Chris@0
|
1 <?php
|
Chris@0
|
2 /**
|
Chris@17
|
3 * \DrupalPractice\Sniffs\FunctionCalls\VariableSetSanitizeSniff
|
Chris@0
|
4 *
|
Chris@0
|
5 * @category PHP
|
Chris@0
|
6 * @package PHP_CodeSniffer
|
Chris@0
|
7 * @link http://pear.php.net/package/PHP_CodeSniffer
|
Chris@0
|
8 */
|
Chris@0
|
9
|
Chris@17
|
10 namespace DrupalPractice\Sniffs\FunctionCalls;
|
Chris@17
|
11
|
Chris@17
|
12 use PHP_CodeSniffer\Files\File;
|
Chris@17
|
13 use Drupal\Sniffs\Semantics\FunctionCall;
|
Chris@17
|
14
|
Chris@0
|
15 /**
|
Chris@0
|
16 * Check that variable_set() calls do not run check_plain() or other
|
Chris@0
|
17 * sanitization functions on the value.
|
Chris@0
|
18 *
|
Chris@0
|
19 * @category PHP
|
Chris@0
|
20 * @package PHP_CodeSniffer
|
Chris@0
|
21 * @link http://pear.php.net/package/PHP_CodeSniffer
|
Chris@0
|
22 */
|
Chris@17
|
23 class VariableSetSanitizeSniff extends FunctionCall
|
Chris@0
|
24 {
|
Chris@0
|
25
|
Chris@0
|
26
|
Chris@0
|
27 /**
|
Chris@0
|
28 * Returns an array of function names this test wants to listen for.
|
Chris@0
|
29 *
|
Chris@0
|
30 * @return array
|
Chris@0
|
31 */
|
Chris@0
|
32 public function registerFunctionNames()
|
Chris@0
|
33 {
|
Chris@0
|
34 return array('variable_set');
|
Chris@0
|
35
|
Chris@0
|
36 }//end registerFunctionNames()
|
Chris@0
|
37
|
Chris@0
|
38
|
Chris@0
|
39 /**
|
Chris@0
|
40 * Processes this function call.
|
Chris@0
|
41 *
|
Chris@17
|
42 * @param \PHP_CodeSniffer\Files\File $phpcsFile The file being scanned.
|
Chris@17
|
43 * @param int $stackPtr The position of the function call in
|
Chris@17
|
44 * the stack.
|
Chris@17
|
45 * @param int $openBracket The position of the opening
|
Chris@17
|
46 * parenthesis in the stack.
|
Chris@17
|
47 * @param int $closeBracket The position of the closing
|
Chris@17
|
48 * parenthesis in the stack.
|
Chris@0
|
49 *
|
Chris@0
|
50 * @return void
|
Chris@0
|
51 */
|
Chris@0
|
52 public function processFunctionCall(
|
Chris@17
|
53 File $phpcsFile,
|
Chris@0
|
54 $stackPtr,
|
Chris@0
|
55 $openBracket,
|
Chris@0
|
56 $closeBracket
|
Chris@0
|
57 ) {
|
Chris@0
|
58 $tokens = $phpcsFile->getTokens();
|
Chris@0
|
59
|
Chris@0
|
60 $argument = $this->getArgument(2);
|
Chris@0
|
61 if ($argument !== false && in_array(
|
Chris@0
|
62 $tokens[$argument['start']]['content'],
|
Chris@0
|
63 array(
|
Chris@0
|
64 'check_markup',
|
Chris@0
|
65 'check_plain',
|
Chris@0
|
66 'check_url',
|
Chris@0
|
67 'filter_xss',
|
Chris@0
|
68 'filter_xss_admin',
|
Chris@0
|
69 )
|
Chris@0
|
70 ) === true
|
Chris@0
|
71 ) {
|
Chris@0
|
72 $warning = 'Do not use the %s() sanitization function when writing values to the database, use it on output to HTML instead';
|
Chris@0
|
73 $data = array($tokens[$argument['start']]['content']);
|
Chris@0
|
74 $phpcsFile->addWarning($warning, $argument['start'], 'VariableSet', $data);
|
Chris@0
|
75 }
|
Chris@0
|
76
|
Chris@0
|
77 }//end processFunctionCall()
|
Chris@0
|
78
|
Chris@0
|
79
|
Chris@0
|
80 }//end class
|