Update needed to the WP global variables list #924
Comments
|
Not sure if this is the right ticket, but |
|
Hi! I just got the report of a false positive for the core
Example code: /**
* Display post content.
*
* @since 1.0.0
*
* @param str $style Current display post style.
*/
public function excerpt( $style ) {
// Short circuit filter.
$check = apply_filters( 'bayleaf_display_posts_excerpt', false, $style );
if ( false !== $check ) {
return;
}
$text = get_the_content( '' );
$text = wp_strip_all_tags( strip_shortcodes( $text ) );
/** This filter is documented in wp-includes/post-template.php */
$text = apply_filters( 'the_content', $text );
$text = str_replace( ']]>', ']]>', $text );
/**
* Filters the number of words in an excerpt.
*
* @since 1.0.0
*
* @param int $number The number of words. Default 55.
*/
$excerpt_length = apply_filters( 'bayleaf_dp_excerpt_length', 55, $style );
// Generate excerpt teaser text and link.
$exrpt_url = esc_url( get_permalink() );
$exrpt_text = esc_html__( 'Continue Reading', 'bayleaf' );
$exrpt_title = get_the_title();
if ( 0 === strlen( $exrpt_title ) ) {
$screen_reader = '';
} else {
$screen_reader = sprintf( '<span class="screen-reader-text">%s</span>', $exrpt_title );
}
$excerpt_teaser = sprintf( '<p class="dp-link-more"><a class="dp-more-link" href="%1$s">%2$s → %3$s</a></p>', $exrpt_url, $exrpt_text, $screen_reader );
/**
* Filters the string in the "more" link displayed after a trimmed excerpt.
*
* @since 1.0.0
*
* @param string $more_string The string shown within the more link.
*/
$excerpt_more = apply_filters( 'bayleaf_dp_excerpt_more', ' ' . $excerpt_teaser, $style );
$text = wp_trim_words( $text, $excerpt_length, $excerpt_more );
printf( '<div class="dp-excerpt">%s</div>', $text ); // WPCS xss ok.
}The code that triggers it is Should this be added in the |
|
@dingo-d I think this the wrong ticket for the filter hooks issue (it is about certain unprefixed global variables not being recognized, not the |
|
This seemed like an appropriate ticket, as I didn't want to open a new one for no reason. I can move it to some other ticket :) |
|
@dingo-d @mundschenk-at is right, this is not the correct ticket. This ticket is about the global variables list being out of date, your issue is about WP hooks. |
|
Would issue 1043 be a better fit for this? I can delete the comment and move it there, or open a new ticket for it |
jrfnl
added a commit
that referenced
this issue
Jul 23, 2019
…d to be overwritten
WP Core contains the global `$content_width` variable which is intended to be set/overwritten by plugins and themes.
For that reason the variable was previously removed from the `Sniff::$wp_globals` list in WPCS 0.4.0. See 276, 331.
The downside of the variable not being in the list is that the `PrefixAllGlobals` sniff complains about it not being prefixed, as it doesn't realize it is a WP native global variable.
The upside was that the `GlobalVariablesOverride` sniff did not complain about the variable being overwritten.
Adding the variable to the `Sniff::$wp_globals` list would reverse that situation with the `PrefixAllGlobals` sniff staying silent and the `GlobalVariablesOverride` sniff starting to complain.
This PR intends to solve this conundrum.
* The list of WP Core globals in `Sniff::$wp_globals` should be complete and not intentionally miss certain variables without there being any documentation on why there are not listed there.
* To still allow for the `GlobalVariablesOverride` sniff to function correctly, a new `$override_allowed` property has been added to that sniff, as well as logic to handle this.
Unit tests confirming that this fixes the issue have been added to both sniffs.
Additional notes:
* There may be more variables in WP Core which are intended to be overwritten by plugins/themes. I have not verified this.
If we do come across additional ones, it will now be easy enough to add them to the whitelist anyway.
For now, only `content_width` and `wp_cockneyreplace` have been added.
Also see: #924 (comment)
* This PR does not address the fact that the `Sniff::$wp_globals` list is grossly out of date. See 924
Fixes 1043
jrfnl
added a commit
that referenced
this issue
Jul 23, 2019
…d to be overwritten
WP Core contains the global `$content_width` variable which is intended to be set/overwritten by plugins and themes.
For that reason the variable was previously removed from the `Sniff::$wp_globals` list in WPCS 0.4.0. See 276, 331.
The downside of the variable not being in the list is that the `PrefixAllGlobals` sniff complains about it not being prefixed, as it doesn't realize it is a WP native global variable.
The upside was that the `GlobalVariablesOverride` sniff did not complain about the variable being overwritten.
Adding the variable to the `Sniff::$wp_globals` list would reverse that situation with the `PrefixAllGlobals` sniff staying silent and the `GlobalVariablesOverride` sniff starting to complain.
This PR intends to solve this conundrum.
* The list of WP Core globals in `Sniff::$wp_globals` should be complete and not intentionally miss certain variables without there being any documentation on why there are not listed there.
* To still allow for the `GlobalVariablesOverride` sniff to function correctly, a new `$override_allowed` property has been added to that sniff, as well as logic to handle this.
Unit tests confirming that this fixes the issue have been added to both sniffs.
Additional notes:
* There may be more variables in WP Core which are intended to be overwritten by plugins/themes. I have not verified this.
If we do come across additional ones, it will now be easy enough to add them to the whitelist anyway.
For now, only `content_width` and `wp_cockneyreplace` have been added.
Also see: #924 (comment) and https://core.trac.wordpress.org/browser/trunk/src/wp-includes/formatting.php#L123
* This PR does not address the fact that the `Sniff::$wp_globals` list is grossly out of date. See 924
Fixes 1043
@mundschenk-at PR #1773 should take care of that. |
|
Ok, so I've made an attempt to retrieve the info needed to update this list. I've basically made some small adjustments to the Here are the results: And this is the diff: The results are discouraging....
If anyone wants to help by doing some spot checks and verifying the list, that would be absolutely fabulous! |
|
Some minor checks I've done myself for variables which appear to be no longer declared by Core:
So, just based on these initial checks, I think a more thorough check of the new list is warranted. |
|
Ok, updated diff which now takes assignments via Summary:
List still needs further verification. Any help with this would be greatly appreciated. |
|
It would be really valuable if this action would finally get executed. If anyone wants to validate the list, give me a shout and I can generate an updated version. |
sdobreff
added a commit
to sdobreff/wp-coding-standards
that referenced
this issue
Oct 30, 2023
commit f56eb3a7eeb3341eae2cf6d7e55ce50100724983 Author: Stoil Dobrev <[email protected]> Date: Sun Jul 25 18:22:18 2021 +0300 New standards applied commit 7da1894633f168fe244afc6de00d141f27517b62 Merge: b5a45320 1f525cca Author: Juliette <[email protected]> Date: Thu May 14 01:57:56 2020 +0200 Merge pull request #1894 from WordPress/develop Release version 2.3.0 commit 1f525cca6c6124c2bdee6e7bb9fd79d7e96df176 Merge: e1c648da d5e3cd94 Author: Juliette <[email protected]> Date: Thu May 14 00:41:55 2020 +0200 Merge pull request #1893 from WordPress/feature/changelog-2.3.0 Changelog for WPCS 2.3.0 commit d5e3cd94a47b9e39262c45e558eece24b7b1255f Author: jrfnl <[email protected]> Date: Fri May 8 22:31:44 2020 +0200 Changelog for WPCS 2.3.0 * Release date set at this **Thursday May 14th**. * Includes all currently merged changes. commit e1c648da8e91cf75dc0d23567ebc9b58eed43f40 Merge: 3ee6c4f6 45d08f25 Author: Denis Žoljom <[email protected]> Date: Sun Apr 26 11:51:34 2020 +0200 Merge pull request #1887 from marcortola/fix-type Minor type hint fix commit 45d08f258832b429dcf9c08b366951a9d0ff757a Author: marcortola <[email protected]> Date: Sat Apr 25 18:08:30 2020 +0200 Minor type hint fix commit 3ee6c4f6104b56249a3f92073271ca0b6f3deff7 Merge: 02af9f6d 04fc2058 Author: Gary Jones <[email protected]> Date: Sat Apr 11 18:16:46 2020 +0100 Merge pull request #1883 from WordPress/feature/fix-up-i18n-sniff Clean up the I18n sniff commit 