phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code
License: GNU General Public License v3.0
composer install ./vendor/bin/phpcs --standard=example_base_ruleset.xml tests.php give me the following error:
[Symfony\Component\Console\Exception\RuntimeException]
The "--standard" option does not exist.install [--prefer-source] [--prefer-dist] [--dry-run] [--dev] [--no-dev] [--no-custom-installers] [--no-autoloader] [--no-scripts] [--no-progress] [-v|vv|vvv|--verbose] [-o|--optimize-autoloader] [-a|--classmap-authoritative] [--ignore-platform-reqs] [--] []...`
Steps used:
composer install ./vendor/bin/phpcs --standard=example_base_ruleset.xml tests.phpPHP version: 5.5.9
PHPCS version: 3.3.1
OS: Ubuntu 14.04 LTS
./vendor/bin/phpcs --standard=./vendor/pheromone/phpcs-security-audit/example_drupal7_ruleset.xml ./vendor/pheromone/phpcs-security-audit/tests.php
ERROR: Referenced sniff "Security.BadFunctions.Asserts" does not exist
php -v
PHP 7.3.12-1+ubuntu18.04.1+deb.sury.org+1 (cli) (built: Nov 28 2019 07:37:16) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.12, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.3.12-1+ubuntu18.04.1+deb.sury.org+1, Copyright (c) 1999-2018, by Zend Technologies
with Xdebug v2.8.0, Copyright (c) 2002-2019, by Derick Rethans
Following the comments on #28, and the following the example of pretty good open source tools like those:
https://find-sec-bugs.github.io/bugs.htm
https://security-code-scan.github.io/#Rules
We need to have non-inline documentation that tells a story about:
Since this goes over the initial goals for this tool, it would have to be with a big release like 3.0 with better support for false positive reduction.
Note that I'm now out of touch with the PHP community since I haven't touched it myself for a few years now. This project will definitely need help from the community. I'm currently considering doing the move to OWASP, as that would enable me to get people all around the world interested might be able to get back people into PHP. As far as I know, most of the OWASP PHP stuff is deprecated/abandoned and the rising usage of this tool is proof that the need is still there.
Hi,
The scanner fails detecting a line like this:
->withHeader('Access-Control-Allow-Origin', '*')
Suggestion: add a warning for lines containing both patterns "Access-Control-Allow-Origin" and "*" on the same line.
I would like to be able to use the exclude-pattern for specific rules in a ruleset.xml
<rule ref="Security.BadFunctions.FilesystemFunctions">
<exclude-pattern>*/config/*</exclude-pattern>
</rule>
This phpcs functionality does not appear to be working with phpcs-security-audit rules.
Hey,
I was wondering if there is any plan to add explanation of found issues to this project.
For example, we don't really understand why Function array_filter() that supports callback detected is detected as vulnerability. (Identifier:PHPCS_SecurityAudit.BadFunctions.CallbackFunctions.WarnFringestuff)
Is similar feature planned somewhere in the future?
We need to find a new home organization for this project.
There's a few things I'm considering such as creating an OWASP project or joining another organization.
See discussion in #47 for more details.
The following code fails to scan due to line 6 (use function usort).
<?php
namespace Demo;
use function strlen;
use function usort;
use function var_dump;
$data = [
"test-one",
"test-three",
"test-two",
"test-four",
];
$sortCallback = function ($a, $b) {
$lA = strlen($a);
$lB = strlen($b);
if ($lA == $lB) {
return 0;
}
return $lA < $lB ? -1 : 1;
};
usort($data, $sortCallback);
var_dump($data);Getting error: An error occurred during processing; checking has been aborted.
The error message was: Undefined index: parenthesis_closer in
...\Sniffs\BadFunctions\CallbackFunctionsSniff.php on line 34
Can you allow for native function imports?
This is kind of a meta issue that I have came up with
There are some changes that I think should be implemented
It will be very useful if this repo will have tests since it's opensource and a lot of people rely on it (at the moment there is 40k downloads)
3 Sep 2015.
<?php
class FakeDeleteClass
{
public function fakeDelete(string $baz): void
{
$this->service->delete($baz);
}
}
it says 7 | WARNING | Filesystem function delete() detected with dynamic parameter which is not true since it's my function not php build in one.
Also it (the issue) can be changed since I can come up with new ideas.
But I will not implement any of those without approve from the members if FloeDesignTechnologies organisation.
Running under PHP 7.2, the ErrorHandlingSniff can emit this error if there are no param tokens:
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
FOUND 1 ERROR AFFECTING 1 LINE
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
1 | ERROR | An error occurred during processing; checking has been aborted. The error message was: count(): Parameter must be an array or an object that implements
| | Countable in /path/to/vendor/pheromone/phpcs-security-audit/Security/Sniffs/BadFunctions/ErrorHandlingSniff.php on
| | line 34 (Internal.Exception)
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
In the process method, the count($p) crashes if $p is NULL:
$p = $utils::get_param_tokens($phpcsFile, $stackPtr, 1);
if (count($p) == 1 && $p[0]['content'] === '0') {Add a null check to make sure that $p is countable.
Anyone installing phpcs-security-audit via Composer now gets warnings like this:
Deprecation Notice: Class PHPCS_SecurityAudit\Sniffs\Drupal8\CVE20132110Sniff located in ./vendor/pheromone/phpcs-security-audit/Security/Sniffs/CVE/20132110Sniff.php does not comply with psr-4 autoloading standard. It will not autoload anymore in Composer v2.0. in phar:///home/dane/bin/composer/src/Composer/Autoload/ClassMapGenerator.php:201
This is due to a bug that I think was fix in master, but it has not been released. In fact there hasn't been a stable release since last year.
Could we please get a new stable release to fix these issues?
The Utils::is_token_false_positive() method required sniffs to pass two tokens. The second token is calculated, not retrieved via token walking and may therefore be incorrect.
The method basically expects code to be written like so:
$_SERVER['key'];... but all of the below are valid PHP and would fail the check because of the token calculation:
$_SERVER ['key'];
$_SERVER[ 'key' ];
$_SERVER[/*comment*/ 'key' ];
... etc...A common way to develop projects is to use Features and put all of the custom code into the .module file.
Features automatically added the following include to all .module files on the 7th line:
include_once 'myfeature.features.inc';Which produces the following warning for all Features using the Drupal7 Standard:
7 | ERROR | The file extension '.inc' that is not specified by --extensions
| | has been used in a include/require function. Please add it to
| | the scan process.
When i attempt to run phpcs with the example rulesets, I get the following errors:
Fatal error: Uncaught exception 'PHP_CodeSniffer_Exception' with message 'Referenced sniff Security.BadFunctions.Asserts does not exist' in /Users/tim/dev/bcc_test/vendor/squizlabs/php_codesniffer/CodeSniffer.php on line 876
It seems like it is unable to convert the rules in the ruleset file into paths to the PHP files. Could you possibly provide any info on how this works and or a way to fix the issue?
\PHPCS_SecurityAudit\Sniffs\BadFunctions\SystemExecFunctionsSniff makes the naive assumption that any string token with content matching the name of a system exec function is a function call, but this is not necessarily so. For example, it may be a namespace component. In that case, the sniff will cause an error.
Given the following test.php:
<?php
use Drupal\system\Entity\Action;Then:
./vendor/bin/phpcs -s ./
FILE: /var/www/test.php
----------------------------------------------------------------------
FOUND 2 ERRORS AND 1 WARNING AFFECTING 2 LINES
----------------------------------------------------------------------
1 | ERROR | [ ] An error occurred during processing; checking has
| | been aborted. The error message was: Undefined
| | index: parenthesis_closer in
| | /var/www/vendor/pheromone/phpcs-security-audit/Security/Sniffs/BadFunctions/SystemExecFunctionsSniff.php
| | on line 33 (Internal.Exception)
----------------------------------------------------------------------
PHPCBF CAN FIX THE 2 MARKED SNIFF VIOLATIONS AUTOMATICALLY
----------------------------------------------------------------------
Time: 120ms; Memory: 10MB
I was attempting to install this via Composer but it doesn't appear to be correctly registering. Am I missing something?
`$ composer require --dev pheromone/phpcs-security-audit
Using version ^2.0 for pheromone/phpcs-security-audit
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 2 installs, 0 updates, 0 removals
Hello.
It is possible, to update security rules? I found in the example_base_ruleset.xml two rules:
<rule ref="Security.CVE.20132110"/>
<rule ref="Security.CVE.20134113"/>
Could you update or send any recommendations - how to update? :) Only way is to write on my own a new one based on bugs.php.net ?
To reproduce run the sniff over the following:
// Our extension should be picked up as .php
require "required_php_file.php";
/**
* Instead, the sniff fails to find the extension and we get an error:
* No file extension has been found in a include/require function.
* This implies that some PHP code is not scanned by PHPCS.
*/I get phpcs: PHPCS_SecurityAudit.BadFunctions.FilesystemFunctions.WarnFilesystem: Filesystem function file_put_contents() detected with dynamic parameter
with this: file_put_contents('test.txt', 1, FILE_APPEND);
So FILE_APPEND is a dynamic parameter? If its the content or filename, i would say okay, but the flag?
I installed a drupal7 and module ctools 7.x-1.15. But phpcs gave me following message:
1 | ERROR | Module ctools 7.x-1.15 contains security issue and must be updated
| | to at least 7.x-1.3. Details: SA-CONTRIB-2013-041
| | CVE-2013-1925
| | (PHPCS_SecurityAudit.Drupal7.AdvisoriesContrib.D7ErrAdvisoriesContribFoundMinor)
The ctools 7.x-1.15 is later relase than 7.x-1.3. The code contains logic error.
The current dev version produces the following error:
PHP Fatal error: Cannot redeclare class Security_Sniffs_Drupal7_SQLiSniff in pheromone/phpcs-security-audit/Security/Sniffs/Drupal7/SQLiSniff.php on line 4
This is caused by the incorrect declaration in:
pheromone/phpcs-security-audit/Security/Sniffs/Drupal7/AESModuleSniff.php
The symlink.sh is not really needed if you install with composer and install phpcs with composer.
create a file phpcs_security.xml in your project root.
<?xml version="1.0"?>
<ruleset name="Security" namespace="PHPCS_SecurityAudit">
<namespace>PHPCS_SecurityAudit</namespace>
<config name="ParanoiaMode" value="1"/>
<rule ref="./vendor/pheromone/phpcs-security-audit/Security/Sniffs/BadFunctions"/>
</ruleset>create a file phpcs.xml in your project root
<?xml version="1.0"?>
<ruleset name="PHP_CodeSniffer" >
<!-- set up your coding standard, and any other configuration you need -->
<rule ref="PSR12" />
</rule>
<!-- include phpcs-security-audit -->
<rule ref="./phpcs_security.xml"/>
</ruleset>To get it working in phpStorm, follow the instructions here https://www.jetbrains.com/help/phpstorm/using-php-code-sniffer.html and choose a custom coding standard. Select your phpcs.xml file.
If I wanted to make a PR to add this somewhere, what is the best place?
I get this:
Fatal error: Uncaught Error: Call to undefined method Security_Sniffs_Utils::drupal_parse_info_format() in /Users/alejandromoreno/projects/[...]/vendor/pheromone/phpcs-security-audit/Security/Sniffs/Drupal7/AdvisoriesContribSniff.php:34
but apart of that, the --standard=example_drupal7_ruleset.xml does not work, it points to use Security instead:
./vendor/bin/phpcs --standard=Security --extensions=php,module,inc,install,test,profile,theme,css,info,txt,md docroot/sites/all/modules/custom/
Thanks in advance
RFI would be:
require $_POST['x'];
require $foo;
require SOME_BAR_CONST;
After a short search I found no solution but what about this?
require parse_url( $foo, PHP_URL_PATH );
It would be great if the EasyRFISniff has some kind of "EasyRFINotice" severity when the dynamic includes seem to be escaped like this.
Hi there!
Thanks for providing such a useful library! I'm currently using this library on a project via the https://github.com/acquia/coding-standards-php project.
Today, I received the following warning:
Assert eval function assert() detected with dynamic parameter
which I tracked down to this rule: https://github.com/FloeDesignTechnologies/phpcs-security-audit/blob/master/Security/Sniffs/BadFunctions/AssertsSniff.php
The rule could be triggered by something as simple as an assert(TRUE) and could be fixed by changing it to assert('TRUE') (added quotes).
Since PHP 7.2.0, using strings as the first argument to assert() has been deprecated.
Can this rule be removed? Perhaps I'm misinterpreting it and there's another resolution that won't trigger deprecations on the latest versions of PHP. I'd love to know your thoughts :)
For the moment, I'm working around it by excluding this rule. See acquia/coding-standards-php#8
Following PR #20, we have other sniffers that could benefit from suppressing issues when ParanoiaMode == 0.
