Merge pull request #1664 from WordPress-Coding-Standards/feature/is_s…

…anitized-code-style-independence Sniff::is_sanitized(): make the method more code style independent
WordPress · Mar 28, 2019 · 15b7ffb · 15b7ffb
2 parents 5f27d8e + d43381a
commit 15b7ffb
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 13 deletions.
diff --git a/WordPress/Sniff.php b/WordPress/Sniff.php
@@ -1572,54 +1572,55 @@ protected function is_sanitized( $stackPtr, $require_unslash = false ) {
 			if ( $require_unslash ) {
 				$this->add_unslash_error( $stackPtr );
 			}
+
 			return false;
 		}
 
 		// Get the function that it's in.
 		$nested_parenthesis = $this->tokens[ $stackPtr ]['nested_parenthesis'];
-		$function_closer    = end( $nested_parenthesis );
-		$function_opener    = key( $nested_parenthesis );
-		$function           = $this->tokens[ ( $function_opener - 1 ) ];
+		$nested_openers     = array_keys( $nested_parenthesis );
+		$function_opener    = array_pop( $nested_openers );
+		$functionPtr        = $this->phpcsFile->findPrevious( Tokens::$emptyTokens, ( $function_opener - 1 ), null, true, null, true );
 
 		// If it is just being unset, the value isn't used at all, so it's safe.
-		if ( \T_UNSET === $function['code'] ) {
+		if ( \T_UNSET === $this->tokens[ $functionPtr ]['code'] ) {
 			return true;
 		}
 
-		// If this isn't a call to a function, it sure isn't sanitizing function.
-		if ( \T_STRING !== $function['code'] ) {
+		// If this isn't a call to a function, it sure isn't a sanitizing function.
+		if ( \T_STRING !== $this->tokens[ $functionPtr ]['code'] ) {
 			if ( $require_unslash ) {
 				$this->add_unslash_error( $stackPtr );
 			}
+
 			return false;
 		}
 
-		$functionName = $function['content'];
+		$functionName = $this->tokens[ $functionPtr ]['content'];
 
 		// Check if wp_unslash() is being used.
 		if ( 'wp_unslash' === $functionName ) {
 
 			$is_unslashed    = true;
-			$function_closer = prev( $nested_parenthesis );
+			$function_opener = array_pop( $nested_openers );
 
 			// If there is no other function being used, this value is unsanitized.
-			if ( ! $function_closer ) {
+			if ( ! isset( $function_opener ) ) {
 				return false;
 			}
 
-			$function_opener = key( $nested_parenthesis );
-			$functionName    = $this->tokens[ ( $function_opener - 1 ) ]['content'];
+			$functionPtr  = $this->phpcsFile->findPrevious( Tokens::$emptyTokens, ( $function_opener - 1 ), null, true, null, true );
+			$functionName = $this->tokens[ $functionPtr ]['content'];
 
 		} else {
-
 			$is_unslashed = false;
 		}
 
 		// Arrays might be sanitized via array_map().
 		if ( 'array_map' === $functionName ) {
 
 			// Get the first parameter.
-			$callback = $this->get_function_call_parameter( ( $function_opener - 1 ), 1 );
+			$callback = $this->get_function_call_parameter( $functionPtr, 1 );
 
 			if ( ! empty( $callback ) ) {
 				/*

diff --git a/WordPress/Tests/Security/ValidatedSanitizedInputUnitTest.inc b/WordPress/Tests/Security/ValidatedSanitizedInputUnitTest.inc
@@ -209,3 +209,5 @@ if ( $obj->array_key_exists( 'my_field4', $_POST ) ) {
 if ( ClassName::array_key_exists( 'my_field5', $_POST ) ) {
 	$id = (int) $_POST['my_field5']; // Bad.
 }
+
+echo sanitize_text_field (wp_unslash ($_GET['test'])); // OK.