class VariableSetSanitizeSniff
Check that variable_set() calls do not run check_plain() or other sanitization functions on the value.
@category PHP @package PHP_CodeSniffer @link http://pear.php.net/package/PHP_CodeSniffer
Hierarchy
- class \Drupal\Sniffs\Semantics\FunctionCall implements \PHP_CodeSniffer\Sniffs\Sniff
- class \DrupalPractice\Sniffs\FunctionCalls\VariableSetSanitizeSniff extends \Drupal\Sniffs\Semantics\FunctionCall
Expanded class hierarchy of VariableSetSanitizeSniff
File
-
vendor/
drupal/ coder/ coder_sniffer/ DrupalPractice/ Sniffs/ FunctionCalls/ VariableSetSanitizeSniff.php, line 23
Namespace
DrupalPractice\Sniffs\FunctionCallsView source
class VariableSetSanitizeSniff extends FunctionCall {
/**
* Returns an array of function names this test wants to listen for.
*
* @return array<string>
*/
public function registerFunctionNames() {
return [
'variable_set',
];
}
//end registerFunctionNames()
/**
* Processes this function call.
*
* @param \PHP_CodeSniffer\Files\File $phpcsFile The file being scanned.
* @param int $stackPtr The position of the function call in
* the stack.
* @param int $openBracket The position of the opening
* parenthesis in the stack.
* @param int $closeBracket The position of the closing
* parenthesis in the stack.
*
* @return void
*/
public function processFunctionCall(File $phpcsFile, $stackPtr, $openBracket, $closeBracket) {
$tokens = $phpcsFile->getTokens();
$argument = $this->getArgument(2);
if ($argument !== false && in_array($tokens[$argument['start']]['content'], [
'check_markup',
'check_plain',
'check_url',
'filter_xss',
'filter_xss_admin',
]) === true) {
$warning = 'Do not use the %s() sanitization function when writing values to the database, use it on output to HTML instead';
$data = [
$tokens[$argument['start']]['content'],
];
$phpcsFile->addWarning($warning, $argument['start'], 'VariableSet', $data);
}
}
//end processFunctionCall()
}Members
| Title Sort descending | Modifiers | Object type | Summary | Overriden Title | Overrides |
|---|---|---|---|---|---|
| FunctionCall::$arguments | protected | property | Internal cache to save the calculated arguments of the function call. | ||
| FunctionCall::$closeBracket | protected | property | The token position of the closing bracket of the function call. | ||
| FunctionCall::$functionCall | protected | property | The token position of the function call. | ||
| FunctionCall::$includeMethodCalls | protected | property | Whether method invocations with the same function name should be processed, too. |
1 | |
| FunctionCall::$openBracket | protected | property | The token position of the opening bracket of the function call. | ||
| FunctionCall::$phpcsFile | protected | property | The currently processed file. | ||
| FunctionCall::getArgument | public | function | Returns start and end token for a given argument number. | ||
| FunctionCall::isFunctionCall | protected | function | Checks if this is a function call. | ||
| FunctionCall::process | public | function | Processes this test, when one of its tokens is encountered. | Overrides Sniff::process | 2 |
| FunctionCall::register | public | function | Returns an array of tokens this test wants to listen for. | Overrides Sniff::register | |
| VariableSetSanitizeSniff::processFunctionCall | public | function | Processes this function call. | ||
| VariableSetSanitizeSniff::registerFunctionNames | public | function | Returns an array of function names this test wants to listen for. |