Watch out to not touch things such as mysqli::query (valid equivalent of mysqli_query).
Hello.
Over at Packagist there is a package of this repo. I don't know if the maintainers here created it but it is not working installable.
You can install with Composer pointing to this repo of course.
If the package is not yours can you add a good package for this repo?
I can help with it.
I'd like to run the security audit sniffs along with other Drupal sniffs, such as the main Drupal Standards sniffs included in the Coder module.
As recommended by the author, Coder 8.x can also be used for Drupal 7 audits as well: https://www.drupal.org/node/2374167#comment-9339037 which also gives improved audit results.
Coder 8.x requires php_codesniffer 2.x, which means that it cannot be in conjunction with phpcs-security-audit, which makes things difficult.
Would it be possible to require php_codesniffer 2.x as well?
An alternative idea would be to break phpcs-security-audit into separate repos, one for each framework, that way the correct PHP versions would also be easier to match with the corresponding CMS. (eg. Use the recommended PHP 5.3+ for Drupal 7).
Hi,
do you consider to create tags/releases for this repository?
Thanks!
Matthias
phpcs-security-ci:
[exec]
[exec] Notice: Undefined index: parenthesis_closer in tests/vendor/pheromone/phpcs-security-audit/Security/Sniffs/BadFunctions/EasyXSSSniff.php on line 56
[exec]
[exec] Call Stack:
[exec] 0.0052 360720 1. {main}() tests/vendor/squizlabs/php_codesniffer/scripts/phpcs:0
[exec] 0.0169 2083144 2. PHP_CodeSniffer_CLI->runphpcs() tests/vendor/squizlabs/php_codesniffer/scripts/phpcs:25
[exec] 0.0173 2127616 3. PHP_CodeSniffer_CLI->process($values = ???) tests/vendor/squizlabs/php_codesniffer/CodeSniffer/CLI.php:113
[exec] 0.0413 2461424 4. PHP_CodeSniffer->processFiles($files = array (0 => 'docroot/sites/all/modules/custom'), $local = FALSE) tests/vendor/squizlabs/php_codesniffer/CodeSniffer/CLI.php:998
[exec] 16.6917 13861960 5. PHP_CodeSniffer->processFile($file = 'docroot/sites/all/modules/custom/NtBlog/theme/feed.tpl.php', $contents = NULL) tests/vendor/squizlabs/php_codesniffer/CodeSniffer.php:653
[exec] 16.6918 13862256 6. PHP_CodeSniffer->_processFile($file = 'docroot/sites/all/modules/custom/NtBlog/theme/feed.tpl.php', $contents = NULL) tests/vendor/squizlabs/php_codesniffer/CodeSniffer.php:1772
[exec] 16.6919 13862864 7. PHP_CodeSniffer_File->start($contents = NULL) tests/vendor/squizlabs/php_codesniffer/CodeSniffer.php:1894
[exec] 16.7076 14105720 8. Security_Sniffs_BadFunctions_EasyXSSSniff->process($phpcsFile = class PHP_CodeSniffer_File { private $_file = 'docroot/sites/all/modules/custom/NtBlog/theme/feed.tpl.php'; public $eolChar = '\n'; public $phpcs = class PHP_CodeSniffer { protected $file = 'docroot/sites/all/modules/custom/NtBlog/theme/feed.tpl.php'; public $cli = class PHP_CodeSniffer_CLI { protected $values = array (...); public $errorSeverity = 5; public $warningSeverity = 5; public $dieOnUnknownArg = TRUE; private $_cliArgs = array (...) }; public $reporting = class PHP_CodeSniffer_Reporting { public $totalFiles = 65; public $totalErrors = 15; public $totalWarnings = 770; public $totalFixable = 0; private $_cachedReports = array (...); private $_reports = array (...); private $_tmpFiles = array (...) }; protected $listeners = array ('Security_Sniffs_BadFunctions_AssertsSniff' => class Security_Sniffs_BadFunctions_AssertsSniff { ... }, 'Security_Sniffs_BadFunctions_BackticksSniff' => class Security_Sniffs_BadFunctions_BackticksSniff { ... }, 'Security_Sniffs_BadFunctions_CallbackFunctionsSniff' => class Security_Sniffs_BadFunctions_CallbackFunctionsSniff { ... }, 'Security_Sniffs_BadFunctions_CryptoFunctionsSniff' => class Security_Sniffs_BadFunctions_CryptoFunctionsSniff { ... }, 'Security_Sniffs_BadFunctions_EasyRFISniff' => class Security_Sniffs_BadFunctions_EasyRFISniff { ... }, 'Security_Sniffs_BadFunctions_EasyXSSSniff' => class Security_Sniffs_BadFunctions_EasyXSSSniff { ... }, 'Security_Sniffs_BadFunctions_ErrorHandlingSniff' => class Security_Sniffs_BadFunctions_ErrorHandlingSniff { ... }, 'Security_Sniffs_BadFunctions_FilesystemFunctionsSniff' => class Security_Sniffs_BadFunctions_FilesystemFunctionsSniff { ... }, 'Security_Sniffs_BadFunctions_FringeFunctionsSniff' => class Security_Sniffs_BadFunctions_FringeFunctionsSniff { ... }, 'Security_Sniffs_BadFunctions_FunctionHandlingFunctionsSniff' => class Security_Sniffs_BadFunctions_FunctionHandlingFunctionsSniff { ... }, 'Security_Sniffs_BadFunctions_MysqliSniff' => class Security_Sniffs_BadFunctions_MysqliSniff { ... }, 'Security_Sniffs_BadFunctions_NoEvalsSniff' => class Security_Sniffs_BadFunctions_NoEvalsSniff { ... }, 'Security_Sniffs_BadFunctions_PhpinfosSniff' => class Security_Sniffs_BadFunctions_PhpinfosSniff { ... }, 'Security_Sniffs_BadFunctions_PregReplaceSniff' => class Security_Sniffs_BadFunctions_PregReplaceSniff { ... }, 'Security_Sniffs_BadFunctions_SQLFunctionsSniff' => class Security_Sniffs_BadFunctions_SQLFunctionsSniff { ... }, 'Security_Sniffs_BadFunctions_SystemExecFunctionsSniff' => class Security_Sniffs_BadFunctions_SystemExecFunctionsSniff { ... }, 'Security_Sniffs_CVE_20132110Sniff' => class Security_Sniffs_CVE_20132110Sniff { ... }, 'Security_Sniffs_CVE_20134113Sniff' => class Security_Sniffs_CVE_20134113Sniff { ... }, 'Security_Sniffs_Drupal7_AdvisoriesContribSniff' => class Security_Sniffs_Drupal7_AdvisoriesContribSniff { ... }, 'Security_Sniffs_Drupal7_AdvisoriesCoreSniff' => class Security_Sniffs_Drupal7_AdvisoriesCoreSniff { ... }, 'Security_Sniffs_Drupal7_SQLiSniff' => class Security_Sniffs_Drupal7_SQLiSniff { ... }, 'Security_Sniffs_Drupal7_XSSPThemeSniff' => class Security_Sniffs_Drupal7_XSSPThemeSniff { ... }, 'Security_Sniffs_Drupal7_UserInputWatchSniff' => class Security_Sniffs_Drupal7_UserInputWatchSniff { ... }, 'Security_Sniffs_Drupal7_XSSFormValueSniff' => class Security_Sniffs_Drupal7_XSSFormValueSniff { ... }, 'Security_Sniffs_Drupal7_XSSHTMLConstructSniff' => class Security_Sniffs_Drupal7_XSSHTMLConstructSniff { ... }, 'Security_Sniffs_Drupal7_DbQueryACSniff' => class Security_Sniffs_Drupal7_DbQueryACSniff { ... }, 'Security_Sniffs_Drupal7_DynQueriesSniff' => class Security_Sniffs_Drupal7_DynQueriesSniff { ... }, 'Security_Sniffs_Drupal7_CacheiSniff' => class Security_Sniffs_Drupal7_CacheiSniff { ... }, 'Security_Sniffs_Drupal7_HttpRequestSniff' => class Security_Sniffs_Drupal7_HttpRequestSniff { ... }); protected $sniffs = array ('Security_Sniffs_BadFunctions_AssertsSniff' => 'Security_Sniffs_BadFunctions_AssertsSniff', 'Security_Sniffs_BadFunctions_BackticksSniff' => 'Security_Sniffs_BadFunctions_BackticksSniff', 'Security_Sniffs_BadFunctions_CallbackFunctionsSniff' => 'Security_Sniffs_BadFunctions_CallbackFunctionsSniff', 'Security_Sniffs_BadFunctions_CryptoFunctionsSniff' => 'Security_Sniffs_BadFunctions_CryptoFunctionsSniff', 'Security_Sniffs_BadFunctions_EasyRFISniff' => 'Security_Sniffs_BadFunctions_EasyRFISniff', 'Security_Sniffs_BadFunctions_EasyXSSSniff' => 'Security_Sniffs_BadFunctions_EasyXSSSniff', 'Security_Sniffs_BadFunctions_ErrorHandlingSniff' => 'Security_Sniffs_BadFunctions_ErrorHandlingSniff', 'Security_Sniffs_BadFunctions_FilesystemFunctionsSniff' => 'Security_Sniffs_BadFunctions_FilesystemFunctionsSniff', 'Security_Sniffs_BadFunctions_FringeFunctionsSniff' => 'Security_Sniffs_BadFunctions_FringeFunctionsSniff', 'Security_Sniffs_BadFunctions_FunctionHandlingFunctionsSniff' => 'Security_Sniffs_BadFunctions_FunctionHandlingFunctionsSniff', 'Security_Sniffs_BadFunctions_MysqliSniff' => 'Security_Sniffs_BadFunctions_MysqliSniff', 'Security_Sniffs_BadFunctions_NoEvalsSniff' => 'Security_Sniffs_BadFunctions_NoEvalsSniff', 'Security_Sniffs_BadFunctions_PhpinfosSniff' => 'Security_Sniffs_BadFunctions_PhpinfosSniff', 'Security_Sniffs_BadFunctions_PregReplaceSniff' => 'Security_Sniffs_BadFunctions_PregReplaceSniff', 'Security_Sniffs_BadFunctions_SQLFunctionsSniff' => 'Security_Sniffs_BadFunctions_SQLFunctionsSniff', 'Security_Sniffs_BadFunctions_SystemExecFunctionsSniff' => 'Security_Sniffs_BadFunctions_SystemExecFunctionsSniff', 'Security_Sniffs_CVE_20132110Sniff' => 'Security_Sniffs_CVE_20132110Sniff', 'Security_Sniffs_CVE_20134113Sniff' => 'Security_Sniffs_CVE_20134113Sniff', 'Security_Sniffs_Drupal7_AdvisoriesContribSniff' => 'Security_Sniffs_Drupal7_AdvisoriesContribSniff', 'Security_Sniffs_Drupal7_AdvisoriesCoreSniff' => 'Security_Sniffs_Drupal7_AdvisoriesCoreSniff', 'Security_Sniffs_Drupal7_SQLiSniff' => 'Security_Sniffs_Drupal7_SQLiSniff', 'Security_Sniffs_Drupal7_XSSPThemeSniff' => 'Security_Sniffs_Drupal7_XSSPThemeSniff', 'Security_Sniffs_Drupal7_UserInputWatchSniff' => 'Security_Sniffs_Drupal7_UserInputWatchSniff', 'Security_Sniffs_Drupal7_XSSFormValueSniff' => 'Security_Sniffs_Drupal7_XSSFormValueSniff', 'Security_Sniffs_Drupal7_XSSHTMLConstructSniff' => 'Security_Sniffs_Drupal7_XSSHTMLConstructSniff', 'Security_Sniffs_Drupal7_DbQueryACSniff' => 'Security_Sniffs_Drupal7_DbQueryACSniff', 'Security_Sniffs_Drupal7_DynQueriesSniff' => 'Security_Sniffs_Drupal7_DynQueriesSniff', 'Security_Sniffs_Drupal7_CacheiSniff' => 'Security_Sniffs_Drupal7_CacheiSniff', 'Security_Sniffs_Drupal7_HttpRequestSniff' => 'Security_Sniffs_Drupal7_HttpRequestSniff'); public $sniffCodes = array ('Security.BadFunctions.Asserts' => 'Security_Sniffs_BadFunctions_AssertsSniff', 'Security.BadFunctions.Backticks' => 'Security_Sniffs_BadFunctions_BackticksSniff', 'Security.BadFunctions.CallbackFunctions' => 'Security_Sniffs_BadFunctions_CallbackFunctionsSniff', 'Security.BadFunctions.CryptoFunctions' => 'Security_Sniffs_BadFunctions_CryptoFunctionsSniff', 'Security.BadFunctions.EasyRFI' => 'Security_Sniffs_BadFunctions_EasyRFISniff', 'Security.BadFunctions.EasyXSS' => 'Security_Sniffs_BadFunctions_EasyXSSSniff', 'Security.BadFunctions.ErrorHandling' => 'Security_Sniffs_BadFunctions_ErrorHandlingSniff', 'Security.BadFunctions.FilesystemFunctions' => 'Security_Sniffs_BadFunctions_FilesystemFunctionsSniff', 'Security.BadFunctions.FringeFunctions' => 'Security_Sniffs_BadFunctions_FringeFunctionsSniff', 'Security.BadFunctions.FunctionHandlingFunctions' => 'Security_Sniffs_BadFunctions_FunctionHandlingFunctionsSniff', 'Security.BadFunctions.Mysqli' => 'Security_Sniffs_BadFunctions_MysqliSniff', 'Security.BadFunctions.NoEvals' => 'Security_Sniffs_BadFunctions_NoEvalsSniff', 'Security.BadFunctions.Phpinfos' => 'Security_Sniffs_BadFunctions_PhpinfosSniff', 'Security.BadFunctions.PregReplace' => 'Security_Sniffs_BadFunctions_PregReplaceSniff', 'Security.BadFunctions.SQLFunctions' => 'Security_Sniffs_BadFunctions_SQLFunctionsSniff', 'Security.BadFunctions.SystemExecFunctions' => 'Security_Sniffs_BadFunctions_SystemExecFunctionsSniff', 'Security.CVE.20132110' => 'Security_Sniffs_CVE_20132110Sniff', 'Security.CVE.20134113' => 'Security_Sniffs_CVE_20134113Sniff', 'Security.Drupal7.AdvisoriesContrib' => 'Security_Sniffs_Drupal7_AdvisoriesContribSniff', 