From 771cdf5f84132eea788dfa407a7f64c1bd1d79c2 Mon Sep 17 00:00:00 2001
From: jrfnl <jrfnl@users.noreply.github.com>
Date: Wed, 14 Apr 2021 16:06:59 +0200
Subject: [PATCH] ProperEscapingFunction: allow for fully qualified function
 calls

In namespaced files, it is a good habit to use fully qualified function calls or `use function ...` statements for global functions to prevent PHP from looking for the function in the current namespace.

As things were, fully qualified function calls would be ignored by the sniff, leading to false negatives.

Tested by adjusting some existing tests.
---
 .../Sniffs/Security/ProperEscapingFunctionSniff.php  |  1 +
 .../Security/ProperEscapingFunctionUnitTest.inc      | 12 ++++++------
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/WordPressVIPMinimum/Sniffs/Security/ProperEscapingFunctionSniff.php b/WordPressVIPMinimum/Sniffs/Security/ProperEscapingFunctionSniff.php
index 2c205a79..2f9dc198 100644
--- a/WordPressVIPMinimum/Sniffs/Security/ProperEscapingFunctionSniff.php
+++ b/WordPressVIPMinimum/Sniffs/Security/ProperEscapingFunctionSniff.php
@@ -47,6 +47,7 @@ class ProperEscapingFunctionSniff extends Sniff {
 		T_OPEN_TAG_WITH_ECHO => T_OPEN_TAG_WITH_ECHO,
 		T_STRING_CONCAT      => T_STRING_CONCAT,
 		T_COMMA              => T_COMMA,
+		T_NS_SEPARATOR       => T_NS_SEPARATOR,
 	];
 
 	/**
diff --git a/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.inc b/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.inc
index 510a75e1..a0ff39cc 100644
--- a/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.inc
+++ b/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.inc
@@ -2,19 +2,19 @@
 
 echo '<a href="' . esc_attr( $some_var ) . '"></a>'; // Error.
 
-echo "<a href='" . esc_attr( $some_var ) . "'></a>"; // Error.
+echo "<a href='" . \esc_attr( $some_var ) . "'></a>"; // Error.
 
-echo '<a href="' . esc_url( $some_var ) . '"></a>'; // OK.
+echo '<a href="' . \esc_url( $some_var ) . '"></a>'; // OK.
 
 echo "<a href='" . esc_url( $some_var ) . "'></a>"; // OK.
 
 echo '<a title="' . esc_attr( $some_var ) . '"></a>'; // OK.
 
-echo "<a title='" . esc_attr( $some_var ) . "'></a>"; // OK.
+echo "<a title='" . \esc_attr( $some_var ) . "'></a>"; // OK.
 
 echo '<a title="' . esc_html_x( $some_var ) . '"></a>'; // Error.
 
-echo "<a title='" . esc_html( $some_var ) . "'></a>"; // Error.
+echo "<a title='" . \esc_html( $some_var ) . "'></a>"; // Error.
 
 ?>
 
@@ -61,7 +61,7 @@ Test
 
 <h1><?php echo esc_attr__( $title, 'domain' ); ?></h1> <!-- Error --> ?>
 <?php echo '<h1>' . esc_attr__( $some_var, 'domain' ) . '</h1>'; // Error.
-echo '<h1>',      esc_attr_x( $title, 'domain' ), '</h1>'; // Error.
+echo '<h1>',      \esc_attr_x( $title, 'domain' ), '</h1>'; // Error.
 echo "<$tag>  " , esc_attr( $test ) , "</$tag>"; // Error.
 ?>
 <h1> <?php echo esc_attr( $title ) . '</h1>'; ?> // Error.
@@ -72,7 +72,7 @@ echo "<$tag>  " , esc_attr( $test ) , "</$tag>"; // Error.
 echo "<{$tag}>" . esc_attr( $tag_content ) . "</{$tag}>"; // Error.
 echo "<$tag" . '   >' . esc_attr( $tag_content ) . "</$tag>"; // Error.
 echo '<div class=\'' . esc_html($class) . '\'>'; // Error.
-echo "<div class=\"" . esc_html__($class) . '">'; // Error.
+echo "<div class=\"" . \esc_html__($class) . '">'; // Error.
 echo "<div $someAttribute class=\"" . esc_html($class) . '">'; // Error.
 echo '<a href=\'' . esc_html($url) . '\'>'; // Error.
 echo "<img src=\"" . esc_html($src) . '"/>'; // Error.