From c3a80f053e9b9ebec53b1d2ce90480a6d5de6c34 Mon Sep 17 00:00:00 2001
From: Rebecca Hum <16962021+rebeccahum@users.noreply.github.com>
Date: Wed, 30 Jun 2021 10:20:39 -0600
Subject: [PATCH] Downgrade
WordPressVIPMinimum.Security.ProperEscapingFunction.htmlAttrNotByEscHTML to
warning
---
WordPress-VIP-Go/ruleset-test.inc | 4 ++--
WordPress-VIP-Go/ruleset-test.php | 4 ++--
WordPress-VIP-Go/ruleset.xml | 4 ----
.../Security/ProperEscapingFunctionSniff.php | 4 ++--
.../Security/ProperEscapingFunctionUnitTest.inc | 12 ++++++------
.../Security/ProperEscapingFunctionUnitTest.php | 15 ++++++++-------
WordPressVIPMinimum/ruleset-test.inc | 2 +-
WordPressVIPMinimum/ruleset-test.php | 2 +-
8 files changed, 22 insertions(+), 25 deletions(-)
diff --git a/WordPress-VIP-Go/ruleset-test.inc b/WordPress-VIP-Go/ruleset-test.inc
index 61e56955..df6e313c 100644
--- a/WordPress-VIP-Go/ruleset-test.inc
+++ b/WordPress-VIP-Go/ruleset-test.inc
@@ -253,10 +253,10 @@ $test = @in_array( $array, $needle, true ); // Error.
// WordPressVIPMinimum.Security.ProperEscapingFunction.htmlAttrNotByEscHTML
echo ''; // Error.
-echo ''; // Error.
+echo ''; // Warning.
echo ''; // OK.
?>Hello
-Hey
+Hey
1,
252 => 1,
255 => 1,
- 256 => 1,
258 => 1,
- 259 => 1,
318 => 1,
329 => 1,
334 => 1,
@@ -193,6 +191,8 @@
245 => 1,
246 => 1,
247 => 1,
+ 256 => 1,
+ 259 => 1,
265 => 1,
269 => 1,
273 => 1,
diff --git a/WordPress-VIP-Go/ruleset.xml b/WordPress-VIP-Go/ruleset.xml
index e4297a51..58386a58 100644
--- a/WordPress-VIP-Go/ruleset.xml
+++ b/WordPress-VIP-Go/ruleset.xml
@@ -229,10 +229,6 @@
1
-
-
- 3
-
1
diff --git a/WordPressVIPMinimum/Sniffs/Security/ProperEscapingFunctionSniff.php b/WordPressVIPMinimum/Sniffs/Security/ProperEscapingFunctionSniff.php
index 9b9513f0..e30af7c3 100644
--- a/WordPressVIPMinimum/Sniffs/Security/ProperEscapingFunctionSniff.php
+++ b/WordPressVIPMinimum/Sniffs/Security/ProperEscapingFunctionSniff.php
@@ -205,8 +205,8 @@ public function process_token( $stackPtr ) {
if ( $escaping_type === 'html' ) {
$message = 'Wrong escaping function. HTML attributes should be escaped by `esc_attr()`, not by `%s()`.';
- $this->phpcsFile->addError( $message, $stackPtr, 'htmlAttrNotByEscHTML', $data );
- return;
+ $this->phpcsFile->addWarning( $message, $stackPtr, 'htmlAttrNotByEscHTML', $data );
+ return; // Warning level because sub-optimal due to different filters, but still OK.
}
}
diff --git a/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.inc b/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.inc
index af65ab5f..35c66e49 100644
--- a/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.inc
+++ b/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.inc
@@ -12,15 +12,15 @@ echo ''; // OK.
echo ""; // OK.
-echo ''; // Error.
+echo ''; // Warning.
-echo ""; // Error.
+echo ""; // Warning.
?>
Hello
-Hey
+Hey
@@ -71,9 +71,9 @@ echo "<$tag> " , esc_attr( $test ) , "$tag>"; // Error.
" . $test . ""; // OK.
echo "<{$tag}>" . esc_attr( $tag_content ) . "{$tag}>"; // Error.
echo "<$tag" . ' >' . esc_attr( $tag_content ) . "$tag>"; // Error.
-echo '
'; // Error.
-echo "
'; // Error.
-echo "
'; // Error.
+echo '
'; // Warning.
+echo "
'; // Warning.
+echo "
'; // Warning.
echo '
'; // Error.
echo "'; // Error.
echo "'; // Error.
diff --git a/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.php b/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.php
index 9a4b31c8..1ae08a30 100644
--- a/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.php
+++ b/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.php
@@ -27,10 +27,7 @@ public function getErrorList() {
return [
3 => 1,
5 => 1,
- 15 => 1,
- 17 => 1,
21 => 1,
- 23 => 1,
33 => 1,
37 => 1,
41 => 1,
@@ -45,9 +42,6 @@ public function getErrorList() {
69 => 1,
72 => 1,
73 => 1,
- 74 => 1,
- 75 => 1,
- 76 => 1,
77 => 1,
78 => 1,
79 => 1,
@@ -66,7 +60,14 @@ public function getErrorList() {
* @return array
=>
*/
public function getWarningList() {
- return [];
+ return [
+ 15 => 1,
+ 17 => 1,
+ 23 => 1,
+ 74 => 1,
+ 75 => 1,
+ 76 => 1,
+ ];
}
}
diff --git a/WordPressVIPMinimum/ruleset-test.inc b/WordPressVIPMinimum/ruleset-test.inc
index 803e890f..d1899e0b 100644
--- a/WordPressVIPMinimum/ruleset-test.inc
+++ b/WordPressVIPMinimum/ruleset-test.inc
@@ -548,7 +548,7 @@ echo '{{{data}}}'; // Warning.
// WordPressVIPMinimum.Security.ProperEscapingFunction
echo '
'; // Error.
-echo '
'; // Error.
+echo '
'; // Warning.
// WordPressVIPMinimum.Security.StaticStrreplace
str_replace( 'foo', array( 'bar', 'foo' ), 'foobar' ); // Error.
diff --git a/WordPressVIPMinimum/ruleset-test.php b/WordPressVIPMinimum/ruleset-test.php
index 19d74bf1..3e71061a 100644
--- a/WordPressVIPMinimum/ruleset-test.php
+++ b/WordPressVIPMinimum/ruleset-test.php
@@ -179,7 +179,6 @@
523 => 1,
525 => 1,
550 => 1,
- 551 => 1,
554 => 1,
569 => 1,
570 => 1,
@@ -290,6 +289,7 @@
535 => 1,
538 => 1,
545 => 1,
+ 551 => 1,
559 => 1,
565 => 1,
589 => 1,