04fc205838bbafaeee7fad327f119d7c5538a544 Author: jrfnl <[email protected]> Date: Fri Apr 10 00:22:41 2020 +0200 I18n: assignment in condition is only allowed in a while loop The code as was, was throwing two warnings. Let's not set a bad example. commit ef87d607867474bff1ed5782544ee567ccfb7268 Author: jrfnl <[email protected]> Date: Fri Apr 10 00:16:28 2020 +0200 I18n: use explicit comparison commit 054eadd315aa1fc80b1e8b9b22744d77531d503b Author: jrfnl <[email protected]> Date: Fri Apr 10 00:08:00 2020 +0200 I18n: rename variable Rename a very long variable name and fix a CS warning. commit 02af9f6dab171b5782d0945d994fce731915406d Merge: 63ac81ee 18703c72 Author: Denis Žoljom <[email protected]> Date: Thu Apr 9 15:41:09 2020 +0200 Merge pull request #1881 from WordPress/feature/update-minimum-wp-version Update default minimum_supported_version to WP 5.1 commit 18703c727ca0956e69f716f589890432c3a8faed Author: jrfnl <[email protected]> Date: Thu Apr 9 07:45:39 2020 +0200 Update default minimum_supported_version to WP 5.1 The minimum version should be three versions behind the latest WP release, so what with 5.4 being out, it should now be 5.1. Includes (not) updating the list of deprecated functions. Input for this based on @JDGrimes's WP deprecated code scanner. commit 63ac81eee46894b3ce39babe3826b4b3ff2c1432 Merge: 6d1832e9 48eb3266 Author: Gary Jones <[email protected]> Date: Wed Apr 8 11:04:12 2020 +0100 Merge pull request #1876 from WordPress/feature/1875-preparedsqlplaceholders-bugfix PreparedSQL: quick fix for namespace separator commit 48eb3266cb8930ba3780ebf1e8749700af966c1d Author: jrfnl <[email protected]> Date: Wed Apr 1 17:08:45 2020 +0200 PreparedSQL: quick fix for namespace separator Reported in 1875: using a namespace separator with function calls in the `WordPress.DB.PreparedSQL` triggers a false positive on the namespace separator as "not being escaped". While this really should be handled differently with proper FQN function name determination for function calls etc, for now, let's just ignore the namespace separator as that is not something which would need to be "prepared". Fixes 1875 commit 6d1832e956c62afc5428ca341849c5b223908166 Merge: 2f927b0b 00f9a031 Author: Gary Jones <[email protected]> Date: Sat Apr 4 04:47:51 2020 +0100 Merge pull request #1874 from WordPress/feature/travis-fix-build Travis: fix the build commit 00f9a03169606400b1d615dbd171a5d92ce15a35 Author: jrfnl <[email protected]> Date: Tue Mar 31 19:43:38 2020 +0200 Travis: fix the build The Travis docs say that `$TRAVIS_BUILD_STAGE_NAME` is in "proper case" form: > TRAVIS_BUILD_STAGE_NAME: The build stage in capitalized form, e.g. Test or Deploy. If a build does not use build stages, this variable is empty (""). However, it looks like they made an (undocumented) change (probably a bug in their script handling) which means that the `$TRAVIS_BUILD_STAGE_NAME` name is now in the case as given, which in this case is _lowercase_. This means that some of the comparisons are failing and the wrong things are executed for certain builds. As I expect this to be a bug in Travis, I'm not changing the case for the comparisons at this time. Instead I'm fixing this by inline fixing the case of the variable for the comparisons. Refs: * https://docs.travis-ci.com/user/environment-variables#default-environment-variables (near the bottom of the list) commit 2f927b0ba2bfcbffaa8f3251c086e109302d6622 Merge: 1981c667 728b58b0 Author: Denis Žoljom <[email protected]> Date: Fri Feb 28 23:43:22 2020 +0100 Merge pull request #1869 from rmccue/patch-1 Correct grammar for wp_reset_query warning commit 728b58b05b18fec1d4bde98c9fa3bd8779d349aa Author: Ryan McCue <[email protected]> Date: Fri Feb 28 16:34:37 2020 +0000 Correct grammar for wp_reset_query warning commit 1981c667f479392ee12a531c8f5e7a5c26abeca3 Merge: 0e2a6a0e 45abbf68 Author: Gary Jones <[email protected]> Date: Tue Feb 25 18:02:49 2020 +0000 Merge pull request #1856 from ockham/add/i18n-html-tag-sniff * I18n: Add sniff to detect string wrapped in HTML Fixes the non-controversial part of #1419 by adding a sniff that detects translated strings wrapped in HTML tags, and a corresponding unit test. Quoting https://github.com/WordPress/WordPress-Coding-Standards/issues/1419#issuecomment-403797241: > Examples where the markup _should_ be removed from inside of the string would be: > > ``` > <?php __( '<h1>Settings Page</h1>', 'text-domain ); ?> > should be > <h1><?php __( 'Settings Page', 'text-domain' ); ?></h1> > because the markup only wraps the string. > ``` Note that I had to add code to `I18nUnitTest.php` to reset the text domain as set via `setConfigData()` for one test file, as it would otherwise persist for every test file after that one. commit 45abbf687e1867f9c561073081f7e211ce42481c Author: Bernie Reiter <[email protected]> Date: Wed Feb 19 14:13:02 2020 +0600 Update comments commit 6663aefb9bcfc70bf1bae8e43ebd0d5888124386 Author: Bernie Reiter <[email protected]> Date: Wed Feb 19 14:12:05 2020 +0600 Re-order tests commit 005c198ede3da5fc92b352fec62bdcaae47e5a37 Author: Bernie Reiter <[email protected]> Date: Wed Feb 19 14:11:09 2020 +0600 Remove NoAHrefWrappedStrings warning commit c56f18a91a6cc779f7e8fe35cd8b9d5e87505238 Author: Bernie Reiter <[email protected]> Date: Tue Feb 18 00:21:24 2020 +0600 Add more tests commit 0e2a6a0e605f6caf4cd28d36d70b07c6db640b48 Merge: 3be577c5 fa94eed5 Author: Gary Jones <[email protected]> Date: Fri Feb 14 14:31:14 2020 +0000 Merge pull request #1863 from WordPress/feature/alternative-functions-allow-curl-version-take-2 AbstractFunctionRestrictions: fix constants being recognized as functions commit 3be577c5cfc3cfba1ee35407b2a23f463b6ca616 Merge: dd86ccdd 1c843e25 Author: Gary Jones <[email protected]> Date: Thu Feb 13 21:24:47 2020 +0000 Merge pull request #1867 from WordPress/feature/add-sniff-completeness-check Travis/QA: always check that all sniffs are feature complete commit 1c843e251a1607d90f7ecfd64c8757b5a050674c Author: jrfnl <[email protected]> Date: Tue Aug 13 15:11:23 2019 +0200 Travis/QA: always check that all sniffs are feature complete The new `phpcsstandards/phpcsdevtools` package includes a script which can check whether sniffs are feature complete, i.e. whether all sniffs have unit tests and documentation. By adding this check to the Travis script, we prevent untested and/or undocumented sniffs from entering the repo. For now, the documentation check is silenced. P.S.: the `PHPCSDevTools` package contains a few more goodies, have a look at the [readme](https://github.com/PHPCSStandards/PHPCSDevTools) for more information. commit fa94eed5628855da211b9f626ef535e017022806 Author: jrfnl <[email protected]> Date: Fri Feb 7 15:36:00 2020 +0100 AbstractFunctionRestrictions: improve matching of function calls The code as it was could inadvertently match a CONSTANT with the same name as a function. This has been fixed by adding a check for an open parenthesis after the function name. Adding that check, however, would break the check on `use function` import statements. So some additional code has been added to make sure those will still be matched too. Includes tightening up the regex pattern. Includes unit tests via the `WP.AlternativeFunctions` sniff. commit 94a0e6b7cb0548037b6c3ad1ee39466a67b849c9 Author: jrfnl <[email protected]> Date: Fri Feb 7 15:31:10 2020 +0100 AlternativeFunctions: use `whitelist` instead of special case The `AbstractFunctionRestrictions` allow for a `whitelist` of functions which shouldn't be matched when a wildcard is used. We may as well use it as it will bow out earlier than special casing the function in the `switch`. commit 70f903213df74baa5cf9542ef06c089776ec324a Author: Bernie Reiter <[email protected]> Date: Fri Feb 7 14:51:32 2020 +0600 Add another test for the a href rule, fix some comments commit cf3fcb300247c30409ab7a59fc44216ef18f4c0b Author: Bernie Reiter <[email protected]> Date: Fri Feb 7 13:43:07 2020 +0600 Yoda commit 1294413a2c59e5c170a0e2666c29bd45415fc2a5 Author: Bernie Reiter <[email protected]> Date: Fri Feb 7 13:33:29 2020 +0600 Add NoAHrefWrappedStrings rule commit 51f9f6eaca89e19df85bf65c93805f229c515da4 Author: Bernie Reiter <[email protected]> Date: Fri Feb 7 13:09:57 2020 +0600 More weirdness commit 20b87f2a28dcf485e6e41cc6b67c6c1abb539b53 Author: Bernie Reiter <[email protected]> Date: Fri Feb 7 12:35:11 2020 +0600 More weird XML commit 63ae7213d31f37c9d52e4516141fb7c060832c68 