0 16 * Check that variable_set() calls do not run check_plain() or other
Chris@0 17 * sanitization functions on the value.
Chris@0 18 *
Chris@0 19 * @category PHP
Chris@0 20 * @package PHP_CodeSniffer
Chris@0 21 * @link http://pear.php.net/package/PHP_CodeSniffer
Chris@0 22 */
Chris@17 23 class VariableSetSanitizeSniff extends FunctionCall
Chris@0 24 {
Chris@0 25
Chris@0 26
Chris@0 27 /**
Chris@0 28 * Returns an array of function names this test wants to listen for.
Chris@0 29 *
Chris@0 30 * @return array
Chris@0 31 */
Chris@0 32 public function registerFunctionNames()
Chris@0 33 {
Chris@0 34 return array('variable_set');
Chris@0 35
Chris@0 36 }//end registerFunctionNames()
Chris@0 37
Chris@0 38
Chris@0 39 /**
Chris@0 40 * Processes this function call.
Chris@0 41 *
Chris@17 42 * @param \PHP_CodeSniffer\Files\File $phpcsFile The file being scanned.
Chris@17 43 * @param int $stackPtr The position of the function call in
Chris@17 44 * the stack.
Chris@17 45 * @param int $openBracket The position of the opening
Chris@17 46 * parenthesis in the stack.
Chris@17 47 * @param int $closeBracket The position of the closing
Chris@17 48 * parenthesis in the stack.
Chris@0 49 *
Chris@0 50 * @return void
Chris@0 51 */
Chris@0 52 public function processFunctionCall(
Chris@17 53 File $phpcsFile,
Chris@0 54 $stackPtr,
Chris@0 55 $openBracket,
Chris@0 56 $closeBracket
Chris@0 57 ) {
Chris@0 58 $tokens = $phpcsFile->getTokens();
Chris@0 59
Chris@0 60 $argument = $this->getArgument(2);
Chris@0 61 if ($argument !== false && in_array(
Chris@0 62 $tokens[$argument['start']]['content'],
Chris@0 63 array(
Chris@0 64 'check_markup',
Chris@0 65 'check_plain',
Chris@0 66 'check_url',
Chris@0 67 'filter_xss',
Chris@0 68 'filter_xss_admin',
Chris@0 69 )
Chris@0 70 ) === true
Chris@0 71 ) {
Chris@0 72 $warning = 'Do not use the %s() sanitization function when writing values to the database, use it on output to HTML instead';
Chris@0 73 $data = array($tokens[$argument['start']]['content']);
Chris@0 74 $phpcsFile->addWarning($warning, $argument['start'], 'VariableSet', $data);
Chris@0 75 }
Chris@0 76
Chris@0 77 }//end processFunctionCall()
Chris@0 78
Chris@0 79
Chris@0 80 }//end class