function VariableSetSanitizeSniff::processFunctionCall
Processes this function call.
Parameters
\PHP_CodeSniffer\Files\File $phpcsFile The file being scanned.:
int $stackPtr The position of the function call in: the stack.
int $openBracket The position of the opening: parenthesis in the stack.
int $closeBracket The position of the closing: parenthesis in the stack.
Return value
void
File
-
vendor/
drupal/ coder/ coder_sniffer/ DrupalPractice/ Sniffs/ FunctionCalls/ VariableSetSanitizeSniff.php, line 52
Class
- VariableSetSanitizeSniff
- Check that variable_set() calls do not run check_plain() or other sanitization functions on the value.
Namespace
DrupalPractice\Sniffs\FunctionCallsCode
public function processFunctionCall(File $phpcsFile, $stackPtr, $openBracket, $closeBracket) {
$tokens = $phpcsFile->getTokens();
$argument = $this->getArgument(2);
if ($argument !== false && in_array($tokens[$argument['start']]['content'], [
'check_markup',
'check_plain',
'check_url',
'filter_xss',
'filter_xss_admin',
]) === true) {
$warning = 'Do not use the %s() sanitization function when writing values to the database, use it on output to HTML instead';
$data = [
$tokens[$argument['start']]['content'],
];
$phpcsFile->addWarning($warning, $argument['start'], 'VariableSet', $data);
}
}