| 1 |
lars |
1 |
<?php
|
|
|
2 |
/**
|
|
|
3 |
* Ensures that eval() is not used to create objects.
|
|
|
4 |
*
|
|
|
5 |
* PHP version 5
|
|
|
6 |
*
|
|
|
7 |
* @category PHP
|
|
|
8 |
* @package PHP_CodeSniffer_MySource
|
|
|
9 |
* @author Greg Sherwood <gsherwood@squiz.net>
|
|
|
10 |
* @copyright 2006 Squiz Pty Ltd (ABN 77 084 670 600)
|
|
|
11 |
* @license http://matrix.squiz.net/developer/tools/php_cs/licence BSD Licence
|
|
|
12 |
* @version CVS: $Id: EvalObjectFactorySniff.php 240175 2007-07-23 01:47:54Z squiz $
|
|
|
13 |
* @link http://pear.php.net/package/PHP_CodeSniffer
|
|
|
14 |
*/
|
|
|
15 |
|
|
|
16 |
/**
|
|
|
17 |
* Ensures that eval() is not used to create objects.
|
|
|
18 |
*
|
|
|
19 |
* @category PHP
|
|
|
20 |
* @package PHP_CodeSniffer_MySource
|
|
|
21 |
* @author Greg Sherwood <gsherwood@squiz.net>
|
|
|
22 |
* @copyright 2006 Squiz Pty Ltd (ABN 77 084 670 600)
|
|
|
23 |
* @license http://matrix.squiz.net/developer/tools/php_cs/licence BSD Licence
|
|
|
24 |
* @version Release: 1.2.1
|
|
|
25 |
* @link http://pear.php.net/package/PHP_CodeSniffer
|
|
|
26 |
*/
|
|
|
27 |
class MySource_Sniffs_PHP_EvalObjectFactorySniff implements PHP_CodeSniffer_Sniff
|
|
|
28 |
{
|
|
|
29 |
|
|
|
30 |
|
|
|
31 |
/**
|
|
|
32 |
* Returns an array of tokens this test wants to listen for.
|
|
|
33 |
*
|
|
|
34 |
* @return array
|
|
|
35 |
*/
|
|
|
36 |
public function register()
|
|
|
37 |
{
|
|
|
38 |
return array(T_EVAL);
|
|
|
39 |
|
|
|
40 |
}//end register()
|
|
|
41 |
|
|
|
42 |
|
|
|
43 |
/**
|
|
|
44 |
* Processes this sniff, when one of its tokens is encountered.
|
|
|
45 |
*
|
|
|
46 |
* @param PHP_CodeSniffer_File $phpcsFile The file being scanned.
|
|
|
47 |
* @param int $stackPtr The position of the current token in
|
|
|
48 |
* the stack passed in $tokens.
|
|
|
49 |
*
|
|
|
50 |
* @return void
|
|
|
51 |
*/
|
|
|
52 |
public function process(PHP_CodeSniffer_File $phpcsFile, $stackPtr)
|
|
|
53 |
{
|
|
|
54 |
$tokens = $phpcsFile->getTokens();
|
|
|
55 |
|
|
|
56 |
/*
|
|
|
57 |
We need to find all strings that will be in the eval
|
|
|
58 |
to determine if the "new" keyword is being used.
|
|
|
59 |
*/
|
|
|
60 |
|
|
|
61 |
$openBracket = $phpcsFile->findNext(T_OPEN_PARENTHESIS, ($stackPtr + 1));
|
|
|
62 |
$closeBracket = $tokens[$openBracket]['parenthesis_closer'];
|
|
|
63 |
|
|
|
64 |
$strings = array();
|
|
|
65 |
$vars = array();
|
|
|
66 |
|
|
|
67 |
for ($i = ($openBracket + 1); $i < $closeBracket; $i++) {
|
|
|
68 |
if (in_array($tokens[$i]['code'], PHP_CodeSniffer_Tokens::$stringTokens) === true) {
|
|
|
69 |
$strings[$i] = $tokens[$i]['content'];
|
|
|
70 |
} else if ($tokens[$i]['code'] === T_VARIABLE) {
|
|
|
71 |
$vars[$i] = $tokens[$i]['content'];
|
|
|
72 |
}
|
|
|
73 |
}
|
|
|
74 |
|
|
|
75 |
/*
|
|
|
76 |
We now have some variables that we need to expand into
|
|
|
77 |
the strings that were assigned to them, if any.
|
|
|
78 |
*/
|
|
|
79 |
|
|
|
80 |
foreach ($vars as $varPtr => $varName) {
|
|
|
81 |
while (($prev = $phpcsFile->findPrevious(T_VARIABLE, ($varPtr - 1))) !== false) {
|
|
|
82 |
// Make sure this is an assignment of the variable. That means
|
|
|
83 |
// it will be the first thing on the line.
|
|
|
84 |
$prevContent = $phpcsFile->findPrevious(T_WHITESPACE, ($prev - 1), null, true);
|
|
|
85 |
if ($tokens[$prevContent]['line'] === $tokens[$prev]['line']) {
|
|
|
86 |
$varPtr = $prevContent;
|
|
|
87 |
continue;
|
|
|
88 |
}
|
|
|
89 |
|
|
|
90 |
if ($tokens[$prev]['content'] !== $varName) {
|
|
|
91 |
// This variable has a different name.
|
|
|
92 |
$varPtr = $prevContent;
|
|
|
93 |
continue;
|
|
|
94 |
}
|
|
|
95 |
|
|
|
96 |
// We found one.
|
|
|
97 |
break;
|
|
|
98 |
}//end while
|
|
|
99 |
|
|
|
100 |
if ($prev !== false) {
|
|
|
101 |
// Find all strings on the line.
|
|
|
102 |
$lineEnd = $phpcsFile->findNext(T_SEMICOLON, ($prev + 1));
|
|
|
103 |
for ($i = ($prev + 1); $i < $lineEnd; $i++) {
|
|
|
104 |
if (in_array($tokens[$i]['code'], PHP_CodeSniffer_Tokens::$stringTokens) === true) {
|
|
|
105 |
$strings[$i] = $tokens[$i]['content'];
|
|
|
106 |
}
|
|
|
107 |
}
|
|
|
108 |
}
|
|
|
109 |
}//end foreach
|
|
|
110 |
|
|
|
111 |
foreach ($strings as $string) {
|
|
|
112 |
// If the string has "new" in it, it is not allowed.
|
|
|
113 |
// We don't bother checking if the word "new" is echo'd
|
|
|
114 |
// because that is unlikely to happen. We assume the use
|
|
|
115 |
// of "new" is for object instantiation.
|
|
|
116 |
if (strstr($string, ' new ') !== false) {
|
|
|
117 |
$error = 'Do not use eval() to create objects dynamically; use reflection instead';
|
|
|
118 |
$phpcsFile->addWarning($error, $stackPtr);
|
|
|
119 |
}
|
|
|
120 |
}
|
|
|
121 |
|
|
|
122 |
}//end process()
|
|
|
123 |
|
|
|
124 |
|
|
|
125 |
}//end class
|
|
|
126 |
|
|
|
127 |
?>
|