<?php
/**
 * WPThemeReview Coding Standard.
 *
 * @package WPTRT\WPThemeReview
 * @link    https://github.com/WPTRT/WPThemeReview
 * @license https://opensource.org/licenses/MIT MIT
 */

namespace WPThemeReview\Sniffs\ThouShallNotUse;

use PHP_CodeSniffer\Sniffs\Sniff;
use PHP_CodeSniffer\Files\File;
use PHP_CodeSniffer\Util\Tokens;

/**
 * Check for use of <iframe>. Often used for malicious code.
 *
 * @link  https://make.wordpress.org/themes/handbook/review/required/theme-check-plugin/#info
 *
 * @since 0.1.0
 */
class ForbiddenIframeSniff implements Sniff {

	/**
	 * The regex to catch usage of <iframe ...>.
	 *
	 * This regex will prevent matches being made on `<iframe>` without attributes.
	 *
	 * @var string
	 */
	const IFRAME_REGEX = '`(<iframe\s+[^>]+>)`i';

	/**
	 * Returns an array of tokens this test wants to listen for.
	 *
	 * @return array
	 */
	public function register() {
		return Tokens::$textStringTokens;
	}

	/**
	 * Processes this test, when one of its tokens is encountered.
	 *
	 * @param \PHP_CodeSniffer\Files\File $phpcsFile The PHP_CodeSniffer file where the
	 *                                               token was found.
	 * @param int                         $stackPtr  The position of the current token
	 *                                               in the stack.
	 *
	 * @return void
	 */
	public function process( File $phpcsFile, $stackPtr ) {

		$tokens = $phpcsFile->getTokens();

		if ( preg_match( self::IFRAME_REGEX, $tokens[ $stackPtr ]['content'], $matches ) > 0 ) {
			$phpcsFile->addError(
				'Usage of the iframe HTML element is prohibited. Found: %s',
				$stackPtr,
				'Found',
				[ $matches[1] ]
			);
		}
	}

}