Introducing coding standards validation.

This commit is contained in:
Marcos Schratzenstaller
2019-04-22 17:28:46 -03:00
committed by Nathan Rice
parent 6e40c921ab
commit fd504d41ac
1624 changed files with 190339 additions and 262 deletions
@@ -0,0 +1,465 @@
<?php
/**
* WordPress Coding Standard.
*
* @package WPCS\WordPressCodingStandards
* @link https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards
* @license https://opensource.org/licenses/MIT MIT
*/
namespace WordPress\Sniffs\VIP;
use WordPress\AbstractFunctionParameterSniff;
use PHP_CodeSniffer_Tokens as Tokens;
/**
* Discourages removal of the admin bar.
*
* @link https://vip.wordpress.com/documentation/vip-go/code-review-blockers-warnings-notices/#removing-the-admin-bar
*
* @package WPCS\WordPressCodingStandards
*
* @since 0.3.0
* @since 0.11.0 - Extends the WordPress_AbstractFunctionParameterSniff class.
* - Added the $remove_only property.
* - Now also sniffs for manipulation of the admin bar visibility through CSS.
* @since 0.13.0 Class name changed: this class is now namespaced.
*
* @deprecated 1.0.0 This sniff has been deprecated.
* This file remains for now to prevent BC breaks.
*/
class AdminBarRemovalSniff extends AbstractFunctionParameterSniff {
/**
* Keep track of whether the warnings have been thrown to prevent
* the messages being thrown for every token triggering the sniff.
*
* @since 1.0.0
*
* @var array
*/
private $thrown = array(
'DeprecatedSniff' => false,
'FoundPropertyForDeprecatedSniff' => false,
);
/**
* A list of tokenizers this sniff supports.
*
* @since 0.11.0
*
* @var array
*/
public $supportedTokenizers = array( 'PHP', 'CSS' );
/**
* Whether or not the sniff only checks for removal of the admin bar
* or any manipulation to the visibility of the admin bar.
*
* Defaults to true: only check for removal of the admin bar.
* Set to false to check for any form of manipulation of the visibility
* of the admin bar.
*
* @since 0.11.0
*
* @var bool
*/
public $remove_only = true;
/**
* Functions this sniff is looking for.
*
* @since 0.11.0
*
* @var array
*/
protected $target_functions = array(
'show_admin_bar' => true,
'add_filter' => true,
);
/**
* CSS properties this sniff is looking for.
*
* @since 0.11.0
*
* @var array
*/
protected $target_css_properties = array(
'visibility' => array(
'type' => '!=',
'value' => 'hidden',
),
'display' => array(
'type' => '!=',
'value' => 'none',
),
'opacity' => array(
'type' => '>',
'value' => 0.3,
),
);
/**
* CSS selectors this sniff is looking for.
*
* @since 0.11.0
*
* @var array
*/
protected $target_css_selectors = array(
'.show-admin-bar',
'#wpadminbar',
);
/**
* String tokens within PHP files we want to deal with.
*
* Set from the register() method.
*
* @since 0.11.0
*
* @var array
*/
private $string_tokens = array();
/**
* Regex template for use with the CSS selectors in combination with PHP text strings.
*
* @since 0.11.0
*
* @var string
*/
private $target_css_selectors_regex = '`(?:%s).*?\{(.*)$`';
/**
* Property to keep track of whether a <style> open tag has been encountered.
*
* @since 0.11.0
*
* @var array
*/
private $in_style;
/**
* Property to keep track of whether a one of the target selectors has been encountered.
*
* @since 0.11.0
*
* @var array
*/
private $in_target_selector;
/**
* Returns an array of tokens this test wants to listen for.
*
* @return array
*/
public function register() {
// Set up all string targets.
$this->string_tokens = Tokens::$textStringTokens;
$targets = $this->string_tokens;
// Add CSS style target.
$targets[] = \T_STYLE;
// Set the target selectors regex only once.
$selectors = array_map(
'preg_quote',
$this->target_css_selectors,
array_fill( 0, \count( $this->target_css_selectors ), '`' )
);
// Parse the selectors array into the regex string.
$this->target_css_selectors_regex = sprintf( $this->target_css_selectors_regex, implode( '|', $selectors ) );
// Add function call targets.
$parent = parent::register();
if ( ! empty( $parent ) ) {
$targets[] = \T_STRING;
}
return $targets;
}
/**
* Process the token and handle the deprecation notices.
*
* @since 1.0.0 Adjusted to allow for throwing the deprecation notices.
*
* @param int $stackPtr The position of the current token in the stack.
*
* @return int|void Integer stack pointer to skip forward or void to continue
* normal file processing.
*/
public function process_token( $stackPtr ) {
if ( false === $this->thrown['DeprecatedSniff'] ) {
$this->thrown['DeprecatedSniff'] = $this->phpcsFile->addWarning(
'The "WordPress.VIP.AdminBarRemoval" sniff has been deprecated. Please update your custom ruleset.',
0,
'DeprecatedSniff'
);
}
if ( ( true !== $this->remove_only ) &&
false === $this->thrown['FoundPropertyForDeprecatedSniff'] ) {
$this->thrown['FoundPropertyForDeprecatedSniff'] = $this->phpcsFile->addWarning(
'The "WordPress.VIP.AdminBarRemoval" sniff has been deprecated. Please update your custom ruleset.',
0,
'FoundPropertyForDeprecatedSniff'
);
}
$file_name = $this->phpcsFile->getFileName();
$file_extension = substr( strrchr( $file_name, '.' ), 1 );
if ( 'css' === $file_extension ) {
if ( \T_STYLE === $this->tokens[ $stackPtr ]['code'] ) {
return $this->process_css_style( $stackPtr );
}
} elseif ( isset( $this->string_tokens[ $this->tokens[ $stackPtr ]['code'] ] ) ) {
/*
* Set $in_style && $in_target_selector to false if it is the first time
* this sniff is run on a file.
*/
if ( ! isset( $this->in_style[ $file_name ] ) ) {
$this->in_style[ $file_name ] = false;
}
if ( ! isset( $this->in_target_selector[ $file_name ] ) ) {
$this->in_target_selector[ $file_name ] = false;
}
return $this->process_text_for_style( $stackPtr, $file_name );
} else {
return parent::process_token( $stackPtr );
}
}
/**
* Process the parameters of a matched function.
*
* @since 0.11.0
*
* @param int $stackPtr The position of the current token in the stack.
* @param array $group_name The name of the group which was matched.
* @param string $matched_content The token content (function name) which was matched.
* @param array $parameters Array with information about the parameters.
*
* @return void
*/
public function process_parameters( $stackPtr, $group_name, $matched_content, $parameters ) {
$error = false;
switch ( $matched_content ) {
case 'show_admin_bar':
$error = true;
if ( true === $this->remove_only ) {
if ( 'true' === $parameters[1]['raw'] ) {
$error = false;
}
}
break;
case 'add_filter':
$filter_name = $this->strip_quotes( $parameters[1]['raw'] );
if ( 'show_admin_bar' !== $filter_name ) {
break;
}
$error = true;
if ( true === $this->remove_only && isset( $parameters[2]['raw'] ) ) {
if ( '__return_true' === $this->strip_quotes( $parameters[2]['raw'] ) ) {
$error = false;
}
}
break;
default:
// Left empty on purpose.
break;
}
if ( true === $error ) {
$this->phpcsFile->addError( 'Removal of admin bar is prohibited.', $stackPtr, 'RemovalDetected' );
}
}
/**
* Processes this test, when one of its tokens is encountered.
