Idea of the sniff is to locate function/method parameter that's value is replaced within the method. This is bad idea, because any code that reads parameter value expects original value to be retrieved, but instead is getting last modified value version.
Implementation plan:
listen for T_FUNCTION token
get parameters of that function, that aren't passed by reference
lookup names of these parameters in function body and T_WHITESPACE (optional) + assignment tokens after it
P.S.
The $$var code won't be supported, because it's hard to trace back statically.
Examples
function functionName($param1, &$param2)
{
$param1 = 'new value' . $param1; // not allowed
$param2 = 'new value'; // allowed, because value is passed by reference
}
Idea of the sniff is to locate function/method parameter that's value is replaced within the method. This is bad idea, because any code that reads parameter value expects original value to be retrieved, but instead is getting last modified value version.
Implementation plan:
T_FUNCTIONtokenP.S. The
$$varcode won't be supported, because it's hard to trace back statically.Examples