You are here

public function VariableSetSanitizeSniff::processFunctionCall in Coder 8.2

Same name and namespace in other branches
  1. 8.3 coder_sniffer/DrupalPractice/Sniffs/FunctionCalls/VariableSetSanitizeSniff.php \DrupalPractice\Sniffs\FunctionCalls\VariableSetSanitizeSniff::processFunctionCall()
  2. 8.3.x coder_sniffer/DrupalPractice/Sniffs/FunctionCalls/VariableSetSanitizeSniff.php \DrupalPractice\Sniffs\FunctionCalls\VariableSetSanitizeSniff::processFunctionCall()

Processes this function call.

Parameters

\PHP_CodeSniffer\Files\File $phpcsFile The file being scanned.:

int $stackPtr The position of the function call in: the stack.

int $openBracket The position of the opening: parenthesis in the stack.

int $closeBracket The position of the closing: parenthesis in the stack.

Return value

void

File

coder_sniffer/DrupalPractice/Sniffs/FunctionCalls/VariableSetSanitizeSniff.php, line 52

Class

VariableSetSanitizeSniff
Check that variable_set() calls do not run check_plain() or other sanitization functions on the value.

Namespace

DrupalPractice\Sniffs\FunctionCalls

Code

public function processFunctionCall(File $phpcsFile, $stackPtr, $openBracket, $closeBracket) {
  $tokens = $phpcsFile
    ->getTokens();
  $argument = $this
    ->getArgument(2);
  if ($argument !== false && in_array($tokens[$argument['start']]['content'], array(
    'check_markup',
    'check_plain',
    'check_url',
    'filter_xss',
    'filter_xss_admin',
  )) === true) {
    $warning = 'Do not use the %s() sanitization function when writing values to the database, use it on output to HTML instead';
    $data = array(
      $tokens[$argument['start']]['content'],
    );
    $phpcsFile
      ->addWarning($warning, $argument['start'], 'VariableSet', $data);
  }
}