jrfnl

What is input validation ?

Checking for a variable/ array index:

• Does it exist ?
• Is it of the right type ?
• Is the value usable for our purposes ?

Problem definition:

• Lack of input validation throughout most of Core.
• ... which is especially problematic in the context of filter hooks / callbacks.

jrfnl

@echo off
::
:: PHP ??? have Xdebug + Blackfire.
:: PHP 7.4.14 has Xdebug with coverage
:: PHP 7.4.15 has Xdebug with develop + trace
::
:set PHPBIN=C:\wamp\bin\phpcli_x86\php5.2.17\php.exe
:set PHPBIN=C:\wamp\bin\phpcli_x86\php5.3.29\php.exe
:set PHPBIN=C:\wamp\bin\phpcli_x86\php5.4.45\php.exe
:set PHPBIN=C:\wamp\bin\php\php5.5.38\php.exe

jrfnl

Command used: `phpcs -ps . --sniffs=Universal.NamingConventions.NoReservedKeywordParameterNames --report=full,summary,source --extensions=php` (will not work by default)

FILE: src\wp-admin\includes\template.php
----------------------------------------------------------------------------------------------------
FOUND 0 ERRORS AND 1 WARNING AFFECTING 1 LINE
----------------------------------------------------------------------------------------------------
 907 | WARNING | It is recommended not to use reserved keywords as function parameter names. Found:
     |         | $parent
     |         | (Universal.NamingConventions.NoReservedKeywordParameterNames.parentFound)
----------------------------------------------------------------------------------------------------

jrfnl

Upgrade guide to PHP_CodeSniffer 3.5.0 for sniff developers

PHP_CodeSniffer 3.5.0 contains a lot of changes under the hood. For the most part these are non-breaking.

If you maintain an external standard, you have three options:

• Maintain compatibility with older PHP_CodeSniffer versions [1]. In that case, there is probably nothing you need to do. Just make sure you check the BC-breaks section below just in case. All the "old" utility methods and properties will still work. They will however be removed in PHPCS 4.0.
• Maintain compatibility with older PHP_CodeSniffer versions [2].

jrfnl

- Squiz.Formatting.OperatorBracket.SpacingAfterMinus has been renamed to Squiz.Formatting.OperatorBracket.SpacingAfterSign
      -- If you are referencing the old error code in a ruleset XML file, please use the new code instead
      -- If you wish to maintain backwards compatibility, you can provide rules for both the old and new codes

- `Conditions::getCondition()` accepts both a single token type or an array of token types for the `$type` parameter, which has been renamed to `$types` to convey this. The parameter is also now optional.
    Additionally, the new version of the method has an optional boolean `$reverse` parameter which allows to indicate whether to get the _first_ condition of a certain type or the _last_.
- `ObjectDeclarations::getClassProperties()` now has improved handling of class declaration code interlaced with comments and/or annotations
- `ObjectDeclarations::findExtendedClassName() and `ObjectDeclarations::findExtendedInterfaceNames()` will now return the class/interface names witho

jrfnl

The following methods and properties have been deprecated in PHPCS 3.5.0 and should be removed in PHPCS 4.0.0:

Methods:

• PHP_CodeSniffer\Files\File::hasCondition()
• PHP_CodeSniffer\Files\File::getCondition()
• PHP_CodeSniffer\Files\File::getClassProperties()
• PHP_CodeSniffer\Files\File::findExtendedClassName()
• PHP_CodeSniffer\Files\File::findImplementedInterfaceNames()
• PHP_CodeSniffer\Files\File::getMethodParameters()

jrfnl

<?php

/*
 *  Example of translators comment for a text string with a single placeholder.
 */

/* translators: %s: the version number of a WordPress release. */
esc_html_e( 'Wordpress %s is awesome!' );

/*

jrfnl

FILE: src\wp-admin\credits.php
--------------------------------------------------------------------------------------------------------------
FOUND 3 ERRORS AND 3 WARNINGS AFFECTING 3 LINES
--------------------------------------------------------------------------------------------------------------
  68 | WARNING | Use of the "translate()" function is reserved for low-level API usage.
     |         | (WordPress.WP.I18n.LowLevelTranslationFunction)
  68 | ERROR   | The $text arg must be a single string literal, not "$group_data['name']".
     |         | (WordPress.WP.I18n.NonSingularStringLiteralText)
  70 | WARNING | Use of the "translate()" function is reserved for low-level API usage.
     |         | (WordPress.WP.I18n.LowLevelTranslationFunction)

jrfnl

FILE: src\wp-admin\about.php
--------------------------------------------------------------------------------------------------------------
FOUND 0 ERRORS AND 4 WARNINGS AFFECTING 4 LINES
--------------------------------------------------------------------------------------------------------------
  21 | WARNING | A gettext call containing placeholders was found, but was not accompanied by a "translators:"
     |         | comment on the line above to clarify the meaning of the placeholders.
     |         | (WordPress.WP.I18n.MissingTranslatorsComment)
  23 | WARNING | A gettext call containing placeholders was found, but was not accompanied by a "translators:"
     |         | comment on the line above to clarify the meaning of the placeholders.
     |         | (WordPress.WP.I18n.MissingTranslatorsComment)

jrfnl

_____Issue Title____
[New sniff] Short rule description (for rules which have to be created from scratch)
[Implement sniff] Short rule description (for rules which exist in WPCS and need to be added to the ruleset)

_____Issue Content____
#### Rule type:
Error / Warning

#### Rule: