Viewing file: GetRequestDataSniff.php (3.9 KB) -rw-rw-rw- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php /** * Ensures that getRequestData() is used to access super globals. * * PHP version 5 * * @category PHP * @package PHP_CodeSniffer_MySource * @author Greg Sherwood <gsherwood@squiz.net> * @copyright 2006-2011 Squiz Pty Ltd (ABN 77 084 670 600) * @license http://matrix.squiz.net/developer/tools/php_cs/licence BSD Licence * @link http://pear.php.net/package/PHP_CodeSniffer */
/** * Ensures that getRequestData() is used to access super globals. * * @category PHP * @package PHP_CodeSniffer_MySource * @author Greg Sherwood <gsherwood@squiz.net> * @copyright 2006-2011 Squiz Pty Ltd (ABN 77 084 670 600) * @license http://matrix.squiz.net/developer/tools/php_cs/licence BSD Licence * @version Release: 1.3.3 * @link http://pear.php.net/package/PHP_CodeSniffer */ class MySource_Sniffs_PHP_GetRequestDataSniff implements PHP_CodeSniffer_Sniff {
/** * Returns an array of tokens this test wants to listen for. * * @return array */ public function register() { return array(T_VARIABLE);
}//end register()
/** * Processes this sniff, when one of its tokens is encountered. * * @param PHP_CodeSniffer_File $phpcsFile The file being scanned. * @param int $stackPtr The position of the current token in * the stack passed in $tokens. * * @return void */ public function process(PHP_CodeSniffer_File $phpcsFile, $stackPtr) { $tokens = $phpcsFile->getTokens();
$varName = $tokens[$stackPtr]['content']; if ($varName !== '$_REQUEST' && $varName !== '$_GET' && $varName !== '$_POST' && $varName !== '$_FILES' ) { return; }
// The only place these super globals can be accessed directly is // in the getRequestData() method of the Security class. $inClass = false; foreach ($tokens[$stackPtr]['conditions'] as $i => $type) { if ($tokens[$i]['code'] === T_CLASS) { $className = $phpcsFile->findNext(T_STRING, $i); $className = $tokens[$className]['content']; if (strtolower($className) === 'security') { $inClass = true; } else { // We don't have nested classes. break; } } else if ($inClass === true && $tokens[$i]['code'] === T_FUNCTION) { $funcName = $phpcsFile->findNext(T_STRING, $i); $funcName = $tokens[$funcName]['content']; if (strtolower($funcName) === 'getrequestdata') { // This is valid. return; } else { // We don't have nested functions. break; } }//end if }//end foreach
// If we get to here, the super global was used incorrectly. // First find out how it is being used. $globalName = strtolower(substr($varName, 2)); $usedVar = '';
$openBracket = $phpcsFile->findNext(T_WHITESPACE, ($stackPtr + 1), null, true); if ($tokens[$openBracket]['code'] === T_OPEN_SQUARE_BRACKET) { $closeBracket = $tokens[$openBracket]['bracket_closer']; $usedVar = $phpcsFile->getTokensAsString(($openBracket + 1), ($closeBracket - $openBracket - 1)); }
$type = 'SuperglobalAccessed'; $error = 'The %s super global must not be accessed directly; use Security::getRequestData('; $data = array($varName); if ($usedVar !== '') { $type .= 'WithVar'; $error .= '%s, \'%s\''; $data[] = $usedVar; $data[] = $globalName; }
$error .= ') instead'; $phpcsFile->addError($error, $stackPtr, $type, $data);
}//end process()
}//end class
?>
|