Author: Bernie Reiter <[email protected]> Date: Fri Feb 7 12:32:16 2020 +0600 Add strings containing malformed XML commit dd86ccddab77f4631f005893a8b7786b5311efe3 Merge: 9822816c 90f34dbf Author: Juliette <[email protected]> Date: Tue Feb 4 04:21:51 2020 +0100 Merge pull request #1857 from WordPress/feature/travis-various-tweaks Travis: various tweaks commit b5a453203114cc2284b1a614c4953456fbe4f546 Merge: f90e8692 9822816c Author: Juliette <[email protected]> Date: Tue Feb 4 03:52:06 2020 +0100 Merge pull request #1855 from WordPress/develop Release version 2.2.1 commit 9822816c11e272731de2bfabe1f1aa93e235f3a8 Merge: 1761834b 473590f4 Author: Juliette <[email protected]> Date: Tue Feb 4 03:31:54 2020 +0100 Merge pull request #1854 from WordPress/feature/changelog-2.2.1 Changelog for WPCS 2.2.1 commit 90f34dbf7b888f3ae468c656fc877e5ad7e7300d Author: jrfnl <[email protected]> Date: Sat Feb 1 14:29:18 2020 +0100 Travis: various tweaks * Run against the highest stable PHP version for the sniff/rulesets build (+ the `dev-master` `quicktest` build). * Only run `composer validate` on the `sniff` stage. The `composer.json` file will be validated on the install for the all builds anyway. This just adds the `strict` checking. * Add an extra `test` build against PHPCS 4.x for which development has just started. This build is allowed to fail for now. * Remove the DealerDirect plugin and PHPCompatibility for the build against `nightly` and the PHPCS 4.x build. Neither are needed anyway as a `--no-dev` install is done for the `test` stages and the `installed_paths` is set directly. The DealerDirect plugin currently won't install on PHP 8.x, so the build would fail on "failure to install" before doing anything. And both PHPCompatibility as well as the DealerDirect plugin won't install/will block `--no-dev` installs with PHPCS 4.x. This way, the linting and unit tests should still run on `nightly` and with PHPCS 4.x. commit a43ae6d8c0a1a0b6b7cb294bc92d5c4e4f1b81c1 Author: Bernie Reiter <[email protected]> Date: Mon Feb 3 15:33:17 2020 +0600 I18n: Add sniff to detect string wrapped in HTML Fixes the non-controversial part of #1419 by adding a sniff that detects translated strings wrapped in HTML tags, and a corresponding unit test. Quoting https://github.com/WordPress/WordPress-Coding-Standards/issues/1419#issuecomment-403797241: > Examples where the markup _should_ be removed from inside of the string would be: > > ``` > <?php __( '<h1>Settings Page</h1>', 'text-domain ); ?> > should be > <h1><?php __( 'Settings Page', 'text-domain' ); ?></h1> > because the markup only wraps the string. > ``` Note that I had to add code to `I18nUnitTest.php` to reset the text domain as set via `setConfigData()` for one test file, as it would otherwise persist for every test file after that one. commit 473590f49980d24f4ba5d979036155a9c9ba7632 Author: jrfnl <[email protected]> Date: Thu Jan 30 01:08:45 2020 +0100 Changelog for WPCS 2.2.1 * Release date set at this **Tuesday February 4rd**. * Includes all currently merged changes. commit 1761834be1e2776ad4c07def86a7c5f89296d520 Merge: 50f5701c be9f57dc Author: Gary Jones <[email protected]> Date: Mon Feb 3 10:50:56 2020 +0000 I18n: bug fix - trying to access array offset on null (PHP 7.4) (#1858) I18n: bug fix - trying to access array offset on null (PHP 7.4) commit 50f5701cde243f2040e7a99aac4a353b358b521c Merge: 87c61530 6829beed Author: Juliette <[email protected]> Date: Sun Feb 2 23:28:16 2020 +0100 Merge pull request #1852 from paulschreiber/fix/hex-color Let sanitize_hex_color() count as an escape function commit 6829beedf22928a77109ee6dd2878de9105db2a6 Author: Paul Schreiber <[email protected]> Date: Sun Feb 2 15:20:13 2020 -0500 remove maybe_hash_hex_color commit be9f57dc39ebf4dcc081c916ff51b384a53c1315 Author: jrfnl <[email protected]> Date: Sat Feb 1 17:22:57 2020 +0100 I18n: bug fix - trying to access array offset on null (PHP 7.4) When a function call to one of the singular/plural text translation functions - like `_n_noop()` - is missing an argument, the sniff would still try an execute the `compare_single_and_plural_arguments()` check and on PHP 7.4 would generate a "Trying to access array offset on value of type null" error which would stop the PHPCS run dead with an `Internal.Exception` error code. Fixed by skipping the check in that case. The missing argument should be reported by the preceding `check_argument_tokens()` check anyhow. Includes unit test. commit 87c6153074132ddd2f77474a2f10c0b366b51751 Merge: b82bc3eb 63dc6439 Author: Denis Žoljom <[email protected]> Date: Thu Jan 30 09:37:01 2020 +0100 Merge pull request #1853 from jrfnl/feature/composer-update-dependency-suggestion Update suggested version of Composer PHPCS plugin commit 63dc64395d8c2a3a73e13d3e61cc2c4baad71ad2 Author: jrfnl <[email protected]> Date: Sun Jan 19 20:34:39 2020 +0100 Update suggested version of Composer PHPCS plugin The DealerDirect Composer plugin has just released version `0.6.0`. As Composer treats minors < 1.0 as majors, updating to this version requires an update to the `composer.json` requirements. > For pre-1.0 versions it also acts with safety in mind and treats `^0.3` as `>=0.3.0 <0.4.0`. Refs: * https://github.com/Dealerdirect/phpcodesniffer-composer-installer/releases/tag/v0.6.0 * https://getcomposer.org/doc/articles/versions.md#caret-version-range- commit 511c5eaefb667fd46d79d81e0061d8974c11eb61 Author: Paul Schreiber <[email protected]> Date: Fri Jan 17 17:40:30 2020 -0500 Add sanitize_hex_color, sanitize_hex_color_no_hash and maybe_hash_hex_color to the list of escaping functions. Fixes #1846 commit b82bc3eb3f7f911cd0bb8c9a2c6dfd81ccaaf028 Merge: 52d00474 9525f515 Author: Juliette <[email protected]> Date: Sun Dec 15 01:14:55 2019 +0100 Merge pull request #1848 from JPry/bug/issue_1847 Fix off-by-one error when $treat_files_as_scoped is true commit 9525f515e300181381ab2e244effab47dceed3db Author: Jeremy Pry <[email protected]> Date: Fri Dec 13 15:15:59 2019 -0500 Fix off-by-one error when $treat_files_as_scoped is true Includes a unit test for issue #1847 commit 52d00474b1bb140ea0af9ce27feb5975297b613c Merge: 71e20c5a fc30a4cd Author: Gary Jones <[email protected]> Date: Mon Dec 9 14:54:11 2019 +0000 Travis: test against PHP 7.4, not snapshot (#1844) Travis: test against PHP 7.4, not snapshot commit 71e20c5a9f5390af7754fa41bddab53853c2ecb1 Merge: 38b62117 a1777cfd Author: Gary Jones <[email protected]> Date: Mon Dec 9 14:53:34 2019 +0000 NoSilencedErrors: improve consistency metrics (#1843) NoSilencedErrors: improve consistency metrics commit fc30a4cd6dbd3ebe39d100b0ce5a75805b189aa4 Author: jrfnl <[email protected]> Date: Sun Dec 8 21:04:25 2019 +0100 Travis: test against PHP 7.4, not snapshot Looks like Travis (finally) has got a "normal" PHP 7.4 image available. While we're at it, let's add a build against `nightly` (PHP 8) back which is allowed to fail. commit a1777cfd3f5a36f5afbf20a3f68b36c1ad61a8d9 Author: jrfnl <[email protected]> Date: Sat Dec 7 16:08:33 2019 +0100 NoSilencedErrors: improve consistency metrics The metrics for this sniff would be different depending on whether or not a (custom/default) whitelist was used. If `use_default_whitelist` was set to `false` and no custom whitelist was passed, the metrics would look something like this: ``` Error silencing: @header( 'Content-Type: ' ... => 1 ( 12.50%) @header( 'Content-type: application/json' ... => 1 ( 12.50%) @header( 'X-Robots-Tag: noindex' ... => 1 ( 12.50%) @ignore_user_abort( true ... => 1 ( 12.50%) @include_once $converter_file... => 1 ( 12.50%) @ini_get( 'disable_functions' ... => 1 ( 12.50%) @ini_set( $key,... => 1 ( 12.50%) @is_file( $this->... => 1 ( 12.50%) ------------------------------------------------------------- total => 8 (100.00%) ``` ... while if `use_default_whitelist` was set to `true` òr a custom whitelist was passed, those same metrics would look something like this: ``` PHP CODE SNIFFER INFORMATION REPORT ---------------------------------------------------------------------- Error silencing: header => 3 ( 37.50%) @include_once $converter_file... => 1 ( 12.50%) ignore_user_abort => 1 ( 12.50%) ini_get => 1 ( 12.50%) ini_set => 1 ( 12.50%) whitelisted function call: is_file => 1 ( 12.50%) -------------------------------------------------- total => 8 (100.00%) ---------------------------------------------------------------------- ``` The