Merge pull request #34 from moufmouf/false_positives

moufmouf · web-flow · commit 1427a4ed436b · 2018-09-14T14:54:16.000+02:00
Removing false positives
diff --git a/.travis.yml b/.travis.yml
@@ -23,6 +23,13 @@ before_script:
   else
     cd generator/doc/doc-en
     svn update
+    if [ $? -ne 0 ];
+    then
+      cd ..
+      rm -rf doc-en
+      svn co https://svn.php.net/repository/phpdoc/modules/doc-en doc-en
+      cd doc-en
+    fi
     cd ../../..
   fi
 - composer update
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -2,7 +2,7 @@
 
 Safe-PHP code is generated automatically from the PHP doc.
 
-## How to generate Safe-PHP code
+## How to install Safe-PHP development environment
 
 The first step is to download the PHP documentation project locally.
 You will need Subversion (svn) installed on your computer.
@@ -20,7 +20,6 @@ $ cd generator/doc/doc-en
 $ svn update
 ```
 
-
 ### Generating the functions
 
 Generating the functions can be done with a simple command.
@@ -29,3 +28,11 @@ Generating the functions can be done with a simple command.
 $ cd generator
 $ php ./safe.php generate
 ```
+
+### Submitting a PR
+
+The continuous integration hooks will regenerate all the functions and check that the result is exactly what has been
+committed. Therefore, before submitting a PR, please:
+
+- Perform a "svn update"
+- Regenerate the files using `php ./safe.php generate`
diff --git a/generated/filesystem.php b/generated/filesystem.php
@@ -877,53 +877,6 @@ function glob(string $pattern, int $flags = 0): array
 }
 
 
-/**
- * Tells whether the filename is executable.
- *
- * @param string $filename Path to the file.
- * @throws FilesystemException
- *
- */
-function is_executable(string $filename): void
-{
-    error_clear_last();
-    $result = \is_executable($filename);
-    if ($result === false) {
-        throw FilesystemException::createFromPhpError();
-    }
-}
-
-
-/**
- * Returns TRUE if the file named by filename was
- * uploaded via HTTP POST. This is useful to help ensure that a
- * malicious user hasn't tried to trick the script into working on
- * files upon which it should not be working--for instance,
- * /etc/passwd.
- *
- * This sort of check is especially important if there is any chance
- * that anything done with uploaded files could reveal their
- * contents to the user, or even to other users on the same
- * system.
- *
- * For proper working, the function is_uploaded_file needs
- * an argument like $_FILES['userfile']['tmp_name'], - the name of the uploaded
- * file on the client's machine $_FILES['userfile']['name'] does not work.
- *
- * @param string $filename The filename being checked.
- * @throws FilesystemException
- *
- */
-function is_uploaded_file(string $filename): void
-{
-    error_clear_last();
-    $result = \is_uploaded_file($filename);
-    if ($result === false) {
-        throw FilesystemException::createFromPhpError();
-    }
-}
-
-
 /**
  * Attempts to change the group of the symlink filename
  * to group.
diff --git a/generated/functionsList.php b/generated/functionsList.php
@@ -145,8 +145,6 @@
     'ftruncate',
     'fwrite',
     'glob',
-    'is_executable',
-    'is_uploaded_file',
     'lchgrp',
     'lchown',
     'link',
@@ -907,7 +905,6 @@
     'stream_filter_register',
     'stream_filter_remove',
     'stream_get_contents',
-    'stream_is_local',
     'stream_isatty',
     'stream_resolve_include_path',
     'stream_set_blocking',
diff --git a/generated/stream.php b/generated/stream.php
@@ -225,23 +225,6 @@ function stream_get_contents($handle, int $maxlength = -1, int $offset = -1): st
 }
 
 
-/**
- * Checks if a stream, or a URL, is a local one or not.
- *
- * @param mixed $stream_or_url The stream resource or URL to check.
- * @throws StreamException
- *
- */
-function stream_is_local($stream_or_url): void
-{
-    error_clear_last();
-    $result = \stream_is_local($stream_or_url);
-    if ($result === false) {
-        throw StreamException::createFromPhpError();
-    }
-}
-
-
 /**
  * Determines if stream stream refers to a valid terminal type device.
  * This is a more portable version of posix_isatty, since it works on Windows systems too.
diff --git a/generator/config/ignoredFunctions.php b/generator/config/ignoredFunctions.php
@@ -1,4 +1,7 @@
 <?php
 return [
     'array_key_exists',
+    'is_executable',
+    'is_uploaded_file',
+    'stream_is_local',
 ];
