Skip to content

Commit 697d2c5

Browse files
jrfnljrfnl
committed
Security/StaticStrreplace: use PHPCSUtils for array parsing
As things were, the sniff walked the tokens in an array and expected a comma to always belong to the array, i.e. `[ 'text', 'text' ]`. This falls foul as soon as the code being walked gets slightly more complex, like using nested arrays or dynamic values in the array: `[ 'text', [ $a, $b ], fnc( 'text', 'next' ) ]`. Now, at this time, this is not strictly problematic for this sniff as it will bow out for any token which is not a `T_CONSTANT_ENCAPSED_STRING`, so would bow out for nested arrays and dynamic values. Having said this, using the PHPCSUtils `PassedParameters::getParameters()` for parsing an array to it's individual items should still make the code more stable and also benefits from the PHPCSUtils build-in caching.
1 parent 5acd664 commit 697d2c5

File tree

1 file changed

+9
-10
lines changed

1 file changed

+9
-10
lines changed

WordPressVIPMinimum/Sniffs/Security/StaticStrreplaceSniff.php

Lines changed: 9 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
use PHP_CodeSniffer\Util\Tokens;
1313
use PHPCSUtils\Tokens\Collections;
1414
use PHPCSUtils\Utils\Arrays;
15+
use PHPCSUtils\Utils\PassedParameters;
1516
use WordPressCS\WordPress\AbstractFunctionParameterSniff;
1617

1718
/**
@@ -54,6 +55,9 @@ public function process_parameters( $stackPtr, $group_name, $matched_content, $p
5455
return;
5556
}
5657

58+
$static_text_tokens = Tokens::$emptyTokens;
59+
$static_text_tokens[ T_CONSTANT_ENCAPSED_STRING ] = T_CONSTANT_ENCAPSED_STRING;
60+
5761
$next_start_ptr = $openBracket + 1;
5862
for ( $i = 0; $i < 3; $i++ ) {
5963
$param_ptr = $this->phpcsFile->findNext( array_merge( Tokens::$emptyTokens, [ T_COMMA ] ), $next_start_ptr, null, true );
@@ -69,21 +73,16 @@ public function process_parameters( $stackPtr, $group_name, $matched_content, $p
6973
return;
7074
}
7175

72-
$openBracket = $arrayOpenClose['opener'];
73-
$closeBracket = $arrayOpenClose['closer'];
74-
75-
$array_item_ptr = $this->phpcsFile->findNext( array_merge( Tokens::$emptyTokens, [ T_COMMA ] ), $openBracket + 1, $closeBracket, true );
76-
while ( $array_item_ptr !== false ) {
77-
78-
if ( $this->tokens[ $array_item_ptr ]['code'] !== T_CONSTANT_ENCAPSED_STRING ) {
76+
$array_items = PassedParameters::getParameters( $this->phpcsFile, $param_ptr );
77+
foreach ( $array_items as $array_item ) {
78+
$has_non_static_text = $this->phpcsFile->findNext( $static_text_tokens, $array_item['start'], $array_item['end'], true );
79+
if ( $has_non_static_text !== false ) {
7980
return;
8081
}
81-
$array_item_ptr = $this->phpcsFile->findNext( array_merge( Tokens::$emptyTokens, [ T_COMMA ] ), $array_item_ptr + 1, $closeBracket, true );
8282
}
8383

84-
$next_start_ptr = $closeBracket + 1;
84+
$next_start_ptr = $arrayOpenClose['closer'] + 1;
8585
continue;
86-
8786
}
8887

8988
if ( $this->tokens[ $param_ptr ]['code'] !== T_CONSTANT_ENCAPSED_STRING ) {

0 commit comments

Comments
 (0)