ValidatedSanitizedInput: add tests validating variables with array_key_exists()

jrfnl · jrfnl · commit 44e5857686de · 2019-01-23T14:40:44.000+01:00
diff --git a/WordPress/Tests/Security/ValidatedSanitizedInputUnitTest.inc b/WordPress/Tests/Security/ValidatedSanitizedInputUnitTest.inc
@@ -188,3 +188,24 @@ if ( isset( $_POST[ 'currentid' ] ) ){
 if ( isset ( $_POST['thisisnotget'] ) ) {
 	$get = (int) $_GET['thisisnotget']; // Bad.
 }
+
+// Recognize PHP native array_key_exists() as validation function.
+if ( array_key_exists( 'my_field1', $_POST ) ) {
+	$id = (int) $_POST['my_field1']; // OK.
+}
+
+if ( \array_key_exists( 'my_field2', $_POST ) ) {
+	$id = (int) $_POST['my_field2']; // OK.
+}
+
+if ( \Some\ClassName\array_key_exists( 'my_field3', $_POST ) ) {
+	$id = (int) $_POST['my_field3']; // Bad.
+}
+
+if ( $obj->array_key_exists( 'my_field4', $_POST ) ) {
+	$id = (int) $_POST['my_field4']; // Bad.
+}
+
+if ( ClassName::array_key_exists( 'my_field5', $_POST ) ) {
+	$id = (int) $_POST['my_field5']; // Bad.
+}
diff --git a/WordPress/Tests/Security/ValidatedSanitizedInputUnitTest.php b/WordPress/Tests/Security/ValidatedSanitizedInputUnitTest.php
@@ -55,6 +55,9 @@ public function getErrorList() {
 			150 => 2,
 			160 => 2,
 			189 => 1,
+			202 => 1,
+			206 => 1,
+			210 => 1,
 		);
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -55,6 +55,9 @@ public function getErrorList() {`
`55`	`55`	`150 => 2,`
`56`	`56`	`160 => 2,`
`57`	`57`	`189 => 1,`
	`58`	`+ 202 => 1,`
	`59`	`+ 206 => 1,`
	`60`	`+ 210 => 1,`
`58`	`61`	`);`
`59`	`62`	`}`
`60`	`63`