Skip to content

Commit 18df81f

Browse files
dingo-ddingo-d
committed
Update sniff to catch extra cases and prevent fixer issues
1 parent 9280466 commit 18df81f

File tree

1 file changed

+44
-10
lines changed

1 file changed

+44
-10
lines changed

WordPress/Sniffs/Security/EscapeOutputSniff.php

Lines changed: 44 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -740,23 +740,57 @@ protected function check_code_is_escaped( $start, $end, $code = 'OutputNotEscape
740740

741741
// Check if it's static method call.
742742
if ( $this->is_static_method_call( $i ) ) {
743-
$end_name_ptr = $this->get_fully_qualified_name_ptr( $i );
744-
745-
$class_name = '';
743+
$fully_qualified_name = '';
744+
$double_colon = $this->phpcsFile->findNext( \T_DOUBLE_COLON, $i, $end );
745+
$keyword = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $double_colon + 1 ), $end, true );
746746

747747
// Add a namespace separator to the class name, if it exists.
748748
if ( \T_NS_SEPARATOR === $this->tokens[ $i - 1 ]['code'] ) {
749-
$class_name = '\\';
749+
$fully_qualified_name = '\\';
750750
}
751751

752-
for ( $name_start = $i; $name_start <= $end_name_ptr; $name_start++ ) {
753-
$class_name .= $this->tokens[ $name_start ]['content'];
752+
/*
753+
* Check what is the type of the $keyword token:
754+
* T_STRING followed by a parenthesis opener - static method
755+
* T_STRING without a parenthesis - enum/class constant
756+
* T_VARIABLE - static public property
757+
* Based on this, we will construct the content to pass to, and set the $i and the $ptr variables.
758+
*/
759+
if ( \T_STRING === $this->tokens[ $keyword ]['code'] ) {
760+
$static_method_end = $this->phpcsFile->findNext( \T_CLOSE_PARENTHESIS, $i, $end );
761+
762+
// Enum/class constant.
763+
if ( false === $static_method_end ) {
764+
$constant_ptr = $this->phpcsFile->findNext( \T_STRING, $double_colon, $end );
765+
766+
for ( $name_start = $i; $name_start <= $constant_ptr; $name_start++ ) {
767+
$fully_qualified_name .= $this->tokens[ $name_start ]['content'];
768+
}
769+
unset( $name_start );
770+
771+
$i = $constant_ptr;
772+
$ptr = $i;
773+
} else { // Static method.
774+
for ( $name_start = $i; $name_start <= $keyword; $name_start++ ) {
775+
$fully_qualified_name .= $this->tokens[ $name_start ]['content'];
776+
}
777+
unset( $name_start );
778+
779+
$i = $static_method_end;
780+
$ptr = $keyword;
781+
}
782+
} elseif ( \T_VARIABLE === $this->tokens[ $keyword ]['code'] ) {
783+
for ( $name_start = $i; $name_start <= $keyword; $name_start++ ) {
784+
$fully_qualified_name .= $this->tokens[ $name_start ]['content'];
785+
}
786+
unset( $name_start );
787+
788+
$i = $keyword;
789+
$ptr = $i;
754790
}
755-
unset( $name_start );
756791

757-
// Skip the content of the static method.
758-
$i = $this->phpcsFile->findNext( \T_CLOSE_PARENTHESIS, $i, $end );
759-
$content = ! empty( $class_name ) ? trim( $class_name ) : $content;
792+
// Content should be a class and a method/constant.
793+
$content = ! empty( $fully_qualified_name ) ? trim( $fully_qualified_name ) : $content;
760794
}
761795
} else {
762796
$content = $this->tokens[ $i ]['content'];

0 commit comments

Comments
 (0)