class DefaultValueSanitizeSniff in Coder 8.3
Same name and namespace in other branches
- 8.2 coder_sniffer/DrupalPractice/Sniffs/FunctionCalls/DefaultValueSanitizeSniff.php \DrupalPractice\Sniffs\FunctionCalls\DefaultValueSanitizeSniff
- 8.3.x coder_sniffer/DrupalPractice/Sniffs/FunctionCalls/DefaultValueSanitizeSniff.php \DrupalPractice\Sniffs\FunctionCalls\DefaultValueSanitizeSniff
Check that sanitization functions such as check_plain() are not used on Form API #default_value elements.
@category PHP @package PHP_CodeSniffer @link http://pear.php.net/package/PHP_CodeSniffer
Hierarchy
- class \Drupal\Sniffs\Semantics\FunctionCall implements \PHP_CodeSniffer\Sniffs\Sniff
- class \DrupalPractice\Sniffs\FunctionCalls\DefaultValueSanitizeSniff
Expanded class hierarchy of DefaultValueSanitizeSniff
File
- coder_sniffer/
DrupalPractice/ Sniffs/ FunctionCalls/ DefaultValueSanitizeSniff.php, line 24
Namespace
DrupalPractice\Sniffs\FunctionCallsView source
class DefaultValueSanitizeSniff extends FunctionCall {
/**
* Returns an array of function names this test wants to listen for.
*
* @return array<string>
*/
public function registerFunctionNames() {
return [
'check_markup',
'check_plain',
'check_url',
'filter_xss',
'filter_xss_admin',
];
}
//end registerFunctionNames()
/**
* Processes this function call.
*
* @param \PHP_CodeSniffer\Files\File $phpcsFile The file being scanned.
* @param int $stackPtr The position of the function call in
* the stack.
* @param int $openBracket The position of the opening
* parenthesis in the stack.
* @param int $closeBracket The position of the closing
* parenthesis in the stack.
*
* @return void
*/
public function processFunctionCall(File $phpcsFile, $stackPtr, $openBracket, $closeBracket) {
$tokens = $phpcsFile
->getTokens();
// We assume that the sequence '#default_value' => check_plain(...) is
// wrong because the Form API already sanitizes #default_value.
$arrow = $phpcsFile
->findPrevious(Tokens::$emptyTokens, $stackPtr - 1, null, true);
if ($arrow === false || $tokens[$arrow]['code'] !== T_DOUBLE_ARROW) {
return;
}
$arrayKey = $phpcsFile
->findPrevious(Tokens::$emptyTokens, $arrow - 1, null, true);
if ($arrayKey === false || $tokens[$arrayKey]['code'] !== T_CONSTANT_ENCAPSED_STRING || substr($tokens[$arrayKey]['content'], 1, -1) !== '#default_value') {
return;
}
$warning = 'Do not use the %s() sanitization function on Form API #default_value elements, they get escaped automatically';
$data = [
$tokens[$stackPtr]['content'],
];
$phpcsFile
->addWarning($warning, $stackPtr, 'DefaultValue', $data);
}
}
Members
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
DefaultValueSanitizeSniff:: |
public | function | Processes this function call. | |
DefaultValueSanitizeSniff:: |
public | function | Returns an array of function names this test wants to listen for. | |
FunctionCall:: |
protected | property | Internal cache to save the calculated arguments of the function call. | |
FunctionCall:: |
protected | property | The token position of the closing bracket of the function call. | |
FunctionCall:: |
protected | property | The token position of the function call. | |
FunctionCall:: |
protected | property | Whether method invocations with the same function name should be processed, too. | 1 |
FunctionCall:: |
protected | property | The token position of the opening bracket of the function call. | |
FunctionCall:: |
protected | property | The currently processed file. | |
FunctionCall:: |
public | function | Returns start and end token for a given argument number. | |
FunctionCall:: |
protected | function | Checks if this is a function call. | |
FunctionCall:: |
public | function | Processes this test, when one of its tokens is encountered. | 2 |
FunctionCall:: |
public | function | Returns an array of tokens this test wants to listen for. |