Security/Twig: sniff for all text string tokens

As things were, double quoted strings with interpolation and PHP 5.3+ nowdocs were not examined.

Includes ensuring that all tokens which should be examined have tests associated with them.

Author: jrfnl

WordPressVIPMinimum/Sniffs/Security/TwigSniff.php

@@ -8,6 +8,7 @@
 
 namespace WordPressVIPMinimum\Sniffs\Security;
 
+use PHP_CodeSniffer\Util\Tokens;
 use WordPressVIPMinimum\Sniffs\Sniff;
 
 /**
@@ -28,11 +29,7 @@ class TwigSniff extends Sniff {
 	 * @return array<int|string>
 	 */
 	public function register() {
-		return [
-			T_CONSTANT_ENCAPSED_STRING,
-			T_INLINE_HTML,
-			T_HEREDOC,
-		];
+		return Tokens::$textStringTokens;
 	}
 
 	/**

WordPressVIPMinimum/Tests/Security/TwigUnitTest.inc

@@ -9,4 +9,52 @@
 {% autoescape %}
     {{ safe_value|raw }}
 {% endautoescape %}
-</script>
+</script>
+
+<?php
+
+echo '<script>
+{% autoescape false %}
+    Everything will be outputted as is in this block
+{% endautoescape %}
+
+{% autoescape %}
+    {{ safe_value|raw }}
+{% endautoescape %}
+</script>';
+
+echo "<script>
+{% autoescape false %}
+    Everything will be $outputted as is in this block
+{% endautoescape %}
+
+{% autoescape %}
+    {{ safe_value|raw }}
+{% endautoescape %}
+</script>
+";
+
+echo <<<'EOD'
+<script>
+{% autoescape false %}
+    Everything will be outputted as is in this block
+{% endautoescape %}
+
+{% autoescape %}
+    {{ safe_value|raw }}
+{% endautoescape %}
+</script>
+EOD;
+
+echo <<<EOD
+<script>
+{% autoescape false %}
+    Everything will be $outputted as is in this block
+{% endautoescape %}
+EOD;
+echo <<<"EOD"
+{% autoescape %}
+    {{ safe_value|raw }}
+{% endautoescape %}
+</script>
+EOD;

WordPressVIPMinimum/Tests/Security/TwigUnitTest.php

@@ -34,6 +34,14 @@ public function getWarningList() {
 		return [
 			5  => 1,
 			10 => 1,
+			17 => 1,
+			22 => 1,
+			27 => 1,
+			32 => 1,
+			39 => 1,
+			44 => 1,
+			51 => 1,
+			57 => 1,
 		];
 	}
 }