xarxaprod-wp-theme/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Security/PluginMenuSlugSniff.php

90 lines
2.9 KiB
PHP
Raw Permalink Normal View History

2024-01-09 16:13:20 +01:00
<?php
/**
* WordPress Coding Standard.
*
* @package WPCS\WordPressCodingStandards
* @link https://github.com/WordPress/WordPress-Coding-Standards
* @license https://opensource.org/licenses/MIT MIT
*/
namespace WordPressCS\WordPress\Sniffs\Security;
use WordPressCS\WordPress\AbstractFunctionParameterSniff;
/**
* Warn about __FILE__ for page registration.
*
* @link https://vip.wordpress.com/documentation/vip-go/code-review-blockers-warnings-notices/#using-__file__-for-page-registration
*
* @package WPCS\WordPressCodingStandards
*
* @since 0.3.0
* @since 0.11.0 Refactored to extend the new WordPressCS native
* `AbstractFunctionParameterSniff` class.
* @since 0.13.0 Class name changed: this class is now namespaced.
* @since 1.0.0 This sniff has been moved from the `VIP` category to the `Security` category.
*/
class PluginMenuSlugSniff extends AbstractFunctionParameterSniff {
/**
* The group name for this group of functions.
*
* @since 0.11.0
*
* @var string
*/
protected $group_name = 'add_menu_functions';
/**
* Functions which can be used to add pages to the WP Admin menu.
*
* @since 0.3.0
* @since 0.11.0 Renamed from $add_menu_functions to $target_functions
* and changed visibility to protected.
*
* @var array <string function name> => <array target parameter positions>
*/
protected $target_functions = array(
'add_menu_page' => array( 4 ),
'add_object_page' => array( 4 ),
'add_utility_page' => array( 4 ),
'add_submenu_page' => array( 1, 5 ),
'add_dashboard_page' => array( 4 ),
'add_posts_page' => array( 4 ),
'add_media_page' => array( 4 ),
'add_links_page' => array( 4 ),
'add_pages_page' => array( 4 ),
'add_comments_page' => array( 4 ),
'add_theme_page' => array( 4 ),
'add_plugins_page' => array( 4 ),
'add_users_page' => array( 4 ),
'add_management_page' => array( 4 ),
'add_options_page' => array( 4 ),
);
/**
* Process the parameters of a matched function.
*
* @since 0.11.0
*
* @param int $stackPtr The position of the current token in the stack.
* @param string $group_name The name of the group which was matched.
* @param string $matched_content The token content (function name) which was matched.
* @param array $parameters Array with information about the parameters.
*
* @return void
*/
public function process_parameters( $stackPtr, $group_name, $matched_content, $parameters ) {
foreach ( $this->target_functions[ $matched_content ] as $position ) {
if ( isset( $parameters[ $position ] ) ) {
$file_constant = $this->phpcsFile->findNext( \T_FILE, $parameters[ $position ]['start'], ( $parameters[ $position ]['end'] + 1 ) );
if ( false !== $file_constant ) {
$this->phpcsFile->addWarning( 'Using __FILE__ for menu slugs risks exposing filesystem structure.', $stackPtr, 'Using__FILE__' );
}
}
}
}
}