'Security.Drupal7.AdvisoriesCore' => 'Security_Sniffs_Drupal7_AdvisoriesCoreSniff', 'Security.Drupal7.SQLi' => 'Security_Sniffs_Drupal7_SQLiSniff', 'Security.Drupal7.XSSPTheme' => 'Security_Sniffs_Drupal7_XSSPThemeSniff', 'Security.Drupal7.UserInputWatch' => 'Security_Sniffs_Drupal7_UserInputWatchSniff', 'Security.Drupal7.XSSFormValue' => 'Security_Sniffs_Drupal7_XSSFormValueSniff', 'Security.Drupal7.XSSHTMLConstruct' => 'Security_Sniffs_Drupal7_XSSHTMLConstructSniff', 'Security.Drupal7.DbQueryAC' => 'Security_Sniffs_Drupal7_DbQueryACSniff', 'Security.Drupal7.DynQueries' => 'Security_Sniffs_Drupal7_DynQueriesSniff', 'Security.Drupal7.Cachei' => 'Security_Sniffs_Drupal7_CacheiSniff', 'Security.Drupal7.HttpRequest' => 'Security_Sniffs_Drupal7_HttpRequestSniff'); private $_tokenListeners = array (319 => array (...), 'PHPCS_T_BACKTICK' => array (...), 262 => array (...), 261 => array (...), 259 => array (...), 258 => array (...), 328 => array (...), 326 => array (...), 266 => array (...), 380 => array (...), 306 => array (...), 366 => array (...), 260 => array (...), 321 => array (...), 323 => array (...), 'PHPCS_T_DOUBLE_QUOTED_STRING' => array (...), 320 => array (...)); protected $ruleset = array ('Security.Drupal7.UserInputWatch' => array (...), 'Security.Drupal7.DbQueryAC' => array (...)); protected $ignorePatterns = array ('Security.Drupal7.AdvisoriesContrib' => array (...), 'Security.Drupal7.AdvisoriesCore' => array (...)); public $allowedFileExtensions = array ('php' => 'PHP', 'module' => 'PHP', 'inc' => 'PHP', 'install' => 'PHP', 'profile' => 'PHP', 'theme' => 'PHP'); public $defaultFileExtensions = array ('php' => 'PHP', 'inc' => 'PHP', 'js' => 'JS', 'css' => 'CSS') }; public $fixer = class PHP_CodeSniffer_Fixer { public $enabled = FALSE; public $loops = 0; private $_currentFile = ...; private $_tokens = array (0 => '<?php ', 1 => '$blog_id', 2 => ' ', 3 => '=', 4 => ' ', 5 => 'drupal_html_id', 6 => '(', 7 => '\'blog-feed\'', 8 => ')', 9 => ';', 10 => ' ', 11 => '?>\n', 12 => '<?php ', 13 => 'if', 14 => ' ', 15 => '(', 16 => 'empty', 17 => '(', 18 => '$blog_posts', 19 => ')', 20 => ')', 21 => ':', 22 => ' ', 23 => '?>\n', 24 => ' <section class="module-container c-m1-1">\n', 25 => ' <span id="', 26 => '<?php ', 27 => 'print', 28 => ' ', 29 => '$blog_id', 30 => ';', 31 => ' ', 32 => '?>', 33 => '" class="header-offset"></span>\n', 34 => ' <p class="module-container main-bg-color pad-all cf">\n', 35 => ' ', 36 => '<?php ', 37 => 'if', 38 => ' ', 39 => '(', 40 => '$prev', 41 => ' ', 42 => '>', 43 => ' ', 44 => '0', 45 => ')', 46 => ':', 47 => ' ', 48 => '?>\n', 49 => ' <a href="', 50 => '<?php ', 51 => 'print', 52 => ' ', 53 => '$url', 54 => ';', 55 => ' ', 56 => '?>', 57 => '?page=', 58 => '<?php ', 59 => 'print', 60 => ' ', 61 => '$prev', 62 => ';', 63 => ' ', 64 => '?>', 65 => '" class="btn default margin-right">Go back</a>\n', 66 => ' ', 67 => '<?php ', 68 => 'elseif', 69 => ' ', 70 => '(', 71 => '$prev', 72 => ' ', 73 => '==', 74 => ' ', 75 => '0', 76 => ')', 77 => ':', 78 => ' ', 79 => '?>\n', 80 => ' <a href="', 81 => '<?php ', 82 => 'print', 83 => ' ', 84 => '$url', 85 => ';', 86 => ' ', 87 => '?>', 88 => '" class="btn default margin-right">Go back</a>\n', 89 => ' ', 90 => '<?php ', 91 => 'endif', 92 => ';', 93 => ' ', 94 => '?>\n', 95 => ' There are no more blog posts for this page.<br />\n', 96 => ' <a href="/blog" class="btn default margin-right">See all our blogs</a>\n', 97 => ' </p>\n', 98 => ' </section>\n', 99 => '<?php ', 100 => 'else', 101 => ':', 102 => ' ', 103 => '?>\n', 104 => ' <section class="module-container c-m1-1">\n', 105 => ' <span id="', 106 => '<?php ', 107 => 'print', 108 => ' ', 109 => '$blog_id', 110 => ';', 111 => ' ', 112 => '?>', 113 => '" class="header-offset"></span>\n', 114 => ' ', 115 => '<?php ', 116 => 'foreach', 117 => ' ', 118 => '(', 119 => '$blog_posts', 120 => ' ', 121 => 'as', 122 => ' ', 123 => '$post', 124 => ')', 125 => ':', 126 => ' ', 127 => '?>\n', 128 => ' ', 129 => '<?php ', 130 => 'if', 131 => ' ', 132 => '(', 133 => '$in_page_navigation', 134 => ')', 135 => ':', 136 => ' ', 137 => '?>\n', 138 => ' <a href="', 139 => '<?php ', 140 => 'print', 141 => ' ', 142 => '$url', 143 => ';', 144 => ' ', 145 => '?>', 146 => '?b=', 147 => '<?php ', 148 => 'print', 149 => ' ', 150 => '$post', 151 => '->', 152 => 'id', 153 => ';', 154 => ' ', 155 => '?>', 156 => '#', 157 => '<?php ', 158 => 'print', 159 => ' ', 160 => '$post', 161 => '->', 162 => 'id', 163 => ';', 164 => ' ', 165 => '?>', 166 => '">\n', 167 => ' ', 168 => '<?php ', 169 => 'else', 170 => ':', 171 => ' ', 172 => '?>\n', 173 => ' <a href="', 174 => '<?php ', 175 => 'print', 176 => ' ', 177 => '$post', 178 => '->', 179 => 'url', 180 => ';', 181 => ' ', 182 => '?>', 183 => '">\n', 184 => ' ', 185 => '<?php ', 186 => 'endif', 187 => ';', 188 => '?>\n', 189 => ' <header class="module-container main-bg-color">\n', 190 => ' <div class="cf module-block">\n', 191 => ' <h1 class="margin-top pad-all">', 192 => '<?php ', 193 => 'print', 194 => ' ', 195 => '$post', 196 => '->', 197 => 'title', 198 => ';', 199 => ' ', 200 => '?>', 201 => '</h1>\n', 202 => ' <div class="c-m-6 pad-all no-pad-top">\n', 203 => ' <h3>', 204 => '<?php ', 205 => 'print', 206 => ' ', 207 => '$post', 208 => '->', 209 => 'subtitle', 210 => ';', 211 => ' ', 212 => '?>', 213 => '</h3>\n', 214 => ' </div>\n', 215 => ' </div>\n', 216 => ' <div class="module-block">\n', 217 => ' ', 218 => '<?php ', 219 => 'print', 220 => ' ', 221 => '$post', 222 => '->', 223 => 'rich_media_file', 224 => '->', 225 => 'render', 226 => '(', 227 => '[', 228 => '\'style\'', 229 => ' ', 230 => '=>', 231 => ' ', 232 => '\'gallery\'', 233 => ']', 234 => ')', 235 => ';', 236 => ' ', 237 => '?>\n', 238 => ' </div>\n', 239 => ' </header>\n', 240 => ' </a>\n', 241 => ' ', 242 => '<?php ', 243 => 'endforeach', 244 => ';', 245 => ' ', 246 => '?>\n', 247 => ' ', 248 => '<?php ', 249 => 'if', 250 => ' ', 251 => '(', 252 => '$pagination', 253 => ')', 254 => ':', 255 => ' ', ...); private $_fixedTokens = array (); private $_oldTokenValues = array (); private $_changeset = array (); private $_inChangeset = FALSE; private $_inConflict = FALSE; private $_numFixes = 0 }; public $tokenizer = class PHP_CodeSniffer_Tokenizers_PHP { public $skipMinified = FALSE; public $scopeOpeners = array (327 => array (...), 349 => array (...), 350 => array (...), 351 => array (...), 309 => array (...), 308 => array (...), 332 => array (...), 334 => array (...), 363 => array (...), 346 => array (...), 361 => array (...), 362 => array (...), 353 => array (...), 336 => array (...), 388 => array (...), 330 => array (...), 329 => array (...), 339 => array (...), 341 => array (...), 342 => array (...), 383 => array (...)); public $endScopeTokens = array ('PHPCS_T_CLOSE_CURLY_BRACKET' => 'PHPCS_T_CLOSE_CURLY_BRACKET', 310 => 310, 333 => 333, 335 => 335, 331 => 331, 340 => 340, 343 => 343, 384 => 384) }; public $tokenizerType = 'PHP'; public $numTokens = 372; private $_tokens = array (0 => array ('code' => 379, 'type' => 'T_OPEN_TAG', 'content' => '<?php ', 'line' => 1, 'column' => 1, 'length' => 6, 'level' => 0, 'conditions' => array (...)), 1 => array ('code' => 320, 'type' => 'T_VARIABLE', 'content' => '$blog_id', 'line' => 1, 'column' => 7, 'length' => 8, 'level' => 0, 'conditions' => array (...)), 2 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 1, 'column' => 15, 'length' => 1, 'level' => 0, 'conditions' => array (...)), 3 => array ('type' => 'T_EQUAL', 'code' => 'PHPCS_T_EQUAL', 'content' => '=', 'line' => 1, 'column' => 16, 'length' => 1, 'level' => 0, 'conditions' => array (...)), 4 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 1, 'column' => 17, 'length' => 1, 'level' => 0, 'conditions' => array (...)), 5 => array ('type' => 'T_STRING', 'code' => 319, 'content' => 'drupal_html_id', 'line' => 1, 'column' => 18, 'length' => 14, 'level' => 0, 'conditions' => array (...)), 6 => array ('type' => 'T_OPEN_PARENTHESIS', 'code' => 'PHPCS_T_OPEN_PARENTHESIS', 'content' => '(', 'line' => 1, 'column' => 32, 'length' => 1, 'parenthesis_opener' => 6, 'parenthesis_closer' => 8, 'level' => 0, 'conditions' => array (...)), 7 => array ('code' => 323, 'type' => 'T_CONSTANT_ENCAPSED_STRING', 'content' => '\'blog-feed\'', 'line' => 1, 'column' => 33, 'length' => 11, 'nested_parenthesis' => array (...), 'level' => 0, 'conditions' => array (...)), 8 => array ('type' => 'T_CLOSE_PARENTHESIS', 'code' => 'PHPCS_T_CLOSE_PARENTHESIS', 'content' => ')', 'line' => 1, 'column' => 44, 'length' => 1, 'parenthesis_opener' => 6, 'parenthesis_closer' => 8, 'level' => 0, 'conditions' => array (...)), 9 => array ('type' => 'T_SEMICOLON', 'code' => 'PHPCS_T_SEMICOLON', 'content' => ';', 'line' => 1, 'column' => 45, 'length' => 1, 'level' => 0, 'conditions' => array (...)), 10 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 1, 'column' => 46, 'length' => 1, 'level' => 0, 'conditions' => array (...)), 11 => array ('type' => 'T_CLOSE_TAG', 'code' => 381, 'content' => '?>\n', 'line' => 1, 'column' => 47, 'length' => 2, 'level' => 0, 'conditions' => array (...)), 12 => array ('code' => 379, 'type' => 'T_OPEN_TAG', 'content' => '<?php ', 'line' => 2, 'column' => 1, 'length' => 6, 'level' => 0, 'conditions' => array (...)), 13 => array ('code' => 327, 'type' => 'T_IF', 'content' => 'if', 'line' => 2, 'column' => 7, 'length' => 2, 'parenthesis_opener' => 15, 'parenthesis_closer' => 20, 'parenthesis_owner' => 13, 'scope_condition' => 13, 'scope_opener' => 21, 'scope_closer' => 100, 'level' => 0, 'conditions' => array (...)), 14 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 2, 'column' => 9, 'length' => 1, 'level' => 0, 'conditions' => array (...)), 15 => array ('type' => 'T_OPEN_PARENTHESIS', 'code' => 'PHPCS_T_OPEN_PARENTHESIS', 'content' => '(', 'line' => 2, 'column' => 10, 'length' => 1, 'parenthesis_opener' => 15, 'parenthesis_owner' => 13, 'parenthesis_closer' => 20, 'level' => 0, 'conditions' => array (...)), 16 => array ('code' => 359, 'type' => 'T_EMPTY', 'content' => 'empty', 'line' => 2, 'column' => 11, 'length' => 5, 'nested_parenthesis' => array (...), 'level' => 0, 'conditions' => array (...)), 17 => array ('type' => 'T_OPEN_PARENTHESIS', 'code' => 'PHPCS_T_OPEN_PARENTHESIS', 'content' => '(', 'line' => 2, 'column' => 16, 'length' => 1, 'parenthesis_opener' => 17, 'parenthesis_closer' => 19, 'nested_parenthesis' => array (...), 'level' => 0, 'conditions' => array (...)), 18 => array ('code' => 320, 'type' => 'T_VARIABLE', 'content' => '$blog_posts', 'line' => 2, 'column' => 17, 'length' => 11, 'nested_parenthesis' => array (...), 'level' => 0, 'conditions' => array (...)), 19 => array ('type' => 'T_CLOSE_PARENTHESIS', 'code' => 'PHPCS_T_CLOSE_PARENTHESIS', 'content' => ')', 'line' => 2, 'column' => 28, 'length' => 1, 'parenthesis_opener' => 17, 'parenthesis_closer' => 19, 'nested_parenthesis' => array (...), 'level' => 0, 'conditions' => array (...)), 20 => array ('type' => 'T_CLOSE_PARENTHESIS', 'code' => 'PHPCS_T_CLOSE_PARENTHESIS', 'content' => ')', 'line' => 2, 'column' => 29, 'length' => 1, 'parenthesis_owner' => 13, 'parenthesis_opener' => 15, 'parenthesis_closer' => 20, 'level' => 0, 'conditions' => array (...)), 21 => array ('type' => 'T_COLON', 'code' => 'PHPCS_T_COLON', 'content' => ':', 'line' => 2, 'column' => 30, 'length' => 1, 'scope_condition' => 13, 'scope_opener' => 21, 'scope_closer' => 100, 'level' => 0, 'conditions' => array (...)), 22 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 2, 'column' => 31, 'length' => 1, 'level' => 1, 'conditions' => array (...)), 23 => array ('type' => 'T_CLOSE_TAG', 'code' => 381, 'content' => '?