From 48c559ad9603f42806b4f04bb3ba35770589363e Mon Sep 17 00:00:00 2001
From: jrfnl <github_nospam@adviesenzo.nl>
Date: Sun, 17 Jul 2016 07:11:11 +0200
Subject: [PATCH 1/2] Disallow direct database calls.

---
 WordPress-Core/ruleset.xml                    |   2 +
 .../Sniffs/DB/RestrictedFunctionsSniff.php    |  59 +++++++++++
 .../Tests/DB/RestrictedFunctionsUnitTest.inc  |  76 +++++++++++++
 .../Tests/DB/RestrictedFunctionsUnitTest.php  | 100 ++++++++++++++++++
 4 files changed, 237 insertions(+)
 create mode 100644 WordPress/Sniffs/DB/RestrictedFunctionsSniff.php
 create mode 100644 WordPress/Tests/DB/RestrictedFunctionsUnitTest.inc
 create mode 100644 WordPress/Tests/DB/RestrictedFunctionsUnitTest.php

diff --git a/WordPress-Core/ruleset.xml b/WordPress-Core/ruleset.xml
index 965eff8698..811203a5f8 100644
--- a/WordPress-Core/ruleset.xml
+++ b/WordPress-Core/ruleset.xml
@@ -113,4 +113,6 @@
 	<rule ref="WordPress.WP.I18n"/>
 	<rule ref="WordPress.Functions.DontExtract"/>
 
