Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Null coalescing operator triggers Detected usage of a non-validated input variable #837

Closed
aaronjorbin opened this issue Feb 3, 2017 · 1 comment · Fixed by #1684
Closed

Null coalescing operator triggers Detected usage of a non-validated input variable #837

aaronjorbin opened this issue Feb 3, 2017 · 1 comment · Fixed by #1684
Labels
Focus: Modern PHP Focus: Security Type: Bug
Milestone
2.1.0

Comments

@aaronjorbin
Copy link
Member

Null coalescing operators were added to PHP in PHP7. They are "syntactic sugar for the common case of needing to use a ternary in conjunction with isset(). It returns its first operand if it exists and is not NULL; otherwise it returns its second operand."

$test = isset( $_GET['test'] ) ? $_GET['test'] : '';
can become
$test = $_GET['test'] ?? '';

At first glance, It looks like WordPress_Sniff::is_in_isset_or_empty needs to take Null coalescing operators into effect.
@jrfnl
Copy link
Member

jrfnl commented Feb 9, 2017
edited
Loading

For that matter, we should also start accounting for the upcoming ??= null coalescing equals operator for which the RFC has been accepted and which is expected to be implemented in PHP 7.2 will be included in PHP 7.4.
Ref: https://wiki.php.net/rfc/null_coalesce_equal_operator

We'll probably will need to wait a little for that though as PHPCS upstream will need to start backfilling for the new token T_COALESCE_EQUAL, so the PHPCS requirement will need to go up by that time as well.

aaronjorbin added a commit to aaronjorbin/WordPress-Coding-Standards that referenced this issue Feb 10, 2017
@aaronjorbin
Allow null coalescing operators to satisfy isset
2374730 
Null coalescing operators were added to PHP in PHP7. They are "syntactic sugar for the common case of needing to use a ternary in conjunction with isset(). It returns its first operand if it exists and is not NULL; otherwise it returns its second operand."

WordPress_Sniff::is_in_isset_or_empty should assume that null coalescing operators satisfy being inside a empty or isset test.

Fixes WordPress#837
@aaronjorbin aaronjorbin mentioned this issue Feb 10, 2017
Closed
@jrfnl jrfnl added this to the 2.1.0 milestone Mar 30, 2019
@jrfnl jrfnl mentioned this issue Apr 1, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Focus: Modern PHP Focus: Security Type: Bug
Projects
None yet
Milestone
2.1.0
3 participants
@GaryJones @aaronjorbin @jrfnl