*
* @since 0.11.0
*
* @param int $stackPtr The position of the current token in the stack.
* @param string $file_name The file name of the current file being processed.
*
* @return void
*/
public function process_text_for_style( $stackPtr, $file_name ) {
$content = trim( $this->tokens[ $stackPtr ]['content'] );
// No need to check an empty string.
if ( '' === $content ) {
return;
}
// Are we in a <style> tag ?
if ( true === $this->in_style[ $file_name ] ) {
if ( false !== strpos( $content, '</style>' ) ) {
// Make sure we check any content on this line before the closing style tag.
$this->in_style[ $file_name ] = false;
$content = trim( substr( $content, 0, strpos( $content, '</style>' ) ) );
}
} elseif ( true === $this->has_html_open_tag( 'style', $stackPtr, $content ) ) {
// Ok, found a <style> open tag.
if ( false === strpos( $content, '</style>' ) ) {
// Make sure we check any content on this line after the opening style tag.
$this->in_style[ $file_name ] = true;
$content = trim( substr( $content, ( strpos( $content, '<style' ) + 6 ) ) );
} else {
// Ok, we have open and close style tag on the same line with possibly content within.
$start = ( strpos( $content, '<style' ) + 6 );
$end = strpos( $content, '</style>' );
$content = trim( substr( $content, $start, ( $end - $start ) ) );
unset( $start, $end );
}
} else {
return;
}
// Are we in one of the target selectors ?
if ( true === $this->in_target_selector[ $file_name ] ) {
if ( false !== strpos( $content, '}' ) ) {
// Make sure we check any content on this line before the selector closing brace.
$this->in_target_selector[ $file_name ] = false;
$content = trim( substr( $content, 0, strpos( $content, '}' ) ) );
}
} elseif ( preg_match( $this->target_css_selectors_regex, $content, $matches ) > 0 ) {
// Ok, found a new target selector.
$content = '';
if ( isset( $matches[1] ) && '' !== $matches[1] ) {
if ( false === strpos( $matches[1], '}' ) ) {
// Make sure we check any content on this line before the closing brace.
$this->in_target_selector[ $file_name ] = true;
$content = trim( $matches[1] );
} else {
// Ok, we have the selector open and close brace on the same line.
$content = trim( substr( $matches[1], 0, strpos( $matches[1], '}' ) ) );
}
} else {
$this->in_target_selector[ $file_name ] = true;
}
} else {
return;
}
unset( $matches );
// Now let's do the check for the CSS properties.
if ( ! empty( $content ) ) {
foreach ( $this->target_css_properties as $property => $requirements ) {
if ( false !== strpos( $content, $property ) ) {
$error = true;
if ( true === $this->remove_only ) {
// Check the value of the CSS property.
if ( preg_match( '`' . preg_quote( $property, '`' ) . '\s*:\s*(.+?)\s*(?:!important)?;`', $content, $matches ) > 0 ) {
$value = trim( $matches[1] );
$valid = $this->validate_css_property_value( $value, $requirements['type'], $requirements['value'] );
if ( true === $valid ) {
$error = false;
}
}
}
if ( true === $error ) {
$this->phpcsFile->addError( 'Hiding of the admin bar is not allowed.', $stackPtr, 'HidingDetected' );
}
}
}
}
}
/**
* Processes this test for T_STYLE tokens in CSS files.
*
* @since 0.11.0
*
* @param int $stackPtr The position of the current token in the stack passed in $tokens.
*
* @return void
*/
protected function process_css_style( $stackPtr ) {
if ( ! isset( $this->target_css_properties[ $this->tokens[ $stackPtr ]['content'] ] ) ) {
// Not one of the CSS properties we're interested in.
return;
}
$css_property = $this->target_css_properties[ $this->tokens[ $stackPtr ]['content'] ];
// Check if the CSS selector matches.
$opener = $this->phpcsFile->findPrevious( \T_OPEN_CURLY_BRACKET, $stackPtr );
if ( false !== $opener ) {
for ( $i = ( $opener - 1 ); $i >= 0; $i-- ) {
if ( isset( Tokens::$commentTokens[ $this->tokens[ $i ]['code'] ] )
|| \T_CLOSE_CURLY_BRACKET === $this->tokens[ $i ]['code']
) {
break;
}
}
$start = ( $i + 1 );
$selector = trim( $this->phpcsFile->getTokensAsString( $start, ( $opener - $start ) ) );
unset( $i );
foreach ( $this->target_css_selectors as $target_selector ) {
if ( false !== strpos( $selector, $target_selector ) ) {
$error = true;
if ( true === $this->remove_only ) {
// Check the value of the CSS property.
$valuePtr = $this->phpcsFile->findNext( array( \T_COLON, \T_WHITESPACE ), ( $stackPtr + 1 ), null, true );
$value = $this->tokens[ $valuePtr ]['content'];
$valid = $this->validate_css_property_value( $value, $css_property['type'], $css_property['value'] );
if ( true === $valid ) {
$error = false;
}
}
if ( true === $error ) {
$this->phpcsFile->addError( 'Hiding of the admin bar is not allowed.', $stackPtr, 'HidingDetected' );
}
}
}
}
}
/**
* Verify if a CSS property value complies with an expected value.
*
* {@internal This is a method stub, doing only what is needed for this sniff.
* If at some point in the future other sniff would need similar functionality,
* this method should be moved to the WordPress_Sniff class and expanded to cover
* all types of comparisons.}}
*
* @since 0.11.0
*
* @param mixed $value The value of CSS property.
* @param string $compare_type The type of comparison to use for the validation.
* @param string $compare_value The value to compare against.
*
* @return bool True if the property value complies, false otherwise.
*/
protected function validate_css_property_value( $value, $compare_type, $compare_value ) {
switch ( $compare_type ) {
case '!=':
return $value !== $compare_value;
case '>':
return $value > $compare_value;
default:
return false;
}
}
}
@@ -0,0 +1,89 @@
<?php
/**
* WordPress Coding Standard.
*
* @package WPCS\WordPressCodingStandards
* @link https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards
* @license https://opensource.org/licenses/MIT MIT
*/
namespace WordPress\Sniffs\VIP;
use WordPress\Sniff;
use PHP_CodeSniffer_Tokens as Tokens;
/**
* Flag cron schedules less than 15 minutes.
*
* @link https://vip.wordpress.com/documentation/vip-go/code-review-blockers-warnings-notices/#cron-schedules-less-than-15-minutes-or-expensive-events
*
* @package WPCS\WordPressCodingStandards
*
* @since 0.3.0
* @since 0.11.0 - Extends the WordPress_Sniff class.
* - Now deals correctly with WP time constants.
* @since 0.13.0 Class name changed: this class is now namespaced.
* @since 0.14.0 The minimum cron interval tested against is now configurable.
*
* @deprecated 1.0.0 This sniff has been moved to the `WP` category.
* This file remains for now to prevent BC breaks.
*/
class CronIntervalSniff extends \WordPress\Sniffs\WP\CronIntervalSniff {
/**
* Minimum allowed cron interval in seconds.
*
* Defaults to 900 (= 15 minutes), which is the requirement for the VIP platform.
