Skip to content

Commit

Permalink
Merge pull request #143 from Automattic/fix-120-flag-attempt-to-escap…
Browse files Browse the repository at this point in the history
…e-void-returning-function

Flag attempt to escape function which prints it's output
  • Loading branch information
david-binda authored Jan 19, 2018
2 parents 5909ca2 + 99fb8bb commit caa574e
Show file tree
Hide file tree
Showing 3 changed files with 112 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
<?php
/**
* WordPress-VIP-Minimum Coding Standard.
*
* @package VIPCS\WordPressVIPMinimum
* @link https://github.com/Automattic/VIP-Coding-Standards
*/

namespace WordPressVIPMinimum\Sniffs\VIP;

use PHP_CodeSniffer_File as File;
use PHP_CodeSniffer_Tokens as Tokens;

/**
* Flag suspicious WP_Query and get_posts params.
*
* @package VIPCS\WordPressVIPMinimum
*/
class EscapingVoidReturnFunctionsSniff implements \PHP_CodeSniffer_Sniff {

/**
* Returns an array of tokens this test wants to listen for.
*
* @return array
*/
public function register() {
return array(
T_STRING,
);
}

/**
* Process this test when one of its tokens is encountered
*
* @param \PHP_CodeSniffer\Files\File $phpcsFile The file being scanned.
* @param int $stackPtr The position of the current token in the stack passed in $tokens.
*
* @return void
*/
public function process( File $phpcsFile, $stackPtr ) {

$tokens = $phpcsFile->getTokens();

if ( 0 !== strpos( $tokens[ $stackPtr ]['content'], 'esc_' ) && 0 !== strpos( $tokens[ $stackPtr ]['content'], 'wp_kses' ) ) {
// Not what we are looking for.
return;
}

$next_token = $phpcsFile->findNext( Tokens::$emptyTokens, ( $stackPtr + 1 ), null, true );

if ( T_OPEN_PARENTHESIS !== $tokens[ $next_token ]['code'] ) {
// Not a function call.
return;
}

$next_token = $phpcsFile->findNext( Tokens::$emptyTokens, ( $next_token + 1 ), null, true );

if ( T_STRING !== $tokens[ $next_token ]['code'] ) {
// Not what we are looking for.
return;
}

if ( 0 === strpos( $tokens[ $next_token ]['content'], '_e' ) ) {
$phpcsFile->addError( sprintf( 'Attempting to escape %s() which is printing it\'s output.', $tokens[ $next_token ]['content'] ), $stackPtr, 'escapingVoidReturningFunction' );
return;
}
}

}
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
<?php

esc_html( _e( $something ) ); // NOK.
esc_html( __( $something ) ); // NOK.
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
<?php
/**
* Unit test class for WordPressVIPMinimum Coding Standard.
*
* @package VIPCS\WordPressVIPMinimum
*/

namespace WordPressVIPMinimum\Tests\VIP;

use PHP_CodeSniffer\Tests\Standards\AbstractSniffUnitTest;

/**
* Unit test class for the EscapingVoidReturnFunctions sniff.
*
* @package VIPCS\WordPressVIPMinimum
*/
class EscapingVoidReturnFunctionsUnitTest extends AbstractSniffUnitTest {

/**
* Returns the lines where errors should occur.
*
* @return array <int line number> => <int number of errors>
*/
public function getErrorList() {
return array(
3 => 1,
);
}

/**
* Returns the lines where warnings should occur.
*
* @return array <int line number> => <int number of warnings>
*/
public function getWarningList() {
return array();
}

} // End class.

0 comments on commit caa574e

Please sign in to comment.