| public findNext ( integer | array $types, integer $start, integer $end = null, boolean $exclude = false, string $value = null, boolean $local = false ) : integer | boolean | ||
| $types | integer | array | The type(s) of tokens to search for. |
| $start | integer | The position to start searching from in the token stack. |
| $end | integer | The end position to fail if no token is found. if not specified or null, end will default to the end of the token stack. |
| $exclude | boolean | If true, find the next token that is NOT of a type specified in $types. |
| $value | string | The value that the token(s) must be equal to. If value is omitted, tokens with any value will be returned. |
| $local | boolean | If true, tokens outside the current statement will not be checked. i.e., checking will stop at the next semi-colon found. |
| return | integer | boolean | |
public function findNext($types, $start, $end = null, $exclude = false, $value = null, $local = false)
{
$types = (array) $types;
if ($end === null || $end > $this->numTokens) {
$end = $this->numTokens;
}
for ($i = $start; $i < $end; $i++) {
$found = (bool) $exclude;
foreach ($types as $type) {
if ($this->_tokens[$i]['code'] === $type) {
$found = !$exclude;
break;
}
}
if ($found === true) {
if ($value === null) {
return $i;
} else {
if ($this->_tokens[$i]['content'] === $value) {
return $i;
}
}
}
if ($local === true && $this->_tokens[$i]['code'] === T_SEMICOLON) {
break;
}
}
//end for
return false;
} /**
* Processes the tokens that this sniff is interested in.
*
* @param PHP_CodeSniffer_File $phpcsFile The file where the token was found.
* @param int $stackPtr The position in the stack where
* the token was found.
*
* @return void
*/
public function process(PHP_CodeSniffer_File $phpcsFile, $stackPtr)
{
$utils = Security_Sniffs_UtilsFactory::getInstance();
$tokens = $phpcsFile->getTokens();
if ($tokens[$stackPtr]['content'] == "'#value'" || $tokens[$stackPtr]['content'] == '"#value"') {
$closer = $phpcsFile->findNext(T_SEMICOLON, $stackPtr);
$next = $phpcsFile->findNext(array_merge(PHP_CodeSniffer_Tokens::$bracketTokens, PHP_CodeSniffer_Tokens::$emptyTokens, PHP_CodeSniffer_Tokens::$assignmentTokens), $stackPtr + 1, $closer + 1, true);
if ($next == $closer && $tokens[$next]['code'] == T_SEMICOLON) {
// Case of $label = $element['#value'];
$next = $phpcsFile->findPrevious(PHP_CodeSniffer_Tokens::$assignmentTokens, $next);
$next = $phpcsFile->findPrevious(T_VARIABLE, $next);
$phpcsFile->addWarning('Potential XSS found with #value on ' . $tokens[$next]['content'], $next, 'D7XSSWarFormValue');
} elseif ($next && $utils::is_token_user_input($tokens[$next])) {
$phpcsFile->addError('XSS found with #value on ' . $tokens[$next]['content'], $next, 'D7XSSErrFormValue');
} elseif ($next && PHP_CodeSniffer::getConfigData('ParanoiaMode')) {
if (in_array($tokens[$next]['content'], $utils::getXSSMitigationFunctions())) {
$n = $phpcsFile->findNext($utils::getVariableTokens(), $next + 1, $closer);
if ($n) {
$phpcsFile->addWarning('Potential XSS found with #value on ' . $tokens[$n]['content'], $n, 'D7XSSWarFormValue');
}
} else {
$phpcsFile->addWarning('Potential XSS found with #value on ' . $tokens[$next]['content'], $next, 'D7XSSWarFormValue');
}
}
}
}
