BadFunctions/EasyRFI: use the build-in PHPCS functionality

jrfnl · jrfnl · commit 454f17534a5b · 2020-03-16T07:13:47.000+01:00
The PHPCS [`addError()`](https://pear.php.net/package/PHP_CodeSniffer/docs/3.5.4/apidoc/PHP_CodeSniffer/File.html#methodaddError) and [`addWarning()`](https://pear.php.net/package/PHP_CodeSniffer/docs/3.5.4/apidoc/PHP_CodeSniffer/File.html#methodaddWarning) functions have a build-in string replacement `sprintf()`-like functionality, so let's use it.
diff --git a/Security/Sniffs/BadFunctions/EasyRFISniff.php b/Security/Sniffs/BadFunctions/EasyRFISniff.php
@@ -50,12 +50,18 @@ public function process(File $phpcsFile, $stackPtr) {
 		}
 		while ($s) {
 			$s = $phpcsFile->findNext($this->search, $s + 1, $closer, true);
+
+			$data = array(
+				$tokens[$s]['content'],
+				$tokens[$stackPtr]['content'],
+			);
+
 			if ($s && $utils::is_token_user_input($tokens[$s])) {
 				if (\PHP_CodeSniffer\Config::getConfigData('ParanoiaMode') || !$utils::is_token_false_positive($tokens[$s], $tokens[$s+2])) {
-					$phpcsFile->addError('Easy RFI detected because of direct user input with ' . $tokens[$s]['content'] . ' on ' . $tokens[$stackPtr]['content'], $s, 'ErrEasyRFI');
+					$phpcsFile->addError('Easy RFI detected because of direct user input with %s on %s', $s, 'ErrEasyRFI', $data);
 				}
 			} elseif ($s && \PHP_CodeSniffer\Config::getConfigData('ParanoiaMode') && $tokens[$s]['content'] != '.') {
-				$phpcsFile->addWarning('Possible RFI detected with ' . $tokens[$s]['content'] . ' on ' . $tokens[$stackPtr]['content'], $s, 'WarnEasyRFI');
+				$phpcsFile->addWarning('Possible RFI detected with %s on %s', $s, 'WarnEasyRFI', $data);
 			}
 		}
 	}

Original file line number	Diff line number	Diff line change
`@@ -50,12 +50,18 @@ public function process(File $phpcsFile, $stackPtr) {`
`50`	`50`	`}`
`51`	`51`	`while ($s) {`
`52`	`52`	`$s = $phpcsFile->findNext($this->search, $s + 1, $closer, true);`
	`53`	`+`
	`54`	`+ $data = array(`
	`55`	`+ $tokens[$s]['content'],`
	`56`	`+ $tokens[$stackPtr]['content'],`
	`57`	`+ );`
	`58`	`+`
`53`	`59`	`if ($s && $utils::is_token_user_input($tokens[$s])) {`
`54`	`60`	`if (\PHP_CodeSniffer\Config::getConfigData('ParanoiaMode') \|\| !$utils::is_token_false_positive($tokens[$s], $tokens[$s+2])) {`
`55`		`- $phpcsFile->addError('Easy RFI detected because of direct user input with ' . $tokens[$s]['content'] . ' on ' . $tokens[$stackPtr]['content'], $s, 'ErrEasyRFI');`
	`61`	`+ $phpcsFile->addError('Easy RFI detected because of direct user input with %s on %s', $s, 'ErrEasyRFI', $data);`
`56`	`62`	`}`
`57`	`63`	`} elseif ($s && \PHP_CodeSniffer\Config::getConfigData('ParanoiaMode') && $tokens[$s]['content'] != '.') {`
`58`		`- $phpcsFile->addWarning('Possible RFI detected with ' . $tokens[$s]['content'] . ' on ' . $tokens[$stackPtr]['content'], $s, 'WarnEasyRFI');`
	`64`	`+ $phpcsFile->addWarning('Possible RFI detected with %s on %s', $s, 'WarnEasyRFI', $data);`
`59`	`65`	`}`
`60`	`66`	`}`
`61`	`67`	`}`