diff --git a/.gitattributes b/.gitattributes index c6cded19..08338d53 100644 --- a/.gitattributes +++ b/.gitattributes @@ -8,6 +8,7 @@ /.gitattributes export-ignore /.gitignore export-ignore /.phpcs.xml.dist export-ignore +/phpstan.neon.dist export-ignore /phpunit.xml.dist export-ignore /.github export-ignore /bin export-ignore diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 42e7700b..6bc4d107 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -17,11 +17,12 @@ Since VIPCS employs many sniffs that are part of PHPCS, and makes use of WordPre To determine where best to report the bug, use the first part of the sniff name: -Sniffname starts with | Report to +Sniff name starts with | Report to --- | --- `Generic` | [PHP_CodeSniffer](https://github.com/squizlabs/PHP_CodeSniffer/issues/) `PSR2` | [PHP_CodeSniffer](https://github.com/squizlabs/PHP_CodeSniffer/issues/) `Squiz` | [PHP_CodeSniffer](https://github.com/squizlabs/PHP_CodeSniffer/issues/) +`Universal` | [PHPCSExtra](https://github.com/PHPCSStandards/PHPCSExtra/issues/) `VariableAnalysis` | [VariableAnalysis](https://github.com/sirbrillig/phpcs-variable-analysis/issues/) `WordPress` | [WordPressCS](https://github.com/WordPress/WordPress-Coding-Standards/issues/) `WordPressVIPMinimum` | [VIPCS](https://github.com/Automattic/VIP-Coding-Standards/issues/) (this repo) @@ -44,7 +45,7 @@ After `composer install`, you can do: ## Branches -Ongoing development will be done in feature branches then pulled against the `develop` branch and follows a typical _git-flow_ approach, where merges to `master` only happen when a new release is made. +Ongoing development will be done in feature branches then pulled against the `develop` branch and follows a typical _git-flow_ approach, where merges to `main` only happen when a new release is made. To contribute an improvement to this project, fork the repo and open a pull request to the relevant branch. Alternatively, if you have push access to this repo, create a feature branch prefixed by `fix/` (followed by the issue number) or `add/` and then open a PR from that branch to the default (`develop`) branch. @@ -64,6 +65,7 @@ When you introduce new `public` sniff properties, or your sniff extends a class ### Pre-requisites * VIP Coding Standards * WordPress-Coding-Standards +* PHPCSUtils 1.x * PHP_CodeSniffer 3.x * PHPUnit 4.x, 5.x, 6.x or 7.x @@ -89,7 +91,7 @@ The easiest way to do this is to add a `phpunit.xml` file to the root of your VI => + * @return array Key is the line number, value is the number of expected errors. */ public function getErrorList() { - return array( + return [ 5 => 1, 17 => 1, - ); + 31 => 1, + ]; } ... ``` @@ -162,24 +167,35 @@ Also note the class name convention. The method `getErrorList()` MUST return an If you run: ```sh -$ cd /path-to-cloned/phpcs -$ ./bin/phpcs --standard=WordPressVIPMinimum -s --sniffs=WordPressVIPMinimum.VIP.WPQueryParams /path/to/WordPressVIPMinimum/Tests/VIP/WPQueryParamsUnitTest.inc -... -E 1 / 1 (100%) - - - -FILE: /path/to/vipcs/WordPressVIPMinimum/Tests/VIP/WPQueryParamsUnitTest.inc --------------------------------------------------------------------------------------------------------------------------------- -FOUND 2 ERRORS AND 2 WARNINGS AFFECTING 4 LINES --------------------------------------------------------------------------------------------------------------------------------- - 4 | WARNING | Using `post__not_in` should be done with caution. (WordPressVIPMinimum.VIP.WPQueryParams.post__not_in) - 5 | ERROR | Setting `suppress_filters` to `true` is probihited. - | | (WordPressVIPMinimum.VIP.WPQueryParams.suppressFiltersTrue) - 11 | WARNING | Using `post__not_in` should be done with caution. (WordPressVIPMinimum.VIP.WPQueryParams.post__not_in) - 17 | ERROR | Setting `suppress_filters` to `true` is probihited. - | | (WordPressVIPMinimum.VIP.WPQueryParams.suppressFiltersTrue) --------------------------------------------------------------------------------------------------------------------------------- +$ cd /path/to/vipcs +$ ./vendor/bin/phpcs --standard=WordPressVIPMinimum -s --sniffs=WordPressVIPMinimum.Performance.WPQueryParams WordPressVIPMinimum/Tests/Performance/WPQueryParamsUnitTest.inc + +FILE: /path/to/vipcs/WordPressVIPMinimum/Tests/Performance/WPQueryParamsUnitTest.inc +------------------------------------------------------------------------------------------------------------------------------------------------------ +FOUND 