-
Notifications
You must be signed in to change notification settings - Fork 40
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #143 from Automattic/fix-120-flag-attempt-to-escap…
…e-void-returning-function Flag attempt to escape function which prints it's output
- Loading branch information
Showing
3 changed files
with
112 additions
and
0 deletions.
There are no files selected for viewing
69 changes: 69 additions & 0 deletions
69
WordPressVIPMinimum/Sniffs/VIP/EscapingVoidReturnFunctionsSniff.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
<?php | ||
/** | ||
* WordPress-VIP-Minimum Coding Standard. | ||
* | ||
* @package VIPCS\WordPressVIPMinimum | ||
* @link https://github.com/Automattic/VIP-Coding-Standards | ||
*/ | ||
|
||
namespace WordPressVIPMinimum\Sniffs\VIP; | ||
|
||
use PHP_CodeSniffer_File as File; | ||
use PHP_CodeSniffer_Tokens as Tokens; | ||
|
||
/** | ||
* Flag suspicious WP_Query and get_posts params. | ||
* | ||
* @package VIPCS\WordPressVIPMinimum | ||
*/ | ||
class EscapingVoidReturnFunctionsSniff implements \PHP_CodeSniffer_Sniff { | ||
|
||
/** | ||
* Returns an array of tokens this test wants to listen for. | ||
* | ||
* @return array | ||
*/ | ||
public function register() { | ||
return array( | ||
T_STRING, | ||
); | ||
} | ||
|
||
/** | ||
* Process this test when one of its tokens is encountered | ||
* | ||
* @param \PHP_CodeSniffer\Files\File $phpcsFile The file being scanned. | ||
* @param int $stackPtr The position of the current token in the stack passed in $tokens. | ||
* | ||
* @return void | ||
*/ | ||
public function process( File $phpcsFile, $stackPtr ) { | ||
|
||
$tokens = $phpcsFile->getTokens(); | ||
|
||
if ( 0 !== strpos( $tokens[ $stackPtr ]['content'], 'esc_' ) && 0 !== strpos( $tokens[ $stackPtr ]['content'], 'wp_kses' ) ) { | ||
// Not what we are looking for. | ||
return; | ||
} | ||
|
||
$next_token = $phpcsFile->findNext( Tokens::$emptyTokens, ( $stackPtr + 1 ), null, true ); | ||
|
||
if ( T_OPEN_PARENTHESIS !== $tokens[ $next_token ]['code'] ) { | ||
// Not a function call. | ||
return; | ||
} | ||
|
||
$next_token = $phpcsFile->findNext( Tokens::$emptyTokens, ( $next_token + 1 ), null, true ); | ||
|
||
if ( T_STRING !== $tokens[ $next_token ]['code'] ) { | ||
// Not what we are looking for. | ||
return; | ||
} | ||
|
||
if ( 0 === strpos( $tokens[ $next_token ]['content'], '_e' ) ) { | ||
$phpcsFile->addError( sprintf( 'Attempting to escape %s() which is printing it\'s output.', $tokens[ $next_token ]['content'] ), $stackPtr, 'escapingVoidReturningFunction' ); | ||
return; | ||
} | ||
} | ||
|
||
} |
4 changes: 4 additions & 0 deletions
4
WordPressVIPMinimum/Tests/VIP/EscapingVoidReturnFunctionsUnitTest.inc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
<?php | ||
|
||
esc_html( _e( $something ) ); // NOK. | ||
esc_html( __( $something ) ); // NOK. |
39 changes: 39 additions & 0 deletions
39
WordPressVIPMinimum/Tests/VIP/EscapingVoidReturnFunctionsUnitTest.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
<?php | ||
/** | ||
* Unit test class for WordPressVIPMinimum Coding Standard. | ||
* | ||
* @package VIPCS\WordPressVIPMinimum | ||
*/ | ||
|
||
namespace WordPressVIPMinimum\Tests\VIP; | ||
|
||
use PHP_CodeSniffer\Tests\Standards\AbstractSniffUnitTest; | ||
|
||
/** | ||
* Unit test class for the EscapingVoidReturnFunctions sniff. | ||
* | ||
* @package VIPCS\WordPressVIPMinimum | ||
*/ | ||
class EscapingVoidReturnFunctionsUnitTest extends AbstractSniffUnitTest { | ||
|
||
/** | ||
* Returns the lines where errors should occur. | ||
* | ||
* @return array <int line number> => <int number of errors> | ||
*/ | ||
public function getErrorList() { | ||
return array( | ||
3 => 1, | ||
); | ||
} | ||
|
||
/** | ||
* Returns the lines where warnings should occur. | ||
* | ||
* @return array <int line number> => <int number of warnings> | ||
*/ | ||
public function getWarningList() { | ||
return array(); | ||
} | ||
|
||
} // End class. |