+	<rule ref="WordPress.DB.RestrictedFunctions"/>
+
 </ruleset>
diff --git a/WordPress/Sniffs/DB/RestrictedFunctionsSniff.php b/WordPress/Sniffs/DB/RestrictedFunctionsSniff.php
new file mode 100644
index 0000000000..72d2cb3f89
--- /dev/null
+++ b/WordPress/Sniffs/DB/RestrictedFunctionsSniff.php
@@ -0,0 +1,59 @@
+<?php
+/**
+ * WordPress Coding Standard.
+ *
+ * @category PHP
+ * @package  PHP_CodeSniffer
+ * @link     https://make.wordpress.org/core/handbook/best-practices/coding-standards/
+ */
+
+/**
+ * Verifies that no database related PHP functions are used.
+ *
+ * "Avoid touching the database directly. If there is a defined function that can get
+ *  the data you need, use it. Database abstraction (using functions instead of queries)
+ *  helps keep your code forward-compatible and, in cases where results are cached in memory,
+ *  it can be many times faster."
+ *
+ * @link     https://make.wordpress.org/core/handbook/best-practices/coding-standards/php/#database-queries
+ *
+ * @category PHP
+ * @package  PHP_CodeSniffer
+ * @author   Juliette Reinders Folmer <wpplugins_nospam@adviesenzo.nl>
+ */
+class WordPress_Sniffs_DB_RestrictedFunctionsSniff extends WordPress_AbstractFunctionRestrictionsSniff {
+
+	/**
+	 * Groups of functions to restrict.
+	 *
+	 * Example: groups => array(
+	 * 	'lambda' => array(
+	 * 		'type'      => 'error' | 'warning',
+	 * 		'message'   => 'Use anonymous functions instead please!',
+	 * 		'functions' => array( 'eval', 'create_function' ),
+	 * 	)
+	 * )
+	 *
+	 * @return array
+	 */
+	public function getGroups() {
+		return array(
+
+			'mysql' => array(
+				'type'      => 'error',
+				'message'   => 'Accessing the database directly should be avoided. Please use the $wpdb object and associated functions instead. Found: %s.',
+				'functions' => array(
+					'mysql_*',
+					'mysqli_*',
+					'mysqlnd_ms_*',
+					'mysqlnd_qc_*',
+					'mysqlnd_uh_*',
+					'mysqlnd_memcache_*',
+					'maxdb_*',
+				),
+			),
+
+		);
+	}
+
+} // end class
diff --git a/WordPress/Tests/DB/RestrictedFunctionsUnitTest.inc b/WordPress/Tests/DB/RestrictedFunctionsUnitTest.inc
new file mode 100644
index 0000000000..dae0896f15
--- /dev/null
+++ b/WordPress/Tests/DB/RestrictedFunctionsUnitTest.inc
@@ -0,0 +1,76 @@
+<?php
+
+my_mysql_info(); // ok
+wrap_mysql_info(); // ok
+mysqlnd_msinfo(); // ok
+
+class Foo {
+	function mysql_info() {} // ok
+}
+class Bar {
+	static function mysql_info() {} // ok
+}
+
+$x = new Foo();
+$x->mysql_info(); // ok
+$y = Bar::mysql_info(); // ok
+\SomeNamespace\mysql_info(); // ok
+
+
+/**
+ * All the below should give an error.
+ */
+
+// MYSQL Extension.
+mysql_affected_rows();
+mysql_connect();
+mysql_close();
+mysql_fetch_row();
+mysql_info();
+mysql_numrows();
+mysql_pconnect();
+mysql_query();
+mysql_result();
+
+// MYSQLI Extension.
+mysqli_client_encoding();
+mysqli_connect();
+mysqli_escape_string();
+mysqli_execute();
+mysqli_fetch();
+mysqli_get_metadata();
+mysqli_init();
+mysqli_options();
+mysqli_real_connect();
+
+// MYSQLND_MS Extension.
+mysqlnd_ms_fabric_select_global();
+mysqlnd_ms_get_stats();
+mysqlnd_ms_match_wild();
+mysqlnd_ms_xa_begin();
+mysqlnd_ms_xa_rollback();
+
+// MYSQLND_QC Extension.
+mysqlnd_qc_clear_cache();
+mysqlnd_qc_get_cache_info();
+mysqlnd_qc_get_query_trace_log();
+mysqlnd_qc_set_cache_condition();
+
+// MYSQLND_UH Extension.
+mysqlnd_uh_convert_to_mysqlnd();
+
+// MYSQLND_MEMCACHE Extension.
+mysqlnd_memcache_set();
+
+// MAXDB Extension.
+maxdb_affected_rows();
+maxdb_close();
+maxdb_connect();
+maxdb_errno();
+maxdb_escape_string();
+maxdb_fetch_assoc
+maxdb_init();
+maxdb_num_fields();
+maxdb_prepare();
+maxdb_real_query
+maxdb_stat();
diff --git a/WordPress/Tests/DB/RestrictedFunctionsUnitTest.php b/WordPress/Tests/DB/RestrictedFunctionsUnitTest.php
new file mode 100644
index 0000000000..1e70d1a433
--- /dev/null
+++ b/WordPress/Tests/DB/RestrictedFunctionsUnitTest.php
@@ -0,0 +1,100 @@
+<?php
+/**
+ * Unit test class for WordPress Coding Standard.
+ *
+ * @category PHP
+ * @package  PHP_CodeSniffer
+ * @link     https://make.wordpress.org/core/handbook/best-practices/coding-standards/
+ */
+
+/**
+ * WordPress_Tests_DB_RestrictedFunctionsUnitTest
+ *
+ * A sniff unit test checks a .inc file for expected violations of a single
+ * coding standard. Expected errors and warnings are stored in this class.
+ *
+ * @category  PHP
+ * @package   PHP_CodeSniffer
+ * @author    Akeda Bagus <akeda@x-team.com>
+ * @author    Greg Sherwood <gsherwood@squiz.net>
+ * @author    Marc McIntyre <mmcintyre@squiz.net>
+ * @license   https://github.com/squizlabs/PHP_CodeSniffer/blob/master/licence.txt BSD Licence
+ * @version   Release: @package_version@
+ * @link      http://pear.php.net/package/PHP_CodeSniffer
+ */
+class WordPress_Tests_DB_RestrictedFunctionsUnitTest extends AbstractSniffUnitTest {
+
+	/**
+	 * Returns the lines where errors should occur.
+	 *
+	 * The key of the array should represent the line number and the value
+	 * should represent the number of errors that should occur on that line.
+	 *
+	 * @return array(int => int)
+	 */
+	public function getErrorList() {
+		return array(
+			25 => 1,
+			26 => 1,
+			27 => 1,
+			28 => 1,
+			29 => 1,
+			30 => 1,
+			31 => 1,
+			32 => 1,
+			33 => 1,
+
+			36 => 1,
+			37 => 1,
+			38 => 1,
+			39 => 1,
+			40 => 1,
+			41 => 1,
+			42 => 1,
+			43 => 1,
+			44 => 1,
+
+			47 => 1,
+			48 => 1,
+			49 => 1,
+			50 => 1,
+			51 => 1,
+
+			54 => 1,
+			55 => 1,
+			56 => 1,
+			57 => 1,
+
+			60 => 1,
+
+			63 => 1,
+
+			66 => 1,
+			67 => 1,
+			68 => 1,
+			69 => 1,
+			70 => 1,
+			71 => 1,
+			72 => 1,
+			73 => 1,
+			74 => 1,
+			75 => 1,
+			76 => 1,
+		);
+
+	} // end getErrorList()
+
+	/**
+	 * Returns the lines where warnings should occur.
+	 *
+	 * The key of the array should represent the line number and the value
+	 * should represent the number of warnings that should occur on that line.
+	 *
+	 * @return array(int => int)
+	 */
+	public function getWarningList() {
+		return array();
+
+	} // end getWarningList()
+
+} // end class

From fd76f39995443232b71f8b0bfce631482af07644 Mon Sep 17 00:00:00 2001
From: jrfnl <github_nospam@adviesenzo.nl>
Date: Sun, 17 Jul 2016 21:09:06 +0200
Subject: [PATCH 2/2] Remove the unit test for namespaced functions.

That particular test caused the unit tests to fail on PHP 5.2 and it was only included to ensure that the sniff would *not* run on namespaced functions.
---
 WordPress/Tests/DB/RestrictedFunctionsUnitTest.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/WordPress/Tests/DB/RestrictedFunctionsUnitTest.inc b/WordPress/Tests/DB/RestrictedFunctionsUnitTest.inc
index dae0896f15..5c8c29fc08 100644
--- a/WordPress/Tests/DB/RestrictedFunctionsUnitTest.inc
+++ b/WordPress/Tests/DB/RestrictedFunctionsUnitTest.inc
@@ -14,7 +14,7 @@ class Bar {
 $x = new Foo();
 $x->mysql_info(); // ok
 $y = Bar::mysql_info(); // ok
-\SomeNamespace\mysql_info(); // ok
+prefix_mysql_info(); // ok
 
 
 /**