change now made will make it so: * the grouping by function will always happen; * function calls will consistently be prefixed with a `@`, unless whitelisted, in which case they are prefixed with `whitelisted function call: ` (like before). The improved metrics will look something like this: ``` PHP CODE SNIFFER INFORMATION REPORT ---------------------------------------------------------------------- Error silencing: @header => 3 ( 37.50%) @ignore_user_abort => 1 ( 12.50%) @include_once $converter_file... => 1 ( 12.50%) @ini_get => 1 ( 12.50%) @ini_set => 1 ( 12.50%) whitelisted function call: is_file => 1 ( 12.50%) -------------------------------------------------- total => 8 (100.00%) ---------------------------------------------------------------------- ``` commit 38b621172b5efb24d73578c73f413b956cd5593f Merge: 370ae761 35fd3b60 Author: Denis Žoljom <[email protected]> Date: Fri Dec 6 09:10:17 2019 +0100 Merge pull request #1842 from WordPress/feature/commaafterarrayitem-add-metrics CommaAfterArrayItem: add metrics for comma after last item commit 370ae761077f23b0fbd7744f9ab1035681a258a1 Merge: eea33710 352a8b31 Author: Denis Žoljom <[email protected]> Date: Fri Dec 6 09:09:10 2019 +0100 Merge pull request #1837 from WordPress/feature/1792-controlstructurespacing-closure-use-return-type ControlStructureSpacing: fix undefined index error commit 35fd3b600227fc9621c2f93098c134c2b96f6c0c Author: jrfnl <[email protected]> Date: Fri Dec 6 03:52:13 2019 +0100 CommaAfterArrayItem: add metrics for comma after last item Add metrics to make it easier for people to decide whether or not to en/disable this rule. The generated metrics will look like this and can be called up using `--report=info`: ``` PHP CODE SNIFFER INFORMATION REPORT ---------------------------------------------------------------------- Multi-line array - comma after last item: no => 2,064 ( 95.82%) yes => 90 ( 4.18%) ------------------------- total => 2,154 (100.00%) Single line array - comma after last item: 0 [804/804, 100%] ``` commit eea33710d975bde9325df5acf69a1e1eed36d589 Merge: d45f5e5c 99f9f31a Author: Gary Jones <[email protected]> Date: Mon Dec 2 00:10:12 2019 +0000 Travis: don't allow PHP 7.4 build to fail (#1840) Travis: don't allow PHP 7.4 build to fail commit 99f9f31a281f19b43490b84e6d526d61157febb4 Author: jrfnl <[email protected]> Date: Sun Dec 1 15:14:15 2019 +0100 Travis: don't allow PHP 7.4 build to fail As [PHP 7.4 has been released](https://www.php.net/archive/2019.php#2019-11-28-1), the build against PHP 7.4 should no longer be allowed to fail. Includes fixing the `language` setting. This can't be an array and thrown warnings as it was when the Travis script is validated. commit 352a8b314cf07ce9d8b0855911e88e413cc0a711 Author: jrfnl <[email protected]> Date: Thu Nov 21 00:47:10 2019 +0100 ControlStructureSpacing: fix undefined index error Closure `use` parentheses do not have a parenthesis owner. While this is a plaster on the wound as the sniff really needs to be split up, for now, it fixes the notice. Fixes 1792 commit f90e8692ce97b693633db7ab20bfa78d930f536a Merge: bd9c3315 d45f5e5c Author: Juliette <[email protected]> Date: Mon Nov 11 13:34:03 2019 +0100 Merge pull request #1828 from WordPress/develop Release version 2.2.0 commit d45f5e5cf38eb9b8c2bf7c1a7e407007fc39ce29 Merge: 84033eef e004a3e5 Author: Juliette <[email protected]> Date: Mon Nov 11 12:54:11 2019 +0100 Merge pull request #1833 from WordPress/feature/changelog-2.2.0 Changelog for WPCS 2.2.0 commit e004a3e5eab60136910d4856bebdbaf6abe86d82 Author: jrfnl <[email protected]> Date: Mon Oct 14 23:35:08 2019 +0200 Changelog for WPCS 2.2.0 * Release date set at this **Monday November 11th**. * Includes all currently merged changes. commit 84033eef242a6821a06266185106efb862902046 Merge: e1058351 093a725a Author: Gary Jones <[email protected]> Date: Thu Nov 7 19:09:11 2019 +0000 Adds WP.Security.SafeRedirect documentation. (#1826) Adds WP.Security.SafeRedirect documentation. commit e10583517a077b3141b973e196d0a43c8154ae7c Merge: 31b8d9bd 9bd5f9c0 Author: Gary Jones <[email protected]> Date: Thu Nov 7 19:07:33 2019 +0000 Merge pull request #1824 from NielsdeBlaauw/1722-WordPress.WP.EnqueuedResources Adds documentation for WordPress.WP.EnqueuedResources. commit 31b8d9bde28b49caf8113db48955cf840cb76504 Merge: e7560d14 a2a32d1b Author: Gary Jones <[email protected]> Date: Thu Nov 7 19:05:51 2019 +0000 Various minor documentation fixes (#1831) Various minor documentation fixes commit 9bd5f9c0cdafbc83ddd897fd82ea17dd09eef9e7 Author: Niels de Blaauw <[email protected]> Date: Thu Oct 31 13:47:42 2019 +0100 Adds documentation for WordPress.WP.EnqueuedResources. commit a2a32d1b523ee6081a93ab0cf12ee780deb59b23 Author: jrfnl <[email protected]> Date: Thu Sep 12 00:00:03 2019 +0200 Various minor documentation fixes ... picked up along the way. commit e7560d144ede66bb48a14be773e4072260bd4081 Author: Niels de Blaauw <[email protected]> Date: Wed Nov 6 20:46:01 2019 +0100 Ini_set: add documentation (#1730) commit ed52f7d4ad86c9a4f6ecc076651fd206ca2667cd Merge: 5cc744f3 9eeeb6c1 Author: Juliette <[email protected]> Date: Wed Nov 6 19:51:29 2019 +0100 Merge pull request #1732 from WordPress/docs/posts-per-page Docs: Add PostsPerPage XML doc commit 093a725adb9ecca72ed79e03bbe0ac9a85398c0f Author: Niels de Blaauw <[email protected]> Date: Thu Oct 31 14:05:22 2019 +0100 Adds WP.Security.SafeRedirect documentation. commit 5cc744f3e051df0508d78e6c0b3fe9b8ebad3536 Merge: 7a626f3d 86d7dbca Author: Gary Jones <[email protected]> Date: Mon Nov 4 22:59:27 2019 +0000 Adds documentation for WordPress.WP.CronInterval (#1823) Adds documentation for WordPress.WP.CronInterval commit 9eeeb6c1aafe0ade899ca7d98e61822367b476c3 Author: Gary Jones <[email protected]> Date: Mon Nov 4 22:53:33 2019 +0000 Docs: Add PostsPerPage XML doc See #1722. commit 7a626f3d876d94636ee9e66e1d1f4ded960347d7 Merge: ae449aa0 c65d63b7 Author: Denis Žoljom <[email protected]> Date: Sat Nov 2 13:42:24 2019 +0100 Merge pull request #1829 from WordPress/feature/update-minimum-wp-version-property Update default minimum supported WP version commit ae449aa0f511fd08e0cf057fdc85b5660297ce7b Author: Niels de Blaauw <[email protected]> Date: Sat Nov 2 05:54:09 2019 +0100 :sparkles: New NamingConventions.ValidPostTypeSlug sniff Adds a new `WordPress.NamingConventions.ValidPostTypeSlug` sniff. Checks if the first parameter given to a register_post_type() call is actually a valid value. commit 86d7dbca0de9ecde168a733a071886eface9be13 Author: Niels de Blaauw <[email protected]> Date: Thu Oct 31 12:44:50 2019 +0100 Adds documentation for WordPress.WP.CronInterval Update WordPress/Docs/WP/CronIntervalStandard.xml Co-Authored-By: Juliette <[email protected]> Update WordPress/Docs/WP/CronIntervalStandard.xml Co-Authored-By: Juliette <[email protected]> Update WordPress/Docs/WP/CronIntervalStandard.xml Co-Authored-By: Juliette <[email protected]> Update WordPress/Docs/WP/CronIntervalStandard.xml Co-Authored-By: Juliette <[email protected]> Update WordPress/Docs/WP/CronIntervalStandard.xml Co-Authored-By: Juliette <[email protected]> Seperates function definition commit c65d63b7261786d2a10eed90a54b436cc098ddaa Author: jrfnl <[email protected]> Date: Fri Nov 1 05:18:43 2019 +0100 Update default minimum supported WP version What with the target release date for WPCS 2.2.0 being November 11 and the target release date of WP 5.3 being November 12, updating this property before the release is probably a good idea. commit 981b7d476d26c11c1ece433403b99f2e903b41f1 Merge: b922e444 ef7f86e5 Author: Gary Jones <[email protected]> Date: Wed Oct 30 09:58:57 2019 +0000 PrefixAllGlobals: minor efficiency tweak (#1822) PrefixAllGlobals: minor efficiency tweak commit b922e4446be1271e2bfe1a7b4e86803ee5d1c4ae Merge: ce79334d e4f838c1 Author: Denis Žoljom <[email protected]> Date: Wed Oct 30 08:16:10 2019 +0100 Merge pull request #1808 from WordPress/feature/new-currenttime-timestamp-sniff New DateTime.CurrentTimeTimestamp sniff commit ce79334d95930d99f63bebe8d1ad37cab38d741d Merge: 3b204a61 52de928c Author: Denis Žoljom <[email protected]> Date: Tue Oct 29 10:38:29 2019 +0100 Merge pull request #1820 from WordPress/feature/validhookname-improve-error-messages ValidHookName: improve error messages commit ef7f86e583b80820c4751c7c68c9e0a66a83567b Author: jrfnl <[email protected]> Date: Mon Oct 28 21:14:04 2019 +0100 PrefixAllGlobals: