view vendor/drupal/coder/coder_sniffer/DrupalPractice/Sniffs/FunctionCalls/VariableSetSanitizeSniff.php @ 0:4c8ae668cc8c

Initial import (non-working)
author Chris Cannam
date Wed, 29 Nov 2017 16:09:58 +0000
parents
children 129ea1e6d783
line wrap: on
line source
<?php
/**
 * DrupalPractice_Sniffs_FunctionCalls_VariableSetSanitizeSniff
 *
 * @category PHP
 * @package  PHP_CodeSniffer
 * @link     http://pear.php.net/package/PHP_CodeSniffer
 */

/**
 * Check that variable_set() calls do not run check_plain() or other
 * sanitization functions on the value.
 *
 * @category PHP
 * @package  PHP_CodeSniffer
 * @link     http://pear.php.net/package/PHP_CodeSniffer
 */
class DrupalPractice_Sniffs_FunctionCalls_VariableSetSanitizeSniff extends Drupal_Sniffs_Semantics_FunctionCall
{


    /**
     * Returns an array of function names this test wants to listen for.
     *
     * @return array
     */
    public function registerFunctionNames()
    {
        return array('variable_set');

    }//end registerFunctionNames()


    /**
     * Processes this function call.
     *
     * @param PHP_CodeSniffer_File $phpcsFile    The file being scanned.
     * @param int                  $stackPtr     The position of the function call in
     *                                           the stack.
     * @param int                  $openBracket  The position of the opening
     *                                           parenthesis in the stack.
     * @param int                  $closeBracket The position of the closing
     *                                           parenthesis in the stack.
     *
     * @return void
     */
    public function processFunctionCall(
        PHP_CodeSniffer_File $phpcsFile,
        $stackPtr,
        $openBracket,
        $closeBracket
    ) {
        $tokens = $phpcsFile->getTokens();

        $argument = $this->getArgument(2);
        if ($argument !== false && in_array(
            $tokens[$argument['start']]['content'],
            array(
             'check_markup',
             'check_plain',
             'check_url',
             'filter_xss',
             'filter_xss_admin',
            )
        ) === true
        ) {
            $warning = 'Do not use the %s() sanitization function when writing values to the database, use it on output to HTML instead';
            $data    = array($tokens[$argument['start']]['content']);
            $phpcsFile->addWarning($warning, $argument['start'], 'VariableSet', $data);
        }

    }//end processFunctionCall()


}//end class