*
* @since 0.14.0
*
* @var int
*/
public $min_interval = 900;
/**
* Keep track of whether the warnings have been thrown to prevent
* the messages being thrown for every token triggering the sniff.
*
* @since 1.0.0
*
* @var array
*/
private $thrown = array(
'DeprecatedSniff' => false,
'FoundPropertyForDeprecatedSniff' => false,
);
/**
* Don't use.
*
* @deprecated 1.0.0
*
* @param int $stackPtr The position of the current token in the stack.
*
* @return void|int
*/
public function process_token( $stackPtr ) {
if ( false === $this->thrown['DeprecatedSniff'] ) {
$this->thrown['DeprecatedSniff'] = $this->phpcsFile->addWarning(
'The "WordPress.VIP.CronInterval" sniff has been renamed to "WordPress.WP.CronInterval". Please update your custom ruleset.',
0,
'DeprecatedSniff'
);
}
if ( 900 !== (int) $this->min_interval
&& false === $this->thrown['FoundPropertyForDeprecatedSniff']
) {
$this->thrown['FoundPropertyForDeprecatedSniff'] = $this->phpcsFile->addWarning(
'The "WordPress.VIP.CronInterval" sniff has been renamed to "WordPress.WP.CronInterval". Please update your custom ruleset.',
0,
'FoundPropertyForDeprecatedSniff'
);
}
return parent::process_token( $stackPtr );
}
}
@@ -0,0 +1,78 @@
<?php
/**
* WordPress Coding Standard.
*
* @package WPCS\WordPressCodingStandards
* @link https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards
* @license https://opensource.org/licenses/MIT MIT
*/
namespace WordPress\Sniffs\VIP;
use WordPress\Sniff;
use PHP_CodeSniffer_Tokens as Tokens;
/**
* Flag direct database queries.
*
* @link https://vip.wordpress.com/documentation/vip-go/code-review-blockers-warnings-notices/#direct-database-queries
*
* @package WPCS\WordPressCodingStandards
*
* @since 0.3.0
* @since 0.6.0 Removed the add_unique_message() function as it is no longer needed.
* @since 0.11.0 This class now extends WordPress_Sniff.
* @since 0.13.0 Class name changed: this class is now namespaced.
*
* @deprecated 1.0.0 This sniff has been moved to the `DB` category.
* This file remains for now to prevent BC breaks.
*/
class DirectDatabaseQuerySniff extends \WordPress\Sniffs\DB\DirectDatabaseQuerySniff {
/**
* Keep track of whether the warnings have been thrown to prevent
* the messages being thrown for every token triggering the sniff.
*
* @since 1.0.0
*
* @var array
*/
private $thrown = array(
'DeprecatedSniff' => false,
'FoundPropertyForDeprecatedSniff' => false,
);
/**
* Don't use.
*
* @deprecated 1.0.0
*
* @param int $stackPtr The position of the current token in the stack.
*
* @return void|int
*/
public function process_token( $stackPtr ) {
if ( false === $this->thrown['DeprecatedSniff'] ) {
$this->thrown['DeprecatedSniff'] = $this->phpcsFile->addWarning(
'The "WordPress.VIP.DirectDatabaseQuery" sniff has been renamed to "WordPress.DB.DirectDatabaseQuery". Please update your custom ruleset.',
0,
'DeprecatedSniff'
);
}
if ( false === $this->thrown['FoundPropertyForDeprecatedSniff']
&& ( ( array() !== $this->customCacheGetFunctions && $this->customCacheGetFunctions !== $this->addedCustomFunctions['cacheget'] )
|| ( array() !== $this->customCacheSetFunctions && $this->customCacheSetFunctions !== $this->addedCustomFunctions['cacheset'] )
|| ( array() !== $this->customCacheDeleteFunctions && $this->customCacheDeleteFunctions !== $this->addedCustomFunctions['cachedelete'] ) )
) {
$this->thrown['FoundPropertyForDeprecatedSniff'] = $this->phpcsFile->addWarning(
'The "WordPress.VIP.DirectDatabaseQuery" sniff has been renamed to "WordPress.DB.DirectDatabaseQuery". Please update your custom ruleset.',
0,
'FoundPropertyForDeprecatedSniff'
);
}
return parent::process_token( $stackPtr );
}
}
@@ -0,0 +1,152 @@
<?php
/**
* WordPress Coding Standard.
*
* @package WPCS\WordPressCodingStandards
* @link https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards
* @license https://opensource.org/licenses/MIT MIT
*/
namespace WordPress\Sniffs\VIP;
use WordPress\AbstractFunctionRestrictionsSniff;
/**
* Disallow Filesystem writes.
*
* @link https://vip.wordpress.com/documentation/vip-go/code-review-blockers-warnings-notices/#filesystem-operations
*
* @package WPCS\WordPressCodingStandards
*
* @since 0.3.0
* @since 0.11.0 Extends the WordPress_AbstractFunctionRestrictionsSniff instead of the
* Generic_Sniffs_PHP_ForbiddenFunctionsSniff.
* @since 0.13.0 Class name changed: this class is now namespaced.
*
* @deprecated 1.0.0 This sniff has been deprecated.
* This file remains for now to prevent BC breaks.
*/
class FileSystemWritesDisallowSniff extends AbstractFunctionRestrictionsSniff {
/**
* If true, an error will be thrown; otherwise a warning.
*
* @var bool
*/
public $error = true;
/**
* Keep track of whether the warnings have been thrown to prevent
* the messages being thrown for every token triggering the sniff.
*
* @since 1.0.0
*
* @var array
*/
private $thrown = array(
'DeprecatedSniff' => false,
'FoundPropertyForDeprecatedSniff' => false,
);
/**
* Groups of functions to restrict.
*
* Example: groups => array(
* 'lambda' => array(
* 'type' => 'error' | 'warning',
* 'message' => 'Use anonymous functions instead please!',
* 'functions' => array( 'file_get_contents', 'create_function' ),
* )
* )
*
* @return array
*/
public function getGroups() {
$groups = array(
'file_ops' => array(
'type' => 'error',
'message' => 'Filesystem writes are forbidden, you should not be using %s()',
'functions' => array(
'delete',
'file_put_contents',
'flock',
'fputcsv',
'fputs',
'fwrite',
'ftruncate',
'is_writable',
'is_writeable',
'link',
'rename',
'symlink',
'tempnam',
'touch',
'unlink',
),
),
'directory' => array(
'type' => 'error',
'message' => 'Filesystem writes are forbidden, you should not be using %s()',
'functions' => array(
'mkdir',
'rmdir',
),
),
'chmod' => array(
'type' => 'error',
'message' => 'Filesystem writes are forbidden, you should not be using %s()',
'functions' => array(
'chgrp',
'chown',
'chmod',
'lchgrp',
'lchown',
),
),
);
/*
* Maintain old behaviour - allow for changing the error type from the ruleset
* using the `error` property.
*/
if ( false === $this->error ) {
foreach ( $groups as $group_name => $details ) {
$groups[ $group_name ]['type'] = 'warning';
}
}
return $groups;
}
/**
* Process the token and handle the deprecation notices.
*
* @since 1.0.0 Added to allow for throwing the deprecation notices.
*
* @param int $stackPtr The position of the current token in the stack.
