search

Automattic / vip-scanner

Deprecated: Scan all sorts of themes and files and things! Use PHPCS and the VIP coding standards instead
https://automattic.com
140 stars 51 forks source link

Flag uses of $_SERVER variables on VIP #72

Closed nickdaugherty closed 9 years ago

nickdaugherty commented 10 years ago

Most entries in the $_SERVER superglobal are not available or will cause unexpected results on WP.com VIP due to full page caching.

Flag as blocker.

nickdaugherty commented 10 years ago

These are acceptable:

$_SERVER['REQUEST_URI'] $_SERVER['SCRIPT_FILENAME'] $_SERVER['HTTP_HOST']

hibernation commented 10 years ago

I submitted a pull request for this, it's on https://github.com/Automattic/vip-scanner/pull/83

nickdaugherty commented 10 years ago

Would it be possible to keep this in VIPRestrictedPatternsCheck?

hibernation commented 10 years ago

Reason for the standalone created class was to allow skipping of this check type when https://github.com/Automattic/vip-scanner/issues/79 is implemented.

It would need the option to filter the acceptable variables if added to VIPRestrictedPatternsCheck.

fklein-lu commented 9 years ago

Closing because the PR related to this was merged in 9ed5d16 via #83.