Custom IniSet Sniff to allow for certain safelisted options - Githubissues

Automattic / VIP-Coding-Standards

PHP_CodeSniffer ruleset to enforce WordPress VIP coding standards.

https://wpvip.com/documentation/how-to-install-php-code-sniffer-for-wordpress-com-vip/

Other

236 stars 40 forks source link

Custom IniSet Sniff to allow for certain safelisted options #687

Open rebeccahum opened 3 years ago

rebeccahum commented 3 years ago

Describe the solution you'd like

VIPCS could benefit from having a custom IniSet sniff...similar to https://github.com/WordPress/WordPress-Coding-Standards/blob/41f5a9c66ff814863bc479fb52fd6cd1abc87e28/WordPress/Sniffs/PHP/IniSetSniff.php#L55-L65, but we want to be able to customize the whitelist property for the below values:

session.cookie_httponly
session.cookie_secure
session.use_only_cookies

WP already manages sessions but we have some clients that want to control PHP sessions via custom code.

What code should not be reported as a violation?

ini_set('session.cookie_httponly', true);
ini_set('session.cookie_secure', true);
ini_set('session.use_only_cookies', true);

Additional context

https://github.com/WordPress/WordPress-Coding-Standards/issues/1993

jrfnl commented 3 years ago

As the WPCS property which controls the "allow list" is protected, I think we can simply extend the WPCS sniff and add those extra ini settings to the property from the sniff constructor.