Update loose config to use allowParamFlagsAnywhere

Followup to #150
spaze · Dec 7, 2022 · c3ffa8b · c3ffa8b
1 parent cb8db9c
commit c3ffa8b
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 5 deletions.
diff --git a/disallowed-loose-calls.neon b/disallowed-loose-calls.neon
@@ -8,5 +8,5 @@ parameters:
 		-
 			function: 'htmlspecialchars()'
 			message: 'set the $flags parameter to `ENT_QUOTES` to also convert single quotes to entities to prevent some HTML injection bugs'
-			allowParamsAnywhere:
+			allowParamFlagsAnywhere:
 				2: ::ENT_QUOTES
diff --git a/tests/Configs/LooseConfigFunctionCallsTest.php b/tests/Configs/LooseConfigFunctionCallsTest.php
@@ -21,9 +21,14 @@ protected function getRule(): Rule
 		$config = Neon::decode(file_get_contents(__DIR__ . '/../../disallowed-loose-calls.neon'));
 		// emulate how the real config loader expands constants that are used in the config file above (e.g. ::ENT_QUOTES)
 		foreach ($config['parameters']['disallowedFunctionCalls'] as &$call) {
-			foreach ($call['allowParamsAnywhere'] as &$param) {
-				if (is_string($param) && preg_match('/^::([A-Z0-9_]+)$/', $param, $matches)) {
-					$param = constant($matches[1]);
+			foreach (['allowParamsAnywhere', 'allowParamFlagsAnywhere'] as $key) {
+				if (!isset($call[$key])) {
+					continue;
+				}
+				foreach ($call[$key] as &$param) {
+					if (is_string($param) && preg_match('/^::([A-Z0-9_]+)$/', $param, $matches)) {
+						$param = constant($matches[1]);
+					}
 				}
 			}
 		}
@@ -43,7 +48,8 @@ public function testRule(): void
 			['Calling in_array() is forbidden, set the third parameter $strict to `true` to also check the types to prevent type juggling bugs', 4],
 			['Calling in_array() is forbidden, set the third parameter $strict to `true` to also check the types to prevent type juggling bugs', 6],
 			['Calling htmlspecialchars() is forbidden, set the $flags parameter to `ENT_QUOTES` to also convert single quotes to entities to prevent some HTML injection bugs', 7],
-			['Calling htmlspecialchars() is forbidden, set the $flags parameter to `ENT_QUOTES` to also convert single quotes to entities to prevent some HTML injection bugs', 10],
+			['Calling htmlspecialchars() is forbidden, set the $flags parameter to `ENT_QUOTES` to also convert single quotes to entities to prevent some HTML injection bugs', 12],
+			['Calling htmlspecialchars() is forbidden, set the $flags parameter to `ENT_QUOTES` to also convert single quotes to entities to prevent some HTML injection bugs', 13],
 		]);
 	}
 

diff --git a/tests/src/configs/looseCalls.php b/tests/src/configs/looseCalls.php
@@ -7,4 +7,7 @@
 htmlspecialchars('foo');
 htmlspecialchars('foo', ENT_QUOTES);
 htmlspecialchars('foo', 3);
+htmlspecialchars('foo', ENT_QUOTES | ENT_HTML5);
+htmlspecialchars('foo', 51);  // ENT_QUOTES | ENT_HTML5
+htmlspecialchars('foo', ENT_XHTML);
 htmlspecialchars('foo', 4);