From aa33ea7009278e5ecd7ff942bb7a74a79a636f63 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Fri, 29 Jul 2016 07:54:28 +0200 Subject: [PATCH] Verify the extended classes Verified that classes which extend a parent actually *use* that parent and if not, removed the `extend`. If they use the parent, leverage the properties available in the parent and remove duplicate function calls. --- WordPress/Sniff.php | 9 +- .../Sniffs/CSRF/NonceVerificationSniff.php | 3 +- .../Sniffs/PHP/StrictComparisonsSniff.php | 3 +- WordPress/Sniffs/PHP/StrictInArraySniff.php | 2 +- .../Sniffs/VIP/SessionVariableUsageSniff.php | 2 +- .../Sniffs/VIP/SuperGlobalInputUsageSniff.php | 5 +- .../VIP/ValidatedSanitizedInputSniff.php | 21 ++- .../Sniffs/Variables/GlobalVariablesSniff.php | 19 ++- WordPress/Sniffs/WP/PreparedSQLSniff.php | 28 ++-- .../ControlStructureSpacingSniff.php | 120 +++++++++--------- WordPress/Sniffs/XSS/EscapeOutputSniff.php | 53 ++++---- 11 files changed, 131 insertions(+), 134 deletions(-) diff --git a/WordPress/Sniff.php b/WordPress/Sniff.php index 4361863cf7..ee010cd4f8 100644 --- a/WordPress/Sniff.php +++ b/WordPress/Sniff.php @@ -465,7 +465,14 @@ abstract class WordPress_Sniff implements PHP_CodeSniffer_Sniff { * * @var string[] */ - protected static $input_superglobals = array( '$_COOKIE', '$_GET', '$_FILES', '$_POST', '$_REQUEST', '$_SERVER' ); + protected static $input_superglobals = array( + '$_COOKIE', + '$_GET', + '$_FILES', + '$_POST', + '$_REQUEST', + '$_SERVER', + ); /** * Initialize the class for the current process. diff --git a/WordPress/Sniffs/CSRF/NonceVerificationSniff.php b/WordPress/Sniffs/CSRF/NonceVerificationSniff.php index 84629da527..7bc92b3a3b 100644 --- a/WordPress/Sniffs/CSRF/NonceVerificationSniff.php +++ b/WordPress/Sniffs/CSRF/NonceVerificationSniff.php @@ -94,8 +94,7 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { $this->init( $phpcsFile ); - $tokens = $phpcsFile->getTokens(); - $instance = $tokens[ $stackPtr ]; + $instance = $this->tokens[ $stackPtr ]; $superglobals = array_merge( $this->errorForSuperGlobals diff --git a/WordPress/Sniffs/PHP/StrictComparisonsSniff.php b/WordPress/Sniffs/PHP/StrictComparisonsSniff.php index 8a7f94af98..1f42761541 100644 --- a/WordPress/Sniffs/PHP/StrictComparisonsSniff.php +++ b/WordPress/Sniffs/PHP/StrictComparisonsSniff.php @@ -42,8 +42,7 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { $this->init( $phpcsFile ); if ( ! $this->has_whitelist_comment( 'loose comparison', $stackPtr ) ) { - $tokens = $phpcsFile->getTokens(); - $error = 'Found: ' . $tokens[ $stackPtr ]['content'] . '. Use strict comparisons (=== or !==).'; + $error = 'Found: ' . $this->tokens[ $stackPtr ]['content'] . '. Use strict comparisons (=== or !==).'; $phpcsFile->addWarning( $error, $stackPtr, 'LooseComparison' ); } diff --git a/WordPress/Sniffs/PHP/StrictInArraySniff.php b/WordPress/Sniffs/PHP/StrictInArraySniff.php index 019e8e4a11..bda11b7932 100644 --- a/WordPress/Sniffs/PHP/StrictInArraySniff.php +++ b/WordPress/Sniffs/PHP/StrictInArraySniff.php @@ -15,7 +15,7 @@ * @category PHP * @package PHP_CodeSniffer */ -class WordPress_Sniffs_PHP_StrictInArraySniff extends WordPress_Sniff { +class WordPress_Sniffs_PHP_StrictInArraySniff implements PHP_CodeSniffer_Sniff { /** * List of array functions to which a $strict parameter can be passed. diff --git a/WordPress/Sniffs/VIP/SessionVariableUsageSniff.php b/WordPress/Sniffs/VIP/SessionVariableUsageSniff.php index bc04c77462..5552affab3 100644 --- a/WordPress/Sniffs/VIP/SessionVariableUsageSniff.php +++ b/WordPress/Sniffs/VIP/SessionVariableUsageSniff.php @@ -23,7 +23,7 @@ * @package PHP_CodeSniffer * @author Shady Sharaf */ -class WordPress_Sniffs_VIP_SessionVariableUsageSniff extends Generic_Sniffs_PHP_ForbiddenFunctionsSniff { +class WordPress_Sniffs_VIP_SessionVariableUsageSniff implements PHP_CodeSniffer_Sniff { /** * Returns an array of tokens this test wants to listen for. diff --git a/WordPress/Sniffs/VIP/SuperGlobalInputUsageSniff.php b/WordPress/Sniffs/VIP/SuperGlobalInputUsageSniff.php index 886cd5600e..d7b8c76798 100644 --- a/WordPress/Sniffs/VIP/SuperGlobalInputUsageSniff.php +++ b/WordPress/Sniffs/VIP/SuperGlobalInputUsageSniff.php @@ -41,14 +41,13 @@ public function register() { */ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { $this->init( $phpcsFile ); - $tokens = $phpcsFile->getTokens(); // Check for global input variable. - if ( ! in_array( $tokens[ $stackPtr ]['content'], WordPress_Sniff::$input_superglobals, true ) ) { + if ( ! in_array( $this->tokens[ $stackPtr ]['content'], self::$input_superglobals, true ) ) { return; } - $varName = $tokens[ $stackPtr ]['content']; + $varName = $this->tokens[ $stackPtr ]['content']; // If we're overriding a superglobal with an assignment, no need to test. if ( $this->is_assignment( $stackPtr ) ) { diff --git a/WordPress/Sniffs/VIP/ValidatedSanitizedInputSniff.php b/WordPress/Sniffs/VIP/ValidatedSanitizedInputSniff.php index 8f89c997d6..bc62c72459 100644 --- a/WordPress/Sniffs/VIP/ValidatedSanitizedInputSniff.php +++ b/WordPress/Sniffs/VIP/ValidatedSanitizedInputSniff.php @@ -78,13 +78,13 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { // Merge any custom functions with the defaults, if we haven't already. if ( ! self::$addedCustomFunctions ) { - WordPress_Sniff::$sanitizingFunctions = array_merge( - WordPress_Sniff::$sanitizingFunctions, + self::$sanitizingFunctions = array_merge( + self::$sanitizingFunctions, array_flip( $this->customSanitizingFunctions ) ); - WordPress_Sniff::$unslashingSanitizingFunctions = array_merge( - WordPress_Sniff::$unslashingSanitizingFunctions, + self::$unslashingSanitizingFunctions = array_merge( + self::$unslashingSanitizingFunctions, array_flip( $this->customUnslashingSanitizingFunctions ) ); @@ -92,24 +92,23 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { } $this->init( $phpcsFile ); - $tokens = $phpcsFile->getTokens(); - $superglobals = WordPress_Sniff::$input_superglobals; + $superglobals = self::$input_superglobals; // Handling string interpolation. - if ( T_DOUBLE_QUOTED_STRING === $tokens[ $stackPtr ]['code'] ) { + if ( T_DOUBLE_QUOTED_STRING === $this->tokens[ $stackPtr ]['code'] ) { $interpolated_variables = array_map( create_function( '$symbol', 'return "$" . $symbol;' ), // Replace with closure when 5.3 is minimum requirement for PHPCS. - $this->get_interpolated_variables( $tokens[ $stackPtr ]['content'] ) + $this->get_interpolated_variables( $this->tokens[ $stackPtr ]['content'] ) ); foreach ( array_intersect( $interpolated_variables, $superglobals ) as $bad_variable ) { - $phpcsFile->addError( 'Detected usage of a non-sanitized, non-validated input variable %s: %s', $stackPtr, 'InputNotValidatedNotSanitized', array( $bad_variable, $tokens[ $stackPtr ]['content'] ) ); + $phpcsFile->addError( 'Detected usage of a non-sanitized, non-validated input variable %s: %s', $stackPtr, 'InputNotValidatedNotSanitized', array( $bad_variable, $this->tokens[ $stackPtr ]['content'] ) ); } return; } // Check if this is a superglobal. - if ( ! in_array( $tokens[ $stackPtr ]['content'], $superglobals, true ) ) { + if ( ! in_array( $this->tokens[ $stackPtr ]['content'], $superglobals, true ) ) { return; } @@ -129,7 +128,7 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { return; } - $error_data = array( $tokens[ $stackPtr ]['content'] ); + $error_data = array( $this->tokens[ $stackPtr ]['content'] ); // Check for validation first. if ( ! $this->is_validated( $stackPtr, $array_key, $this->check_validation_in_scope_only ) ) { diff --git a/WordPress/Sniffs/Variables/GlobalVariablesSniff.php b/WordPress/Sniffs/Variables/GlobalVariablesSniff.php index 8d03d6889c..16f8a51e2a 100644 --- a/WordPress/Sniffs/Variables/GlobalVariablesSniff.php +++ b/WordPress/Sniffs/Variables/GlobalVariablesSniff.php @@ -282,28 +282,27 @@ public function register() { */ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { $this->init( $phpcsFile ); - $tokens = $phpcsFile->getTokens(); - $token = $tokens[ $stackPtr ]; + $token = $this->tokens[ $stackPtr ]; $search = array(); // Array of globals to watch for. if ( T_VARIABLE === $token['code'] && '$GLOBALS' === $token['content'] ) { $bracketPtr = $phpcsFile->findNext( array( T_WHITESPACE ), ( $stackPtr + 1 ), null, true ); - if ( T_OPEN_SQUARE_BRACKET !== $tokens[ $bracketPtr ]['code'] ) { + if ( T_OPEN_SQUARE_BRACKET !