Best way to avoid error with $_POST array using array_map

[BWBama85]

I have this code:

( isset( $_POST['display_wpstp_post_type'] ) ) ? array_map( 'sanitize_text_field', $_POST['display_wpstp_post_type'] ) : array();

This works fine with sanitize_text_field, but I would prefer to use a custom function such as this:

function sanitize_unslash( $value ) {
    $value = sanitize_text_field( wp_unslash( $value ) );
    return $value;
}

And pass that function to array_map. However, doing so still presents errors in PHPCS.

$_POST data not unslashed before sanitization. Use wp_unslash() or similarphpcs
Detected usage of a non-sanitized input variable: $_POST['display_wpstp_post_type']phpcs

Would it be possible for this to be supported in the future? Or is there a better way to do what I am trying to do?

[hkirsman]

Hm, it's Wordpress code and Code Quality is made a bit towards Drupal - it has phpcs checker with Drupal rules ( PHP Drupal CS and PHP Code security ) pre-configured. Then again it does not matter much. It has some other cool scanners you can use and it should work for Wordpress just fine.

Still, for Wordpress I've used phpro/grumphp project directly (Code Quality bases it's logic on that project) together with wp-coding-standards/wpcs

This was my grumphp.yml for one of the WP projects. It's also being built with https://lando.dev/ so it has that special EXEC_GRUMPHP_COMMAND variable:

parameters:
  grumphp.run_on_paths: [
    'web/wp-content/plugins/backstop.php',
    'web/wp-content/themes/Impreza/'
  ]
grumphp:
  git_hook_variables:
    EXEC_GRUMPHP_COMMAND: 'lando php'
  stop_on_failure: false
  process_timeout: 300
  ascii:
    failed: ~
    succeeded: ~
  tasks:
    phpcs:
      standard:
        WordPress
      whitelist_patterns: '%grumphp.run_on_paths%'

Notice that I only have one checker/task and that's phpcs.

I wonder what was the rule that triggered the error you're having?