*
* @return void|int
*/
public function process_token( $stackPtr ) {
if ( false === $this->thrown['DeprecatedSniff'] ) {
$this->thrown['DeprecatedSniff'] = $this->phpcsFile->addWarning(
'The "WordPress.VIP.FileSystemWritesDisallow" sniff has been deprecated. Please update your custom ruleset.',
0,
'DeprecatedSniff'
);
}
if ( ( ! empty( $this->exclude ) || true !== $this->error )
&& false === $this->thrown['FoundPropertyForDeprecatedSniff']
) {
$this->thrown['FoundPropertyForDeprecatedSniff'] = $this->phpcsFile->addWarning(
'The "WordPress.VIP.FileSystemWritesDisallow" sniff has been deprecated. Please update your custom ruleset.',
0,
'FoundPropertyForDeprecatedSniff'
);
}
return parent::process_token( $stackPtr );
}
}
@@ -0,0 +1,107 @@
<?php
/**
* WordPress Coding Standard.
*
* @package WPCS\WordPressCodingStandards
* @link https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards
* @license https://opensource.org/licenses/MIT MIT
*/
namespace WordPress\Sniffs\VIP;
use WordPress\AbstractArrayAssignmentRestrictionsSniff;
/**
* Flag using orderby => rand.
*
* @link https://vip.wordpress.com/documentation/vip-go/code-review-blockers-warnings-notices/#order-by-rand
*
* @package WPCS\WordPressCodingStandards
*
* @since 0.9.0
* @since 0.13.0 Class name changed: this class is now namespaced.
*
* @deprecated 1.0.0 This sniff has been deprecated.
* This file remains for now to prevent BC breaks.
*/
class OrderByRandSniff extends AbstractArrayAssignmentRestrictionsSniff {
/**
* Keep track of whether the warnings have been thrown to prevent
* the messages being thrown for every token triggering the sniff.
*
* @since 1.0.0
*
* @var array
*/
private $thrown = array(
'DeprecatedSniff' => false,
'FoundPropertyForDeprecatedSniff' => false,
);
/**
* Groups of variables to restrict.
*
* @return array
*/
public function getGroups() {
return array(
'orderby' => array(
'type' => 'error',
'keys' => array(
'orderby',
),
),
);
}
/**
* Process the token and handle the deprecation notices.
*
* @since 1.0.0 Added to allow for throwing the deprecation notices.
*
* @param int $stackPtr The position of the current token in the stack.
*
* @return void|int
*/
public function process_token( $stackPtr ) {
if ( false === $this->thrown['DeprecatedSniff'] ) {
$this->thrown['DeprecatedSniff'] = $this->phpcsFile->addWarning(
'The "WordPress.VIP.OrderByRand" sniff has been deprecated. Please update your custom ruleset.',
0,
'DeprecatedSniff'
);
}
if ( ! empty( $this->exclude )
&& false === $this->thrown['FoundPropertyForDeprecatedSniff']
) {
$this->thrown['FoundPropertyForDeprecatedSniff'] = $this->phpcsFile->addWarning(
'The "WordPress.VIP.OrderByRand" sniff has been deprecated. Please update your custom ruleset.',
0,
'FoundPropertyForDeprecatedSniff'
);
}
return parent::process_token( $stackPtr );
}
/**
* Callback to process each confirmed key, to check value
* This must be extended to add the logic to check assignment value
*
* @param string $key Array index / key.
* @param mixed $val Assigned value.
* @param int $line Token line.
* @param array $group Group definition.
* @return mixed FALSE if no match, TRUE if matches, STRING if matches with custom error message passed to ->process().
*/
public function callback( $key, $val, $line, $group ) {
if ( 'rand' === strtolower( $val ) ) {
return 'Detected forbidden query_var "%s" of "%s". Use vip_get_random_posts() instead.';
} else {
return false;
}
}
}
@@ -0,0 +1,65 @@
<?php
/**
* WordPress Coding Standard.
*
* @package WPCS\WordPressCodingStandards
* @link https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards
* @license https://opensource.org/licenses/MIT MIT
*/
namespace WordPress\Sniffs\VIP;
use WordPress\AbstractFunctionParameterSniff;
/**
* Warn about __FILE__ for page registration.
*
* @link https://vip.wordpress.com/documentation/vip-go/code-review-blockers-warnings-notices/#using-__file__-for-page-registration
*
* @package WPCS\WordPressCodingStandards
*
* @since 0.3.0
* @since 0.11.0 Refactored to extend the new WordPress_AbstractFunctionParameterSniff.
* @since 0.13.0 Class name changed: this class is now namespaced.
*
* @deprecated 1.0.0 This sniff has been moved to the `Security` category.
* This file remains for now to prevent BC breaks.
*/
class PluginMenuSlugSniff extends \WordPress\Sniffs\Security\PluginMenuSlugSniff {
/**
* Keep track of whether the warning has been thrown to prevent
* the message being thrown for every token triggering the sniff.
*
* @since 1.0.0
*
* @var array
*/
private $thrown = array(
'DeprecatedSniff' => false,
);
/**
* Don't use.
*
* @deprecated 1.0.0
*
* @param int $stackPtr The position of the current token in the stack.
*
* @return void|int
*/
public function process_token( $stackPtr ) {
if ( false === $this->thrown['DeprecatedSniff'] ) {
$this->phpcsFile->addWarning(
'The "WordPress.VIP.PluginMenuSlug" sniff has been renamed to "WordPress.Security.PluginMenuSlug". Please update your custom ruleset.',
0,
'DeprecatedSniff'
);
$this->thrown['DeprecatedSniff'] = true;
}
return parent::process_token( $stackPtr );
}
}
@@ -0,0 +1,105 @@
<?php
/**
* WordPress Coding Standard.
*
* @package WPCS\WordPressCodingStandards
* @link https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards
* @license https://opensource.org/licenses/MIT MIT
*/
namespace WordPress\Sniffs\VIP;
use WordPress\AbstractArrayAssignmentRestrictionsSniff;
/**
* Flag returning high or infinite posts_per_page.
*
* @link https://vip.wordpress.com/documentation/vip-go/code-review-blockers-warnings-notices/#no-limit-queries
*
* @package WPCS\WordPressCodingStandards
*
* @since 0.3.0
* @since 0.13.0 Class name changed: this class is now namespaced.
* @since 0.14.0 Added the posts_per_page property.
* @since 1.0.0 This sniff has been split into two, with the check for high pagination
* limit being part of the WP category, and the check for pagination
* disabling being part of the VIP category.
*/
class PostsPerPageSniff extends AbstractArrayAssignmentRestrictionsSniff {
/**
* Posts per page property
*
* Posts per page limit to check against.
*
* @since 0.14.0
* @deprecated 1.0.0 Property is used by the WP version of the sniff.
*
* @var int
*/
public $posts_per_page = 100;
/**
* Keep track of whether the deprecated property warning has been thrown.
*
* @since 1.0.0
*
* @var array
*/
private $thrown = array(
'FoundDeprecatedProperty' => false,
);
/**
* Groups of variables to restrict.
*
* @return array
*/
public function getGroups() {
return array(
'posts_per_page' => array(
'type' => 'error',
'keys' => array(
'posts_per_page',
'nopaging',
'numberposts',
),
),
);
}
/**
* Callback to process each confirmed key, to check value.
*
* @param string $key Array index / key.
* @param mixed $val Assigned value.
* @param int $line Token line.
* @param array $group Group definition.
