<?php
/**
 * PHPCompatibility, an external standard for PHP_CodeSniffer.
 *
 * @package   PHPCompatibility
 * @copyright 2012-2019 PHPCompatibility Contributors
 * @license   https://opensource.org/licenses/LGPL-3.0 LGPL3
 * @link      https://github.com/PHPCompatibility/PHPCompatibility
 */

namespace PHPCompatibility\Sniffs\ParameterValues;

use PHPCompatibility\AbstractFunctionCallParameterSniff;
use PHP_CodeSniffer_File as File;
use PHP_CodeSniffer_Tokens as Tokens;

/**
 * As of PHP 7.4, `proc_open()` now also accepts an array instead of a string for the command.
 *
 * In that case, the process will be opened directly (without going through a shell) and
 * PHP will take care of any necessary argument escaping.
 *
 * PHP version 7.4
 *
 * @link https://www.php.net/manual/en/migration74.new-features.php#migration74.new-features.standard.proc-open
 * @link https://www.php.net/manual/en/function.proc-open.php
 *
 * @since 9.3.0
 */
class NewProcOpenCmdArraySniff extends AbstractFunctionCallParameterSniff
{

    /**
     * Functions to check for.
     *
     * @since 9.3.0
     *
     * @var array
     */
    protected $targetFunctions = array(
        'proc_open' => true,
    );


    /**
     * Do a version check to determine if this sniff needs to run at all.
     *
     * @since 9.3.0
     *
     * @return bool
     */
    protected function bowOutEarly()
    {
        return false;
    }


    /**
     * Process the parameters of a matched function.
     *
     * @since 9.3.0
     *
     * @param \PHP_CodeSniffer_File $phpcsFile    The file being scanned.
     * @param int                   $stackPtr     The position of the current token in the stack.
     * @param string                $functionName The token content (function name) which was matched.
     * @param array                 $parameters   Array with information about the parameters.
     *
     * @return int|void Integer stack pointer to skip forward or void to continue
     *                  normal file processing.
     */
    public function processParameters(File $phpcsFile, $stackPtr, $functionName, $parameters)
    {
        if (isset($parameters[1]) === false) {
            return;
        }

        $tokens       = $phpcsFile->getTokens();
        $targetParam  = $parameters[1];
        $nextNonEmpty = $phpcsFile->findNext(Tokens::$emptyTokens, $targetParam['start'], $targetParam['end'], true);

        if ($nextNonEmpty === false) {
            // Shouldn't be possible.
            return;
        }

        if ($tokens[$nextNonEmpty]['code'] !== \T_ARRAY
            && $tokens[$nextNonEmpty]['code'] !== \T_OPEN_SHORT_ARRAY
        ) {
            // Not passed as an array.
            return;
        }

        if ($this->supportsBelow('7.3') === true) {
            $phpcsFile->addError(
                'The proc_open() function did not accept $cmd to be passed in array format in PHP 7.3 and earlier.',
                $nextNonEmpty,
                'Found'
            );
        }

        if ($this->supportsAbove('7.4') === true) {
            if (strpos($targetParam['raw'], 'escapeshellarg(') === false) {
                // Efficiency: prevent needlessly walking the array.
                return;
            }

            $items = $this->getFunctionCallParameters($phpcsFile, $nextNonEmpty);

            if (empty($items)) {
                return;
            }

            foreach ($items as $item) {
                for ($i = $item['start']; $i <= $item['end']; $i++) {
                    if ($tokens[$i]['code'] !== \T_STRING
                        || $tokens[$i]['content'] !== 'escapeshellarg'
                    ) {
                        continue;
                    }

                    // @todo Potential future enhancement: check if it's a call to the PHP native function.

                    $phpcsFile->addWarning(
                        'When passing proc_open() the $cmd parameter as an array, PHP will take care of any necessary argument escaping. Found: %s',
                        $i,
                        'Invalid',
                        array($item['raw'])
                    );

                    // Only throw one error per array item.
                    break;
                }
            }
        }
    }
}