Skip to content

Commit cb61fb8

Browse files
rodrigoprimorodrigoprimo
committed
CHECK Security/EscapeOutput: update for PHPCS 4.0
The tokenization of (namespaced) "names" has changed in PHP 8.0, and this new tokenization will come into effect for PHP_CodeSniffer as of version 4.0.0. This commit adds handling for the new tokenization to this sniff. Discuss if it is worth supporting `\true` and `\false` (and maybe even `\null`) in this sniff.
1 parent c2fa766 commit cb61fb8

File tree

1 file changed

+12
-5
lines changed

1 file changed

+12
-5
lines changed

WordPress/Sniffs/Security/EscapeOutputSniff.php

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -187,6 +187,7 @@ public function process_token( $stackPtr ) {
187187
$start = ( $stackPtr + 1 );
188188

189189
switch ( $this->tokens[ $stackPtr ]['code'] ) {
190+
case \T_NAME_FULLY_QUALIFIED:
190191
case \T_STRING:
191192
// Prevent exclusion of any of the function groups.
192193
$this->exclude = array();
@@ -575,9 +576,15 @@ protected function check_code_is_escaped( $start, $end, $code = 'OutputNotEscape
575576
continue;
576577
}
577578

579+
$content = $this->tokens[ $i ]['content'];
580+
581+
if ( \T_NAME_FULLY_QUALIFIED === $this->tokens[ $i ]['code'] ) {
582+
$content = \ltrim( $content, '\\' );
583+
}
584+
578585
// Ignore safe PHP native constants.
579-
if ( \T_STRING === $this->tokens[ $i ]['code']
580-
&& isset( $this->safe_php_constants[ $this->tokens[ $i ]['content'] ] )
586+
if ( ( \T_STRING === $this->tokens[ $i ]['code'] || \T_NAME_FULLY_QUALIFIED === $this->tokens[ $i ]['code'] )
587+
&& isset( $this->safe_php_constants[ $content ] )
581588
&& ConstantsHelper::is_use_of_global_constant( $this->phpcsFile, $i )
582589
) {
583590
continue;
@@ -613,7 +620,7 @@ protected function check_code_is_escaped( $start, $end, $code = 'OutputNotEscape
613620
}
614621

615622
// Check for use of *::class.
616-
if ( \T_STRING === $this->tokens[ $i ]['code']
623+
if ( isset( Collections::nameTokens()[ $this->tokens[ $i ]['code'] ] )
617624
|| \T_VARIABLE === $this->tokens[ $i ]['code']
618625
|| isset( Collections::ooHierarchyKeywords()[ $this->tokens[ $i ]['code'] ] )
619626
|| \T_NAMESPACE === $this->tokens[ $i ]['code']
@@ -679,9 +686,9 @@ protected function check_code_is_escaped( $start, $end, $code = 'OutputNotEscape
679686
}
680687

681688
// Now check that the next token is a function call.
682-
if ( \T_STRING === $this->tokens[ $i ]['code'] ) {
689+
if ( \T_STRING === $this->tokens[ $i ]['code'] || \T_NAME_FULLY_QUALIFIED === $this->tokens[ $i ]['code'] ) {
683690
$ptr = $i;
684-
$functionName = $this->tokens[ $i ]['content'];
691+
$functionName = $content;
685692
$function_opener = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $i + 1 ), null, true );
686693
$is_formatting_function = FormattingFunctionsHelper::is_formatting_function( $functionName );
687694

0 commit comments

Comments
 (0)