== $this->tokens[ $bracketPtr ]['code'] ) { return; } - $varPtr = $phpcsFile->findNext( T_WHITESPACE, ( $bracketPtr + 1 ), $tokens[ $bracketPtr ]['bracket_closer'], true ); - $varToken = $tokens[ $varPtr ]; + $varPtr = $phpcsFile->findNext( T_WHITESPACE, ( $bracketPtr + 1 ), $this->tokens[ $bracketPtr ]['bracket_closer'], true ); + $varToken = $this->tokens[ $varPtr ]; if ( ! in_array( trim( $varToken['content'], '\'"' ), $this->globals, true ) ) { return; } - $assignment = $phpcsFile->findNext( T_WHITESPACE, ( $tokens[ $bracketPtr ]['bracket_closer'] + 1 ), null, true ); + $assignment = $phpcsFile->findNext( T_WHITESPACE, ( $this->tokens[ $bracketPtr ]['bracket_closer'] + 1 ), null, true ); - if ( $assignment && T_EQUAL === $tokens[ $assignment ]['code'] ) { + if ( $assignment && T_EQUAL === $this->tokens[ $assignment ]['code'] ) { if ( ! $this->has_whitelist_comment( 'override', $assignment ) ) { $phpcsFile->addError( 'Overriding WordPress globals is prohibited', $stackPtr, 'OverrideProhibited' ); return; @@ -316,7 +315,7 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { $ptr = ( $stackPtr + 1 ); while ( $ptr ) { $ptr++; - $var = $tokens[ $ptr ]; + $var = $this->tokens[ $ptr ]; if ( T_VARIABLE === $var['code'] ) { $varname = substr( $var['content'], 1 ); if ( in_array( $varname, $this->globals, true ) ) { @@ -333,10 +332,10 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { } // Check for assignments to collected global vars. - foreach ( $tokens as $ptr => $token ) { + foreach ( $this->tokens as $ptr => $token ) { if ( T_VARIABLE === $token['code'] && in_array( substr( $token['content'], 1 ), $search, true ) ) { $next = $phpcsFile->findNext( PHP_CodeSniffer_Tokens::$emptyTokens, ( $ptr + 1 ), null, true, null, true ); - if ( T_EQUAL === $tokens[ $next ]['code'] ) { + if ( T_EQUAL === $this->tokens[ $next ]['code'] ) { if ( ! $this->has_whitelist_comment( 'override', $next ) ) { $phpcsFile->addError( 'Overriding WordPress globals is prohibited', $ptr, 'OverrideProhibited' ); } diff --git a/WordPress/Sniffs/WP/PreparedSQLSniff.php b/WordPress/Sniffs/WP/PreparedSQLSniff.php index f9d8455595..1bfcf9793a 100644 --- a/WordPress/Sniffs/WP/PreparedSQLSniff.php +++ b/WordPress/Sniffs/WP/PreparedSQLSniff.php @@ -101,15 +101,13 @@ public function register() { */ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { - $tokens = $phpcsFile->getTokens(); + $this->init( $phpcsFile ); // Check for $wpdb variable. - if ( '$wpdb' !== $tokens[ $stackPtr ]['content'] ) { + if ( '$wpdb' !== $this->tokens[ $stackPtr ]['content'] ) { return; } - $this->init( $phpcsFile ); - if ( ! $this->is_wpdb_method_call( $stackPtr ) ) { return; } @@ -120,14 +118,14 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { for ( $this->i; $this->i < $this->end; $this->i++ ) { - if ( isset( $this->ignored_tokens[ $tokens[ $this->i ]['code'] ] ) ) { + if ( isset( $this->ignored_tokens[ $this->tokens[ $this->i ]['code'] ] ) ) { continue; } - if ( T_DOUBLE_QUOTED_STRING === $tokens[ $this->i ]['code'] ) { + if ( T_DOUBLE_QUOTED_STRING === $this->tokens[ $this->i ]['code'] ) { $bad_variables = array_filter( - $this->get_interpolated_variables( $tokens[ $this->i ]['content'] ), + $this->get_interpolated_variables( $this->tokens[ $this->i ]['content'] ), create_function( '$symbol', 'return ! in_array( $symbol, array( "wpdb" ), true );' ) // Replace this with closure once 5.3 is minimum requirement. ); @@ -138,25 +136,25 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { 'NotPrepared', array( $bad_variable, - $tokens[ $this->i ]['content'], + $this->tokens[ $this->i ]['content'], ) ); } continue; } - if ( T_VARIABLE === $tokens[ $this->i ]['code'] ) { - if ( '$wpdb' === $tokens[ $this->i ]['content'] ) { + if ( T_VARIABLE === $this->tokens[ $this->i ]['code'] ) { + if ( '$wpdb' === $this->tokens[ $this->i ]['content'] ) { $this->is_wpdb_method_call( $this->i ); continue; } } - if ( T_STRING === $tokens[ $this->i ]['code'] ) { + if ( T_STRING === $this->tokens[ $this->i ]['code'] ) { if ( - isset( self::$SQLEscapingFunctions[ $tokens[ $this->i ]['content'] ] ) - || isset( self::$SQLAutoEscapedFunctions[ $tokens[ $this->i ]['content'] ] ) + isset( self::$SQLEscapingFunctions[ $this->tokens[ $this->i ]['content'] ] ) + || isset( self::$SQLAutoEscapedFunctions[ $this->tokens[ $this->i ]['content'] ] ) ) { // Find the opening parenthesis. @@ -171,7 +169,7 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { $this->i = $this->tokens[ $opening_paren ]['parenthesis_closer']; continue; } - } elseif ( isset( self::$formattingFunctions[ $tokens[ $this->i ]['content'] ] ) ) { + } elseif ( isset( self::$formattingFunctions[ $this->tokens[ $this->i ]['content'] ] ) ) { continue; } } @@ -180,7 +178,7 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { 'Use placeholders and $wpdb->prepare(); found %s', $this->i, 'NotPrepared', - array( $tokens[ $this->i ]['content'] ) + array( $this->tokens[ $this->i ]['content'] ) ); } diff --git a/WordPress/Sniffs/WhiteSpace/ControlStructureSpacingSniff.php b/WordPress/Sniffs/WhiteSpace/ControlStructureSpacingSniff.php index 19f0b72ce2..078c30a380 100644 --- a/WordPress/Sniffs/WhiteSpace/ControlStructureSpacingSniff.php +++ b/WordPress/Sniffs/WhiteSpace/ControlStructureSpacingSniff.php @@ -96,14 +96,12 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { $this->blank_line_check = (bool) $this->blank_line_check; $this->blank_line_after_check = (bool) $this->blank_line_after_check; - $tokens = $phpcsFile->getTokens(); - $this->init( $phpcsFile ); - if ( isset( $tokens[ ( $stackPtr + 1 ) ] ) && T_WHITESPACE !== $tokens[ ( $stackPtr + 1 ) ]['code'] - && ! ( T_ELSE === $tokens[ $stackPtr ]['code'] && T_COLON === $tokens[ ( $stackPtr + 1 ) ]['code'] ) + if ( isset( $this->tokens[ ( $stackPtr + 1 ) ] ) && T_WHITESPACE !== $this->tokens[ ( $stackPtr + 1 ) ]['code'] + && ! ( T_ELSE === $this->tokens[ $stackPtr ]['code'] && T_COLON === $this->tokens[ ( $stackPtr + 1 ) ]['code'] ) && ! ( - T_CLOSURE === $tokens[ $stackPtr ]['code'] + T_CLOSURE === $this->tokens[ $stackPtr ]['code'] && ( 0 === (int) $this->spaces_before_closure_open_paren || -1 === (int) $this->spaces_before_closure_open_paren @@ -123,25 +121,25 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { } } - if ( ! isset( $tokens[ $stackPtr ]['scope_closer'] ) ) { + if ( ! isset( $this->tokens[ $stackPtr ]['scope_closer'] ) ) { - if ( T_USE === $tokens[ $stackPtr ]['code'] && 'closure' === $this->get_use_type( $stackPtr ) ) { + if ( T_USE === $this->tokens[ $stackPtr ]['code'] && 'closure' === $this->get_use_type( $stackPtr ) ) { $scopeOpener = $phpcsFile->findNext( T_OPEN_CURLY_BRACKET, ( $stackPtr + 1 ) ); - $scopeCloser = $tokens[ $scopeOpener ]['scope_closer']; + $scopeCloser = $this->tokens[ $scopeOpener ]['scope_closer']; } else { return; } } else { - $scopeOpener = $tokens[ $stackPtr ]['scope_opener']; - $scopeCloser = $tokens[ $stackPtr ]['scope_closer']; + $scopeOpener = $this->tokens[ $stackPtr ]['scope_opener']; + $scopeCloser = $this->tokens[ $stackPtr ]['scope_closer']; } // Alternative syntax. - if ( T_COLON === $tokens[ $scopeOpener ]['code'] ) { + if ( T_COLON === $this->tokens[ $scopeOpener ]['code'] ) { if ( 'required' === $this->space_before_colon ) { - if ( T_WHITESPACE !== $tokens[ ( $scopeOpener - 1 ) ]['code'] ) { + if ( T_WHITESPACE !== $this->tokens[ ( $scopeOpener - 1 ) ]['code'] ) { $error = 'Space between opening control structure and T_COLON is required'; if ( isset( $phpcsFile->fixer ) ) { @@ -158,7 +156,7 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { } } elseif ( 'forbidden' === $this->space_before_colon ) { - if ( T_WHITESPACE === $tokens[ ( $scopeOpener - 1 ) ]['code'] ) { + if ( T_WHITESPACE === $this->tokens[ ( $scopeOpener - 1 ) ]['code'] ) { $error = 'Extra space between opening control structure and T_COLON found'; if ( isset( $phpcsFile->fixer ) ) { @@ -179,13 +177,13 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { $parenthesisOpener = $phpcsFile->findNext( PHP_CodeSniffer_Tokens::$emptyTokens, ( $stackPtr + 1 ), null, true ); // If this is a function declaration. - if ( T_FUNCTION === $tokens[ $stackPtr ]['code'] ) { + if ( T_FUNCTION === $this->tokens[ $stackPtr ]['code'] ) { - if ( T_STRING === $tokens[ $parenthesisOpener ]['code'] ) { + if ( T_STRING === $this->tokens[ $parenthesisOpener ]['code'] ) { $function_name_ptr = $parenthesisOpener; - } elseif ( T_BITWISE_AND === $tokens[ $parenthesisOpener ]['code'] ) { + } elseif ( T_BITWISE_AND === $this->tokens[ $parenthesisOpener ]['code'] ) { // This function returns by reference (function &function_name() {}). $function_name_ptr = $parenthesisOpener = $phpcsFile->findNext( @@ -211,7 +209,7 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { $error, $stackPtr, 'SpaceBeforeFunctionOpenParenthesis', - $tokens[ ( $function_name_ptr + 1 ) ]['content'] + $this->tokens[ ( $function_name_ptr + 1 ) ]['content'] ); if ( true === $fix ) { @@ -220,14 +218,14 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { $phpcsFile->fixer->endChangeset(); } } - } elseif ( T_CLOSURE === $tokens[ $stackPtr ]['code'] ) { + } elseif ( T_CLOSURE === $this->tokens[ $stackPtr ]['code'] ) { // Check if there is a use () statement. - if ( isset( $tokens[ $parenthesisOpener ]['parenthesis_closer'] ) ) { + if ( isset( $this->tokens[ $parenthesisOpener ]['parenthesis_closer'] ) ) { $usePtr = $phpcsFile->findNext( PHP_CodeSniffer_Tokens::$emptyTokens, - ( $tokens[ $parenthesisOpener ]['parenthesis_closer'] + 1 ), + ( $this->tokens[ $parenthesisOpener ]['parenthesis_closer'] + 1 ), null, true, null, @@ -235,19 +233,19 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { ); // If it is, we set that as the "scope opener". - if ( T_USE === $tokens[ $usePtr ]['code'] ) { + if ( T_USE === $this->tokens[ $usePtr ]['code'] ) { $scopeOpener = $usePtr; } } } if ( - T_COLON !== $tokens[ $parenthesisOpener ]['code'] - && T_FUNCTION !== $tokens[ $stackPtr ]['code'] + T_COLON !== $this->tokens[ $parenthesisOpener ]['code'] + && T_FUNCTION !== $this->tokens[ $stackPtr ]['code'] ) { if ( - T_CLOSURE === $tokens[ $stackPtr ]['code'] + T_CLOSURE === $this->tokens[ $stackPtr ]['code'] && 0 === (int) $this->spaces_before_closure_open_paren ) { @@ -263,7 +261,7 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { } } elseif ( ( - T_CLOSURE !== $tokens[ $stackPtr ]['code'] + T_CLOSURE !== $this->tokens[ $stackPtr ]['code'] || 1 === (int) $this->spaces_before_closure_open_paren ) && ( $stackPtr + 1 ) === $parenthesisOpener @@ -285,8 +283,8 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { } if ( - T_WHITESPACE === $tokens[ ( $stackPtr + 1 ) ]['code'] - && ' ' !== $tokens[ ( $stackPtr + 1 ) ]['content'] + T_WHITESPACE === $this->tokens[ ( $stackPtr + 1 ) ]['code'] + && ' ' !== $this->tokens[ ( $stackPtr + 1 ) ]['content'] ) { // Checking this: if [*](...) {}. $error = 'Expected exactly one space before opening parenthesis; "%s" found.'; @@ -294,7 +292,7 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { $error, $stackPtr, 'ExtraSpaceBeforeOpenParenthesis', - $tokens[ ( $stackPtr + 1 ) ]['content'] + $this->tokens[ ( $stackPtr + 1 ) ]['content'] ); if ( true === $fix ) { @@ -304,8 +302,8 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { } } - if ( T_WHITESPACE !== $tokens[ ( $parenthesisOpener + 1) ]['code'] - && T_CLOSE_PARENTHESIS !== $tokens[ ( $parenthesisOpener + 1) ]['code'] + if ( T_WHITESPACE !== $this->tokens[ ( $parenthesisOpener + 1) ]['code'] + && T_CLOSE_PARENTHESIS !== $this->tokens[ ( $parenthesisOpener + 1) ]['code'] ) { // Checking this: $value = my_function([*]...). $error = 'No space after opening parenthesis is prohibited'; @@ -321,13 +319,13 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { } } - if ( isset( $tokens[ $parenthesisOpener ]['parenthesis_closer'] ) ) { + if ( isset( $this->tokens[ $parenthesisOpener ]['parenthesis_closer'] ) ) { - $parenthesisCloser = $tokens[ $parenthesisOpener ]['parenthesis_closer']; + $parenthesisCloser = $this->tokens[ $parenthesisOpener ]['parenthesis_closer']; - if ( T_CLOSE_PARENTHESIS !== $tokens[ ( $parenthesisOpener + 1 ) ]['code'] ) { + if ( T_CLOSE_PARENTHESIS !== $this->tokens[ ( $parenthesisOpener + 1 ) ]['code'] ) { - if ( T_WHITESPACE !== $tokens[ ( $parenthesisCloser - 1 ) ]['code'] ) { + if ( T_WHITESPACE !== $this->tokens[ ( $parenthesisCloser - 1 ) ]['code'] ) { $error = 'No space before closing parenthesis is prohibited'; if ( isset( $phpcsFile->fixer ) ) { $fix = $phpcsFile->addFixableError( $error, $parenthesisCloser, 'NoSpaceBeforeCloseParenthesis' ); @@ -342,8 +340,8 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { } if ( - T_WHITESPACE !== $tokens[ ( $parenthesisCloser + 1 ) ]['code'] - && T_COLON !== $tokens[ $scopeOpener ]['code'] + T_WHITESPACE !== $this->tokens[ ( $parenthesisCloser + 1 ) ]['code'] + && T_COLON !== $this->tokens[ $scopeOpener ]['code'] ) { $error = 'Space between opening control structure and closing parenthesis is required'; @@ -361,8 +359,8 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { } } - if ( isset( $tokens[ $parenthesisOpener ]['parenthesis_owner'] ) - && $tokens[ $parenthesisCloser ]['line'] !== $tokens[ $scopeOpener ]['line'] + if ( isset( $this->tokens[ $parenthesisOpener ]['parenthesis_owner'] ) + && $this->tokens[ $parenthesisCloser ]['line'] !