3 ERRORS AND 5 WARNINGS AFFECTING 8 LINES +------------------------------------------------------------------------------------------------------------------------------------------------------ + 4 | WARNING | Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see + | | https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. + | | (WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in) + 5 | ERROR | Setting `suppress_filters` to `true` is prohibited. + | | (WordPressVIPMinimum.Performance.WPQueryParams.SuppressFilters_suppress_filters) + 11 | WARNING | Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see + | | https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. + | | (WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in) + 17 | ERROR | Setting `suppress_filters` to `true` is prohibited. + | | (WordPressVIPMinimum.Performance.WPQueryParams.SuppressFilters_suppress_filters) + 21 | WARNING | Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see + | | https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. + | | (WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_exclude) + 29 | WARNING | Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see + | | https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. + | | (WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_exclude) + 30 | WARNING | Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see + | | https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. + | | (WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_exclude) + 31 | ERROR | Setting `suppress_filters` to `true` is prohibited. + | | (WordPressVIPMinimum.Performance.WPQueryParams.SuppressFilters_suppress_filters) +------------------------------------------------------------------------------------------------------------------------------------------------------ .... ``` You'll see the line number and number of ERRORs we need to return in the `getErrorList()` method. @@ -190,23 +206,26 @@ The `--sniffs=...` directive limits the output to the sniff you are testing. The ruleset tests, previously named here as _integration tests_, are our way of ensuring that _rulesets_ do check for the violations we expect them to. -An example where it might not would be when a ruleset references a local sniff or a sniff from upstream (WPCS or PHPCS), but that the violation code, sniff name or category name has changed. Without a ruleset test, this would go unnoticed. +An example where it might not would be when a ruleset references a local sniff or a sniff from upstream (WordPressCS or PHPCS), but that the violation code, sniff name or category name has changed. Without a ruleset test, this would go unnoticed. -The `composer check` or `composer test-ruleset` commands run the `ruleset-test.php` files (one for each standard), which internally run `phpcs` against the "dirty" test files (`ruleset-test.inc`), and looks out for a known number of errors, warnings, and messages on each line. This is then compared against the expected errors, warnings and messages to see if there are any missing or unexpected violations or difference in messages. +The `composer check` or `composer test-ruleset` commands run the `ruleset-test.php` files (one for each ruleset), which internally run `phpcs` against the "dirty" test files (`ruleset-test.inc`), and looks out for a known number of errors, warnings, and messages on each line. This is then compared against the expected errors, warnings, and messages to see if there are any missing or unexpected violations or difference in messages. When adding or changing a sniff, the ruleset test files should be updated to match. ## Releases -- In a `changelog/x.y.z` branch off of `develop`, update the `CHANGELOG.md` with a list of all of the changes following the keepachangelog.com format. Include PR references and GitHub username props. -- Create a PR of `develop` <-- `changelog/x.y.z`, but do not merge until ready to release. -- Create a PR of `master` <-- `develop`, and copy-paste the [`release-template.md`](https://github.com/Automattic/VIP-Coding-Standards/blob/develop/.github/ISSUE_TEMPLATE/release-template.md) contents. -- When ready to release, merge the change log PR into `develop`, then merge the `develop` into `master` PR. -- Tag the commit in `master` with the appropriate version number. Ideally, have it signed. -- Close