You are here

Home » API reference » Coder 8.2

VariableSetSanitizeSniff.php in Coder 8.2

Same filename and directory in other branches
  1. 8.3 coder_sniffer/DrupalPractice/Sniffs/FunctionCalls/VariableSetSanitizeSniff.php
  2. 8.3.x coder_sniffer/DrupalPractice/Sniffs/FunctionCalls/VariableSetSanitizeSniff.php

Namespace

DrupalPractice\Sniffs\FunctionCalls

File

coder_sniffer/DrupalPractice/Sniffs/FunctionCalls/VariableSetSanitizeSniff.php
View source 
<?php

/**
 * \DrupalPractice\Sniffs\FunctionCalls\VariableSetSanitizeSniff
 *
 * @category PHP
 * @package  PHP_CodeSniffer
 * @link     http://pear.php.net/package/PHP_CodeSniffer
 */
namespace DrupalPractice\Sniffs\FunctionCalls;

use PHP_CodeSniffer\Files\File;
use Drupal\Sniffs\Semantics\FunctionCall;

/**
 * Check that variable_set() calls do not run check_plain() or other
 * sanitization functions on the value.
 *
 * @category PHP
 * @package  PHP_CodeSniffer
 * @link     http://pear.php.net/package/PHP_CodeSniffer
 */
class VariableSetSanitizeSniff extends FunctionCall {

  /**
   * Returns an array of function names this test wants to listen for.
   *
   * @return array
   */
  public function registerFunctionNames() {
    return array(
      'variable_set',
    );
  }

  //end registerFunctionNames()

  /**
   * Processes this function call.
   *
   * @param \PHP_CodeSniffer\Files\File $phpcsFile    The file being scanned.
   * @param int                         $stackPtr     The position of the function call in
   *                                                  the stack.
   * @param int                         $openBracket  The position of the opening
   *                                                  parenthesis in the stack.
   * @param int                         $closeBracket The position of the closing
   *                                                  parenthesis in the stack.
   *
   * @return void
   */
  public function processFunctionCall(File $phpcsFile, $stackPtr, $openBracket, $closeBracket) {
    $tokens = $phpcsFile
      ->getTokens();
    $argument = $this
      ->getArgument(2);
    if ($argument !== false && in_array($tokens[$argument['start']]['content'], array(
      'check_markup',
      'check_plain',
      'check_url',
      'filter_xss',
      'filter_xss_admin',
    )) === true) {
      $warning = 'Do not use the %s() sanitization function when writing values to the database, use it on output to HTML instead';
      $data = array(
        $tokens[$argument['start']]['content'],
      );
      $phpcsFile
        ->addWarning($warning, $argument['start'], 'VariableSet', $data);
    }
  }

}

//end class

Classes

Namesort descending Description
VariableSetSanitizeSniff Check that variable_set() calls do not run check_plain() or other sanitization functions on the value.