3
* Ensures that getRequestData() is used to access super globals.
8
* @package PHP_CodeSniffer_MySource
9
* @author Greg Sherwood <gsherwood@squiz.net>
10
* @copyright 2006-2014 Squiz Pty Ltd (ABN 77 084 670 600)
11
* @license https://github.com/squizlabs/PHP_CodeSniffer/blob/master/licence.txt BSD Licence
12
* @link http://pear.php.net/package/PHP_CodeSniffer
16
* Ensures that getRequestData() is used to access super globals.
19
* @package PHP_CodeSniffer_MySource
20
* @author Greg Sherwood <gsherwood@squiz.net>
21
* @copyright 2006-2014 Squiz Pty Ltd (ABN 77 084 670 600)
22
* @license https://github.com/squizlabs/PHP_CodeSniffer/blob/master/licence.txt BSD Licence
23
* @version Release: 1.5.5
24
* @link http://pear.php.net/package/PHP_CodeSniffer
26
class MySource_Sniffs_PHP_GetRequestDataSniff implements PHP_CodeSniffer_Sniff
31
* Returns an array of tokens this test wants to listen for.
35
public function register()
37
return array(T_VARIABLE);
43
* Processes this sniff, when one of its tokens is encountered.
45
* @param PHP_CodeSniffer_File $phpcsFile The file being scanned.
46
* @param int $stackPtr The position of the current token in
47
* the stack passed in $tokens.
51
public function process(PHP_CodeSniffer_File $phpcsFile, $stackPtr)
53
$tokens = $phpcsFile->getTokens();
55
$varName = $tokens[$stackPtr]['content'];
56
if ($varName !== '$_REQUEST'
57
&& $varName !== '$_GET'
58
&& $varName !== '$_POST'
59
&& $varName !== '$_FILES'
64
// The only place these super globals can be accessed directly is
65
// in the getRequestData() method of the Security class.
67
foreach ($tokens[$stackPtr]['conditions'] as $i => $type) {
68
if ($tokens[$i]['code'] === T_CLASS) {
69
$className = $phpcsFile->findNext(T_STRING, $i);
70
$className = $tokens[$className]['content'];
71
if (strtolower($className) === 'security') {
74
// We don't have nested classes.
77
} else if ($inClass === true && $tokens[$i]['code'] === T_FUNCTION) {
78
$funcName = $phpcsFile->findNext(T_STRING, $i);
79
$funcName = $tokens[$funcName]['content'];
80
if (strtolower($funcName) === 'getrequestdata') {
84
// We don't have nested functions.
90
// If we get to here, the super global was used incorrectly.
91
// First find out how it is being used.
92
$globalName = strtolower(substr($varName, 2));
95
$openBracket = $phpcsFile->findNext(T_WHITESPACE, ($stackPtr + 1), null, true);
96
if ($tokens[$openBracket]['code'] === T_OPEN_SQUARE_BRACKET) {
97
$closeBracket = $tokens[$openBracket]['bracket_closer'];
98
$usedVar = $phpcsFile->getTokensAsString(($openBracket + 1), ($closeBracket - $openBracket - 1));
101
$type = 'SuperglobalAccessed';
102
$error = 'The %s super global must not be accessed directly; use Security::getRequestData(';
103
$data = array($varName);
104
if ($usedVar !== '') {
106
$error .= '%s, \'%s\'';
108
$data[] = $globalName;
111
$error .= ') instead';
112
$phpcsFile->addError($error, $stackPtr, $type, $data);