function InsecureUnserializeSniff::processFunctionCall
Processes this function call.
Parameters
\PHP_CodeSniffer\Files\File $phpcsFile The file being scanned.:
int $stackPtr The position of the function call in: the stack.
int $openBracket The position of the opening: parenthesis in the stack.
int $closeBracket The position of the closing: parenthesis in the stack.
Return value
void
File
-
vendor/
drupal/ coder/ coder_sniffer/ DrupalPractice/ Sniffs/ FunctionCalls/ InsecureUnserializeSniff.php, line 51
Class
- InsecureUnserializeSniff
- Check that unserialize() limits classes that may be unserialized.
Namespace
DrupalPractice\Sniffs\FunctionCallsCode
public function processFunctionCall(File $phpcsFile, $stackPtr, $openBracket, $closeBracket) {
$tokens = $phpcsFile->getTokens();
$argument = $this->getArgument(2);
if ($argument === false) {
$this->fail($phpcsFile, $closeBracket);
return;
}
$allowedClassesKeyStart = $phpcsFile->findNext(T_CONSTANT_ENCAPSED_STRING, $argument['start'], $argument['end'], false, '\'allowed_classes\'');
if ($allowedClassesKeyStart === false) {
$allowedClassesKeyStart = $phpcsFile->findNext(T_CONSTANT_ENCAPSED_STRING, $argument['start'], $argument['end'], false, '"allowed_classes"');
}
if ($allowedClassesKeyStart === false) {
$this->fail($phpcsFile, $argument['end']);
return;
}
$allowedClassesArrow = $phpcsFile->findNext(T_DOUBLE_ARROW, $allowedClassesKeyStart, $argument['end'], false);
if ($allowedClassesArrow === false) {
$this->fail($phpcsFile, $argument['end']);
return;
}
$allowedClassesValue = $phpcsFile->findNext(T_WHITESPACE, $allowedClassesArrow + 1, $argument['end'], true);
if ($tokens[$allowedClassesValue]['code'] === T_TRUE) {
$this->fail($phpcsFile, $allowedClassesValue);
}
}