>\n', 'line' => 2, 'column' => 32, 'length' => 2, 'level' => 1, 'conditions' => array (...)), 24 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' <section class="module-container c-m1-1">\n', 'line' => 3, 'column' => 1, 'length' => 43, 'level' => 1, 'conditions' => array (...)), 25 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' <span id="', 'line' => 4, 'column' => 1, 'length' => 14, 'level' => 1, 'conditions' => array (...)), 26 => array ('code' => 379, 'type' => 'T_OPEN_TAG', 'content' => '<?php ', 'line' => 4, 'column' => 15, 'length' => 6, 'level' => 1, 'conditions' => array (...)), 27 => array ('code' => 266, 'type' => 'T_PRINT', 'content' => 'print', 'line' => 4, 'column' => 21, 'length' => 5, 'level' => 1, 'conditions' => array (...)), 28 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 4, 'column' => 26, 'length' => 1, 'level' => 1, 'conditions' => array (...)), 29 => array ('code' => 320, 'type' => 'T_VARIABLE', 'content' => '$blog_id', 'line' => 4, 'column' => 27, 'length' => 8, 'level' => 1, 'conditions' => array (...)), 30 => array ('type' => 'T_SEMICOLON', 'code' => 'PHPCS_T_SEMICOLON', 'content' => ';', 'line' => 4, 'column' => 35, 'length' => 1, 'level' => 1, 'conditions' => array (...)), 31 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 4, 'column' => 36, 'length' => 1, 'level' => 1, 'conditions' => array (...)), 32 => array ('code' => 381, 'type' => 'T_CLOSE_TAG', 'content' => '?>', 'line' => 4, 'column' => 37, 'length' => 2, 'level' => 1, 'conditions' => array (...)), 33 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => '" class="header-offset"></span>\n', 'line' => 4, 'column' => 39, 'length' => 31, 'level' => 1, 'conditions' => array (...)), 34 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' <p class="module-container main-bg-color pad-all cf">\n', 'line' => 5, 'column' => 1, 'length' => 57, 'level' => 1, 'conditions' => array (...)), 35 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' ', 'line' => 6, 'column' => 1, 'length' => 6, 'level' => 1, 'conditions' => array (...)), 36 => array ('code' => 379, 'type' => 'T_OPEN_TAG', 'content' => '<?php ', 'line' => 6, 'column' => 7, 'length' => 6, 'level' => 1, 'conditions' => array (...)), 37 => array ('code' => 327, 'type' => 'T_IF', 'content' => 'if', 'line' => 6, 'column' => 13, 'length' => 2, 'parenthesis_opener' => 39, 'parenthesis_closer' => 45, 'parenthesis_owner' => 37, 'scope_condition' => 37, 'scope_opener' => 46, 'scope_closer' => 68, 'level' => 1, 'conditions' => array (...)), 38 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 6, 'column' => 15, 'length' => 1, 'level' => 1, 'conditions' => array (...)), 39 => array ('type' => 'T_OPEN_PARENTHESIS', 'code' => 'PHPCS_T_OPEN_PARENTHESIS', 'content' => '(', 'line' => 6, 'column' => 16, 'length' => 1, 'parenthesis_opener' => 39, 'parenthesis_owner' => 37, 'parenthesis_closer' => 45, 'level' => 1, 'conditions' => array (...)), 40 => array ('code' => 320, 'type' => 'T_VARIABLE', 'content' => '$prev', 'line' => 6, 'column' => 17, 'length' => 5, 'nested_parenthesis' => array (...), 'level' => 1, 'conditions' => array (...)), 41 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 6, 'column' => 22, 'length' => 1, 'nested_parenthesis' => array (...), 'level' => 1, 'conditions' => array (...)), 42 => array ('type' => 'T_GREATER_THAN', 'code' => 'PHPCS_T_GREATER_THAN', 'content' => '>', 'line' => 6, 'column' => 23, 'length' => 1, 'nested_parenthesis' => array (...), 'level' => 1, 'conditions' => array (...)), 43 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 6, 'column' => 24, 'length' => 1, 'nested_parenthesis' => array (...), 'level' => 1, 'conditions' => array (...)), 44 => array ('code' => 317, 'type' => 'T_LNUMBER', 'content' => '0', 'line' => 6, 'column' => 25, 'length' => 1, 'nested_parenthesis' => array (...), 'level' => 1, 'conditions' => array (...)), 45 => array ('type' => 'T_CLOSE_PARENTHESIS', 'code' => 'PHPCS_T_CLOSE_PARENTHESIS', 'content' => ')', 'line' => 6, 'column' => 26, 'length' => 1, 'parenthesis_owner' => 37, 'parenthesis_opener' => 39, 'parenthesis_closer' => 45, 'level' => 1, 'conditions' => array (...)), 46 => array ('type' => 'T_COLON', 'code' => 'PHPCS_T_COLON', 'content' => ':', 'line' => 6, 'column' => 27, 'length' => 1, 'scope_condition' => 37, 'scope_opener' => 46, 'scope_closer' => 68, 'level' => 1, 'conditions' => array (...)), 47 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 6, 'column' => 28, 'length' => 1, 'level' => 2, 'conditions' => array (...)), 48 => array ('type' => 'T_CLOSE_TAG', 'code' => 381, 'content' => '?>\n', 'line' => 6, 'column' => 29, 'length' => 2, 'level' => 2, 'conditions' => array (...)), 49 => array ('code' => 321, 'type' => 'T_INLINE_HTML', 'content' => ' <a href="', 'line' => 7, 'column' => 1, 'length' => 17, 'level' => 2, 'conditions' => array (...)), 50 => array ('code' => 379, 'type' => 'T_OPEN_TAG', 'content' => '<?php ', 'line' => 7, 'column' => 18, 'length' => 6, 'level' => 2, 'conditions' => array (...)), 51 => array ('code' => 266, 'type' => 'T_PRINT', 'content' => 'print', 'line' => 7, 'column' => 24, 'length' => 5, 'level' => 2, 'conditions' => array (...)), 52 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 7, 'column' => 29, 'length' => 1, 'level' => 2, 'conditions' => array (...)), 53 => array ('code' => 320, 'type' => 'T_VARIABLE', 'content' => '$url', 'line' => 7, 'column' => 30, 'length' => 4, 'level' => 2, 'conditions' => array (...)), 54 => array ('type' => 'T_SEMICOLON', 'code' => 'PHPCS_T_SEMICOLON', 'content' => ';', 'line' => 7, 'column' => 34, 'length' => 1, 'level' => 2, 'conditions' => array (...)), 55 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 7, 'column' => 35, 'length' => 1, 'level' => 2, 'conditions' => array (...)), 56 => array ('code' => 381, 'type' => 'T_CLOSE_TAG', 'content' => '?>', 'line' => 7, 'column' => 36, 'length' => 2, 'level' => 2, 'conditions' => array (...)), 57 => array ('code' => 321, 'type' => 'T_INLINE_HTML', 'content' => '?page=', 'line' => 7, 'column' => 38, 'length' => 6, 'level' => 2, 'conditions' => array (...)), 58 => array ('code' => 379, 'type' => 'T_OPEN_TAG', 'content' => '<?php ', 'line' => 7, 'column' => 44, 'length' => 6, 'level' => 2, 'conditions' => array (...)), 59 => array ('code' => 266, 'type' => 'T_PRINT', 'content' => 'print', 'line' => 7, 'column' => 50, 'length' => 5, 'level' => 2, 'conditions' => array (...)), 60 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 7, 'column' => 55, 'length' => 1, 'level' => 2, 'conditions' => array (...)), 61 => array ('code' => 320, 'type' => 'T_VARIABLE', 'content' => '$prev', 'line' => 7, 'column' => 56, 'length' => 5, 'level' => 2, 'conditions' => array (...)), 62 => array ('type' => 'T_SEMICOLON', 'code' => 'PHPCS_T_SEMICOLON', 'content' => ';', 'line' => 7, 'column' => 61, 'length' => 1, 'level' => 2, 'conditions' => array (...)), 63 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 7, 'column' => 62, 'length' => 1, 'level' => 2, 'conditions' => array (...)), 64 => array ('code' => 381, 'type' => 'T_CLOSE_TAG', 'content' => '?>', 'line' => 7, 'column' => 63, 'length' => 2, 'level' => 2, 'conditions' => array (...)), 65 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => '" class="btn default margin-right">Go back</a>\n', 'line' => 7, 'column' => 65, 'length' => 46, 'level' => 2, 'conditions' => array (...)), 66 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' ', 'line' => 8, 'column' => 1, 'length' => 6, 'level' => 2, 'conditions' => array (...)), 67 => array ('code' => 379, 'type' => 'T_OPEN_TAG', 'content' => '<?php ', 'line' => 8, 'column' => 7, 'length' => 6, 'level' => 2, 'conditions' => array (...)), 68 => array ('code' => 308, 'type' => 'T_ELSEIF', 'content' => 'elseif', 'line' => 8, 'column' => 13, 'length' => 6, 'parenthesis_opener' => 70, 'parenthesis_closer' => 76, 'parenthesis_owner' => 68, 'scope_condition' => 68, 'scope_opener' => 77, 'scope_closer' => 91, 'level' => 1, 'conditions' => array (...)), 69 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 8, 'column' => 19, 'length' => 1, 'level' => 1, 'conditions' => array (...)), 70 => array ('type' => 'T_OPEN_PARENTHESIS', 'code' => 'PHPCS_T_OPEN_PARENTHESIS', 'content' => '(', 'line' => 8, 'column' => 20, 'length' => 1, 'parenthesis_opener' => 70, 'parenthesis_owner' => 68, 'parenthesis_closer' => 76, 'level' => 1, 'conditions' => array (...)), 71 => array ('code' => 320, 'type' => 'T_VARIABLE', 'content' => '$prev', 'line' => 8, 'column' => 21, 'length' => 5, 'nested_parenthesis' => array (...), 'level' => 1, 'conditions' => array (...)), 72 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 8, 'column' => 26, 'length' => 1, 'nested_parenthesis' => array (...), 'level' => 1, 'conditions' => array (...)), 73 => array ('code' => 289, 'type' => 'T_IS_EQUAL', 'content' => '==', 'line' => 8, 'column' => 27, 'length' => 2, 'nested_parenthesis' => array (...), 'level' => 1, 'conditions' => array (...)), 74 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 8, 'column' => 29, 'length' => 1, 'nested_parenthesis' => array (...), 'level' => 1, 'conditions' => array (...)), 75 => array ('code' => 317, 'type' => 'T_LNUMBER', 'content' => '0', 'line' => 8, 'column' => 30, 'length' => 1, 'nested_parenthesis' => array (...), 'level' => 1, 'conditions' => array (...)), 76 => array ('type' => 'T_CLOSE_PARENTHESIS', 'code' => 'PHPCS_T_CLOSE_PARENTHESIS', 'content' => ')', 'line' => 8, 'column' => 31, 'length' => 1, 'parenthesis_owner' => 68, 'parenthesis_opener' => 70, 'parenthesis_closer' => 76, 'level' => 1, 'conditions' => array (...)), 77 => array ('type' => 'T_COLON', 'code' => 'PHPCS_T_COLON', 'content' => ':', 'line' => 8, 'column' => 32, 'length' => 1, 'scope_condition' => 68, 'scope_opener' => 77, 'scope_closer' => 91, 'level' => 1, 'conditions' => array (...)), 78 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 8, 'column' => 33, 'length' => 1, 'level' => 2, 'conditions' => array (...)), 79 => array ('type' => 'T_CLOSE_TAG', 'code' => 381, 'content' => '?