Chris@0: <?php
Chris@0: /**
Chris@17:  * \DrupalPractice\Sniffs\FunctionCalls\VariableSetSanitizeSniff
Chris@0:  *
Chris@0:  * @category PHP
Chris@0:  * @package  PHP_CodeSniffer
Chris@0:  * @link     http://pear.php.net/package/PHP_CodeSniffer
Chris@0:  */
Chris@0: 
Chris@17: namespace DrupalPractice\Sniffs\FunctionCalls;
Chris@17: 
Chris@17: use PHP_CodeSniffer\Files\File;
Chris@17: use Drupal\Sniffs\Semantics\FunctionCall;
Chris@17: 
Chris@0: /**
Chris@0:  * Check that variable_set() calls do not run check_plain() or other
Chris@0:  * sanitization functions on the value.
Chris@0:  *
Chris@0:  * @category PHP
Chris@0:  * @package  PHP_CodeSniffer
Chris@0:  * @link     http://pear.php.net/package/PHP_CodeSniffer
Chris@0:  */
Chris@17: class VariableSetSanitizeSniff extends FunctionCall
Chris@0: {
Chris@0: 
Chris@0: 
Chris@0:     /**
Chris@0:      * Returns an array of function names this test wants to listen for.
Chris@0:      *
Chris@0:      * @return array
Chris@0:      */
Chris@0:     public function registerFunctionNames()
Chris@0:     {
Chris@0:         return array('variable_set');
Chris@0: 
Chris@0:     }//end registerFunctionNames()
Chris@0: 
Chris@0: 
Chris@0:     /**
Chris@0:      * Processes this function call.
Chris@0:      *
Chris@17:      * @param \PHP_CodeSniffer\Files\File $phpcsFile    The file being scanned.
Chris@17:      * @param int                         $stackPtr     The position of the function call in
Chris@17:      *                                                  the stack.
Chris@17:      * @param int                         $openBracket  The position of the opening
Chris@17:      *                                                  parenthesis in the stack.
Chris@17:      * @param int                         $closeBracket The position of the closing
Chris@17:      *                                                  parenthesis in the stack.
Chris@0:      *
Chris@0:      * @return void
Chris@0:      */
Chris@0:     public function processFunctionCall(
Chris@17:         File $phpcsFile,
Chris@0:         $stackPtr,
Chris@0:         $openBracket,
Chris@0:         $closeBracket
Chris@0:     ) {
Chris@0:         $tokens = $phpcsFile->getTokens();
Chris@0: 
Chris@0:         $argument = $this->getArgument(2);
Chris@0:         if ($argument !== false && in_array(
Chris@0:             $tokens[$argument['start']]['content'],
Chris@0:             array(
Chris@0:              'check_markup',
Chris@0:              'check_plain',
Chris@0:              'check_url',
Chris@0:              'filter_xss',
Chris@0:              'filter_xss_admin',
Chris@0:             )
Chris@0:         ) === true
Chris@0:         ) {
Chris@0:             $warning = 'Do not use the %s() sanitization function when writing values to the database, use it on output to HTML instead';
Chris@0:             $data    = array($tokens[$argument['start']]['content']);
Chris@0:             $phpcsFile->addWarning($warning, $argument['start'], 'VariableSet', $data);
Chris@0:         }
Chris@0: 
Chris@0:     }//end processFunctionCall()
Chris@0: 
Chris@0: 
Chris@0: }//end class