From c3a80f053e9b9ebec53b1d2ce90480a6d5de6c34 Mon Sep 17 00:00:00 2001 From: Rebecca Hum <16962021+rebeccahum@users.noreply.github.com> Date: Wed, 30 Jun 2021 10:20:39 -0600 Subject: [PATCH] Downgrade WordPressVIPMinimum.Security.ProperEscapingFunction.htmlAttrNotByEscHTML to warning --- WordPress-VIP-Go/ruleset-test.inc | 4 ++-- WordPress-VIP-Go/ruleset-test.php | 4 ++-- WordPress-VIP-Go/ruleset.xml | 4 ---- .../Security/ProperEscapingFunctionSniff.php | 4 ++-- .../Security/ProperEscapingFunctionUnitTest.inc | 12 ++++++------ .../Security/ProperEscapingFunctionUnitTest.php | 15 ++++++++------- WordPressVIPMinimum/ruleset-test.inc | 2 +- WordPressVIPMinimum/ruleset-test.php | 2 +- 8 files changed, 22 insertions(+), 25 deletions(-) diff --git a/WordPress-VIP-Go/ruleset-test.inc b/WordPress-VIP-Go/ruleset-test.inc index 61e56955..df6e313c 100644 --- a/WordPress-VIP-Go/ruleset-test.inc +++ b/WordPress-VIP-Go/ruleset-test.inc @@ -253,10 +253,10 @@ $test = @in_array( $array, $needle, true ); // Error. // WordPressVIPMinimum.Security.ProperEscapingFunction.htmlAttrNotByEscHTML echo ''; // Error. -echo ''; // Error. +echo ''; // Warning. echo ''; // OK. ?>Hello -Hey +Hey 1, 252 => 1, 255 => 1, - 256 => 1, 258 => 1, - 259 => 1, 318 => 1, 329 => 1, 334 => 1, @@ -193,6 +191,8 @@ 245 => 1, 246 => 1, 247 => 1, + 256 => 1, + 259 => 1, 265 => 1, 269 => 1, 273 => 1, diff --git a/WordPress-VIP-Go/ruleset.xml b/WordPress-VIP-Go/ruleset.xml index e4297a51..58386a58 100644 --- a/WordPress-VIP-Go/ruleset.xml +++ b/WordPress-VIP-Go/ruleset.xml @@ -229,10 +229,6 @@ 1 - - - 3 - 1 diff --git a/WordPressVIPMinimum/Sniffs/Security/ProperEscapingFunctionSniff.php b/WordPressVIPMinimum/Sniffs/Security/ProperEscapingFunctionSniff.php index 9b9513f0..e30af7c3 100644 --- a/WordPressVIPMinimum/Sniffs/Security/ProperEscapingFunctionSniff.php +++ b/WordPressVIPMinimum/Sniffs/Security/ProperEscapingFunctionSniff.php @@ -205,8 +205,8 @@ public function process_token( $stackPtr ) { if ( $escaping_type === 'html' ) { $message = 'Wrong escaping function. HTML attributes should be escaped by `esc_attr()`, not by `%s()`.'; - $this->phpcsFile->addError( $message, $stackPtr, 'htmlAttrNotByEscHTML', $data ); - return; + $this->phpcsFile->addWarning( $message, $stackPtr, 'htmlAttrNotByEscHTML', $data ); + return; // Warning level because sub-optimal due to different filters, but still OK. } } diff --git a/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.inc b/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.inc index af65ab5f..35c66e49 100644 --- a/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.inc +++ b/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.inc @@ -12,15 +12,15 @@ echo ''; // OK. echo ""; // OK. -echo ''; // Error. +echo ''; // Warning. -echo ""; // Error. +echo ""; // Warning. ?> Hello -Hey +Hey @@ -71,9 +71,9 @@ echo "<$tag> " , esc_attr( $test ) , ""; // Error. " . $test . ""; // OK. echo "<{$tag}>" . esc_attr( $tag_content ) . ""; // Error. echo "<$tag" . ' >' . esc_attr( $tag_content ) . ""; // Error. -echo '
'; // Error. -echo "
'; // Error. -echo "
'; // Error. +echo '
'; // Warning. +echo "
'; // Warning. +echo "
'; // Warning. echo ''; // Error. echo "'; // Error. echo "
'; // Error. diff --git a/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.php b/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.php index 9a4b31c8..1ae08a30 100644 --- a/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.php +++ b/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.php @@ -27,10 +27,7 @@ public function getErrorList() { return [ 3 => 1, 5 => 1, - 15 => 1, - 17 => 1, 21 => 1, - 23 => 1, 33 => 1, 37 => 1, 41 => 1, @@ -45,9 +42,6 @@ public function getErrorList() { 69 => 1, 72 => 1, 73 => 1, - 74 => 1, - 75 => 1, - 76 => 1, 77 => 1, 78 => 1, 79 => 1, @@ -66,7 +60,14 @@ public function getErrorList() { * @return array => */ public function getWarningList() { - return []; + return [ + 15 => 1, + 17 => 1, + 23 => 1, + 74 => 1, + 75 => 1, + 76 => 1, + ]; } } diff --git a/WordPressVIPMinimum/ruleset-test.inc b/WordPressVIPMinimum/ruleset-test.inc index 803e890f..d1899e0b 100644 --- a/WordPressVIPMinimum/ruleset-test.inc +++ b/WordPressVIPMinimum/ruleset-test.inc @@ -548,7 +548,7 @@ echo '{{{data}}}
'; // Warning. // WordPressVIPMinimum.Security.ProperEscapingFunction echo ''; // Error. -echo ''; // Error. +echo ''; // Warning. // WordPressVIPMinimum.Security.StaticStrreplace str_replace( 'foo', array( 'bar', 'foo' ), 'foobar' ); // Error. diff --git a/WordPressVIPMinimum/ruleset-test.php b/WordPressVIPMinimum/ruleset-test.php index 19d74bf1..3e71061a 100644 --- a/WordPressVIPMinimum/ruleset-test.php +++ b/WordPressVIPMinimum/ruleset-test.php @@ -179,7 +179,6 @@ 523 => 1, 525 => 1, 550 => 1, - 551 => 1, 554 => 1, 569 => 1, 570 => 1, @@ -290,6 +289,7 @@ 535 => 1, 538 => 1, 545 => 1, + 551 => 1, 559 => 1, 565 => 1, 589 => 1,