Esempio n. 1
0
 /**
  * Heavy used function to verify if a token contains user input
  *
  * @param String $t	The token to match
  * @return Boolean	Returns TRUE if found, FALSE if not found
  */
 public static function is_token_user_input($t)
 {
     if (parent::is_token_user_input($t)) {
         return TRUE;
     }
     if ($t['code'] == T_VARIABLE) {
         if ($t['content'] == '$request') {
             return TRUE;
         }
     } elseif ($t['code'] == T_STRING) {
         if ($t['content'] == 'get') {
             return TRUE;
         }
     }
     return FALSE;
 }
Esempio n. 2
0
 /**
  * Heavy used function to verify if a token contains user input
  *
  * @param String $t	The token to match
  * @return Boolean	Returns TRUE if found, FALSE if not found
  */
 public static function is_token_user_input($t)
 {
     if (parent::is_token_user_input($t)) {
         return TRUE;
     }
     if ($t['code'] == T_VARIABLE) {
         if (in_array($t['content'], array('$form', '$form_state'))) {
             return TRUE;
         }
     } elseif ($t['code'] == T_STRING) {
         if (in_array($t['content'], array('arg', 'drupal_get_query_parameters', 'field_view_value'))) {
             return TRUE;
         }
     }
     return FALSE;
 }
Esempio n. 3
0
 /**
  * Returns the tokens contained in the function paramters such as f(param1token1 . param1token3, param2token1)
  *
  * @param PHP_CodeSniffer_File $phpcsFile	The working instance of PHP_CodeSniffer
  * @param int $stackPtr	The $stackPtr from PHP_CodeSniffer where the function is
  * @param int $num	The parameter number desired (starts with 1)
  * @return Array()	An array containing tokens from the requested param
  * @return NULL	If no tokens is found or parameter doesn't exists
  */
 public static function get_param_tokens($phpcsFile, $stackPtr, $num)
 {
     $tokens = $phpcsFile->getTokens();
     $opener = $phpcsFile->findNext(T_OPEN_PARENTHESIS, $stackPtr, null, false, null, true);
     $closer = $tokens[$opener]['parenthesis_closer'];
     $s = $opener + 1;
     $i = 1;
     $olds = $s;
     $t = array();
     $pcloser = $s;
     while ($s < $closer) {
         $pcloser = $phpcsFile->findNext(T_COMMA, $s, $closer);
         if (!$pcloser) {
             if ($num > $i) {
                 // param num doesnt exists
                 return NULL;
             }
             while ($s < $closer) {
                 $tokens[$s]['stackPtr'] = $s;
                 $t[] = $tokens[$s];
                 $s++;
             }
             break;
         }
         while ($s < $pcloser) {
             if ($tokens[$s]['code'] == T_OPEN_PARENTHESIS) {
                 list($s, $t) = Security_Sniffs_Utils::crawl_open_parenthesis($tokens, $s, $t);
             }
             $tokens[$s]['stackPtr'] = $s;
             $t[] = $tokens[$s];
             $s++;
         }
         if ($num == $i) {
             break;
         } else {
             $t = array();
         }
         // Edge case of func()[0], skip.
         if ($tokens[$s]['code'] == T_OPEN_SQUARE_BRACKET) {
             $s = $tokens[$s]['bracket_closer'];
         } else {
             $i++;
             $s++;
         }
     }
     return empty($t) ? NULL : $t;
 }