Skip to content

Commit a615109

Browse files
jrfnljrfnl
committed
ProperEscapingFunction: deprecate, don't remove
... the `public` methods and as those use the `private` properties and extending sniffs may rely on the functionality of the `public` methods, we can't removed the `private` properties yet either, so deprecating those too.
1 parent 1401543 commit a615109

File tree

1 file changed

+75
-0
lines changed

1 file changed

+75
-0
lines changed

WordPressVIPMinimum/Sniffs/Security/ProperEscapingFunctionSniff.php

Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,39 @@ class ProperEscapingFunctionSniff extends Sniff {
5656
T_NS_SEPARATOR => T_NS_SEPARATOR,
5757
];
5858

59+
/**
60+
* List of attributes associated with url outputs.
61+
*
62+
* @deprecated 2.3.1 Currently unused by the sniff, but needed for
63+
* for public methods which extending sniffs may be
64+
* relying on.
65+
*
66+
* @var array
67+
*/
68+
private $url_attrs = [
69+
'href',
70+
'src',
71+
'url',
72+
'action',
73+
];
74+
75+
/**
76+
* List of syntaxes for inside attribute detection.
77+
*
78+
* @deprecated 2.3.1 Currently unused by the sniff, but needed for
79+
* for public methods which extending sniffs may be
80+
* relying on.
81+
*
82+
* @var array
83+
*/
84+
private $attr_endings = [
85+
'=',
86+
'="',
87+
"='",
88+
"=\\'",
89+
'=\\"',
90+
];
91+
5992
/**
6093
* Returns an array of tokens this test wants to listen for.
6194
*
@@ -133,6 +166,48 @@ public function process_token( $stackPtr ) {
133166
}
134167
}
135168

169+
/**
170+
* Tests whether provided string ends with open attribute which expects a URL value.
171+
*
172+
* @deprecated 2.3.1
173+
*
174+
* @param string $content Haystack in which we look for an open attribute which exects a URL value.
175+
*
176+
* @return bool True if string ends with open attribute which expects a URL value.
177+
*/
178+
public function attr_expects_url( $content ) {
179+
$attr_expects_url = false;
180+
foreach ( $this->url_attrs as $attr ) {
181+
foreach ( $this->attr_endings as $ending ) {
182+
if ( $this->endswith( $content, $attr . $ending ) === true ) {
183+
$attr_expects_url = true;
184+
break;
185+
}
186+
}
187+
}
188+
return $attr_expects_url;
189+
}
190+
191+
/**
192+
* Tests whether provided string ends with open HMTL attribute.
193+
*
194+
* @deprecated 2.3.1
195+
*
196+
* @param string $content Haystack in which we look for open HTML attribute.
197+
*
198+
* @return bool True if string ends with open HTML attribute.
199+
*/
200+
public function is_html_attr( $content ) {
201+
$is_html_attr = false;
202+
foreach ( $this->attr_endings as $ending ) {
203+
if ( $this->endswith( $content, $ending ) === true ) {
204+
$is_html_attr = true;
205+
break;
206+
}
207+
}
208+
return $is_html_attr;
209+
}
210+
136211
/**
137212
* Tests whether an attribute escaping function is being used outside of an HTML tag.
138213
*

0 commit comments

Comments
 (0)