minor efficiency tweak Similar to 1815, but then for the `PrefixAllGlobals` sniff, allowing it to fail earlier for calls to deprecated hooks. commit 52de928c942c11743180df0871e777418c602ab1 Author: jrfnl <[email protected]> Date: Mon Oct 28 01:31:15 2019 +0100 ValidHookName: improve error messages * Trim whitespace off the "expected" and "found" values which are used in the error messages. * Ignore comments and PHPCS annotations when building up the "expected" and "found" values. * Improve line precision by throwing the error on the line where the hook name starts, not the line containing the function call. Includes unit test. The unit test basically only tests part 3 of the change. The error message improvement needs visual inspection as the message content is not tested. commit e4f838c19de4f325c1894373498c8070bbaedc7a Author: jrfnl <[email protected]> Date: Sat Oct 5 09:28:30 2019 +0200 :sparkles: New DateTime.CurrentTimeTimestamp sniff This new sniff adds a check for use of current_time() to retrieve a timestamp. A (fixable) `error` will be thrown when the `$gmt` parameter is set to `true` or `1`, a `warning` when it is not. Includes unit tests. Includes fixer. Includes documentation. This new sniff has been added to the `Core` ruleset. Fixes 1791 commit 3b204a6115b5be8b0a69a55ba437668c1550deb0 Merge: 619ced05 864e4fd6 Author: Denis Žoljom <[email protected]> Date: Sun Oct 27 12:12:00 2019 +0100 Merge pull request #1818 from WordPress/feature/escapeoutput-tolerance-first-param-deprecated-file EscapeOutput: allow for typical pattern with `_deprecated_file()` commit 619ced05e37352351b348c6fd6e4016fbbe1d034 Merge: fcaf02bf 7947bce3 Author: Gary Jones <[email protected]> Date: Sun Oct 27 12:01:57 2019 +0100 New "DateTime.RestrictedFunctions" sniff (#1807) New "DateTime.RestrictedFunctions" sniff commit fcaf02bf6e6ba1dc6175994c61919806966556d4 Merge: 1563450e 62d9924f Author: Gary Jones <[email protected]> Date: Sun Oct 27 11:59:33 2019 +0100 ValidHookName: add documentation (#1817) ValidHookName: add documentation commit 1563450eea58be397feaa1c8a714600f8bcd8c99 Merge: d8030114 0e88b837 Author: Gary Jones <[email protected]> Date: Sun Oct 27 11:58:49 2019 +0100 ValidHookName: minor efficiency tweaks (#1815) ValidHookName: minor efficiency tweaks commit 864e4fd65be99694f3d6eaf8b638f6bd02c8ef29 Author: jrfnl <[email protected]> Date: Thu Oct 24 16:11:07 2019 +0200 EscapeOutput: allow for typical pattern with `_deprecated_file()` The first parameter passed to `_deprecated_file()` generally is `basename( __FILE__ )` based on the code currently in WP Core. As the result of that function call is safe, I'm proposing making an exception for that particular code pattern. Includes unit tests. Note: the current code does not allow for comments in the first parameter. This would be rare encounter in these function calls anyway and allowance for it can be added later if needs be. commit d80301148f393dae1fefbf0dc78c038d8e8dc956 Merge: 058be1bc 5c82777d Author: Denis Žoljom <[email protected]> Date: Thu Oct 24 09:32:24 2019 +0200 Merge pull request #1810 from WordPress/feature/update-deprecated-functions-list-wp-5.3 DeprecatedFunctions: update function list commit 7947bce347122daa530b0b11864d34fb35e6e465 Author: jrfnl <[email protected]> Date: Sat Oct 5 03:29:33 2019 +0200 New "DateTime.RestrictedFunctions" sniff This introduces a new `WordPress.DateTime.RestrictedFunctions` sniff which initially includes two groups: * `timezone_change` - moved from the `WordPress.WP.TimezoneChange` sniff * `date` - moved from the `WordPress.PHP.RestrictedPHPFunctions` sniff (group not yet in a released WPCS version yet) The `WordPress.WP.TimezoneChange` sniff is now deprecated. * The sniff is no longer included in the WPCS rulesets. * If the sniff is explicitly included via a custom ruleset, deprecation notices will be thrown. * If the `exclude` property is set from with a custom ruleset, a deprecation notice will be thrown. The new sniff is now included in the `Core` ruleset. Note: once WP Core upgrades, the one instance of using `date_default_timezone_set()` in WP Core (in `wp-settings.php`) will need to be whitelisted inline. There are a few more occurrences in the unit tests, but those can be ignored via file based excludes. Fixes 1805 commit 62d9924f773296870375928de72ab7b959bc6c32 Author: jrfnl <[email protected]> Date: Thu Oct 24 01:02:56 2019 +0200 ValidHookName: add documentation Related to 1722 commit 0e88b837d9d29796b818917fc5a28b0fdc8318b5 Author: jrfnl <[email protected]> Date: Tue Oct 22 07:51:33 2019 +0200 ValidHookName: minor efficiency tweaks Instead of checking whether a `..._deprecated()` function was matched after the function matching, remove the deprecated hook invocation functions from the target function array in `getGroups()`. This allows the sniff to fail earlier. Also remove redundant check for `$parameters[1]`. If there are no parameters, the `process_parameters()` function wouldn't be called anyway. commit 5c82777d0e4c626eb7da8d23458370dc23b705ea Author: jrfnl <[email protected]> Date: Tue Oct 15 01:02:49 2019 +0200 DeprecatedFunctions: update function list ... with functions which will be deprecated in WP 5.3. Not updating the `Sniff::$minimum_supported_version` property yet as WP 5.3 has not yet been released. commit 058be1bc5b2c5f20bcb0fb44603e43abe6315be4 Author: Mike Hermans <[email protected]> Date: Sun Oct 13 22:21:42 2019 +0200 Docs/ArrayKeySpacingRestrictions and Array.MultipleStatementAlignment (#1737) Adds documentations for the `WordPress.Arrays.ArrayKeySpacingRestrictions` sniff and the `WordPress.Arrays.MultipleStatementAlignment` sniff. Related to #1722 commit e38cee87efefd5c9c97a719f9a0ba0d7a26bc073 Author: Mike Hermans <[email protected]> Date: Sun Oct 13 10:56:36 2019 +0200 Docs/WordPress.Arrays.ArrayIndentation (#1744) Adds documentations for the WordPress.Arrays.ArrayIndentation sniff Related to #1722 commit 313ddeaf44bf22179d12f8ff594e53866e9efc36 Merge: e7bfc163 b5f989d7 Author: Denis Žoljom <[email protected]> Date: Mon Oct 7 14:36:44 2019 +0200 Merge pull request #1809 from WordPress/feature/deprecatedclasses-update-list DeprecatedClasses: update the sniff commit b5f989d7876a9d46810b6bd52c249fc127d4c69c Author: jrfnl <[email protected]> Date: Mon Oct 7 06:18:28 2019 +0200 DeprecatedClasses: update the sniff Add some more deprecated classes to the list. Refs: * https://core.trac.wordpress.org/ticket/42364 * https://core.trac.wordpress.org/ticket/47699 commit e7bfc163f3d25a63bbe6d5c9665a7534666d356a Merge: 1ec0770f d5640f85 Author: Denis Žoljom <[email protected]> Date: Fri Oct 4 23:23:56 2019 +0200 Merge pull request #1806 from WordPress/feature/1797-ignore-deprecated-functions-for-namechecks PrefixAllGlobals + ValidFunctionName: ignore deprecated methods by design commit d5640f852cce350a30f529b9d819a46f60007531 Author: jrfnl <[email protected]> Date: Fri Oct 4 04:35:43 2019 +0200 PrefixAllGlobals: ignore deprecated functions Check the function docblock for a `@deprecated` tag and if found, bow out. Includes unit tests. Fixes 1797 Note: the same should probably also be done for classes/interfaces/traits/constants marked as deprecated, but that's for another PR. commit 6226cdcfcc055e7d305ad9bef541e3016cf37a4d Author: jrfnl <[email protected]> Date: Fri Oct 4 04:29:22 2019 +0200 ValidFunctionName: ignore deprecated functions Check the function docblock for a `@deprecated` tag and if found, bow out. Includes unit tests. Fixes 1797 commit 28bc1449da4285327e9b5284f367802e182769f0 Author: jrfnl <[email protected]> Date: Fri Oct 4 04:31:06 2019 +0200 Sniff: add new `is_function_deprecated()` utility function This new function: * Tries to find a function docblock, if it exists. * If found, checks if the docblock contains at least one `@deprecated` tag. Returns boolean true/false. Note: this method is `static` to allow the `ValidFunctionName` sniff which extends an upstream sniff to use the method as well. commit 1ec0770fb5e8beeeae4074c34fd64a092aae6340 Merge: 0d2f9840 85f30163 Author: Denis Žoljom <[email protected]> Date: Thu Oct 3 09:58:15 2019 +0200 Merge pull request #1804 from WordPress/feature/capitalpdangit-minor-tweak CapitalPDangit: minor tweak commit 85f30163edeb4d0d03895af5bcbac537ebc28135 Author: jrfnl <[email protected]> Date: Thu Oct 3 09:43:14 2019 +0200 CapitalPDangit: minor tweak Allow for the `test` TLD. Includes unit test. commit 