>\n', 'line' => 8, 'column' => 34, 'length' => 2, 'level' => 2, 'conditions' => array (...)), 80 => array ('code' => 321, 'type' => 'T_INLINE_HTML', 'content' => ' <a href="', 'line' => 9, 'column' => 1, 'length' => 17, 'level' => 2, 'conditions' => array (...)), 81 => array ('code' => 379, 'type' => 'T_OPEN_TAG', 'content' => '<?php ', 'line' => 9, 'column' => 18, 'length' => 6, 'level' => 2, 'conditions' => array (...)), 82 => array ('code' => 266, 'type' => 'T_PRINT', 'content' => 'print', 'line' => 9, 'column' => 24, 'length' => 5, 'level' => 2, 'conditions' => array (...)), 83 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 9, 'column' => 29, 'length' => 1, 'level' => 2, 'conditions' => array (...)), 84 => array ('code' => 320, 'type' => 'T_VARIABLE', 'content' => '$url', 'line' => 9, 'column' => 30, 'length' => 4, 'level' => 2, 'conditions' => array (...)), 85 => array ('type' => 'T_SEMICOLON', 'code' => 'PHPCS_T_SEMICOLON', 'content' => ';', 'line' => 9, 'column' => 34, 'length' => 1, 'level' => 2, 'conditions' => array (...)), 86 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 9, 'column' => 35, 'length' => 1, 'level' => 2, 'conditions' => array (...)), 87 => array ('code' => 381, 'type' => 'T_CLOSE_TAG', 'content' => '?>', 'line' => 9, 'column' => 36, 'length' => 2, 'level' => 2, 'conditions' => array (...)), 88 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => '" class="btn default margin-right">Go back</a>\n', 'line' => 9, 'column' => 38, 'length' => 46, 'level' => 2, 'conditions' => array (...)), 89 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' ', 'line' => 10, 'column' => 1, 'length' => 6, 'level' => 2, 'conditions' => array (...)), 90 => array ('code' => 379, 'type' => 'T_OPEN_TAG', 'content' => '<?php ', 'line' => 10, 'column' => 7, 'length' => 6, 'level' => 2, 'conditions' => array (...)), 91 => array ('code' => 310, 'type' => 'T_ENDIF', 'content' => 'endif', 'line' => 10, 'column' => 13, 'length' => 5, 'scope_condition' => 68, 'scope_opener' => 77, 'scope_closer' => 91, 'level' => 1, 'conditions' => array (...)), 92 => array ('type' => 'T_SEMICOLON', 'code' => 'PHPCS_T_SEMICOLON', 'content' => ';', 'line' => 10, 'column' => 18, 'length' => 1, 'level' => 1, 'conditions' => array (...)), 93 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 10, 'column' => 19, 'length' => 1, 'level' => 1, 'conditions' => array (...)), 94 => array ('type' => 'T_CLOSE_TAG', 'code' => 381, 'content' => '?>\n', 'line' => 10, 'column' => 20, 'length' => 2, 'level' => 1, 'conditions' => array (...)), 95 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' There are no more blog posts for this page.<br />\n', 'line' => 11, 'column' => 1, 'length' => 55, 'level' => 1, 'conditions' => array (...)), 96 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' <a href="/blog" class="btn default margin-right">See all our blogs</a>\n', 'line' => 12, 'column' => 1, 'length' => 76, 'level' => 1, 'conditions' => array (...)), 97 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' </p>\n', 'line' => 13, 'column' => 1, 'length' => 8, 'level' => 1, 'conditions' => array (...)), 98 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' </section>\n', 'line' => 14, 'column' => 1, 'length' => 12, 'level' => 1, 'conditions' => array (...)), 99 => array ('code' => 379, 'type' => 'T_OPEN_TAG', 'content' => '<?php ', 'line' => 15, 'column' => 1, 'length' => 6, 'level' => 1, 'conditions' => array (...)), 100 => array ('code' => 309, 'type' => 'T_ELSE', 'content' => 'else', 'line' => 15, 'column' => 7, 'length' => 4, 'scope_condition' => 100, 'scope_opener' => 101, 'scope_closer' => 368, 'level' => 0, 'conditions' => array (...)), 101 => array ('type' => 'T_COLON', 'code' => 'PHPCS_T_COLON', 'content' => ':', 'line' => 15, 'column' => 11, 'length' => 1, 'scope_condition' => 100, 'scope_opener' => 101, 'scope_closer' => 368, 'level' => 0, 'conditions' => array (...)), 102 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 15, 'column' => 12, 'length' => 1, 'level' => 1, 'conditions' => array (...)), 103 => array ('type' => 'T_CLOSE_TAG', 'code' => 381, 'content' => '?>\n', 'line' => 15, 'column' => 13, 'length' => 2, 'level' => 1, 'conditions' => array (...)), 104 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' <section class="module-container c-m1-1">\n', 'line' => 16, 'column' => 1, 'length' => 43, 'level' => 1, 'conditions' => array (...)), 105 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' <span id="', 'line' => 17, 'column' => 1, 'length' => 14, 'level' => 1, 'conditions' => array (...)), 106 => array ('code' => 379, 'type' => 'T_OPEN_TAG', 'content' => '<?php ', 'line' => 17, 'column' => 15, 'length' => 6, 'level' => 1, 'conditions' => array (...)), 107 => array ('code' => 266, 'type' => 'T_PRINT', 'content' => 'print', 'line' => 17, 'column' => 21, 'length' => 5, 'level' => 1, 'conditions' => array (...)), 108 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 17, 'column' => 26, 'length' => 1, 'level' => 1, 'conditions' => array (...)), 109 => array ('code' => 320, 'type' => 'T_VARIABLE', 'content' => '$blog_id', 'line' => 17, 'column' => 27, 'length' => 8, 'level' => 1, 'conditions' => array (...)), 110 => array ('type' => 'T_SEMICOLON', 'code' => 'PHPCS_T_SEMICOLON', 'content' => ';', 'line' => 17, 'column' => 35, 'length' => 1, 'level' => 1, 'conditions' => array (...)), 111 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 17, 'column' => 36, 'length' => 1, 'level' => 1, 'conditions' => array (...)), 112 => array ('code' => 381, 'type' => 'T_CLOSE_TAG', 'content' => '?>', 'line' => 17, 'column' => 37, 'length' => 2, 'level' => 1, 'conditions' => array (...)), 113 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => '" class="header-offset"></span>\n', 'line' => 17, 'column' => 39, 'length' => 31, 'level' => 1, 'conditions' => array (...)), 114 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' ', 'line' => 18, 'column' => 1, 'length' => 4, 'level' => 1, 'conditions' => array (...)), 115 => array ('code' => 379, 'type' => 'T_OPEN_TAG', 'content' => '<?php ', 'line' => 18, 'column' => 5, 'length' => 6, 'level' => 1, 'conditions' => array (...)), 116 => array ('code' => 334, 'type' => 'T_FOREACH', 'content' => 'foreach', 'line' => 18, 'column' => 11, 'length' => 7, 'parenthesis_opener' => 118, 'parenthesis_closer' => 124, 'parenthesis_owner' => 116, 'scope_condition' => 116, 'scope_opener' => 125, 'scope_closer' => 243, 'level' => 1, 'conditions' => array (...)), 117 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 18, 'column' => 18, 'length' => 1, 'level' => 1, 'conditions' => array (...)), 118 => array ('type' => 'T_OPEN_PARENTHESIS', 'code' => 'PHPCS_T_OPEN_PARENTHESIS', 'content' => '(', 'line' => 18, 'column' => 19, 'length' => 1, 'parenthesis_opener' => 118, 'parenthesis_owner' => 116, 'parenthesis_closer' => 124, 'level' => 1, 'conditions' => array (...)), 119 => array ('code' => 320, 'type' => 'T_VARIABLE', 'content' => '$blog_posts', 'line' => 18, 'column' => 20, 'length' => 11, 'nested_parenthesis' => array (...), 'level' => 1, 'conditions' => array (...)), 120 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 18, 'column' => 31, 'length' => 1, 'nested_parenthesis' => array (...), 'level' => 1, 'conditions' => array (...)), 121 => array ('code' => 338, 'type' => 'T_AS', 'content' => 'as', 'line' => 18, 'column' => 32, 'length' => 2, 'nested_parenthesis' => array (...), 'level' => 1, 'conditions' => array (...)), 122 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 18, 'column' => 34, 'length' => 1, 'nested_parenthesis' => array (...), 'level' => 1, 'conditions' => array (...)), 123 => array ('code' => 320, 'type' => 'T_VARIABLE', 'content' => '$post', 'line' => 18, 'column' => 35, 'length' => 5, 'nested_parenthesis' => array (...), 'level' => 1, 'conditions' => array (...)), 124 => array ('type' => 'T_CLOSE_PARENTHESIS', 'code' => 'PHPCS_T_CLOSE_PARENTHESIS', 'content' => ')', 'line' => 18, 'column' => 40, 'length' => 1, 'parenthesis_owner' => 116, 'parenthesis_opener' => 118, 'parenthesis_closer' => 124, 'level' => 1, 'conditions' => array (...)), 125 => array ('type' => 'T_COLON', 'code' => 'PHPCS_T_COLON', 'content' => ':', 'line' => 18, 'column' => 41, 'length' => 1, 'scope_condition' => 116, 'scope_opener' => 125, 'scope_closer' => 243, 'level' => 1, 'conditions' => array (...)), 126 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 18, 'column' => 42, 'length' => 1, 'level' => 2, 'conditions' => array (...)), 127 => array ('type' => 'T_CLOSE_TAG', 'code' => 381, 'content' => '?>\n', 'line' => 18, 'column' => 43, 'length' => 2, 'level' => 2, 'conditions' => array (...)), 128 => array ('code' => 321, 'type' => 'T_INLINE_HTML', 'content' => ' ', 'line' => 19, 'column' => 1, 'length' => 6, 'level' => 2, 'conditions' => array (...)), 129 => array ('code' => 379, 'type' => 'T_OPEN_TAG', 'content' => '<?php ', 'line' => 19, 'column' => 7, 'length' => 6, 'level' => 2, 'conditions' => array (...)), 130 => array ('code' => 327, 'type' => 'T_IF', 'content' => 'if', 'line' => 19, 'column' => 13, 'length' => 2, 'parenthesis_opener' => 132, 'parenthesis_closer' => 134, 'parenthesis_owner' => 130, 'scope_condition' => 130, 'scope_opener' => 135, 'scope_closer' => 169, 'level' => 2, 'conditions' => array (...)), 131 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 19, 'column' => 15, 'length' => 1, 'level' => 2, 'conditions' => array (...)), 132 => array ('type' => 'T_OPEN_PARENTHESIS', 'code' => 'PHPCS_T_OPEN_PARENTHESIS', 'content' => '(', 'line' => 19, 'column' => 16, 'length' => 1, 'parenthesis_opener' => 132, 'parenthesis_owner' => 130, 'parenthesis_closer' => 134, 'level' => 2, 'conditions' => array (...)), 133 => array ('code' => 320, 'type' => 'T_VARIABLE', 'content' => '$in_page_navigation', 'line' => 19, 'column' => 17, 'length' => 19, 'nested_parenthesis' => array (...), 'level' => 2, 'conditions' => array (...)), 134 => array ('type' => 'T_CLOSE_PARENTHESIS', 'code' => 'PHPCS_T_CLOSE_PARENTHESIS', 'content' => ')', 'line' => 19, 'column' => 36, 'length' => 1, 'parenthesis_owner' => 130, 'parenthesis_opener' => 132, 'parenthesis_closer' => 134, 'level' => 2, 'conditions' => array (...)), 135 => array ('type' => 'T_COLON', 'code' => 'PHPCS_T_COLON', 'content' => ':', 'line' => 19, 'column' => 37, 'length' => 1, 'scope_condition' => 130, 'scope_opener' => 135, 'scope_closer' => 169, 'level' => 2, 'conditions' => array (...)), 136 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 19, 'column' => 38, 'length' => 1, 'level' => 3, 'conditions' => array (...)), 137 => array ('type' => 'T_CLOSE_TAG', 'code' => 381, 'content' => '?