== $this->tokens[ $scopeOpener ]['line'] ) { $error = 'Opening brace should be on the same line as the declaration'; if ( isset( $phpcsFile->fixer ) ) { @@ -383,8 +381,8 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { return; } elseif ( - T_WHITESPACE === $tokens[ ( $parenthesisCloser + 1 ) ]['code'] - && ' ' !== $tokens[ ( $parenthesisCloser + 1 ) ]['content'] + T_WHITESPACE === $this->tokens[ ( $parenthesisCloser + 1 ) ]['code'] + && ' ' !== $this->tokens[ ( $parenthesisCloser + 1 ) ]['content'] ) { // Checking this: if (...) [*]{}. @@ -393,7 +391,7 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { $error, $stackPtr, 'ExtraSpaceAfterCloseParenthesis', - $tokens[ ( $parenthesisCloser + 1 ) ]['content'] + $this->tokens[ ( $parenthesisCloser + 1 ) ]['content'] ); if ( true === $fix ) { @@ -406,8 +404,8 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { if ( true === $this->blank_line_check ) { $firstContent = $phpcsFile->findNext( T_WHITESPACE, ( $scopeOpener + 1 ), null, true ); - if ( $tokens[ $firstContent ]['line'] > ( $tokens[ $scopeOpener ]['line'] + 1 ) - && false === in_array( $tokens[ $firstContent ]['code'], array( T_CLOSE_TAG, T_COMMENT ), true ) + if ( $this->tokens[ $firstContent ]['line'] > ( $this->tokens[ $scopeOpener ]['line'] + 1 ) + && false === in_array( $this->tokens[ $firstContent ]['code'], array( T_CLOSE_TAG, T_COMMENT ), true ) ) { $error = 'Blank line found at start of control structure'; if ( isset( $phpcsFile->fixer ) ) { @@ -428,11 +426,11 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { } $lastContent = $phpcsFile->findPrevious( T_WHITESPACE, ( $scopeCloser - 1 ), null, true ); - if ( ( $tokens[ $scopeCloser ]['line'] - 1 ) !== $tokens[ $lastContent ]['line'] ) { + if ( ( $this->tokens[ $scopeCloser ]['line'] - 1 ) !== $this->tokens[ $lastContent ]['line'] ) { $errorToken = $scopeCloser; for ( $i = ( $scopeCloser - 1 ); $i > $lastContent; $i-- ) { - if ( $tokens[ $i ]['line'] < $tokens[ $scopeCloser ]['line'] - && T_OPEN_TAG !== $tokens[ $firstContent ]['code'] + if ( $this->tokens[ $i ]['line'] < $this->tokens[ $scopeCloser ]['line'] + && T_OPEN_TAG !== $this->tokens[ $firstContent ]['code'] ) { // TODO: Reporting error at empty line won't highlight it in IDE. $error = 'Blank line found at end of control structure'; @@ -458,16 +456,16 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { } // end if $trailingContent = $phpcsFile->findNext( T_WHITESPACE, ( $scopeCloser + 1 ), null, true ); - if ( T_ELSE === $tokens[ $trailingContent ]['code'] ) { - if ( T_IF === $tokens[ $stackPtr ]['code'] ) { + if ( T_ELSE === $this->tokens[ $trailingContent ]['code'] ) { + if ( T_IF === $this->tokens[ $stackPtr ]['code'] ) { // IF with ELSE. return; } } - if ( T_COMMENT === $tokens[ $trailingContent ]['code'] ) { - if ( $tokens[ $trailingContent ]['line'] === $tokens[ $scopeCloser ]['line'] ) { - if ( '//end' === substr( $tokens[ $trailingContent ]['content'], 0, 5 ) ) { + if ( T_COMMENT === $this->tokens[ $trailingContent ]['code'] ) { + if ( $this->tokens[ $trailingContent ]['line'] === $this->tokens[ $scopeCloser ]['line'] ) { + if ( '//end' === substr( $this->tokens[ $trailingContent ]['content'], 0, 5 ) ) { // There is an end comment, so we have to get the next piece // of content. $trailingContent = $phpcsFile->findNext( T_WHITESPACE, ( $trailingContent + 1), null, true ); @@ -475,27 +473,27 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { } } - if ( T_BREAK === $tokens[ $trailingContent ]['code'] ) { + if ( T_BREAK === $this->tokens[ $trailingContent ]['code'] ) { // If this BREAK is closing a CASE, we don't need the // blank line after this control structure. - if ( isset( $tokens[ $trailingContent ]['scope_condition'] ) ) { - $condition = $tokens[ $trailingContent ]['scope_condition']; - if ( T_CASE === $tokens[ $condition ]['code'] || T_DEFAULT === $tokens[ $condition ]['code'] ) { + if ( isset( $this->tokens[ $trailingContent ]['scope_condition'] ) ) { + $condition = $this->tokens[ $trailingContent ]['scope_condition']; + if ( T_CASE === $this->tokens[ $condition ]['code'] || T_DEFAULT === $this->tokens[ $condition ]['code'] ) { return; } } } - if ( T_CLOSE_TAG === $tokens[ $trailingContent ]['code'] ) { + if ( T_CLOSE_TAG === $this->tokens[ $trailingContent ]['code'] ) { // At the end of the script or embedded code. return; } - if ( T_CLOSE_CURLY_BRACKET === $tokens[ $trailingContent ]['code'] ) { + if ( T_CLOSE_CURLY_BRACKET === $this->tokens[ $trailingContent ]['code'] ) { // Another control structure's closing brace. - if ( isset( $tokens[ $trailingContent ]['scope_condition'] ) ) { - $owner = $tokens[ $trailingContent ]['scope_condition']; - if ( in_array( $tokens[ $owner ]['code'], array( T_FUNCTION, T_CLASS, T_INTERFACE, T_TRAIT ), true ) ) { + if ( isset( $this->tokens[ $trailingContent ]['scope_condition'] ) ) { + $owner = $this->tokens[ $trailingContent ]['scope_condition']; + if ( in_array( $this->tokens[ $owner ]['code'], array( T_FUNCTION, T_CLASS, T_INTERFACE, T_TRAIT ), true ) ) { // The next content is the closing brace of a function, class, interface or trait // so normal function/class rules apply and we can ignore it. return; @@ -503,7 +501,7 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { } if ( true === $this->blank_line_after_check - && ( $tokens[ $scopeCloser ]['line'] + 1 ) !== $tokens[ $trailingContent ]['line'] + && ( $this->tokens[ $scopeCloser ]['line'] + 1 ) !== $this->tokens[ $trailingContent ]['line'] ) { // TODO: Won't cover following case: "} echo 'OK';". $error = 'Blank line found after control structure'; diff --git a/WordPress/Sniffs/XSS/EscapeOutputSniff.php b/WordPress/Sniffs/XSS/EscapeOutputSniff.php index d1999fdc29..41c749a8d0 100644 --- a/WordPress/Sniffs/XSS/EscapeOutputSniff.php +++ b/WordPress/Sniffs/XSS/EscapeOutputSniff.php @@ -116,12 +116,12 @@ public function register() { public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { // Merge any custom functions with the defaults, if we haven't already. if ( ! self::$addedCustomFunctions ) { - WordPress_Sniff::$escapingFunctions = array_merge( WordPress_Sniff::$escapingFunctions, array_flip( $this->customEscapingFunctions ) ); - WordPress_Sniff::$autoEscapedFunctions = array_merge( WordPress_Sniff::$autoEscapedFunctions, array_flip( $this->customAutoEscapedFunctions ) ); - WordPress_Sniff::$printingFunctions = array_merge( WordPress_Sniff::$printingFunctions, array_flip( $this->customPrintingFunctions ) ); + self::$escapingFunctions = array_merge( self::$escapingFunctions, array_flip( $this->customEscapingFunctions ) ); + self::$autoEscapedFunctions = array_merge( self::$autoEscapedFunctions, array_flip( $this->customAutoEscapedFunctions ) ); + self::$printingFunctions = array_merge( self::$printingFunctions, array_flip( $this->customPrintingFunctions ) ); if ( ! empty( $this->customSanitizingFunctions ) ) { - WordPress_Sniff::$escapingFunctions = array_merge( WordPress_Sniff::$escapingFunctions, array_flip( $this->customSanitizingFunctions ) ); + self::$escapingFunctions = array_merge( self::$escapingFunctions, array_flip( $this->customSanitizingFunctions ) ); $phpcsFile->addWarning( 'The customSanitizingFunctions property is deprecated in favor of customEscapingFunctions.', 0, 'DeprecatedCustomSanitizingFunctions' ); } @@ -129,22 +129,21 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { } $this->init( $phpcsFile ); - $tokens = $phpcsFile->getTokens(); - $function = $tokens[ $stackPtr ]['content']; + $function = $this->tokens[ $stackPtr ]['content']; // Find the opening parenthesis (if present; T_ECHO might not have it). $open_paren = $phpcsFile->findNext( PHP_CodeSniffer_Tokens::$emptyTokens, ( $stackPtr + 1 ), null, true ); // If function, not T_ECHO nor T_PRINT. - if ( T_STRING === $tokens[ $stackPtr ]['code'] ) { + if ( T_STRING === $this->tokens[ $stackPtr ]['code'] ) { // Skip if it is a function but is not of the printing functions. - if ( ! isset( self::$printingFunctions[ $tokens[ $stackPtr ]['content'] ] ) ) { + if ( ! isset( self::$printingFunctions[ $this->tokens[ $stackPtr ]['content'] ] ) ) { return; } - if ( isset( $tokens[ $open_paren ]['parenthesis_closer'] ) ) { - $end_of_statement = $tokens[ $open_paren ]['parenthesis_closer']; + if ( isset( $this->tokens[ $open_paren ]['parenthesis_closer'] ) ) { + $end_of_statement = $this->tokens[ $open_paren ]['parenthesis_closer']; } // These functions only need to have the first argument escaped. @@ -177,13 +176,13 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { // Check for the ternary operator. We only need to do this here if this // echo is lacking parenthesis. Otherwise it will be handled below. - if ( T_OPEN_PARENTHESIS !== $tokens[ $open_paren ]['code'] || T_CLOSE_PARENTHESIS !== $tokens[ $last_token ]['code'] ) { + if ( T_OPEN_PARENTHESIS !== $this->tokens[ $open_paren ]['code'] || T_CLOSE_PARENTHESIS !