class DefaultValueSanitizeSniff

Check that sanitization functions such as check_plain() are not used on Form API #default_value elements.

@category PHP @package PHP_CodeSniffer @link http://pear.php.net/package/PHP_CodeSniffer

Hierarchy

Expanded class hierarchy of DefaultValueSanitizeSniff

File

vendor/drupal/coder/coder_sniffer/DrupalPractice/Sniffs/FunctionCalls/DefaultValueSanitizeSniff.php, line 24

Namespace

DrupalPractice\Sniffs\FunctionCalls
View source 
class DefaultValueSanitizeSniff extends FunctionCall {
    
    /**
     * Returns an array of function names this test wants to listen for.
     *
     * @return array<string>
     */
    public function registerFunctionNames() {
        return [
            'check_markup',
            'check_plain',
            'check_url',
            'filter_xss',
            'filter_xss_admin',
        ];
    }
    
    //end registerFunctionNames()
    
    /**
     * Processes this function call.
     *
     * @param \PHP_CodeSniffer\Files\File $phpcsFile    The file being scanned.
     * @param int                         $stackPtr     The position of the function call in
     *                                                  the stack.
     * @param int                         $openBracket  The position of the opening
     *                                                  parenthesis in the stack.
     * @param int                         $closeBracket The position of the closing
     *                                                  parenthesis in the stack.
     *
     * @return void
     */
    public function processFunctionCall(File $phpcsFile, $stackPtr, $openBracket, $closeBracket) {
        $tokens = $phpcsFile->getTokens();
        // We assume that the sequence '#default_value' => check_plain(...) is
        // wrong because the Form API already sanitizes #default_value.
        $arrow = $phpcsFile->findPrevious(Tokens::$emptyTokens, $stackPtr - 1, null, true);
        if ($arrow === false || $tokens[$arrow]['code'] !== T_DOUBLE_ARROW) {
            return;
        }
        $arrayKey = $phpcsFile->findPrevious(Tokens::$emptyTokens, $arrow - 1, null, true);
        if ($arrayKey === false || $tokens[$arrayKey]['code'] !== T_CONSTANT_ENCAPSED_STRING || substr($tokens[$arrayKey]['content'], 1, -1) !== '#default_value') {
            return;
        }
        $warning = 'Do not use the %s() sanitization function on Form API #default_value elements, they get escaped automatically';
        $data = [
            $tokens[$stackPtr]['content'],
        ];
        $phpcsFile->addWarning($warning, $stackPtr, 'DefaultValue', $data);
    }
    
    //end processFunctionCall()

}

Members

Title Modifiers Object type Summary Overriden Title Overrides
DefaultValueSanitizeSniff::processFunctionCall public function Processes this function call.
DefaultValueSanitizeSniff::registerFunctionNames public function Returns an array of function names this test wants to listen for.
FunctionCall::$arguments protected property Internal cache to save the calculated arguments of the function call.
FunctionCall::$closeBracket protected property The token position of the closing bracket of the function call.
FunctionCall::$functionCall protected property The token position of the function call.
FunctionCall::$includeMethodCalls protected property Whether method invocations with the same function name should be processed,
too. 		1
FunctionCall::$openBracket protected property The token position of the opening bracket of the function call.
FunctionCall::$phpcsFile protected property The currently processed file.
FunctionCall::getArgument public function Returns start and end token for a given argument number.
FunctionCall::isFunctionCall protected function Checks if this is a function call.
FunctionCall::process public function Processes this test, when one of its tokens is encountered. Overrides Sniff::process 2
FunctionCall::register public function Returns an array of tokens this test wants to listen for. Overrides Sniff::register