>\n', 'line' => 19, 'column' => 39, 'length' => 2, 'level' => 3, 'conditions' => array (...)), 138 => array ('code' => 321, 'type' => 'T_INLINE_HTML', 'content' => ' <a href="', 'line' => 20, 'column' => 1, 'length' => 17, 'level' => 3, 'conditions' => array (...)), 139 => array ('code' => 379, 'type' => 'T_OPEN_TAG', 'content' => '<?php ', 'line' => 20, 'column' => 18, 'length' => 6, 'level' => 3, 'conditions' => array (...)), 140 => array ('code' => 266, 'type' => 'T_PRINT', 'content' => 'print', 'line' => 20, 'column' => 24, 'length' => 5, 'level' => 3, 'conditions' => array (...)), 141 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 20, 'column' => 29, 'length' => 1, 'level' => 3, 'conditions' => array (...)), 142 => array ('code' => 320, 'type' => 'T_VARIABLE', 'content' => '$url', 'line' => 20, 'column' => 30, 'length' => 4, 'level' => 3, 'conditions' => array (...)), 143 => array ('type' => 'T_SEMICOLON', 'code' => 'PHPCS_T_SEMICOLON', 'content' => ';', 'line' => 20, 'column' => 34, 'length' => 1, 'level' => 3, 'conditions' => array (...)), 144 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 20, 'column' => 35, 'length' => 1, 'level' => 3, 'conditions' => array (...)), 145 => array ('code' => 381, 'type' => 'T_CLOSE_TAG', 'content' => '?>', 'line' => 20, 'column' => 36, 'length' => 2, 'level' => 3, 'conditions' => array (...)), 146 => array ('code' => 321, 'type' => 'T_INLINE_HTML', 'content' => '?b=', 'line' => 20, 'column' => 38, 'length' => 3, 'level' => 3, 'conditions' => array (...)), 147 => array ('code' => 379, 'type' => 'T_OPEN_TAG', 'content' => '<?php ', 'line' => 20, 'column' => 41, 'length' => 6, 'level' => 3, 'conditions' => array (...)), 148 => array ('code' => 266, 'type' => 'T_PRINT', 'content' => 'print', 'line' => 20, 'column' => 47, 'length' => 5, 'level' => 3, 'conditions' => array (...)), 149 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 20, 'column' => 52, 'length' => 1, 'level' => 3, 'conditions' => array (...)), 150 => array ('code' => 320, 'type' => 'T_VARIABLE', 'content' => '$post', 'line' => 20, 'column' => 53, 'length' => 5, 'level' => 3, 'conditions' => array (...)), 151 => array ('code' => 366, 'type' => 'T_OBJECT_OPERATOR', 'content' => '->', 'line' => 20, 'column' => 58, 'length' => 2, 'level' => 3, 'conditions' => array (...)), 152 => array ('content' => 'id', 'code' => 319, 'type' => 'T_STRING', 'line' => 20, 'column' => 60, 'length' => 2, 'level' => 3, 'conditions' => array (...)), 153 => array ('type' => 'T_SEMICOLON', 'code' => 'PHPCS_T_SEMICOLON', 'content' => ';', 'line' => 20, 'column' => 62, 'length' => 1, 'level' => 3, 'conditions' => array (...)), 154 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 20, 'column' => 63, 'length' => 1, 'level' => 3, 'conditions' => array (...)), 155 => array ('code' => 381, 'type' => 'T_CLOSE_TAG', 'content' => '?>', 'line' => 20, 'column' => 64, 'length' => 2, 'level' => 3, 'conditions' => array (...)), 156 => array ('code' => 321, 'type' => 'T_INLINE_HTML', 'content' => '#', 'line' => 20, 'column' => 66, 'length' => 1, 'level' => 3, 'conditions' => array (...)), 157 => array ('code' => 379, 'type' => 'T_OPEN_TAG', 'content' => '<?php ', 'line' => 20, 'column' => 67, 'length' => 6, 'level' => 3, 'conditions' => array (...)), 158 => array ('code' => 266, 'type' => 'T_PRINT', 'content' => 'print', 'line' => 20, 'column' => 73, 'length' => 5, 'level' => 3, 'conditions' => array (...)), 159 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 20, 'column' => 78, 'length' => 1, 'level' => 3, 'conditions' => array (...)), 160 => array ('code' => 320, 'type' => 'T_VARIABLE', 'content' => '$post', 'line' => 20, 'column' => 79, 'length' => 5, 'level' => 3, 'conditions' => array (...)), 161 => array ('code' => 366, 'type' => 'T_OBJECT_OPERATOR', 'content' => '->', 'line' => 20, 'column' => 84, 'length' => 2, 'level' => 3, 'conditions' => array (...)), 162 => array ('content' => 'id', 'code' => 319, 'type' => 'T_STRING', 'line' => 20, 'column' => 86, 'length' => 2, 'level' => 3, 'conditions' => array (...)), 163 => array ('type' => 'T_SEMICOLON', 'code' => 'PHPCS_T_SEMICOLON', 'content' => ';', 'line' => 20, 'column' => 88, 'length' => 1, 'level' => 3, 'conditions' => array (...)), 164 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 20, 'column' => 89, 'length' => 1, 'level' => 3, 'conditions' => array (...)), 165 => array ('code' => 381, 'type' => 'T_CLOSE_TAG', 'content' => '?>', 'line' => 20, 'column' => 90, 'length' => 2, 'level' => 3, 'conditions' => array (...)), 166 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => '">\n', 'line' => 20, 'column' => 92, 'length' => 2, 'level' => 3, 'conditions' => array (...)), 167 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' ', 'line' => 21, 'column' => 1, 'length' => 6, 'level' => 3, 'conditions' => array (...)), 168 => array ('code' => 379, 'type' => 'T_OPEN_TAG', 'content' => '<?php ', 'line' => 21, 'column' => 7, 'length' => 6, 'level' => 3, 'conditions' => array (...)), 169 => array ('code' => 309, 'type' => 'T_ELSE', 'content' => 'else', 'line' => 21, 'column' => 13, 'length' => 4, 'scope_condition' => 169, 'scope_opener' => 170, 'scope_closer' => 186, 'level' => 2, 'conditions' => array (...)), 170 => array ('type' => 'T_COLON', 'code' => 'PHPCS_T_COLON', 'content' => ':', 'line' => 21, 'column' => 17, 'length' => 1, 'scope_condition' => 169, 'scope_opener' => 170, 'scope_closer' => 186, 'level' => 2, 'conditions' => array (...)), 171 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 21, 'column' => 18, 'length' => 1, 'level' => 3, 'conditions' => array (...)), 172 => array ('type' => 'T_CLOSE_TAG', 'code' => 381, 'content' => '?>\n', 'line' => 21, 'column' => 19, 'length' => 2, 'level' => 3, 'conditions' => array (...)), 173 => array ('code' => 321, 'type' => 'T_INLINE_HTML', 'content' => ' <a href="', 'line' => 22, 'column' => 1, 'length' => 17, 'level' => 3, 'conditions' => array (...)), 174 => array ('code' => 379, 'type' => 'T_OPEN_TAG', 'content' => '<?php ', 'line' => 22, 'column' => 18, 'length' => 6, 'level' => 3, 'conditions' => array (...)), 175 => array ('code' => 266, 'type' => 'T_PRINT', 'content' => 'print', 'line' => 22, 'column' => 24, 'length' => 5, 'level' => 3, 'conditions' => array (...)), 176 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 22, 'column' => 29, 'length' => 1, 'level' => 3, 'conditions' => array (...)), 177 => array ('code' => 320, 'type' => 'T_VARIABLE', 'content' => '$post', 'line' => 22, 'column' => 30, 'length' => 5, 'level' => 3, 'conditions' => array (...)), 178 => array ('code' => 366, 'type' => 'T_OBJECT_OPERATOR', 'content' => '->', 'line' => 22, 'column' => 35, 'length' => 2, 'level' => 3, 'conditions' => array (...)), 179 => array ('content' => 'url', 'code' => 319, 'type' => 'T_STRING', 'line' => 22, 'column' => 37, 'length' => 3, 'level' => 3, 'conditions' => array (...)), 180 => array ('type' => 'T_SEMICOLON', 'code' => 'PHPCS_T_SEMICOLON', 'content' => ';', 'line' => 22, 'column' => 40, 'length' => 1, 'level' => 3, 'conditions' => array (...)), 181 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 22, 'column' => 41, 'length' => 1, 'level' => 3, 'conditions' => array (...)), 182 => array ('code' => 381, 'type' => 'T_CLOSE_TAG', 'content' => '?>', 'line' => 22, 'column' => 42, 'length' => 2, 'level' => 3, 'conditions' => array (...)), 183 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => '">\n', 'line' => 22, 'column' => 44, 'length' => 2, 'level' => 3, 'conditions' => array (...)), 184 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' ', 'line' => 23, 'column' => 1, 'length' => 6, 'level' => 3, 'conditions' => array (...)), 185 => array ('code' => 379, 'type' => 'T_OPEN_TAG', 'content' => '<?php ', 'line' => 23, 'column' => 7, 'length' => 6, 'level' => 3, 'conditions' => array (...)), 186 => array ('code' => 310, 'type' => 'T_ENDIF', 'content' => 'endif', 'line' => 23, 'column' => 13, 'length' => 5, 'scope_condition' => 169, 'scope_opener' => 170, 'scope_closer' => 186, 'level' => 2, 'conditions' => array (...)), 187 => array ('type' => 'T_SEMICOLON', 'code' => 'PHPCS_T_SEMICOLON', 'content' => ';', 'line' => 23, 'column' => 18, 'length' => 1, 'level' => 2, 'conditions' => array (...)), 188 => array ('type' => 'T_CLOSE_TAG', 'code' => 381, 'content' => '?>\n', 'line' => 23, 'column' => 19, 'length' => 2, 'level' => 2, 'conditions' => array (...)), 189 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' <header class="module-container main-bg-color">\n', 'line' => 24, 'column' => 1, 'length' => 55, 'level' => 2, 'conditions' => array (...)), 190 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' <div class="cf module-block">\n', 'line' => 25, 'column' => 1, 'length' => 39, 'level' => 2, 'conditions' => array (...)), 191 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' <h1 class="margin-top pad-all">', 'line' => 26, 'column' => 1, 'length' => 43, 'level' => 2, 'conditions' => array (...)), 192 => array ('code' => 379, 'type' => 'T_OPEN_TAG', 'content' => '<?php ', 'line' => 26, 'column' => 44, 'length' => 6, 'level' => 2, 'conditions' => array (...)), 193 => array ('code' => 266, 'type' => 'T_PRINT', 'content' => 'print', 'line' => 26, 'column' => 50, 'length' => 5, 'level' => 2, 'conditions' => array (...)), 194 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 26, 'column' => 55, 'length' => 1, 'level' => 2, 'conditions' => array (...)), 195 => array ('code' => 320, 'type' => 'T_VARIABLE', 'content' => '$post', 'line' => 26, 'column' => 56, 'length' => 5, 'level' => 2, 'conditions' => array (...)), 196 => array ('code' => 366, 'type' => 'T_OBJECT_OPERATOR', 'content' => '->', 'line' => 26, 'column' => 61, 'length' => 2, 'level' => 2, 'conditions' => array (...)), 197 => array ('content' => 'title', 'code' => 319, 'type' => 'T_STRING', 'line' => 26, 'column' => 63, 'length' => 5, 'level' => 2, 'conditions' => array (...)), 198 => array ('type' => 'T_SEMICOLON', 'code' => 'PHPCS_T_SEMICOLON', 'content' => ';', 'line' => 26, 'column' => 68, 'length' => 1, 'level' => 2, 'conditions' => array (...)), 199 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 26, 'column' => 69, 'length' => 1, 'level' => 2, 'conditions' => array (...)), 200 => array ('code' => 381, 'type' => 'T_CLOSE_TAG', 'content' => '?>', 'line' => 26, 'column' => 70, 'length' => 2, 'level' => 2, 'conditions' => array (...)), 201 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => '</h1>\n', 'line' => 26, 'column' => 72, 'length' => 5, 'level' => 2, 'conditions' => array (...)), 202 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' <div class="c-m-6 pad-all no-pad-top">\n', 'line' => 27, 'column' => 1, 'length' => 50, 'level' => 2, 'conditions' => array (...)), 203 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' <h3>', 'line' => 28, 'column' => 1, 'length' => 18, 'level' => 2, 'conditions' => array (...)), 204 => array ('code' => 379, 'type' => 'T_OPEN_TAG', 'content' => '<?php ', 'line' => 28, 'column' => 19, 'length' => 6, 'level' => 2, 'conditions' => array (...)), 205 => array ('code' => 266, 'type' => 'T_PRINT', 'content' => 'print', 'line' => 28, 'column' => 25, 'length' => 5, 'level' => 2, 'conditions' => array (...)), 206 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 28, 'column' => 30, 'length' => 1, 'level' => 2, 'conditions' => array (...)), 207 => array ('code' => 320, 'type' => 'T_VARIABLE', 'content' => '$post', 'line' => 28, 'column' => 31, 'length' => 5, 'level' => 2, 'conditions' => array (...)), 208 => array ('code' => 366, 'type' => 'T_OBJECT_OPERATOR', 'content' => '->', 'line' => 28, 'column' => 36, 'length' => 2, 'level' => 2, 'conditions' => array (...)), 209 => array ('content' => 'subtitle', 'code' => 319, 'type' => 'T_STRING', 'line' => 28, 'column' => 38, 'length' => 8, 'level' => 2, 'conditions' => array (...)), 210 => array ('type' => 'T_SEMICOLON', 'code' => 'PHPCS_T_SEMICOLON', 'content' => ';', 'line' => 28, 'column' => 46, 'length' => 1, 'level' => 2, 'conditions' => array (...)), 211 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 28, 'column' => 47, 'length' => 1, 'level' => 2, 'conditions' => array (...)), 212 => array ('code' => 381, 'type' => 'T_CLOSE_TAG', 'content' => '?