* @return mixed FALSE if no match, TRUE if matches, STRING if matches
* with custom error message passed to ->process().
*/
public function callback( $key, $val, $line, $group ) {
if ( 100 !== (int) $this->posts_per_page
&& false === $this->thrown['FoundDeprecatedProperty']
) {
$this->phpcsFile->addWarning(
'The "posts_per_page" property for the "WordPress.VIP.PostsPerPage" sniff is deprecated. The detection of high pagination limits has been moved to the "WordPress.WP.PostsPerPage" sniff. Please update your custom ruleset.',
0,
'FoundDeprecatedProperty'
);
$this->thrown['FoundDeprecatedProperty'] = true;
}
$key = strtolower( $key );
if ( ( 'nopaging' === $key && ( 'true' === $val || 1 === $val ) )
|| ( \in_array( $key, array( 'numberposts', 'posts_per_page' ), true ) && '-1' === $val )
) {
return 'Disabling pagination is prohibited in VIP context, do not set `%s` to `%s` ever.';
}
return false;
}
}
@@ -0,0 +1,280 @@
<?php
/**
* WordPress Coding Standard.
*
* @package WPCS\WordPressCodingStandards
* @link https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards
* @license https://opensource.org/licenses/MIT MIT
*/
namespace WordPress\Sniffs\VIP;
use WordPress\AbstractFunctionRestrictionsSniff;
/**
* Restricts usage of some functions in VIP context.
*
* @package WPCS\WordPressCodingStandards
*
* @since 0.3.0
* @since 0.10.0 The checks for `extract()` and the POSIX functions have been replaced by
* the stand-alone sniffs WordPress_Sniffs_Functions_DontExtractSniff and
* WordPress_Sniffs_PHP_POSIXFunctionsSniff respectively.
* @since 0.11.0 The checks for `create_function()`, `serialize()`/`unserialize()` and
* `urlencode` have been moved to the stand-alone sniff
* WordPress_Sniffs_PHP_DiscouragedPHPFunctionsSniff.
* The checks for PHP developer functions, `error_reporting` and `phpinfo`have been
* moved to the stand-alone sniff WordPress_Sniffs_PHP_DevelopmentFunctionsSniff.
* The check for `parse_url()` and `curl_*` have been moved to the stand-alone sniff
* WordPress_Sniffs_WP_AlternativeFunctionsSniff.
* The check for `eval()` now defers to the upstream Squiz.PHP.Eval sniff.
* @since 0.13.0 Class name changed: this class is now namespaced.
*
* @deprecated 1.0.0 This sniff has been deprecated.
* This file remains for now to prevent BC breaks.
*/
class RestrictedFunctionsSniff extends AbstractFunctionRestrictionsSniff {
/**
* Keep track of whether the warnings have been thrown to prevent
* the messages being thrown for every token triggering the sniff.
*
* @since 1.0.0
*
* @var array
*/
private $thrown = array(
'DeprecatedSniff' => false,
'FoundPropertyForDeprecatedSniff' => false,
);
/**
* Groups of functions to restrict.
*
* Example: groups => array(
* 'lambda' => array(
* 'type' => 'error' | 'warning',
* 'message' => 'Use anonymous functions instead please!',
* 'functions' => array( 'file_get_contents', 'create_function' ),
* )
* )
*
* @return array
*/
public function getGroups() {
return array(
// @link WordPress.com: https://vip.wordpress.com/documentation/vip/code-review-what-we-look-for/#switch_to_blog
// @link VIP Go: https://vip.wordpress.com/documentation/vip-go/code-review-blockers-warnings-notices/#switch_to_blog
'switch_to_blog' => array(
'type' => 'error',
'message' => '%s() is not something you should ever need to do in a VIP theme context. Instead use an API (XML-RPC, REST) to interact with other sites if needed.',
'functions' => array( 'switch_to_blog' ),
),
'file_get_contents' => array(
'type' => 'warning',
'message' => '%s() is highly discouraged, please use wpcom_vip_file_get_contents() instead.',
'functions' => array(
'file_get_contents',
'vip_wp_file_get_contents',
),
),
'wpcom_vip_get_term_link' => array(
'type' => 'error',
'message' => '%s() is deprecated, please use get_term_link(), get_tag_link(), or get_category_link() instead.',
'functions' => array(
'wpcom_vip_get_term_link',
),
),
'get_page_by_path' => array(
'type' => 'error',
'message' => '%s() is prohibited, please use wpcom_vip_get_page_by_path() instead.',
'functions' => array(
'get_page_by_path',
),
),
'get_page_by_title' => array(
'type' => 'error',
'message' => '%s() is prohibited, please use wpcom_vip_get_page_by_title() instead.',
'functions' => array(
'get_page_by_title',
),
),
'wpcom_vip_get_term_by' => array(
'type' => 'error',
'message' => '%s() is deprecated, please use get_term_by() or get_cat_ID() instead.',
'functions' => array(
'wpcom_vip_get_term_by',
),
),
'wpcom_vip_get_category_by_slug' => array(
'type' => 'error',
'message' => '%s() is deprecated, please use get_category_by_slug() instead.',
'functions' => array(
'wpcom_vip_get_category_by_slug',
),
),
'url_to_postid' => array(
'type' => 'error',
'message' => '%s() is prohibited, please use wpcom_vip_url_to_postid() instead.',
'functions' => array(
'url_to_postid',
'url_to_post_id',
),
),
'attachment_url_to_postid' => array(
'type' => 'error',
'message' => '%s() is prohibited, please use wpcom_vip_attachment_url_to_postid() instead.',
'functions' => array(
'attachment_url_to_postid',
),
),
// @link WordPress.com: https://lobby.vip.wordpress.com/wordpress-com-documentation/code-review-what-we-look-for/#remote-calls
// @link VIP Go: https://vip.wordpress.com/documentation/vip-go/code-review-blockers-warnings-notices/#remote-calls
'wp_remote_get' => array(
'type' => 'warning',
'message' => '%s() is highly discouraged, please use vip_safe_wp_remote_get() instead.',
'functions' => array(
'wp_remote_get',
),
),
// @link WordPress.com: https://lobby.vip.wordpress.com/wordpress-com-documentation/code-review-what-we-look-for/#custom-roles
// @link VIP Go: https://vip.wordpress.com/documentation/vip-go/code-review-blockers-warnings-notices/#custom-roles
'custom_role' => array(
'type' => 'error',
'message' => 'Use wpcom_vip_add_role() instead of %s()',
'functions' => array(
'add_role',
),
),
// @link WordPress.com: https://lobby.vip.wordpress.com/wordpress-com-documentation/code-review-what-we-look-for/#custom-roles
// @link VIP Go: https://vip.wordpress.com/documentation/vip-go/code-review-blockers-warnings-notices/#cache-constraints
'cookies' => array(
'type' => 'warning',
'message' => 'Due to using Batcache, server side based client related logic will not work, use JS instead.',
'functions' => array(
'setcookie',
),
),
// @link WordPress.com: https://lobby.vip.wordpress.com/wordpress-com-documentation/code-review-what-we-look-for/#wp_users-and-user_meta
'user_meta' => array(
'type' => 'error',
'message' => '%s() usage is highly discouraged, check VIP documentation on "Working with wp_users"',
'functions' => array(
'get_user_meta',
'update_user_meta',
'delete_user_meta',
'add_user_meta',
),
),
// @todo Introduce a sniff specific to get_posts() that checks for suppress_filters=>false being supplied.
