search

WordPress / plugin-check

A repository for the new Plugin Check plugin from the WordPress Performance and Plugins Team.
https://wordpress.org/plugins/plugin-check/
GNU General Public License v2.0
268 stars 53 forks source link

Do not use HEREDOC or NOWDOC syntax in your plugins #792

Closed ernilambar closed 1 day ago

ernilambar commented 1 week ago

Do not use HEREDOC or NOWDOC syntax in your plugins

While both are totally valid, and in many ways desirable features of PHP that allow you to output content, it comes with a cost that is too high for most plugins.

The primary issue is that most (if not all) codesniffers won't detect lack of escaping in code when you use HEREDOC or NOWDOC. While there are ways around this they have the end result of dashing all that readability to the rubbish pile and leaving you with a jumbled mess that won't properly be scanned.

We feel the risk here is much higher than the benefits, which is why we don't permit their use.

We could use this rule - https://github.com/squizlabs/PHP_CodeSniffer/blob/master/src/Standards/Squiz/Sniffs/PHP/HeredocSniff.php

davidperezgar commented 1 week ago

Ok!