0d2f98403abb1a74c9a11861345089dc8b6dc7c0 Merge: 484335b5 aecdaa76 Author: Juliette <[email protected]> Date: Sat Sep 28 04:56:08 2019 +0200 Merge pull request #1801 from FORTE-WP/temp1 Documentation Class Instantiation commit aecdaa763576c785779ecb214067436dbba3900b Author: oltho <oltho@DESKTOP-6N4561P> Date: Sat Sep 28 01:36:17 2019 +0200 Proccessed feedback from jrfnl commit 484335b5b4cd43a66b0f2df9ceaea5e7930ef8fd Merge: 81a7fb29 54f1017c Author: Gary Jones <[email protected]> Date: Sun Sep 22 15:10:15 2019 +0100 DisallowShortTernary: improve docs (#1800) DisallowShortTernary: improve docs commit 81a7fb2926aea82432173340ae67d65453ea0275 Merge: 2f396d1d dda05c13 Author: Gary Jones <[email protected]> Date: Sun Sep 22 15:03:19 2019 +0100 New error handling Deprecated Classes and Functions (#1729) New error handling Deprecated Classes and Functions Co-authored-by: Juliette <[email protected]> commit 6aec3211d170d687b2eb078c11d7b91c2d314b39 Author: oltho <[email protected]> Date: Fri Sep 20 16:17:21 2019 +0200 Documentation Class Instantiation commit 54f1017ce3036481474e8926982bcb65fb7ad8cb Author: jrfnl <[email protected]> Date: Fri Sep 20 15:56:58 2019 +0200 DisallowShortTernary: improve docs The valid example line was a bit too long... oops... commit dda05c132cc121f72fb051b49436537eb38bd0c4 Author: jrfnl <[email protected]> Date: Fri Sep 20 14:00:15 2019 +0200 Docs/Deprecated WP: various minor fixes to the XML docs commit 2f396d1d7686ec641584b014e63f8ea2c25971ce Merge: 9c506d60 9a89756e Author: Denis Žoljom <[email protected]> Date: Fri Sep 20 09:19:34 2019 +0200 Merge pull request #1799 from WordPress/feature/yodaconditions-minor-efficiency-fix YodaConditions: minor efficiency fix commit 9a89756ee98302be652b6ab974151fc4feddca69 Author: jrfnl <[email protected]> Date: Thu Sep 19 23:47:23 2019 +0200 YodaConditions: minor efficiency fix Performance: Don't unnecessarily use `array_merge()`. commit 9c506d60e6ed3011250dc9a6da115c8c46922029 Merge: ecb633d8 75993cc4 Author: Gary Jones <[email protected]> Date: Thu Sep 12 08:03:31 2019 +0100 AlternativeFunctions: add extra unit test (#1795) AlternativeFunctions: add extra unit test commit 75993cc487dad8603d09eab1cd914edf454e5131 Author: jrfnl <[email protected]> Date: Thu Sep 12 00:35:05 2019 +0200 AlternativeFunctions: add extra unit test Just to be sure this was covered correctly (which it luckily was). commit ecb633d8cddb5fa38dc2de5d72b220810dde549c Merge: 06966b26 10d727a7 Author: Juliette <[email protected]> Date: Mon Sep 9 02:10:29 2019 +0200 Merge pull request #1793 from WordPress/feature/minor-comment-fix Fixed minor grammar issue commit 10d727a7f4a5a401c141a0b5b6cfc7bb97f26dd2 Author: Denis Žoljom <[email protected]> Date: Sun Sep 8 17:49:50 2019 +0200 Fixed minor grammar issue Found this during the work on the twentytwenty theme so I thought I should just make a PR. commit 06966b26d8deb06a91a5c0f99a04802a6ff5e5bf Merge: 05c0ee4c 2f8089f9 Author: Gary Jones <[email protected]> Date: Tue Aug 6 14:59:13 2019 +0100 EscapeOutput: add highlight_string() to escaping functions (#1787) EscapeOutput: add highlight_string() to escaping functions commit 05c0ee4ce2dc777310ae0586b8c774caea237dd3 Merge: 30aef1da 3d80421b Author: Denis Žoljom <[email protected]> Date: Mon Aug 5 13:20:52 2019 +0200 Merge pull request #1788 from WordPress/feature/escapeoutput-minor-cleanup EscapeOutput: use Sniff::$safe_casts commit 3d80421bde5ea1535777451fede4086227356ce6 Author: jrfnl <[email protected]> Date: Mon Aug 5 01:03:08 2019 +0200 EscapeOutput: use Sniff::$safe_casts The `Sniff::$safe_casts` token list and the `EscapeOutputSniff::$safe_cast_tokens` were near duplicates. This removes the duplicate code (which can be safely removed as it is a `private` property) and adds the missing `T_UNSET_CAST` to the `Sniff::$safe_casts` list. commit 30aef1da2547e71bb9b72cfb6095c6d723bcea70 Merge: 45ecdf01 a8ad6719 Author: Gary Jones <[email protected]> Date: Thu Aug 1 22:33:27 2019 +0100 EscapeOutput: add sanitize_key() to escaping functions (#1786) EscapeOutput: add sanitize_key() to escaping functions commit a8ad671927609fed0be192bb7eac965810affd69 Author: jrfnl <[email protected]> Date: Thu Aug 1 14:28:22 2019 +0200 EscapeOutput: add sanitize_key() to escaping functions `sanitize_key()` only allows for lowercase characters, numbers, underscore and dash characters. So a variable run through `sanitize_key()` can be considered just as safe, if not more so, than a variable run through one of the escaping functions. Ref: * https://developer.wordpress.org/reference/functions/sanitize_key/ commit 2f8089f99c3d1ead9f81a6534e0ebc4202284b6a Author: jrfnl <[email protected]> Date: Thu Aug 1 15:53:43 2019 +0200 EscapeOutput: add highlight_string() to escaping functions While intended for code highlighting of PHP code, based on some tests I've run, the output of the PHP native `highlight_string()` function does appear to be safe, so I'm proposing to add this to the list of `$escapingFunctions`. Note: I'd appreciate some scrutiny of this PR. I wouldn't want to inadvertently add an unsafe function to the list. Refs: * https://3v4l.org/mYK5A * https://www.php.net/manual/en/function.highlight-string.php commit 45ecdf019b72807bc82d9dc816f12bb11e897119 Merge: e22e842e d17d2680 Author: Denis Žoljom <[email protected]> Date: Thu Aug 1 10:46:29 2019 +0200 Merge pull request #1785 from WordPress/feature/1728-prefixallglobals-blacklist-php-prefix PrefixAllGlobals: add "php" to the list of blacklisted prefixes commit d17d2680fe74a541f1c80f8c17679c427c166330 Author: jrfnl <[email protected]> Date: Wed Jul 31 22:16:09 2019 +0200 PrefixAllGlobals: add "php" to the list of blacklisted prefixes The `php` prefix is reserved for PHP itself. No unit tests added as the logic for this blacklist is already sufficiently unit tested. Fixes 1728 commit e22e842e24fd48aac70fa3ba3dab39cfc3e7e890 Merge: b56232b4 605d2f7b Author: Juliette <[email protected]> Date: Wed Jul 31 22:08:56 2019 +0200 Merge pull request #1741 from NielsdeBlaauw/1733-short-prefixes-error Fixes #1733 - Error on short prefixes commit 605d2f7bd97e36efcaf62b23af4f85cfe594fa63 Author: Niels de Blaauw <[email protected]> Date: Wed Jul 31 20:16:22 2019 +0200 Deletes duplicate code and removes incorrect second parameter strlen commit b56232b4d45e96072fe9dcb4c45503b4311ba4ea Merge: d2ef2b53 f47cf7b4 Author: Denis Žoljom <[email protected]> Date: Tue Jul 30 14:59:48 2019 +0200 Merge pull request #1783 from WordPress/feature/1774-globalvarsoverride-prefixallglobals-recognize-list-assignments PrefixAllGlobals/GlobalVariablesOverride: detect variables being set via list() commit d2ef2b5370dca0a11c7735bd9e14d711f8e18f32 Merge: 727fce4f 58533025 Author: Stephen Edgar <[email protected]> Date: Mon Jul 29 10:23:02 2019 +1000 Various minor doc fixes (#1784) Various minor doc fixes commit 5853302581d36ae6faf383a7f01d9490ecd33512 Author: jrfnl <[email protected]> Date: Sat May 18 23:49:52 2019 +0200 Various minor doc fixes commit f47cf7b4a323cbd3eb5a924d0cd30e062499490c Author: jrfnl <[email protected]> Date: Sat Jul 27 15:52:25 2019 +0200 GlobalVariablesOverride: detect global variable overrides in list assignments Global variables to which an assignment is made via the long/short `list()` construct should also be checked to make sure they don't override a WP global variable. Includes unit tests. Related to 1774 commit bd1641684895ff3ad5b26b1a557cd11737ed3529 Author: jrfnl <[email protected]> Date: Sat Jul 27 15:50:41 2019 +0200 PrefixAllGlobals: detect non-prefixed variables in list assignments Global variables to which an assignment is made via the long/short `list()` construct should also be prefixed. Includes unit tests. Related to 1774 commit c2bae675c6d78985a51b1cd63c9c7778fa3f855a Author: jrfnl <[email protected]> Date: Sat Jul 27 15:39:06 2019 +0200 Sniff: add new `get_list_variables()` utility method This adds a new utility method which will retrieve an array with the token pointers to the variables which are being assigned to in a `list()` construct, whether short or long list. This utility method takes all currently supported list features in PHP into account and handles the following correctly: * Nested lists * Empty list items * Trailing comma's in lists * Empty lists (no longer allowed as of PHP 7.0.0) * Short lists (PHP 7.1.0+) * Keyed lists (PHP 7.1.0+) commit f30b10283848329caa5ff4538a815c60ea7339e0 Author: jrfnl <[email protected]> Date: Sat Jul 27 15:31:36 2019 +0200 Sniff::find_array_open_close(): minor tweak The bracket opener array key will only be set if there is also a bracket closer. commit a699e0d57e09160dc358637531aef07dcddd5a9c Author: jrfnl <[email protected]> Date: Sat Jul 27 15:31:06 2019 +0200 Sniff: add new `find_list_open_close()` utility method Sister-method to the `find_array_open_close()` utility method to find the opener and closer for `list()` constructs, including short lists. commit 727fce4f517ee6147db4470f9f628f0dd4fb2b68 Merge: d6050e82 c21ccff4 Author: Denis Žoljom <[email protected]> Date: Sun Jul 28 09:52:50 2019 +0200 Merge pull request #1781 from WordPress/feature/travis-ignore-deprecation-notices-phpcs-stable Travis: ignore PHP deprecation notices for stable PHPCS releases commit d6050e828f8a713a2dff155ecba4ce8220b926b2 Merge: 3503cfc6 ab539765 Author: Denis Žoljom <[email protected]> Date: Sun Jul 28 09:51:44 2019 +0200 Merge pull request #1780 from WordPress/feature/1692-array-sniffs-should-ignore-short-lists Array sniffs: ignore short lists commit ab539765ea0151ef002a0cd61528f46a3ec52ff4 Author: jrfnl <[email protected]> Date: Sat Jul 27 14:46:43 2019 +0200 Array sniffs: ignore short lists While we should probably define rules for long/short list constructs, WPCS at this time, does not have a opinion on the formatting of these. The `Arrays` sniffs, however, would all treat _short lists_ as if they were _short arrays_ and apply the array rules on them. This PR fixes this by bowing out early if a short array is in actual fact a short list. Includes unit tests in each of the sniffs in the `Arrays` category affected by this issue. Fixes 1692 commit bc24df5f738d6ae64aa5a9ddbc0a0edc5e9b0c42 Author: jrfnl <[email protected]> Date: Sat Jul 27 14:19:24 2019 +0200 Sniff: Add new `is_short_list()` utility method New utility method to determine whether a _short array_ token is in actual fact representing a PHP 7.1+ short list. This method will be short-lived in WPCS as it will be introduced in WPCS 3.5.0 and can be deprecated once the minimum required PHPCS version goes up. commit c21ccff46852c00e40ca9517dad40ccca1ee03d9 Author: jrfnl <[email protected]> Date: Sun Jul 21 21:18:28 2019 +0200 Travis: ignore PHP deprecation notices for stable PHPCS releases The unit tests will fail when a PHP warning/notice/deprecation notice is encountered. Deprecation notices thrown by already released PHPCS versions won't get fixed anymore (in that version), so failing the unit tests on those is moot and will skew the reliability of the Travis results. commit 3503cfc63335af4b3412a9dbe992a29fa8aa5974 Merge: d171c8d5 23a17dc9 Author: Gary Jones <[email protected]> Date: Sat Jul 27 06:50:11 2019 +0100 ArrayKeySpacingRestrictions: add space size check & fix errors… (#1779) ArrayKeySpacingRestrictions: add space size check & fix errors in one go commit d171c8d5c82c214009cf2962fa3689c88b231b0b Merge: d3586ff6 42332cc9 Author: Gary Jones <[email protected]> Date: Sat Jul 27 06:46:33 2019 +0100 CastStructureSpacing: allow for spread operator (#1767) CastStructureSpacing: allow for spread operator commit 23a17dc964227c6c4c689ac80014c7bcee6408be Author: jrfnl <[email protected]> Date: Sat Jul 27 07:12:09 2019 +0200 ArrayKeySpacingRestrictions: fix whitespace violations in one go If the array key should not be surrounded by spaces and there was more than one whitespace token between a bracket and the array key, the fixer would take several loops to remove the consecutive whitespace tokens. This has been changed to fixing the whitespace in one go, reducing the chance of fixer conflicts and making the sniff more efficient. Includes unit tests. This can be tested by running the sniff with the `-v` option. Without this fix, the sniff takes 4 loops when fixing the unit test cases in this commit, with the fix, it takes 2 loops. commit 6004e4bfa738c76216db4cb33c30b2b368b0c40e Author: jrfnl <[email protected]> Date: Sat Jul 27 06:49:28 2019 +0200 ArrayKeySpacingRestrictions: check the size of the space on the inside of the brackets For non-string, non-numeric array keys, WPCS demands a space on the inside of the square brackets around the array key. Up to now, the _size_ of the whitespace on the inside of the square brackets was not checked. This PR adds that check. Includes unit tests. Includes fixer. commit d3586ff66e069ed38f6cf3c103e8800ece4fe9ae Merge: 6aab357d 620adf21 Author: Denis Žoljom <[email protected]> Date: Thu Jul 25 12:29:32 2019 +0200 Merge pull request #1777 from WordPress/feature/new-codeanalysis-escaped-not-translated-sniff New CodeAnalysis/EscapedNotTranslated sniff commit 6aab357ddbc46371694b51c5fe8dfe3b7677325e Merge: 89c2154e 5fe9561f Author: Denis Žoljom <[email protected]> Date: Thu Jul 25 11:43:11 2019 +0200 Merge pull request #1772 from WordPress/feature/php-7.4-compatibility PHP 7.4 compatibility / defensive coding commit 620adf21adb7a917e759071014c6c1f171ca34a1 Author: jrfnl <[email protected]> Date: Wed Jul 24 19:49:42 2019 +0200 :sparkles: New CodeAnalysis/EscapedNotTranslated sniff At times, people will accidentally forget to add the `__` when they intend to use one of the "translate + escape" functions. I've run into this a number of times now when reviewing/fixing code and found that they aren't that easy to spot visually when you're focussed on other things. So as it was such an easy sniff to write, I figured I may as well. AFAICS there are only two escaping functions in core which have direct "translate + escape" sister-functions. All the same, the sniff has been set up to allow for more similar function-combis to be added. Includes unit tests. Includes documentation. Sniff has been added to the `WordPress-Extra` ruleset. commit 89c2154e67d98332dfafa6f0712888d5cc3b7a98 Merge: e65086e2 096f0cda Author: Denis Žoljom <[email protected]> Date: Tue Jul 23 17:33:15 2019 +0200 Merge pull request #1773 from WordPress/feature/globalvars-prefixallglobals-handle-content-width GlobalVariablesOverride/PrefixAllGlobals: handle WP variables intended to be overwritten commit e65086e25c649a42ff0f9a482e78144a38c6c25f Merge: 4011319f 47eddc7c Author: Denis Žoljom <[email protected]> Date: Tue Jul 23 13:07:02 2019 +0200 Merge pull request #1776 from WordPress/feature/escape-output-improve-error-msg-variables EscapeOutput: improve the error message for non-escaped variables commit 47eddc7ce19d2fcaed4a3d11456b38dc851d538c Author: jrfnl <[email protected]> Date: Tue Jul 23 06:59:37 2019 +0200 EscapeOutput: improve the error message for non-escaped variables This improved the error message output when array variables are being accessed. ```php echo $strings['update-available']; ``` **Old output:** `All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$strings'.` **New output:** `All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$strings['update-available']'.` No unit tests added as the unit tests don't test the message thrown. The effect can be tested & confirmed though by running the sniff over the above code snippet. Partially fixes 749 commit 096f0cda16669d1e7cce2531de9d1e56aaa34338 Author: jrfnl <[email protected]> Date: Tue Jul 23 03:44:03 2019 +0200 GlobalVariablesOverride/PrefixAllGlobals: handle WP variables intended to be overwritten WP Core contains the global `$content_width` variable which is intended to be set/overwritten by plugins and themes. For that reason the variable was previously removed from the `Sniff::$wp_globals` list in WPCS 0.4.0. See 276, 331. The downside of the variable not being in the list is that the `PrefixAllGlobals` sniff complains about it not being prefixed, as it doesn't realize it is a WP native global variable. The upside was that the `GlobalVariablesOverride` sniff did not complain about the variable being overwritten. Adding the variable to the `Sniff::$wp_globals` list would reverse that situation with the `PrefixAllGlobals` sniff staying silent and the `GlobalVariablesOverride` sniff starting to complain. This PR intends to solve this conundrum. * The list of WP Core globals in `Sniff::$wp_globals` should be complete and not intentionally miss certain variables without there being any documentation on why there are not listed there. * To still allow for the `GlobalVariablesOverride` sniff to function correctly, a new `$override_allowed` property has been added to that sniff, as well as logic to handle this. Unit tests confirming