Differential D21453 Diff 51058 src/lint/linter/xhpast/rules/ArcanistFormattedStringXHPASTLinterRule.php
Changeset View
Changeset View
Standalone View
Standalone View
src/lint/linter/xhpast/rules/ArcanistFormattedStringXHPASTLinterRule.php
| Show First 20 Lines • Show All 76 Lines • ▼ Show 20 Lines | foreach ($function_calls as $call) { | ||||
| if ($argc < 1) { | if ($argc < 1) { | ||||
| $this->raiseLintAtNode( | $this->raiseLintAtNode( | ||||
| $call, | $call, | ||||
| pht('This function is expected to have a format string.')); | pht('This function is expected to have a format string.')); | ||||
| continue; | continue; | ||||
| } | } | ||||
| $format = $parameters->getChildByIndex($start); | $format = $parameters->getChildByIndex($start); | ||||
| if ($format->getTypeName() != 'n_STRING_SCALAR') { | if (!$format->isConstantString()) { | ||||
| // TODO: When this parameter is not a constant string, the call may | |||||
Lint: TODO Comment: This comment has a TODO. | |||||
| // be unsafe. We should make some attempt to warn about this for | |||||
| // "qsprintf()" and other security-sensitive functions. | |||||
| continue; | continue; | ||||
| } | } | ||||
| $argv = array($format->evalStatic()) + array_fill(0, $argc, null); | $argv = array($format->evalStatic()) + array_fill(0, $argc, null); | ||||
| try { | try { | ||||
| xsprintf(null, null, $argv); | xsprintf(null, null, $argv); | ||||
| } catch (BadFunctionCallException $ex) { | } catch (BadFunctionCallException $ex) { | ||||
| Show All 10 Lines | |||||
This comment has a TODO.