Chris@0: getTokens(); Chris@0: Chris@0: // We assume that the sequence '#default_value' => check_plain(...) is Chris@0: // wrong because the Form API already sanitizes #default_value. Chris@17: $arrow = $phpcsFile->findPrevious(Tokens::$emptyTokens, ($stackPtr - 1), null, true); Chris@0: if ($arrow === false || $tokens[$arrow]['code'] !== T_DOUBLE_ARROW) { Chris@0: return; Chris@0: } Chris@0: Chris@17: $arrayKey = $phpcsFile->findPrevious(Tokens::$emptyTokens, ($arrow - 1), null, true); Chris@0: if ($arrayKey === false Chris@0: || $tokens[$arrayKey]['code'] !== T_CONSTANT_ENCAPSED_STRING Chris@0: || substr($tokens[$arrayKey]['content'], 1, -1) !== '#default_value' Chris@0: ) { Chris@0: return; Chris@0: } Chris@0: Chris@0: $warning = 'Do not use the %s() sanitization function on Form API #default_value elements, they get escaped automatically'; Chris@0: $data = array($tokens[$stackPtr]['content']); Chris@0: $phpcsFile->addWarning($warning, $stackPtr, 'DefaultValue', $data); Chris@0: Chris@0: }//end processFunctionCall() Chris@0: Chris@0: Chris@0: }//end class