diff --git a/WordPress/Sniff.php b/WordPress/Sniff.php index 926f28e8c1..e5c8e3c363 100644 --- a/WordPress/Sniff.php +++ b/WordPress/Sniff.php @@ -1515,7 +1515,7 @@ protected function get_use_type( $stackPtr ) { * * @since 0.9.0 * - * @param string $string A T_DOUBLE_QUOTED_STRING token. + * @param string $string A T_DOUBLE_QUOTED_STRING or T_HEREDOC token. * * @return array Variable names (without '$' sigil). */ diff --git a/WordPress/Sniffs/VIP/ValidatedSanitizedInputSniff.php b/WordPress/Sniffs/VIP/ValidatedSanitizedInputSniff.php index ccf908850b..72cc1d37c8 100644 --- a/WordPress/Sniffs/VIP/ValidatedSanitizedInputSniff.php +++ b/WordPress/Sniffs/VIP/ValidatedSanitizedInputSniff.php @@ -70,6 +70,7 @@ public function register() { return array( T_VARIABLE, T_DOUBLE_QUOTED_STRING, + T_HEREDOC, ); } @@ -85,7 +86,9 @@ public function process_token( $stackPtr ) { $superglobals = $this->input_superglobals; // Handling string interpolation. - if ( T_DOUBLE_QUOTED_STRING === $this->tokens[ $stackPtr ]['code'] ) { + if ( T_DOUBLE_QUOTED_STRING === $this->tokens[ $stackPtr ]['code'] + || T_HEREDOC === $this->tokens[ $stackPtr ]['code'] + ) { $interpolated_variables = array_map( create_function( '$symbol', 'return "$" . $symbol;' ), // Replace with closure when 5.3 is minimum requirement for PHPCS. $this->get_interpolated_variables( $this->tokens[ $stackPtr ]['content'] ) diff --git a/WordPress/Tests/VIP/ValidatedSanitizedInputUnitTest.inc b/WordPress/Tests/VIP/ValidatedSanitizedInputUnitTest.inc index 9f50d45a6f..1d41fc9296 100644 --- a/WordPress/Tests/VIP/ValidatedSanitizedInputUnitTest.inc +++ b/WordPress/Tests/VIP/ValidatedSanitizedInputUnitTest.inc @@ -149,3 +149,14 @@ function test_this() { $abc = sanitize_twitter_handle( $_POST['abc_field'] ); // Bad x2, sanitize + unslash. } + +// Variables in heredocs. +output( << 1, 138 => 1, 150 => 2, + 160 => 2, ); }