public function VariableSetSanitizeSniff::processFunctionCall in Coder 8.3.x

Same name and namespace in other branches

8.3 coder_sniffer/DrupalPractice/Sniffs/FunctionCalls/VariableSetSanitizeSniff.php \DrupalPractice\Sniffs\FunctionCalls\VariableSetSanitizeSniff::processFunctionCall()
8.2 coder_sniffer/DrupalPractice/Sniffs/FunctionCalls/VariableSetSanitizeSniff.php \DrupalPractice\Sniffs\FunctionCalls\VariableSetSanitizeSniff::processFunctionCall()

Processes this function call.

Parameters

\PHP_CodeSniffer\Files\File $phpcsFile The file being scanned.:

int $stackPtr The position of the function call in: the stack.

int $openBracket The position of the opening: parenthesis in the stack.

int $closeBracket The position of the closing: parenthesis in the stack.

Return value

void

File

coder_sniffer/DrupalPractice/Sniffs/FunctionCalls/VariableSetSanitizeSniff.php, line 52

Class

VariableSetSanitizeSniff: Check that variable_set() calls do not run check_plain() or other sanitization functions on the value.

Namespace

DrupalPractice\Sniffs\FunctionCalls

Code

public function processFunctionCall(File $phpcsFile, $stackPtr, $openBracket, $closeBracket) {
  $tokens = $phpcsFile
    ->getTokens();
  $argument = $this
    ->getArgument(2);
  if ($argument !== false && in_array($tokens[$argument['start']]['content'], [
    'check_markup',
    'check_plain',
    'check_url',
    'filter_xss',
    'filter_xss_admin',
  ]) === true) {
    $warning = 'Do not use the %s() sanitization function when writing values to the database, use it on output to HTML instead';
    $data = [
      $tokens[$argument['start']]['content'],
    ];
    $phpcsFile
      ->addWarning($warning, $argument['start'], 'VariableSet', $data);
  }
}

You are here