Chris@0: <?php
Chris@0: /**
Chris@17:  * \DrupalPractice\Sniffs\FunctionCalls\DefaultValueSanitizeSniff
Chris@0:  *
Chris@0:  * @category PHP
Chris@0:  * @package  PHP_CodeSniffer
Chris@0:  * @link     http://pear.php.net/package/PHP_CodeSniffer
Chris@0:  */
Chris@0: 
Chris@17: namespace DrupalPractice\Sniffs\FunctionCalls;
Chris@17: 
Chris@17: use PHP_CodeSniffer\Files\File;
Chris@17: use Drupal\Sniffs\Semantics\FunctionCall;
Chris@17: use PHP_CodeSniffer\Util\Tokens;
Chris@17: 
Chris@0: /**
Chris@0:  * Check that sanitization functions such as check_plain() are not used on Form
Chris@0:  * API #default_value elements.
Chris@0:  *
Chris@0:  * @category PHP
Chris@0:  * @package  PHP_CodeSniffer
Chris@0:  * @link     http://pear.php.net/package/PHP_CodeSniffer
Chris@0:  */
Chris@17: class DefaultValueSanitizeSniff extends FunctionCall
Chris@0: {
Chris@0: 
Chris@0: 
Chris@0:     /**
Chris@0:      * Returns an array of function names this test wants to listen for.
Chris@0:      *
Chris@0:      * @return array
Chris@0:      */
Chris@0:     public function registerFunctionNames()
Chris@0:     {
Chris@0:         return array(
Chris@0:                 'check_markup',
Chris@0:                 'check_plain',
Chris@0:                 'check_url',
Chris@0:                 'filter_xss',
Chris@0:                 'filter_xss_admin',
Chris@0:                );
Chris@0: 
Chris@0:     }//end registerFunctionNames()
Chris@0: 
Chris@0: 
Chris@0:     /**
Chris@0:      * Processes this function call.
Chris@0:      *
Chris@17:      * @param \PHP_CodeSniffer\Files\File $phpcsFile    The file being scanned.
Chris@17:      * @param int                         $stackPtr     The position of the function call in
Chris@17:      *                                                  the stack.
Chris@17:      * @param int                         $openBracket  The position of the opening
Chris@17:      *                                                  parenthesis in the stack.
Chris@17:      * @param int                         $closeBracket The position of the closing
Chris@17:      *                                                  parenthesis in the stack.
Chris@0:      *
Chris@0:      * @return void
Chris@0:      */
Chris@0:     public function processFunctionCall(
Chris@17:         File $phpcsFile,
Chris@0:         $stackPtr,
Chris@0:         $openBracket,
Chris@0:         $closeBracket
Chris@0:     ) {
Chris@0:         $tokens = $phpcsFile->getTokens();
Chris@0: 
Chris@0:         // We assume that the sequence '#default_value' => check_plain(...) is
Chris@0:         // wrong because the Form API already sanitizes #default_value.
Chris@17:         $arrow = $phpcsFile->findPrevious(Tokens::$emptyTokens, ($stackPtr - 1), null, true);
Chris@0:         if ($arrow === false || $tokens[$arrow]['code'] !== T_DOUBLE_ARROW) {
Chris@0:             return;
Chris@0:         }
Chris@0: 
Chris@17:         $arrayKey = $phpcsFile->findPrevious(Tokens::$emptyTokens, ($arrow - 1), null, true);
Chris@0:         if ($arrayKey === false
Chris@0:             || $tokens[$arrayKey]['code'] !== T_CONSTANT_ENCAPSED_STRING
Chris@0:             || substr($tokens[$arrayKey]['content'], 1, -1) !== '#default_value'
Chris@0:         ) {
Chris@0:             return;
Chris@0:         }
Chris@0: 
Chris@0:         $warning = 'Do not use the %s() sanitization function on Form API #default_value elements, they get escaped automatically';
Chris@0:         $data    = array($tokens[$stackPtr]['content']);
Chris@0:         $phpcsFile->addWarning($warning, $stackPtr, 'DefaultValue', $data);
Chris@0: 
Chris@0:     }//end processFunctionCall()
Chris@0: 
Chris@0: 
Chris@0: }//end class