Innovate faster and cut risk with PHP experts from Zend Services.
Explore Services
See How Zend Helps Leading Hosting Providers Keep Their Managed Sites on Secure PHP
Read More
Learn PHP from PHP experts with free, on-demand, and instructor led courses.
Explore Training
Submit support requests and browse self-service resources.
Explore Support
PHPCompatibility.Miscellaneous.ValidIntegers.HexNumericStringFound
We manually go through all the occurrences and decide whether it's meant to be used as a simple string or as a number. Replace valid hex numbers with integers or hexdec, add PHPCodeSniffer exceptions for the false positives.
hexdec
$value = '0xff'; if (is_numeric($value)) { }
Because the hexadecimal value is hardcoded, it might be simplest to replace it with its hardcoded decimal counterpart.
$value = 255; if (is_numeric($value)) { }
$value = $data['hex']; if (is_numeric($value)) { }
Since we don't know what the value would be in advance, we would convert it to a decimal first.
$value = hexdec($data['hex']); if (is_numeric($value)) { }
However, since we have no guarantee that $data['hex'] is a valid hexadecimal string, a more complete example would look like this. Follow the guide PSR-0 Autoloading to load the Compatibility_Php56 into the legacy project.
$data['hex']
Compatibility_Php56
final class Compatibility_Php56 { public static function hexStringToDec($value) { if (!preg_match('/^0x[0-9a-fA-F]+$/', $value)) { return 0; } return hexdec($value); } } $value = Compatibility_Php56::hexStringToDec($data['hex']); if (is_numeric($value)) { echo $value; }
We check whether it's a valid hexadecimal string. In PHP 5.6, a string that is not hexadecimal would be converted to zero, so that 1 + 'ff' would produce 1. If it's a valid hexadecimal string, we convert it to a decimal, so that 1 + '0xff' would produce 256.
1 + 'ff'
1 + '0xff'
If a string starts with 0x by pure coincidence, which is extremely rare, then we might just need to add an exception to the phpcs.xml file that is used in generating the PHPCompatibility report.
0x
phpcs.xml
<?xml version="1.0"?> <ruleset> <rule ref="PHPCompatibility.Miscellaneous.ValidIntegers.HexNumericStringFound"> <exclude-pattern>/path/to/file.php</exclude-pattern> <exclude-pattern>/path/to/folder/*.php</exclude-pattern> </rule> </ruleset>
Increase security and cut risk by simplifying PHP application upgrades and migrations.
Long Term Support buys organizations time to migrate.