>', 'line' => 28, 'column' => 48, 'length' => 2, 'level' => 2, 'conditions' => array (...)), 213 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => '</h3>\n', 'line' => 28, 'column' => 50, 'length' => 5, 'level' => 2, 'conditions' => array (...)), 214 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' </div>\n', 'line' => 29, 'column' => 1, 'length' => 18, 'level' => 2, 'conditions' => array (...)), 215 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' </div>\n', 'line' => 30, 'column' => 1, 'length' => 16, 'level' => 2, 'conditions' => array (...)), 216 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' <div class="module-block">\n', 'line' => 31, 'column' => 1, 'length' => 36, 'level' => 2, 'conditions' => array (...)), 217 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' ', 'line' => 32, 'column' => 1, 'length' => 12, 'level' => 2, 'conditions' => array (...)), 218 => array ('code' => 379, 'type' => 'T_OPEN_TAG', 'content' => '<?php ', 'line' => 32, 'column' => 13, 'length' => 6, 'level' => 2, 'conditions' => array (...)), 219 => array ('code' => 266, 'type' => 'T_PRINT', 'content' => 'print', 'line' => 32, 'column' => 19, 'length' => 5, 'level' => 2, 'conditions' => array (...)), 220 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 32, 'column' => 24, 'length' => 1, 'level' => 2, 'conditions' => array (...)), 221 => array ('code' => 320, 'type' => 'T_VARIABLE', 'content' => '$post', 'line' => 32, 'column' => 25, 'length' => 5, 'level' => 2, 'conditions' => array (...)), 222 => array ('code' => 366, 'type' => 'T_OBJECT_OPERATOR', 'content' => '->', 'line' => 32, 'column' => 30, 'length' => 2, 'level' => 2, 'conditions' => array (...)), 223 => array ('content' => 'rich_media_file', 'code' => 319, 'type' => 'T_STRING', 'line' => 32, 'column' => 32, 'length' => 15, 'level' => 2, 'conditions' => array (...)), 224 => array ('code' => 366, 'type' => 'T_OBJECT_OPERATOR', 'content' => '->', 'line' => 32, 'column' => 47, 'length' => 2, 'level' => 2, 'conditions' => array (...)), 225 => array ('content' => 'render', 'code' => 319, 'type' => 'T_STRING', 'line' => 32, 'column' => 49, 'length' => 6, 'level' => 2, 'conditions' => array (...)), 226 => array ('type' => 'T_OPEN_PARENTHESIS', 'code' => 'PHPCS_T_OPEN_PARENTHESIS', 'content' => '(', 'line' => 32, 'column' => 55, 'length' => 1, 'parenthesis_opener' => 226, 'parenthesis_closer' => 234, 'level' => 2, 'conditions' => array (...)), 227 => array ('type' => 'T_OPEN_SHORT_ARRAY', 'code' => 'PHPCS_T_OPEN_SHORT_ARRAY', 'content' => '[', 'line' => 32, 'column' => 56, 'length' => 1, 'bracket_opener' => 227, 'bracket_closer' => 233, 'nested_parenthesis' => array (...), 'level' => 2, 'conditions' => array (...)), 228 => array ('code' => 323, 'type' => 'T_CONSTANT_ENCAPSED_STRING', 'content' => '\'style\'', 'line' => 32, 'column' => 57, 'length' => 7, 'nested_parenthesis' => array (...), 'level' => 2, 'conditions' => array (...)), 229 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 32, 'column' => 64, 'length' => 1, 'nested_parenthesis' => array (...), 'level' => 2, 'conditions' => array (...)), 230 => array ('code' => 268, 'type' => 'T_DOUBLE_ARROW', 'content' => '=>', 'line' => 32, 'column' => 65, 'length' => 2, 'nested_parenthesis' => array (...), 'level' => 2, 'conditions' => array (...)), 231 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 32, 'column' => 67, 'length' => 1, 'nested_parenthesis' => array (...), 'level' => 2, 'conditions' => array (...)), 232 => array ('code' => 323, 'type' => 'T_CONSTANT_ENCAPSED_STRING', 'content' => '\'gallery\'', 'line' => 32, 'column' => 68, 'length' => 9, 'nested_parenthesis' => array (...), 'level' => 2, 'conditions' => array (...)), 233 => array ('type' => 'T_CLOSE_SHORT_ARRAY', 'code' => 'PHPCS_T_CLOSE_SHORT_ARRAY', 'content' => ']', 'line' => 32, 'column' => 77, 'length' => 1, 'bracket_opener' => 227, 'bracket_closer' => 233, 'nested_parenthesis' => array (...), 'level' => 2, 'conditions' => array (...)), 234 => array ('type' => 'T_CLOSE_PARENTHESIS', 'code' => 'PHPCS_T_CLOSE_PARENTHESIS', 'content' => ')', 'line' => 32, 'column' => 78, 'length' => 1, 'parenthesis_opener' => 226, 'parenthesis_closer' => 234, 'level' => 2, 'conditions' => array (...)), 235 => array ('type' => 'T_SEMICOLON', 'code' => 'PHPCS_T_SEMICOLON', 'content' => ';', 'line' => 32, 'column' => 79, 'length' => 1, 'level' => 2, 'conditions' => array (...)), 236 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 32, 'column' => 80, 'length' => 1, 'level' => 2, 'conditions' => array (...)), 237 => array ('type' => 'T_CLOSE_TAG', 'code' => 381, 'content' => '?>\n', 'line' => 32, 'column' => 81, 'length' => 2, 'level' => 2, 'conditions' => array (...)), 238 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' </div>\n', 'line' => 33, 'column' => 1, 'length' => 16, 'level' => 2, 'conditions' => array (...)), 239 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' </header>\n', 'line' => 34, 'column' => 1, 'length' => 17, 'level' => 2, 'conditions' => array (...)), 240 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' </a>\n', 'line' => 35, 'column' => 1, 'length' => 10, 'level' => 2, 'conditions' => array (...)), 241 => array ('type' => 'T_INLINE_HTML', 'code' => 321, 'content' => ' ', 'line' => 36, 'column' => 1, 'length' => 4, 'level' => 2, 'conditions' => array (...)), 242 => array ('code' => 379, 'type' => 'T_OPEN_TAG', 'content' => '<?php ', 'line' => 36, 'column' => 5, 'length' => 6, 'level' => 2, 'conditions' => array (...)), 243 => array ('code' => 335, 'type' => 'T_ENDFOREACH', 'content' => 'endforeach', 'line' => 36, 'column' => 11, 'length' => 10, 'scope_condition' => 116, 'scope_opener' => 125, 'scope_closer' => 243, 'level' => 1, 'conditions' => array (...)), 244 => array ('type' => 'T_SEMICOLON', 'code' => 'PHPCS_T_SEMICOLON', 'content' => ';', 'line' => 36, 'column' => 21, 'length' => 1, 'level' => 1, 'conditions' => array (...)), 245 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 36, 'column' => 22, 'length' => 1, 'level' => 1, 'conditions' => array (...)), 246 => array ('type' => 'T_CLOSE_TAG', 'code' => 381, 'content' => '?>\n', 'line' => 36, 'column' => 23, 'length' => 2, 'level' => 1, 'conditions' => array (...)), 247 => array ('code' => 321, 'type' => 'T_INLINE_HTML', 'content' => ' ', 'line' => 37, 'column' => 1, 'length' => 4, 'level' => 1, 'conditions' => array (...)), 248 => array ('code' => 379, 'type' => 'T_OPEN_TAG', 'content' => '<?php ', 'line' => 37, 'column' => 5, 'length' => 6, 'level' => 1, 'conditions' => array (...)), 249 => array ('code' => 327, 'type' => 'T_IF', 'content' => 'if', 'line' => 37, 'column' => 11, 'length' => 2, 'parenthesis_opener' => 251, 'parenthesis_closer' => 253, 'parenthesis_owner' => 249, 'scope_condition' => 249, 'scope_opener' => 254, 'scope_closer' => 362, 'level' => 1, 'conditions' => array (...)), 250 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 37, 'column' => 13, 'length' => 1, 'level' => 1, 'conditions' => array (...)), 251 => array ('type' => 'T_OPEN_PARENTHESIS', 'code' => 'PHPCS_T_OPEN_PARENTHESIS', 'content' => '(', 'line' => 37, 'column' => 14, 'length' => 1, 'parenthesis_opener' => 251, 'parenthesis_owner' => 249, 'parenthesis_closer' => 253, 'level' => 1, 'conditions' => array (...)), 252 => array ('code' => 320, 'type' => 'T_VARIABLE', 'content' => '$pagination', 'line' => 37, 'column' => 15, 'length' => 11, 'nested_parenthesis' => array (...), 'level' => 1, 'conditions' => array (...)), 253 => array ('type' => 'T_CLOSE_PARENTHESIS', 'code' => 'PHPCS_T_CLOSE_PARENTHESIS', 'content' => ')', 'line' => 37, 'column' => 26, 'length' => 1, 'parenthesis_owner' => 249, 'parenthesis_opener' => 251, 'parenthesis_closer' => 253, 'level' => 1, 'conditions' => array (...)), 254 => array ('type' => 'T_COLON', 'code' => 'PHPCS_T_COLON', 'content' => ':', 'line' => 37, 'column' => 27, 'length' => 1, 'scope_condition' => 249, 'scope_opener' => 254, 'scope_closer' => 362, 'level' => 1, 'conditions' => array (...)), 255 => array ('code' => 382, 'type' => 'T_WHITESPACE', 'content' => ' ', 'line' => 37, 'column' => 28, 'length' => 1, 'level' => 2, 'conditions' => array (...)), ...); private $_errors = array (); private $_warnings = array (4 => array (27 => array (...)), 7 => array (30 => array (...), 56 => array (...)), 9 => array (30 => array (...)), 17 => array (27 => array (...)), 20 => array (30 => array (...), 53 => array (...), 79 => array (...))); private $_metrics = array (); private $_recordErrors = TRUE; private $_ignoredListeners = array ('Security_Sniffs_Drupal7_AdvisoriesCoreSniff' => TRUE, 'Security_Sniffs_Drupal7_AdvisoriesContribSniff' => TRUE); private $_ignoredCodes = array (); private $_errorCount = 0; private $_warningCount = 8; private $_fixableCount = 0; private $_listeners = array (319 => array ('Security_Sniffs_BadFunctions_AssertsSniff' => array (...), 'Security_Sniffs_BadFunctions_CallbackFunctionsSniff' => array (...), 'Security_Sniffs_BadFunctions_CryptoFunctionsSniff' => array (...), 'Security_Sniffs_BadFunctions_ErrorHandlingSniff' => array (...), 'Security_Sniffs_BadFunctions_FilesystemFunctionsSniff' => array (...), 'Security_Sniffs_BadFunctions_FringeFunctionsSniff' => array (...), 'Security_Sniffs_BadFunctions_FunctionHandlingFunctionsSniff' => array (...), 'Security_Sniffs_BadFunctions_MysqliSniff' => array (...), 'Security_Sniffs_BadFunctions_PhpinfosSniff' => array (...), 'Security_Sniffs_BadFunctions_PregReplaceSniff' => array (...), 'Security_Sniffs_BadFunctions_SQLFunctionsSniff' => array (...), 'Security_Sniffs_BadFunctions_SystemExecFunctionsSniff' => array (...), 'Security_Sniffs_CVE_20132110Sniff' => array (...), 'Security_Sniffs_CVE_20134113Sniff' => array (...), 'Security_Sniffs_Drupal7_SQLiSniff' => array (...), 'Security_Sniffs_Drupal7_UserInputWatchSniff' => array (...), 'Security_Sniffs_Drupal7_DbQueryACSniff' => array (...), 'Security_Sniffs_Drupal7_DynQueriesSniff' => array (...), 'Security_Sniffs_Drupal7_CacheiSniff' => array (...), 'Security_Sniffs_Drupal7_HttpRequestSniff' => array (...)), 'PHPCS_T_BACKTICK' => array ('Security_Sniffs_BadFunctions_BackticksSniff' => array (...)), 262 => array ('Security_Sniffs_BadFunctions_EasyRFISniff' => array (...)), 261 => array ('Security_Sniffs_BadFunctions_EasyRFISniff' => array (...)), 259 => array ('Security_Sniffs_BadFunctions_EasyRFISniff' => array (...)), 258 => array ('Security_Sniffs_BadFunctions_EasyRFISniff' => array (...)), 328 => array ('Security_Sniffs_BadFunctions_EasyXSSSniff' => array (...)), 326 => array ('Security_Sniffs_BadFunctions_EasyXSSSniff' => array (...)), 266 => array ('Security_Sniffs_BadFunctions_EasyXSSSniff' => array (...)), 380 => array ('Security_Sniffs_BadFunctions_EasyXSSSniff' => array (...)), 306 => array ('Security_Sniffs_BadFunctions_MysqliSniff' => array (...)), 366 => array ('Security_Sniffs_BadFunctions_MysqliSniff' => array (...)), 260 => array ('Security_Sniffs_BadFunctions_NoEvalsSniff' => array (...)), 321 => array ('Security_Sniffs_Drupal7_AdvisoriesContribSniff' => array (...)), 323 => array ('Security_Sniffs_Drupal7_AdvisoriesCoreSniff' => array (...), 'Security_Sniffs_Drupal7_XSSPThemeSniff' => array (...), 'Security_Sniffs_Drupal7_XSSFormValueSniff' => array (...), 'Security_Sniffs_Drupal7_XSSHTMLConstructSniff' => array (...), 'Security_Sniffs_Drupal7_DbQueryACSniff' => array (...)), 'PHPCS_T_DOUBLE_QUOTED_STRING' => array ('Security_Sniffs_Drupal7_XSSPThemeSniff' => array (...), 'Security_Sniffs_Drupal7_XSSFormValueSniff' => array (...), 'Security_Sniffs_Drupal7_XSSHTMLConstructSniff' => array (...)), 320 => array ('Security_Sniffs_Drupal7_UserInputWatchSniff' => array (...))); private $_activeListener = 'Security_Sniffs_BadFunctions_EasyXSSSniff'; private $_listenerTimes = array (); protected $ruleset = array ('Security.Drupal7.UserInputWatch' => array ('properties' => array (...)), 'Security.Drupal7.DbQueryAC' => array ('properties' => array (...))) }, $stackPtr = 175) tests/vendor/squizlabs/php_codesniffer/CodeSniffer/File.php:576
Could somebody say what to do about this error:
------------------------------------------------------------------------------------------------------------------------
66 | WARNING | Potential XSS found with #value on $raw_form_input
| | (PHPCS_SecurityAudit.Drupal7.XSSFormValue.D7XSSWarFormValue)
------------------------------------------------------------------------------------------------------------------------
The error is coming from where the #value' is red:
function mymodule_file_move_form_submit_handler(array &$form, FormStateInterface $form_state) {
// Value from form select.
$raw_form_input = Xss::filter($form['uri_scheme']['markup']['#value']);
$uri_scheme = Html::escape($raw_form_input);
There's no other key I could use to get the value.
I have several classes that define an exec() method ('exec' in this case just meaning 'do something', not necessarily running a shell script), and these get flagged by phpcs-security-audit as being system exec function calls even though they aren't. It seems like it's just checking function names without considering the namespace or whether they are actually global exec function calls.
Is there a summary what these sniffs mean, and how to resolve them?
Thanks.
Hi,
I've just built phpcs from master 66845e0 using docker build -t phpcs .. After I'm running it with docker run -i -t --rm -v "$(pwd)":/opt/mount phpcs I'm getting ERROR: Referenced sniff "Security.BadFunctions.Asserts" does not exist.
It looks like bug was introduced in c36e8c6 since I've just build & run suing the same commands but from b16843d (it's a commit right before c36e8c6) and all works OK.
I'd like to propose adding basic build testing via Travis.
Things which could be included, would, for instance, be:
composer.json file. - PR #60xsd schema. - PR #60In the future, once sniff specific tests have been added this could be expanded to also include:
Please let me know if you're interested in this and if so, if there are any other things you'd like to include or check you'd want to exclude.
for example
$local_config = __DIR__ . '/test-local.php';
if (file_exists($local_config)) {
$config = yii\helpers\ArrayHelper::merge($config, require($local_config));
}
file may be change its status ,so we also do file_exists checking before we merge this file.
i think it shouldn't be ErrMiscIncludeMismatchNoExt
The current newest release of this package was made in February 2018, and there seems to have been some development after that until December 2018. The motivation that made me create this issue was that the Packagist release 2.0.0 does not include the contents of commit 236edfc, which adds support for automatic loading of the sniffs via phpcodesniffer-composer-installer. I am pretty sure that this is a feature that also many other Composer users would like to have in their project without having to use the dev-master version of the `pheromone/phpcs-security-audit´ package.
The way the project is currently set up with the standard name being Security, but the namespace name being PHPCS_SecurityAudit is non-standard and breaks expectations.
It is the cause of issues #38 and #45 and the reason hacks like the symlink are needed, while the normal installed_paths functionality in PHPCS will not work for this standard.
I'd be willing to fix this for this project, but only if a PR to that effect would be considered welcome.
It will involve renaming all namespaces, removing the symlink and more, but can be done without breaking existing rulesets using Security.Category.SniffName references.
Would you be willing to consider such a PR ?
As partially discussed in #50, now the namespace has been fixed, sniff specific unit tests could be added based on the PHPCS native unit test framework.
I'd be willing to do the initial setup for this if it helps,.
Open questions:
Variables, constants and function calls are not included in the report if concatenated with something which has already been included. Is there any way to override this behaviour other than adding the safe constant to getXSSMitigationFunctions?
echo SAFE_CONSTANT . vulnerableFunction();
// Warning: Possible XSS detected with SAFE_CONSTANT on echoWhen reviewing the report, it can give the impression that an issue is safe when it is not.
Here are some examples from a quick test:
/**
* Warning: Possible XSS detected with CONSTANT on echo
* Warning: Possible XSS detected with $var on echo
*/
echo CONSTANT; echo $var;
/**
* Warning: Possible XSS detected with CONSTANT on echo
*/
echo CONSTANT . $var;
/**
* Error: Easy XSS detected because of direct user input with $_GET on echo
* Error: Easy XSS detected because of direct user input with $_GET on echo
*/
echo $_GET['one'] . $_GET['two'];
/**
* Warning: Possible XSS detected with $varOne on echo
*/
echo $varOne . $varTwo;
/**
* Warning: Possible XSS detected with SAFE_CONSTANT on echo
*/
echo SAFE_CONSTANT . vulnerableFunction();Many thanks
Hi!
Is it ok that the ruleset complains about every array_filter, array_map, array_reduce call? What's wrong with functions supporting callbacks when those callbacks are explicitly passed as closures?
From a fresh build of Ubuntu 20 LTS with 7.4, running composer install after cloning produces:
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.
Problem 1
- dealerdirect/phpcodesniffer-composer-installer[v0.4.1, ..., v0.6.2] require composer-plugin-api ^1.0 -> found composer-plugin-api[2.1.0] but it does not match the constraint.
- Root composer.json requires dealerdirect/phpcodesniffer-composer-installer ^0.4.1 || ^0.5 || ^0.6 -> satisfiable by dealerdirect/phpcodesniffer-composer-installer[v0.4.1, ..., v0.6.2].
You get a little further Installing with composer require --dev pheromone/phpcs-security-audit, but the Security standards are not available
smurf:/home/ubuntu/static4# composer require --dev pheromone/phpcs-security-audit
Do not run Composer as root/super user! See https://getcomposer.org/root for details
Continue as root/super user [yes]?
Using version ^2.0 for pheromone/phpcs-security-audit
./composer.json has been created
Running composer update pheromone/phpcs-security-audit
Loading composer repositories with package information
Updating dependencies
Lock file operations: 2 installs, 0 updates, 0 removals
- Locking pheromone/phpcs-security-audit (2.0.1)
- Locking squizlabs/php_codesniffer (3.6.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 2 installs, 0 updates, 0 removals
- Installing squizlabs/php_codesniffer (3.6.0): Extracting archive
- Installing pheromone/phpcs-security-audit (2.0.1): Extracting archive
Generating autoload files
smurf:/home/ubuntu/static4# vendor/bin/phpcs -i
The installed coding standards are PEAR, PSR12, Squiz, Zend, PSR1, MySource and PSR2
smurf/home/ubuntu/static4#
Since this package defines a new PHP code sniffer standard, it would be great if can define the package type as phpcodesniffer-standard, so using projects such as Dealerdirect/phpcodesniffer-composer-installer will recognize the coding standards automatically.
See: Developing Coding Standards.
Related: PHPCSStandards/composer-installer/issues/47
This can also help with problems as described in #2.
For example, given the following composer.json file:
{
"require": {
"dealerdirect/phpcodesniffer-composer-installer": "^0.4.4",
"drupal/coder": "^8@stable",
"pheromone/phpcs-security-audit": "1.*@stable"
}
}
After running composer install, and ./vendor/bin/phpcs -i, I can see the coding standards from drupal/coder package, but not from pheromone/phpcs-security-audit.
Hello,
In the CallbackFunctions sniff, addError and addWarning add ErrFringestuff and WarnFringestuff respectively as arguments.
I think it should be something like WarnCallbackFunctions and ErrCallbackFunctions.
Thank you !
oops didn't test that after PR #50
when trying example_drupal7_ruleset.xml getting error:
ERROR - Invalid CmsFramework value "Drupal7" in config. Must be a class under Security_Sniffs.
We just need to change UtilsFactory, I'll get to it in a few minutes.
I would like to be able to use the severity tag for specific rules in a ruleset.xml file to be able to better filter output and handle issues in stages, example:
<rule ref="Security.BadFunctions.FilesystemFunctions">
<severity>1</severity>
</rule>
This phpcs functionality does not appear to be working with phpcs-security-audit rules.
I am a windows user and trying to run this tool. I followed the instructions and everything is installed. Whenever I am trying to run "PHPCS" command, its saying that it doesn't recognize this command. May be its a path issue?
How do I run this command? Any help would be appreciated.
Thanks
The is_token_user_input function in utils blanketly categorizes $_FILES, $_SERVER, and $_ENV as direct user input. This leads to a high volume of false positives when using server generated values in these variables.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.