== $this->tokens[ $last_token ]['code'] ) { $ternary = $phpcsFile->findNext( T_INLINE_THEN, $stackPtr, $end_of_statement ); // If there is a ternary skip over the part before the ?. However, if // the ternary is within parentheses, it will be handled in the loop. - if ( $ternary && empty( $tokens[ $ternary ]['nested_parenthesis'] ) ) { + if ( $ternary && empty( $this->tokens[ $ternary ]['nested_parenthesis'] ) ) { $stackPtr = $ternary; } } @@ -199,29 +198,29 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { for ( $i = $stackPtr; $i < $end_of_statement; $i++ ) { // Ignore whitespaces and comments. - if ( in_array( $tokens[ $i ]['code'], PHP_CodeSniffer_Tokens::$emptyTokens, true ) ) { + if ( in_array( $this->tokens[ $i ]['code'], PHP_CodeSniffer_Tokens::$emptyTokens, true ) ) { continue; } - if ( T_OPEN_PARENTHESIS === $tokens[ $i ]['code'] ) { + if ( T_OPEN_PARENTHESIS === $this->tokens[ $i ]['code'] ) { if ( $in_cast ) { // Skip to the end of a function call if it has been casted to a safe value. - $i = $tokens[ $i ]['parenthesis_closer']; + $i = $this->tokens[ $i ]['parenthesis_closer']; $in_cast = false; } else { // Skip over the condition part of a ternary (i.e., to after the ?). - $ternary = $phpcsFile->findNext( T_INLINE_THEN, $i, $tokens[ $i ]['parenthesis_closer'] ); + $ternary = $phpcsFile->findNext( T_INLINE_THEN, $i, $this->tokens[ $i ]['parenthesis_closer'] ); if ( $ternary ) { - $next_paren = $phpcsFile->findNext( T_OPEN_PARENTHESIS, ( $i + 1 ), $tokens[ $i ]['parenthesis_closer'] ); + $next_paren = $phpcsFile->findNext( T_OPEN_PARENTHESIS, ( $i + 1 ), $this->tokens[ $i ]['parenthesis_closer'] ); // We only do it if the ternary isn't within a subset of parentheses. - if ( ! $next_paren || $ternary > $tokens[ $next_paren ]['parenthesis_closer'] ) { + if ( ! $next_paren || $ternary > $this->tokens[ $next_paren ]['parenthesis_closer'] ) { $i = $ternary; } } @@ -231,34 +230,34 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { } // Handle arrays for those functions that accept them. - if ( T_ARRAY === $tokens[ $i ]['code'] ) { + if ( T_ARRAY === $this->tokens[ $i ]['code'] ) { $i++; // Skip the opening parenthesis. continue; } - if ( in_array( $tokens[ $i ]['code'], array( T_DOUBLE_ARROW, T_CLOSE_PARENTHESIS ), true ) ) { + if ( in_array( $this->tokens[ $i ]['code'], array( T_DOUBLE_ARROW, T_CLOSE_PARENTHESIS ), true ) ) { continue; } // Handle magic constants for debug functions. - if ( isset( $this->magic_constant_tokens[ $tokens[ $i ]['type'] ] ) ) { + if ( isset( $this->magic_constant_tokens[ $this->tokens[ $i ]['type'] ] ) ) { continue; } // Wake up on concatenation characters, another part to check. - if ( in_array( $tokens[ $i ]['code'], array( T_STRING_CONCAT ), true ) ) { + if ( in_array( $this->tokens[ $i ]['code'], array( T_STRING_CONCAT ), true ) ) { $watch = true; continue; } // Wake up after a ternary else (:). - if ( $ternary && in_array( $tokens[ $i ]['code'], array( T_INLINE_ELSE ), true ) ) { + if ( $ternary && in_array( $this->tokens[ $i ]['code'], array( T_INLINE_ELSE ), true ) ) { $watch = true; continue; } // Wake up for commas. - if ( T_COMMA === $tokens[ $i ]['code'] ) { + if ( T_COMMA === $this->tokens[ $i ]['code'] ) { $in_cast = false; $watch = true; continue; @@ -270,14 +269,14 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { // Allow T_CONSTANT_ENCAPSED_STRING eg: echo 'Some String'; // Also T_LNUMBER, e.g.: echo 45; exit -1; and booleans. - if ( in_array( $tokens[ $i ]['code'], array( T_CONSTANT_ENCAPSED_STRING, T_LNUMBER, T_MINUS, T_TRUE, T_FALSE, T_NULL ), true ) ) { + if ( in_array( $this->tokens[ $i ]['code'], array( T_CONSTANT_ENCAPSED_STRING, T_LNUMBER, T_MINUS, T_TRUE, T_FALSE, T_NULL ), true ) ) { continue; } $watch = false; // Allow int/double/bool casted variables. - if ( in_array( $tokens[ $i ]['code'], array( T_INT_CAST, T_DOUBLE_CAST, T_BOOL_CAST ), true ) ) { + if ( in_array( $this->tokens[ $i ]['code'], array( T_INT_CAST, T_DOUBLE_CAST, T_BOOL_CAST ), true ) ) { $in_cast = true; continue; } @@ -298,7 +297,7 @@ public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr ) { $mapped_function = $this->phpcsFile->findNext( PHP_CodeSniffer_Tokens::$emptyTokens, ( $function_opener + 1 ), - $tokens[ $function_opener ]['parenthesis_closer'], + $this->tokens[ $function_opener ]['parenthesis_closer'], true );