Coding Standards: Final cleanup for tripal_bulk_loader; added @coder-ignore for errors to be ignored

tripal_bulk_loader/tripal_bulk_loader.admin.inc

@@ -263,11 +263,11 @@ function tripal_bulk_loader_modify_template_base_form($form_state = NULL, $mode)
         $form['records']['records-data'][$priority] = array(
           'title' => array(
             '#type' => 'markup',
-            '#value' => $table_array['record_id'],
+            '#value' => filter_xss($table_array['record_id']),
           ),
           'chado_table' => array(
             '#type' => 'markup',
-            '#value' => $table_array['table'],
+            '#value' => filter_xss($table_array['table']),
           ),
           'mode' => array(
             '#type' => 'item',
@@ -393,6 +393,7 @@ function tripal_bulk_loader_modify_template_base_form($form_state = NULL, $mode)
     '#value' => $value,
     '#weight' => 4,
   );
+
   return $form;
 }
 
@@ -2206,7 +2207,7 @@ function tripal_bulk_loader_edit_template_field_form_submit($form, &$form_state)
 function tripal_bulk_loader_add_field_ahah() {
 
   $form_state = array('storage' => NULL, 'submitted' => FALSE);
-  $form_build_id = $_POST['form_build_id'];
+  $form_build_id = filter_xss($_POST['form_build_id']);
   $form = form_get_cache($form_build_id, $form_state);
   $args = $form['#parameters'];
   $form_id = array_shift($args);
@@ -2241,7 +2242,7 @@ function tripal_bulk_loader_add_field_ahah() {
 function tripal_bulk_loader_edit_field_ahah() {
 
   $form_state = array('storage' => NULL, 'submitted' => FALSE);
-  $form_build_id = $_POST['form_build_id'];
+  $form_build_id = filter_xss($_POST['form_build_id']);
   $form = form_get_cache($form_build_id, $form_state);
   $args = $form['#parameters'];
   $form_id = array_shift($args);

tripal_bulk_loader/tripal_bulk_loader.coder_ignores.txt

@@ -0,0 +1,11 @@
+; The file should be formatted this way :
+; file:line:warning-type
+; where warning-type is one of security, style, sql, i18n, comment, etc.
+
+; all variables are filtered
+tripal_bulk_loader.admin.inc:398:security
+tripal_bulk_loader.constants.inc::260:security
+
+; doesn't need to be filtered b/c all variables set in code and not subjected to
+; user input
+tripal_bulk_loader.constants.inc:376:security

tripal_bulk_loader/tripal_bulk_loader.constants.inc

@@ -160,15 +160,15 @@ function tripal_bulk_loader_set_constants_form($form_state, $node) {
           $group = $field['group_id'];
           $form['exposed_fields']['existing'][$group][$index] = array(
             '#type' => 'markup',
-            '#value' => $field['value'],
+            '#value' => filter_xss($field['value']),
           );
         }
       }
 
       $form['exposed_fields']['existing'][$group]['delete'] = array(
         '#type' => 'markup',
-        '#value' => l(t('Edit'), 'node/' . $node->nid . '/constants/' . $group . '/edit') . '<br />'  .
-          l(t('Delete'), 'node/' . $node->nid . '/constants/' . $group . '/delete'),
+        '#value' => filter_xss(l(t('Edit'), 'node/' . $node->nid . '/constants/' . $group . '/edit') . '&nbsp&nbsp|&nbsp&nbsp'  .
+          l(t('Delete'), 'node/' . $node->nid . '/constants/' . $group . '/delete')),
       );
 
     }
@@ -364,6 +364,7 @@ function theme_tripal_bulk_loader_set_constants_form($form) {
       $i++;
     }
     //drupal_add_tabledrag('mytable', 'order', 'sibling', 'weight-group');
+    // @coder-ignore: no user input thus don't need to filter
     $form['exposed_fields']['existing'] = array(
       '#type' => 'markup',
       '#value' => theme('table', $header, $rows, array('id' => 'mytable')) . '<br />'

tripal_bulk_loader/tripal_bulk_loader.module

@@ -504,3 +504,13 @@ function tripal_bulk_loader_job_describe_args($callback, $args) {
 
 }
 
+/**
+ * Implements hook_coder_ignore().
+ * Defines the path to the file (tripal_bulk_loader.coder_ignores.txt) where ignore rules for coder are stored
+ */
+function tripal_bulk_loader_coder_ignore() {
+  return array(
+    'path' => drupal_get_path('module', 'tripal_bulk_loader'),
+    'line prefix' => drupal_get_path('module', 'tripal_bulk_loader'),
+  );
+}