that this fixes the issue have been added to both sniffs. Additional notes: * There may be more variables in WP Core which are intended to be overwritten by plugins/themes. I have not verified this. If we do come across additional ones, it will now be easy enough to add them to the whitelist anyway. For now, only `content_width` and `wp_cockneyreplace` have been added. Also see: https://github.com/WordPress/WordPress-Coding-Standards/issues/924#issuecomment-457850090 and https://core.trac.wordpress.org/browser/trunk/src/wp-includes/formatting.php#L123 * This PR does not address the fact that the `Sniff::$wp_globals` list is grossly out of date. See 924 Fixes 1043 commit 5fe9561fd38e577b531da1c3f0c7e65d99ce1825 Author: jrfnl <[email protected]> Date: Sun Jul 21 21:52:07 2019 +0200 PHP 7.4 compatibility / defensive coding WPCS is running into two PHP 7.4 issues where we use array access on a non-array value. This PR fixes both. Refs: * https://wiki.php.net/rfc/deprecate_curly_braces_array_access Build showing the issues: * https://travis-ci.com/WordPress/WordPress-Coding-Standards/jobs/218025587 commit 4011319f0c197ac2d9a07c4e8729e17262a0790f Merge: 80e82a2b acbeee62 Author: Denis Žoljom <[email protected]> Date: Sun Jul 21 14:38:59 2019 +0200 Merge pull request #1768 from WordPress/feature/new-disallow-short-ternary-sniff New DisallowShortTernary sniff commit 80e82a2b48fa02df57d2bd0a3ce24dc28de89278 Merge: 13a8bc10 fd0a1a20 Author: Denis Žoljom <[email protected]> Date: Sun Jul 21 09:56:30 2019 +0200 Merge pull request #1770 from WordPress/feature/add-disallow-short-arrays-to-core Core: Add upstream Generic.Arrays.DisallowShortArraySyntax sniff commit fd0a1a20d33cd74065d696868ce4231f53b8a18b Author: jrfnl <[email protected]> Date: Sat Jul 20 22:22:53 2019 +0200 Core: Add upstream Generic.Arrays.DisallowShortArraySyntax sniff Recently a new section has been added to the handbook which forbids the use of short arrays. > Using long array syntax ( array( 1, 2, 3 ) ) for declaring arrays is generally more readable than short array syntax ( [ 1, 2, 3 ] ), particularly for those with vision difficulties. Additionally, it’s much more descriptive for beginners. > > Arrays must be declared using long array syntax. https://make.wordpress.org/core/handbook/best-practices/coding-standards/php/#declaring-arrays This PR add an existing upstream sniff which addresses this. Includes auto-fixer. Also see: https://make.wordpress.org/core/2019/07/12/php-coding-standards-changes/ Loosely related to 764 commit acbeee62c4985a62d1c142f898319978096ad5e9 Author: jrfnl <[email protected]> Date: Sat Jul 20 21:30:56 2019 +0200 :sparkles: New DisallowShortTernary sniff This new sniff addresses the new "_The short ternary operator must not be used._" rule which was recently added to the handbook. The sniff has been added to the `WordPress-Core` ruleset. Refs: * https://make.wordpress.org/core/handbook/best-practices/coding-standards/php/#ternary-operator * https://make.wordpress.org/core/2019/07/12/php-coding-standards-changes/ Includes unit tests. Includes documentation. commit 42332cc9f518a10efa258e5cf7e9008571215f8d Author: jrfnl <[email protected]> Date: Sat Jul 20 20:07:38 2019 +0200 CastStructureSpacing: allow for no whitespace before a cast when used in combination with a spread operator Includes updated docs. Related 1762 Related 1524 commit 13a8bc10b54a3557f622e04fd700ca81828ac986 Author: Christopher Kanitz <[email protected]> Date: Thu Jul 18 06:45:05 2019 +0200 Docs/WordPress.WhiteSpace.DisallowInlineTabs (#1735) Adds documentation for the WordPress.WhiteSpace.DisallowInlineTabs sniff Related to #1722 commit c8c576e9993a03ed3f21239ebe15b5a528d93edf Author: Niels de Blaauw <[email protected]> Date: Tue Jul 16 17:28:08 2019 +0200 Adds fallback for sniff when iconv is not available commit d8baf910d0516325a7201e51d648ec07b2ed6582 Author: Niels de Blaauw <[email protected]> Date: Tue Jul 16 17:17:10 2019 +0200 Fixes #1733 - Error on short prefixes commit d00b44ba67ae47faf7d2727faf0c9485a1e7f1d9 Author: Christopher Kanitz <[email protected]> Date: Fri Jul 5 13:02:48 2019 +0200 Docs/WordPress.WhiteSpace.PrecisionAlignment (#1725) Adds documentation for the WordPress.WhiteSpace.PrecisionAlignmentSniff Related to #1722 commit bf3ef482d2d3012ddcf7447fd268cb41daedc86e Author: Christopher Kanitz <[email protected]> Date: Fri Jul 5 12:42:00 2019 +0200 Docs/WordPress.WhiteSpace.CastStructureSpacing (#1738) Adds documentation for the WordPress.WhiteSpace.CastStructureSpacing Related to #1722 commit 173fdd6fad68bf4b910c5a019681f81b341580e2 Merge: 9784d0df 8d861ab1 Author: Denis Žoljom <[email protected]> Date: Fri Jul 5 11:37:21 2019 +0200 Merge pull request #1758 from WordPress/feature/wp-ruleset-efficiency-fix WordPress ruleset: efficiency fix commit 8d861ab195ddc488fc36380fbefb6bd094451532 Author: jrfnl <[email protected]> Date: Fri Jul 5 01:29:57 2019 +0200 WordPress ruleset: efficiency fix Rulesets are processed top-to-bottom, one rule at the time. For the `WordPress` ruleset, this means that PHPCS would first load the `WordPress-Core` ruleset and process all rules in that file, then read the `WordPress-Docs` ruleset and lastly, the `WordPress-Extra` ruleset. As the `WordPress-Extra` ruleset includes `WordPress-Core`, it would re-process the `WordPress-Core` ruleset a second time and then process the additional rules in the `Extra` ruleset. This means that in effect, the `WordPress-Core` ruleset is processed twice when using the `WordPress` ruleset which is inefficient. By commenting that rule out, we still document that the `WordPress` ruleset includes `WordPress-Core` without double processing the ruleset. commit 9784d0df476d4f38b4e1b8a896589db88d8c10c2 Merge: 6994433a 0af5b186 Author: Juliette <[email protected]> Date: Wed Jul 3 00:01:28 2019 +0200 Merge pull request #1755 from Rarst/patch-1 Added remaining plugin load globals commit 0af5b18632cc0c981937035982d494b95078880d Author: Andrey Savchenko <[email protected]> Date: Tue Jul 2 12:57:57 2019 +0300 Added remaining plugin load globals commit 6994433aac68fc899d688e7426a3d08aa9aa043a Merge: fab1ed52 ce7e4a7b Author: Juliette <[email protected]> Date: Mon Jul 1 05:55:14 2019 +0200 Merge pull request #1754 from johnbillion/fix/global-plugin Add `$plugin` to the list of global variables that shouldn't be overridden commit fab1ed525e057c19d723bf7c93feaf0a48512abe Author: Denis Žoljom <[email protected]> Date: Mon Jul 1 05:33:31 2019 +0200 Documentation: Update all links to the repository (#1748) The GitHub repository has moved from the dedicated `WordPress-Coding-Standards` organisation to the `WordPress` organisation. This: * Updates all links which pointed to the old repo on GH to the new one. * Updates the badges in the Readme to pick up things up correctly again for the new repo. * Updated all links to Travis from `.org` to `.com` as the build CI has moved as well. commit d50ee5864a295bb2f3780431dcb90fa62b72eb6a Author: Flip <[email protected]> Date: Thu Jun 20 17:42:13 2019 +0200 New error handling Deprecated Classes, Functions, Parameters and Parameter Values commit ce7e4a7b24650eda0d7e5a6b7f7d01c3c6cef4e1 Author: John Blackbourn <[email protected]> Date: Thu Jun 27 22:28:26 2019 +0100 Add `$plugin` to the list of global variables that shouldn't be overridden. commit 20c735a45d63a2cfba9d7d4bb46acce177fd70fd Merge: da209506 d0b9d932 Author: Gary Jones <[email protected]> Date: Thu Jun 27 22:10:06 2019 +0100 Merge pull request #1714 from WordPress/feature/1713-restrictedphpfunctions-add-date RestrictedPHPFunctions: add…
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As discussed in #904 (review), the list with WP global variables needs to be updated.
The list is currently used by two sniffs:
Variables.GlobalVariablesto check for overwriting WordPress native global variables.NamingConventions.PrefixAllGlobals- to verifies whether a prefix is needed for variables.For the
NamingConventions.PrefixAllGlobalssniff the list needs to be complete.For the
Variables.GlobalVariableswe'll need to allow for a number of variables which plugins/themes are allowed to override.@JDGrimes has created an initial diff between WP core and the list currently in WPCS which is a good starting point:
But take note of:
Some more references about WP global vars (which may well be out of date):
The text was updated successfully, but these errors were encountered: