/**
* Used to remove false positive for some tokens.
* Currently made for $_SERVER['DOCUMENT_ROOT']
* @param String $badT The token to verify
* @param String Tparam2T The second token after the token to verify
* @return Boolean Returns TRUE if it's safe so it's a false positive, FALSE if not.
*/
public static function is_token_false_positive($badT, $param2T)
{
if (in_array($badT['content'], array('$_SERVER'))) {
$param2 = str_replace(array('"', "'"), '', $param2T['content']);
// Safe values for $_SERVER means it's a false positive
// Paranoya note: $_SERVER['SAFE' . 'UNSAFE'] can exists
if (in_array($param2, Security_Sniffs_Utils::getSafeServerVars())) {
return TRUE;
}
}
return FALSE;
}
