Closed akirk closed 2 weeks ago
This adds support for the WordPress PHPCS ruleset and addresses the 752 reported problems.
wp_unslash
in_array
This was a lot of work but I hope we can benefit from the rules going forward. Likely it also fixed some insufficient escaping. Hopefully it didn't break too much, I tried to test all UI-related features that I modified.
> @php ./vendor/squizlabs/php_codesniffer/bin/phpcs --runtime-set testVersion 5.6- '--report=source' ..E.E..WWW..E..WWEEEEEWWWE..EE..EEE.EEE.W.EEW.EWE........E.. 60 / 136 (44%) WE.E..E...E.W......W...E.E...EEE...EE.EE.EE..EE...E......... 120 / 136 (88%) ................ 136 / 136 (100%) PHP CODE SNIFFER VIOLATION SOURCE SUMMARY ------------------------------------------------------------------------------------------- SOURCE COUNT ------------------------------------------------------------------------------------------- [ ] WordPress.Security.ValidatedSanitizedInput.InputNotSanitized 175 [ ] WordPress.Security.ValidatedSanitizedInput.MissingUnslash 145 [ ] WordPress.Security.NonceVerification.Recommended 105 [ ] WordPress.Security.ValidatedSanitizedInput.InputNotValidated 69 [ ] WordPress.WP.GlobalVariablesOverride.Prohibited 46 [ ] WordPress.PHP.DiscouragedPHPFunctions.urlencode_urlencode 33 [ ] WordPress.Security.NonceVerification.Missing 30 [ ] WordPress.DB.DirectDatabaseQuery.DirectQuery 25 [ ] WordPress.DB.DirectDatabaseQuery.NoCaching 23 [ ] Generic.CodeAnalysis.UnusedFunctionParameter.FoundAfterLastUsed 16 [ ] WordPress.WP.Capabilities.Unknown 13 [ ] Squiz.Operators.IncrementDecrementUsage.Found 9 [ ] WordPress.PHP.IniSet.display_errors_Disallowed 6 [ ] WordPress.DB.SlowDBQuery.slow_db_query_meta_key 5 [ ] Generic.CodeAnalysis.UnusedFunctionParameter.Found 4 [ ] Generic.CodeAnalysis.RequireExplicitBooleanOperatorPrecedence.MissingParentheses 3 [ ] Squiz.PHP.NonExecutableCode.Unreachable 3 [ ] WordPress.DB.SlowDBQuery.slow_db_query_meta_value 3 [ ] WordPress.WP.EnqueuedResourceParameters.NotInFooter 3 [ ] Generic.Strings.UnnecessaryStringConcat.Found 2 [ ] Squiz.PHP.CommentedOutCode.Found 2 [ ] Squiz.PHP.DisallowSizeFunctionsInLoops.Found 2 [ ] Universal.CodeAnalysis.ConstructorDestructorReturn.ReturnValueFound 2 [x] Universal.ControlStructures.DisallowLonelyIf.Found 2 [ ] WordPress.PHP.DevelopmentFunctions.error_log_print_r 2 [ ] WordPress.PHP.DevelopmentFunctions.error_log_set_error_handler 2 [ ] WordPress.PHP.DiscouragedPHPFunctions.serialize_unserialize 2 [ ] WordPress.WP.AlternativeFunctions.file_system_operations_fclose 2 [ ] WordPress.WP.AlternativeFunctions.file_system_operations_fwrite 2 [ ] WordPress.WP.AlternativeFunctions.json_encode_json_encode 2 [ ] Generic.CodeAnalysis.EmptyStatement.DetectedElse 1 [ ] Generic.CodeAnalysis.EmptyStatement.DetectedIf 1 [ ] Generic.CodeAnalysis.ForLoopWithTestFunctionCall.NotAllowed 1 [ ] Generic.CodeAnalysis.UnconditionalIfStatement.Found 1 [ ] Universal.Files.SeparateFunctionsFromOO.Mixed 1 [ ] WordPress.DB.SlowDBQuery.slow_db_query_tax_query 1 [ ] WordPress.PHP.DevelopmentFunctions.error_log_error_log 1 [ ] WordPress.PHP.DevelopmentFunctions.error_log_var_dump 1 [ ] WordPress.PHP.DevelopmentFunctions.error_log_var_export 1 [ ] WordPress.PHP.DiscouragedPHPFunctions.serialize_serialize 1 [ ] WordPress.PHP.DiscouragedPHPFunctions.system_calls_exec 1 [ ] WordPress.WP.Capabilities.RoleFound 1 [ ] WordPress.WP.CronInterval.CronSchedulesInterval 1 [ ] WordPress.WP.DiscouragedFunctions.query_posts_query_posts 1 ------------------------------------------------------------------------------------------- A TOTAL OF 752 SNIFF VIOLATIONS WERE FOUND IN 44 SOURCES ------------------------------------------------------------------------------------------- PHPCBF CAN FIX THE 1 MARKED SOURCES AUTOMATICALLY (2 VIOLATIONS IN TOTAL) ------------------------------------------------------------------------------------------- Time: 13.64 secs; Memory: 56MB
This adds support for the WordPress PHPCS ruleset and addresses the 752 reported problems.
wp_unslash
, often likely really fixing bugs with slashable characters, sometimes not really necessary because we're usingin_array
(see https://github.com/WordPress/WordPress-Coding-Standards/issues/1691).This was a lot of work but I hope we can benefit from the rules going forward. Likely it also fixed some insufficient escaping. Hopefully it didn't break too much, I tried to test all UI-related features that I modified.