Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EscapeOutput: fix various bugs #1333

Merged
merged 3 commits into from
Mar 31, 2018
Merged

EscapeOutput: fix various bugs #1333

merged 3 commits into from
Mar 31, 2018

Conversation

jrfnl
Copy link
Member

@jrfnl jrfnl commented Mar 30, 2018

EscapeOutput: report correctly on first param of trigger_error()

The PHPCS findEndOfStatement() method returns the end token òr the last non-whitespace token if the end token is a "bracket", like a closing parenthesis.

In effect, this meant that the last token in a trigger_error() function call was never examined and that the sniff would underreport.

Fixed now. Includes unit tests.

EscapeOutput: correctly report on unsafe printing functions

If $end_of_statement had not been determined, the sniff would report on OutputNotEscaped, not on UnsafePrintingFunctions.
To report on UnsafePrintingFunctions, the code in the condition does not actually need the $end_of_statement, so this minor logic change allows for the sniff to report the correct error.

EscapeOutput: allow for short arrays

The sniff would up to now not handle short arrays correctly and would report on the open/close brackets, not on the content of the array.

Includes unit tests.

Related #764

jrfnl added 3 commits March 31, 2018 00:52
@jrfnl
EscapeOutput: report correctly on first param of trigger_error()
606bfbb 
The PHPCS `findEndOfStatement()` method returns the end token òr the last non-whitespace token if the end token is a "bracket", like a closing parenthesis.

In effect, this meant that the last token in a `trigger_error()` function call was never examined and that the sniff would underreport.

Fixed now. Includes unit tests.
@jrfnl
EscapeOutput: correctly report on unsafe printing functions
232c469 
If `$end_of_statement` had not been determined, the sniff would report report on `OutputNotEscaped`, but not on `UnsafePrintingFunction`s.
To report on `UnsafePrintingFunction`s, the code in the condition does not actually need the `$end_of_statement`, so this minor logic change allows for the sniff to report the correct error.
@jrfnl
EscapeOutput: allow for short arrays
ac871c9 
The sniff would up to now not handle short arrays correctly and would report on the open/close brackets, not on the content of the array.

Includes unit tests.
@jrfnl jrfnl added this to the 1.0.0 milestone Mar 30, 2018
@JDGrimes JDGrimes merged commit 06f6d5c into develop Mar 31, 2018
@JDGrimes JDGrimes deleted the feature/fix-various-escape-output-bugs branch March 31, 2018 20:19
@jrfnl jrfnl mentioned this pull request Jun 9, 2018
Closed
jrfnl added a commit to jrfnl/WordPress-Coding-Standards that referenced this pull request Jul 11, 2018
@jrfnl
PR WordPress#1333 - fix various escape output bugs
09dbbe7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JDGrimes JDGrimes JDGrimes approved these changes

@GaryJones GaryJones GaryJones approved these changes

Assignees
No one assigned
Labels
Focus: Modern PHP Type: Bug
Projects
None yet
Milestone
1.0.0
Development

Successfully merging this pull request may close these issues.
3 participants
@jrfnl @GaryJones @JDGrimes