'get_posts' => array(
'type' => 'warning',
'message' => '%s() is discouraged in favor of creating a new WP_Query() so that Advanced Post Cache will cache the query, unless you explicitly supply suppress_filters => false.',
'functions' => array(
'get_posts',
'wp_get_recent_posts',
'get_children',
),
),
'term_exists' => array(
'type' => 'error',
'message' => '%s() is highly discouraged due to not being cached; please use wpcom_vip_term_exists() instead.',
'functions' => array(
'term_exists',
),
),
'count_user_posts' => array(
'type' => 'error',
'message' => '%s() is highly discouraged due to not being cached; please use wpcom_vip_count_user_posts() instead.',
'functions' => array(
'count_user_posts',
),
),
'wp_old_slug_redirect' => array(
'type' => 'error',
'message' => '%s() is highly discouraged due to not being cached; please use wpcom_vip_old_slug_redirect() instead.',
'functions' => array(
'wp_old_slug_redirect',
),
),
'get_adjacent_post' => array(
'type' => 'error',
'message' => '%s() is highly discouraged due to not being cached; please use wpcom_vip_get_adjacent_post() instead.',
'functions' => array(
'get_adjacent_post',
'get_previous_post',
'get_previous_post_link',
'get_next_post',
'get_next_post_link',
),
),
'get_intermediate_image_sizes' => array(
'type' => 'error',
'message' => 'Intermediate images do not exist on the VIP platform, and thus get_intermediate_image_sizes() returns an empty array() on the platform. This behavior is intentional to prevent WordPress from generating multiple thumbnails when images are uploaded.',
'functions' => array(
'get_intermediate_image_sizes',
),
),
// @link WordPress.com: https://lobby.vip.wordpress.com/wordpress-com-documentation/code-review-what-we-look-for/#mobile-detection
// @link VIP Go: https://vip.wordpress.com/documentation/vip-go/code-review-blockers-warnings-notices/#mobile-detection
'wp_is_mobile' => array(
'type' => 'error',
'message' => '%s() found. When targeting mobile visitors, jetpack_is_mobile() should be used instead of wp_is_mobile. It is more robust and works better with full page caching.',
'functions' => array(
'wp_is_mobile',
),
),
);
}
/**
* Process the token and handle the deprecation notices.
*
* @since 1.0.0 Added to allow for throwing the deprecation notices.
*
* @param int $stackPtr The position of the current token in the stack.
*
* @return void|int
*/
public function process_token( $stackPtr ) {
if ( false === $this->thrown['DeprecatedSniff'] ) {
$this->thrown['DeprecatedSniff'] = $this->phpcsFile->addWarning(
'The "WordPress.VIP.RestrictedFunctions" sniff has been deprecated. Please update your custom ruleset.',
0,
'DeprecatedSniff'
);
}
if ( ! empty( $this->exclude )
&& false === $this->thrown['FoundPropertyForDeprecatedSniff']
) {
$this->thrown['FoundPropertyForDeprecatedSniff'] = $this->phpcsFile->addWarning(
'The "WordPress.VIP.RestrictedFunctions" sniff has been deprecated. Please update your custom ruleset.',
0,
'FoundPropertyForDeprecatedSniff'
);
}
return parent::process_token( $stackPtr );
}
}
@@ -0,0 +1,113 @@
<?php
/**
* WordPress Coding Standard.
*
* @package WPCS\WordPressCodingStandards
* @link https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards
* @license https://opensource.org/licenses/MIT MIT
*/
namespace WordPress\Sniffs\VIP;
use WordPress\AbstractVariableRestrictionsSniff;
/**
* Restricts usage of some variables in VIP context.
*
* @package WPCS\WordPressCodingStandards
*
* @since 0.3.0
* @since 0.13.0 Class name changed: this class is now namespaced.
*
* @deprecated 1.0.0 This sniff has been deprecated.
* This file remains for now to prevent BC breaks.
*/
class RestrictedVariablesSniff extends AbstractVariableRestrictionsSniff {
/**
* Keep track of whether the warnings have been thrown to prevent
* the messages being thrown for every token triggering the sniff.
*
* @since 1.0.0
*
* @var array
*/
private $thrown = array(
'DeprecatedSniff' => false,
'FoundPropertyForDeprecatedSniff' => false,
);
/**
* Groups of variables to restrict.
*
* Example: groups => array(
* 'wpdb' => array(
* 'type' => 'error' | 'warning',
* 'message' => 'Dont use this one please!',
* 'variables' => array( '$val', '$var' ),
* 'object_vars' => array( '$foo->bar', .. ),
* 'array_members' => array( '$foo['bar']', .. ),
* )
* )
*
* @return array
*/
public function getGroups() {
return array(
// @link https://lobby.vip.wordpress.com/wordpress-com-documentation/code-review-what-we-look-for/#wp_users-and-user_meta
'user_meta' => array(
'type' => 'error',
'message' => 'Usage of users/usermeta tables is highly discouraged in VIP context, For storing user additional user metadata, you should look at User Attributes.',
'object_vars' => array(
'$wpdb->users',
'$wpdb->usermeta',
),
),
// @link https://lobby.vip.wordpress.com/wordpress-com-documentation/code-review-what-we-look-for/#caching-constraints
'cache_constraints' => array(
'type' => 'warning',
'message' => 'Due to using Batcache, server side based client related logic will not work, use JS instead.',
'variables' => array(
'$_COOKIE',
),
'array_members' => array(
'$_SERVER[\'HTTP_USER_AGENT\']',
'$_SERVER[\'REMOTE_ADDR\']',
),
),
);
}
/**
* Process the token and handle the deprecation notices.
*
* @since 1.0.0 Added to allow for throwing the deprecation notices.
*
* @param int $stackPtr The position of the current token in the stack.
*
* @return void|int
*/
public function process_token( $stackPtr ) {
if ( false === $this->thrown['DeprecatedSniff'] ) {
$this->thrown['DeprecatedSniff'] = $this->phpcsFile->addWarning(
'The "WordPress.VIP.RestrictedVariables" sniff has been deprecated. Please update your custom ruleset.',
0,
'DeprecatedSniff'
);
}
if ( ! empty( $this->exclude )
&& false === $this->thrown['FoundPropertyForDeprecatedSniff']
) {
$this->thrown['FoundPropertyForDeprecatedSniff'] = $this->phpcsFile->addWarning(
'The "WordPress.VIP.RestrictedVariables" sniff has been deprecated. Please update your custom ruleset.',
0,
'FoundPropertyForDeprecatedSniff'
);
}
return parent::process_token( $stackPtr );
}
}
@@ -0,0 +1,126 @@
<?php
/**
* WordPress Coding Standard.
*
* @package WPCS\WordPressCodingStandards
* @link https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards
* @license https://opensource.org/licenses/MIT MIT
*/
namespace WordPress\Sniffs\VIP;
use WordPress\AbstractFunctionRestrictionsSniff;
/**
* Discourages the use of session functions.
*
* @link https://lobby.vip.wordpress.com/wordpress-com-documentation/code-review-what-we-look-for/#session-start-and-other-session-functions
*
* @package WPCS\WordPressCodingStandards
*
* @since 0.3.0
* @since 0.11.0 Extends the WordPress_AbstractFunctionRestrictionsSniff instead of the
* Generic_Sniffs_PHP_ForbiddenFunctionsSniff.
