ProperEscapingFunction: allow for fully qualified function calls

In namespaced files, it is a good habit to use fully qualified function calls or `use function ...` statements for global functions to prevent PHP from looking for the function in the current namespace. As things were, fully qualified function calls would be ignored by the sniff, leading to false negatives. Tested by adjusting some existing tests.
Automattic · Apr 14, 2021 · 771cdf5 · 771cdf5
1 parent 786796d
commit 771cdf5
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 6 deletions.
diff --git a/WordPressVIPMinimum/Sniffs/Security/ProperEscapingFunctionSniff.php b/WordPressVIPMinimum/Sniffs/Security/ProperEscapingFunctionSniff.php
@@ -47,6 +47,7 @@ class ProperEscapingFunctionSniff extends Sniff {
 		T_OPEN_TAG_WITH_ECHO => T_OPEN_TAG_WITH_ECHO,
 		T_STRING_CONCAT      => T_STRING_CONCAT,
 		T_COMMA              => T_COMMA,
+		T_NS_SEPARATOR       => T_NS_SEPARATOR,
 	];
 
 	/**

diff --git a/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.inc b/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.inc
@@ -2,19 +2,19 @@
 
 echo '<a href="' . esc_attr( $some_var ) . '"></a>'; // Error.
 
-echo "<a href='" . esc_attr( $some_var ) . "'></a>"; // Error.
+echo "<a href='" . \esc_attr( $some_var ) . "'></a>"; // Error.
 
-echo '<a href="' . esc_url( $some_var ) . '"></a>'; // OK.
+echo '<a href="' . \esc_url( $some_var ) . '"></a>'; // OK.
 
 echo "<a href='" . esc_url( $some_var ) . "'></a>"; // OK.
 
 echo '<a title="' . esc_attr( $some_var ) . '"></a>'; // OK.
 
-echo "<a title='" . esc_attr( $some_var ) . "'></a>"; // OK.
+echo "<a title='" . \esc_attr( $some_var ) . "'></a>"; // OK.
 
 echo '<a title="' . esc_html_x( $some_var ) . '"></a>'; // Error.
 
-echo "<a title='" . esc_html( $some_var ) . "'></a>"; // Error.
+echo "<a title='" . \esc_html( $some_var ) . "'></a>"; // Error.
 
 ?>
 
@@ -61,7 +61,7 @@ Test
 
 <h1><?php echo esc_attr__( $title, 'domain' ); ?></h1> <!-- Error --> ?>
 <?php echo '<h1>' . esc_attr__( $some_var, 'domain' ) . '</h1>'; // Error.
-echo '<h1>',      esc_attr_x( $title, 'domain' ), '</h1>'; // Error.
+echo '<h1>',      \esc_attr_x( $title, 'domain' ), '</h1>'; // Error.
 echo "<$tag>  " , esc_attr( $test ) , "</$tag>"; // Error.
 ?>
 <h1> <?php echo esc_attr( $title ) . '</h1>'; ?> // Error.
@@ -72,7 +72,7 @@ echo "<$tag>  " , esc_attr( $test ) , "</$tag>"; // Error.
 echo "<{$tag}>" . esc_attr( $tag_content ) . "</{$tag}>"; // Error.
 echo "<$tag" . '   >' . esc_attr( $tag_content ) . "</$tag>"; // Error.
 echo '<div class=\'' . esc_html($class) . '\'>'; // Error.
-echo "<div class=\"" . esc_html__($class) . '">'; // Error.
+echo "<div class=\"" . \esc_html__($class) . '">'; // Error.
 echo "<div $someAttribute class=\"" . esc_html($class) . '">'; // Error.
 echo '<a href=\'' . esc_html($url) . '\'>'; // Error.
 echo "<img src=\"" . esc_html($src) . '"/>'; // Error.