function DefaultValueSanitizeSniff::processFunctionCall
Processes this function call.
Parameters
\PHP_CodeSniffer\Files\File $phpcsFile The file being scanned.:
int $stackPtr The position of the function call in: the stack.
int $openBracket The position of the opening: parenthesis in the stack.
int $closeBracket The position of the closing: parenthesis in the stack.
Return value
void
File
-
vendor/
drupal/ coder/ coder_sniffer/ DrupalPractice/ Sniffs/ FunctionCalls/ DefaultValueSanitizeSniff.php, line 59
Class
- DefaultValueSanitizeSniff
- Check that sanitization functions such as check_plain() are not used on Form API #default_value elements.
Namespace
DrupalPractice\Sniffs\FunctionCallsCode
public function processFunctionCall(File $phpcsFile, $stackPtr, $openBracket, $closeBracket) {
$tokens = $phpcsFile->getTokens();
// We assume that the sequence '#default_value' => check_plain(...) is
// wrong because the Form API already sanitizes #default_value.
$arrow = $phpcsFile->findPrevious(Tokens::$emptyTokens, $stackPtr - 1, null, true);
if ($arrow === false || $tokens[$arrow]['code'] !== T_DOUBLE_ARROW) {
return;
}
$arrayKey = $phpcsFile->findPrevious(Tokens::$emptyTokens, $arrow - 1, null, true);
if ($arrayKey === false || $tokens[$arrayKey]['code'] !== T_CONSTANT_ENCAPSED_STRING || substr($tokens[$arrayKey]['content'], 1, -1) !== '#default_value') {
return;
}
$warning = 'Do not use the %s() sanitization function on Form API #default_value elements, they get escaped automatically';
$data = [
$tokens[$stackPtr]['content'],
];
$phpcsFile->addWarning($warning, $stackPtr, 'DefaultValue', $data);
}