* @since 0.13.0 Class name changed: this class is now namespaced.
*
* @deprecated 1.0.0 This sniff has been deprecated.
* This file remains for now to prevent BC breaks.
*/
class SessionFunctionsUsageSniff extends AbstractFunctionRestrictionsSniff {
/**
* Keep track of whether the warnings have been thrown to prevent
* the messages being thrown for every token triggering the sniff.
*
* @since 1.0.0
*
* @var array
*/
private $thrown = array(
'DeprecatedSniff' => false,
'FoundPropertyForDeprecatedSniff' => false,
);
/**
* Groups of functions to restrict.
*
* Example: groups => array(
* 'lambda' => array(
* 'type' => 'error' | 'warning',
* 'message' => 'Use anonymous functions instead please!',
* 'functions' => array( 'file_get_contents', 'create_function' ),
* )
* )
*
* @return array
*/
public function getGroups() {
return array(
'session' => array(
'type' => 'error',
'message' => 'The use of PHP session function %s() is prohibited.',
'functions' => array(
'session_abort',
'session_cache_expire',
'session_cache_limiter',
'session_commit',
'session_create_id',
'session_decode',
'session_destroy',
'session_encode',
'session_gc',
'session_get_cookie_params',
'session_id',
'session_is_registered',
'session_module_name',
'session_name',
'session_regenerate_id',
'session_register_shutdown',
'session_register',
'session_reset',
'session_save_path',
'session_set_cookie_params',
'session_set_save_handler',
'session_start',
'session_status',
'session_unregister',
'session_unset',
'session_write_close',
),
),
);
}
/**
* Process the token and handle the deprecation notices.
*
* @since 1.0.0 Added to allow for throwing the deprecation notices.
*
* @param int $stackPtr The position of the current token in the stack.
*
* @return void|int
*/
public function process_token( $stackPtr ) {
if ( false === $this->thrown['DeprecatedSniff'] ) {
$this->thrown['DeprecatedSniff'] = $this->phpcsFile->addWarning(
'The "WordPress.VIP.SessionFunctionsUsage" sniff has been deprecated. Please update your custom ruleset.',
0,
'DeprecatedSniff'
);
}
if ( ! empty( $this->exclude )
&& false === $this->thrown['FoundPropertyForDeprecatedSniff']
) {
$this->thrown['FoundPropertyForDeprecatedSniff'] = $this->phpcsFile->addWarning(
'The "WordPress.VIP.SessionFunctionsUsage" sniff has been deprecated. Please update your custom ruleset.',
0,
'FoundPropertyForDeprecatedSniff'
);
}
return parent::process_token( $stackPtr );
}
}
@@ -0,0 +1,81 @@
<?php
/**
* WordPress Coding Standard.
*
* @package WPCS\WordPressCodingStandards
* @link https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards
* @license https://opensource.org/licenses/MIT MIT
*/
namespace WordPress\Sniffs\VIP;
use WordPress\Sniff;
/**
* Discourages the use of the session variable.
* Creating a session writes a file to the server and is unreliable in a multi-server environment.
*
* @link https://lobby.vip.wordpress.com/wordpress-com-documentation/code-review-what-we-look-for/#session-start-and-other-session-functions
*
* @package WPCS\WordPressCodingStandards
*
* @since 0.3.0
* @since 0.10.0 The sniff no longer needlessly extends the Generic_Sniffs_PHP_ForbiddenFunctionsSniff
* which it didn't use.
* @since 0.12.0 This class now extends WordPress_Sniff.
* @since 0.13.0 Class name changed: this class is now namespaced.
*
* @deprecated 1.0.0 This sniff has been deprecated.
* This file remains for now to prevent BC breaks.
*/
class SessionVariableUsageSniff extends Sniff {
/**
* Keep track of whether the warnings have been thrown to prevent
* the messages being thrown for every token triggering the sniff.
*
* @since 1.0.0
*
* @var array
*/
private $thrown = array(
'DeprecatedSniff' => false,
);
/**
* Returns an array of tokens this test wants to listen for.
*
* @return array
*/
public function register() {
return array(
\T_VARIABLE,
);
}
/**
* Process the token and handle the deprecation notice.
*
* @param int $stackPtr The position of the current token in the stack.
*
* @return void
*/
public function process_token( $stackPtr ) {
if ( false === $this->thrown['DeprecatedSniff'] ) {
$this->thrown['DeprecatedSniff'] = $this->phpcsFile->addWarning(
'The "WordPress.VIP.SessionVariableUsage" sniff has been deprecated. Please update your custom ruleset.',
0,
'DeprecatedSniff'
);
}
if ( '$_SESSION' === $this->tokens[ $stackPtr ]['content'] ) {
$this->phpcsFile->addError(
'Usage of $_SESSION variable is prohibited.',
$stackPtr,
'SessionVarsProhibited'
);
}
}
}
@@ -0,0 +1,76 @@
<?php
/**
* WordPress Coding Standard.
*
* @package WPCS\WordPressCodingStandards
* @link https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards
* @license https://opensource.org/licenses/MIT MIT
*/
namespace WordPress\Sniffs\VIP;
use WordPress\AbstractArrayAssignmentRestrictionsSniff;
/**
* Flag potentially slow queries.
*
* @link https://vip.wordpress.com/documentation/vip-go/code-review-blockers-warnings-notices/#uncached-pageload
*
* @package WPCS\WordPressCodingStandards
*
* @since 0.3.0
* @since 0.12.0 Introduced new and more intuitively named 'slow query' whitelist
* comment, replacing the 'tax_query' whitelist comment which is now
* deprecated.
* @since 0.13.0 Class name changed: this class is now namespaced.
*
* @deprecated 1.0.0 This sniff has been moved to the `DB` category.
* This file remains for now to prevent BC breaks.
*/
class SlowDBQuerySniff extends \WordPress\Sniffs\DB\SlowDBQuerySniff {
/**
* Keep track of whether the warnings have been thrown to prevent
* the messages being thrown for every token triggering the sniff.
*
* @since 1.0.0
*
* @var array
*/
private $thrown = array(
'DeprecatedSniff' => false,
'FoundPropertyForDeprecatedSniff' => false,
);
/**
* Don't use.
*
* @deprecated 1.0.0
*
* @param int $stackPtr The position of the current token in the stack.
*
* @return void|int
*/
public function process_token( $stackPtr ) {
if ( false === $this->thrown['DeprecatedSniff'] ) {
$this->thrown['DeprecatedSniff'] = $this->phpcsFile->addWarning(
'The "WordPress.VIP.SlowDBQuery" sniff has been renamed to "WordPress.DB.SlowDBQuery". Please update your custom ruleset.',
0,
'DeprecatedSniff'
);
}
if ( ! empty( $this->exclude )
&& false === $this->thrown['FoundPropertyForDeprecatedSniff']
) {
$this->thrown['FoundPropertyForDeprecatedSniff'] = $this->phpcsFile->addWarning(
'The "WordPress.VIP.SlowDBQuery" sniff has been renamed to "WordPress.DB.SlowDBQuery". Please update your custom ruleset.',
0,
'FoundPropertyForDeprecatedSniff'
);
}
return parent::process_token( $stackPtr );
}
}
@@ -0,0 +1,87 @@
<?php
/**
* WordPress Coding Standard.
