From 9fb9c6d03032e0b1fd6e344838993dc4b1392fda Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Denis=20=C5=BDoljom?= <dingo-d@users.noreply.github.com>
Date: Sat, 20 Aug 2022 16:42:43 +0200
Subject: [PATCH] Add shell commands chapter

---
 wordpress-coding-standards/php.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/wordpress-coding-standards/php.md b/wordpress-coding-standards/php.md
index 8b38f1a..b5e5838 100644
--- a/wordpress-coding-standards/php.md
+++ b/wordpress-coding-standards/php.md
@@ -772,3 +772,9 @@ Per [#22400](https://core.trac.wordpress.org/ticket/22400 "Remove all, or at lea
 > `extract()` is a terrible function that makes code harder to debug and harder to understand. We should discourage it's [sic] use and remove all of our uses of it.
 
 Joseph Scott has [a good write-up of why it's bad](https://blog.josephscott.org/2009/02/05/i-dont-like-phps-extract-function/).
+
+### Shell commands
+
+Use of the [backtick operator](https://www.php.net/manual/en/language.operators.execution.php) is not allowed.
+
+Use of the backtick operator is identical to [`shell_exec()`](https://www.php.net/manual/en/function.shell-exec.php), and most hosts disable this function in the `php.ini` file for security reasons.