Chris@0: getTokens(); Chris@0: $argument = $this->getArgument(1); Chris@0: Chris@0: if ($argument === false) { Chris@0: return; Chris@0: } Chris@0: Chris@0: if ($tokens[$argument['start']]['code'] !== T_CONSTANT_ENCAPSED_STRING) { Chris@0: // Not a string literal. Chris@0: // @TODO: Extend code to recognize patterns in variables. Chris@0: return; Chris@0: } Chris@0: Chris@0: $pattern = $tokens[$argument['start']]['content']; Chris@0: $quote = substr($pattern, 0, 1); Chris@0: // Check that the pattern is a string. Chris@0: if ($quote === '"' || $quote === "'") { Chris@0: // Get the delimiter - first char after the enclosing quotes. Chris@0: $delimiter = preg_quote(substr($pattern, 1, 1), '/'); Chris@0: // Check if there is the evil e flag. Chris@0: if (preg_match('/'.$delimiter.'[\w]{0,}e[\w]{0,}$/', substr($pattern, 0, -1)) === 1) { Chris@0: $warn = 'Using the e flag in %s is a possible security risk. For details see https://www.drupal.org/node/750148'; Chris@0: $phpcsFile->addError( Chris@0: $warn, Chris@0: $argument['start'], Chris@0: 'PregEFlag', Chris@0: array($tokens[$stackPtr]['content']) Chris@0: ); Chris@0: return; Chris@0: } Chris@0: } Chris@0: Chris@0: }//end processFunctionCall() Chris@0: Chris@0: Chris@0: }//end class