*
* @package WPCS\WordPressCodingStandards
* @link https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards
* @license https://opensource.org/licenses/MIT MIT
*/
namespace WordPress\Sniffs\VIP;
use WordPress\Sniff;
/**
* Flag any usage of super global input var ( _GET / _POST / etc. ).
*
* @link https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/issues/79
*
* @package WPCS\WordPressCodingStandards
*
* @since 0.3.0
* @since 0.4.0 This class now extends WordPress_Sniff.
* @since 0.13.0 Class name changed: this class is now namespaced.
*
* @deprecated 1.0.0 This sniff has been deprecated.
* This file remains for now to prevent BC breaks.
*/
class SuperGlobalInputUsageSniff extends Sniff {
/**
* Keep track of whether the warnings have been thrown to prevent
* the messages being thrown for every token triggering the sniff.
*
* @since 1.0.0
*
* @var array
*/
private $thrown = array(
'DeprecatedSniff' => false,
);
/**
* Returns an array of tokens this test wants to listen for.
*
* @return array
*/
public function register() {
return array(
\T_VARIABLE,
);
}
/**
* Process the token and handle the deprecation notice.
*
* @param int $stackPtr The position of the current token in the stack.
*
* @return void
*/
public function process_token( $stackPtr ) {
if ( false === $this->thrown['DeprecatedSniff'] ) {
$this->thrown['DeprecatedSniff'] = $this->phpcsFile->addWarning(
'The "WordPress.VIP.SuperGlobalInputUsage" sniff has been deprecated. Please update your custom ruleset.',
0,
'DeprecatedSniff'
);
}
// Check for global input variable.
if ( ! \in_array( $this->tokens[ $stackPtr ]['content'], $this->input_superglobals, true ) ) {
return;
}
$varName = $this->tokens[ $stackPtr ]['content'];
// If we're overriding a superglobal with an assignment, no need to test.
if ( $this->is_assignment( $stackPtr ) ) {
return;
}
// Check for whitelisting comment.
if ( ! $this->has_whitelist_comment( 'input var', $stackPtr ) ) {
$this->phpcsFile->addWarning( 'Detected access of super global var %s, probably needs manual inspection.', $stackPtr, 'AccessDetected', array( $varName ) );
}
}
}
@@ -0,0 +1,75 @@
<?php
/**
* WordPress Coding Standard.
*
* @package WPCS\WordPressCodingStandards
* @link https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards
* @license https://opensource.org/licenses/MIT MIT
*/
namespace WordPress\Sniffs\VIP;
use WordPress\AbstractFunctionRestrictionsSniff;
/**
* Disallow the changing of timezone.
*
* @link https://vip.wordpress.com/documentation/vip-go/code-review-blockers-warnings-notices/#manipulating-the-timezone-server-side
*
* @package WPCS\WordPressCodingStandards
*
* @since 0.3.0
* @since 0.11.0 Extends the WordPress_AbstractFunctionRestrictionsSniff instead of the
* Generic_Sniffs_PHP_ForbiddenFunctionsSniff.
* @since 0.13.0 Class name changed: this class is now namespaced.
*
* @deprecated 1.0.0 This sniff has been moved to the `WP` category.
* This file remains for now to prevent BC breaks.
*/
class TimezoneChangeSniff extends \WordPress\Sniffs\WP\TimezoneChangeSniff {
/**
* Keep track of whether the warnings have been thrown to prevent
* the messages being thrown for every token triggering the sniff.
*
* @since 1.0.0
*
* @var array
*/
private $thrown = array(
'DeprecatedSniff' => false,
'FoundPropertyForDeprecatedSniff' => false,
);
/**
* Don't use.
*
* @deprecated 1.0.0
*
* @param int $stackPtr The position of the current token in the stack.
*
* @return void|int
*/
public function process_token( $stackPtr ) {
if ( false === $this->thrown['DeprecatedSniff'] ) {
$this->thrown['DeprecatedSniff'] = $this->phpcsFile->addWarning(
'The "WordPress.VIP.TimezoneChange" sniff has been renamed to "WordPress.WP.TimezoneChange". Please update your custom ruleset.',
0,
'DeprecatedSniff'
);
}
if ( ! empty( $this->exclude )
&& false === $this->thrown['FoundPropertyForDeprecatedSniff']
) {
$this->thrown['FoundPropertyForDeprecatedSniff'] = $this->phpcsFile->addWarning(
'The "WordPress.VIP.TimezoneChange" sniff has been renamed to "WordPress.WP.TimezoneChange". Please update your custom ruleset.',
0,
'FoundPropertyForDeprecatedSniff'
);
}
return parent::process_token( $stackPtr );
}
}
@@ -0,0 +1,77 @@
<?php
/**
* WordPress Coding Standard.
*
* @package WPCS\WordPressCodingStandards
* @link https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards
* @license https://opensource.org/licenses/MIT MIT
*/
namespace WordPress\Sniffs\VIP;
use WordPress\Sniff;
/**
* Flag any non-validated/sanitized input ( _GET / _POST / etc. ).
*
* @link https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/issues/69
*
* @package WPCS\WordPressCodingStandards
*
* @since 0.3.0
* @since 0.4.0 This class now extends WordPress_Sniff.
* @since 0.5.0 Method getArrayIndexKey() has been moved to WordPress_Sniff.
* @since 0.13.0 Class name changed: this class is now namespaced.
*
* @deprecated 1.0.0 This sniff has been moved to the `Security` category.
* This file remains for now to prevent BC breaks.
*/
class ValidatedSanitizedInputSniff extends \WordPress\Sniffs\Security\ValidatedSanitizedInputSniff {
/**
* Keep track of whether the warnings have been thrown to prevent
* the messages being thrown for every token triggering the sniff.
*
* @since 1.0.0
*
* @var array
*/
private $thrown = array(
'DeprecatedSniff' => false,
'FoundPropertyForDeprecatedSniff' => false,
);
/**
* Don't use.
*
* @deprecated 1.0.0
*
* @param int $stackPtr The position of the current token in the stack.
*
* @return void|int
*/
public function process_token( $stackPtr ) {
if ( false === $this->thrown['DeprecatedSniff'] ) {
$this->thrown['DeprecatedSniff'] = $this->phpcsFile->addWarning(
'The "WordPress.VIP.ValidatedSanitizedInput" sniff has been renamed to "WordPress.Security.ValidatedSanitizedInput". Please update your custom ruleset.',
0,
'DeprecatedSniff'
);
}
if ( false === $this->thrown['FoundPropertyForDeprecatedSniff']
&& ( ( array() !== $this->customSanitizingFunctions && $this->customSanitizingFunctions !== $this->addedCustomFunctions['sanitize'] )
|| ( array() !== $this->customUnslashingSanitizingFunctions && $this->customUnslashingSanitizingFunctions !== $this->addedCustomFunctions['unslashsanitize'] )
|| false !== $this->check_validation_in_scope_only )
) {
$this->thrown['FoundPropertyForDeprecatedSniff'] = $this->phpcsFile->addWarning(
'The "WordPress.VIP.ValidatedSanitizedInput" sniff has been renamed to "WordPress.Security.ValidatedSanitizedInput". Please update your custom ruleset.',
0,
'FoundPropertyForDeprecatedSniff'
);
}
return parent::process_token( $stackPtr );
}
}