the current milestone. +- Create a `release/x.y.z` branch off of `develop`. +- In a `release/x.y.z-changelog` branch off of `release/x.y.z`, update the `CHANGELOG.md` with a list of all of the changes following the keepachangelog.com format. Include PR references and GitHub username props. +- Create a PR of `release/x.y.z` <-- `release/x.y.z-changelog`, but do not merge until ready to release. +- Create any other last-minute PRs as necessary, such as documentation updates, against the release branch. +- When ready to release, merge the changelog and other branches into `release/x.y.z`. +- Create a PR of `main` <-- `release/x.y.z`, and copy-paste the [`release-template.md`](https://github.com/Automattic/VIP-Coding-Standards/blob/develop/.github/ISSUE_TEMPLATE/release-template.md) contents. +- When ready to release, merge `release/x.y.z` into `main`. Undelete the release branch after merging. +- Tag the commit in `main` with the appropriate version number. Ideally, have it signed. - Open a new milestone for the next release. - If any open PRs/issues which were milestoned for this release do not make it into the release, update their milestone. -- Write a Lobby post to inform VIP customers about the release, including the date when the Review Bot will be updated (usually about 1.5 weeks after the VIPCS release). +- Close the current milestone. +- Create a PR of `develop` <-- `release/x.y.z` and merge in when ready. +- Write a Lobby post to inform VIP customers about the release, including the date when the VIP Code Analysis Bot will be updated (usually about 2 weeks after the VIPCS release). - Write an internal P2 post. -- Open a PR to update the [Review Bot dependencies](https://github.com/Automattic/vip-go-ci/blob/master/tools-init.sh). - +- Open a PR to update the [VIP Code Analysis bot dependencies](https://github.com/Automattic/vip-go-ci/blob/master/tools-init.sh). diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index f68fd0df..5bfbcec3 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -44,6 +44,7 @@ Use `php -v` and `composer show` to get versions. | ------------------------ | ------- | PHP version | x.y.z | PHP_CodeSniffer version | x.y.z +| PHPCSUtils version | x.y.z | VIPCS version | x.y.z | WordPressCS version | x.y.z | VariableAnalysis version | x.y.z @@ -52,7 +53,7 @@ Use `php -v` and `composer show` to get versions. -## Tested Against `master` branch? +## Tested Against `main` branch? -- [ ] I have verified the issue still exists in the `master` branch of VIPCS. +- [ ] I have verified the issue still exists in the `main` branch of VIPCS. - [ ] I have verified the issue still exists in the `develop` branch of VIPCS. diff --git a/.github/ISSUE_TEMPLATE/release-template.md b/.github/ISSUE_TEMPLATE/release-template.md index 026b6704..9ce956a0 100644 --- a/.github/ISSUE_TEMPLATE/release-template.md +++ b/.github/ISSUE_TEMPLATE/release-template.md @@ -13,11 +13,11 @@ assignees: GaryJones, rebeccahum PR for tracking changes for the X.Y.Z release. Target release date: DOW DD MMMM YYYY. -- [ ] Scan WordPress (or just wp-admin folder) with prior version and compare results against new release for potential new bugs. +- [ ] Scan WordPress (or just wp-admin folder) with prior version and compare results against new release for potential new bugs. - [ ] Add change log for this release: PR #XXX - [ ] Double-check whether any dependencies need bumping. - [ ] Merge this PR. -- [ ] Add signed release tag against `master`. +- [ ] Add signed release tag against `main`. - [ ] Close the current milestone. - [ ] Open a new milestone for the next release. - [ ] If any open PRs/issues which were milestoned for this release do not make it into the release, update their milestone. diff --git a/.github/workflows/basics.yml b/.github/workflows/basics.yml index 9392d9a8..7e616537 100644 --- a/.github/workflows/basics.yml +++ b/.github/workflows/basics.yml @@ -29,7 +29,7 @@ jobs: - name: Install PHP uses: shivammathur/setup-php@v2 with: - php-version: '7.4' + php-version: 'latest' coverage: none tools: cs2pr @@ -76,3 +76,31 @@ jobs: # At a later stage the documentation check can be activated. - name: Check sniff feature completeness run: composer feature-completeness + + phpstan: + name: "PHPStan" + + runs-on: "ubuntu-latest" + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Install PHP + uses: shivammathur/setup-php@v2 + with: + php-version: '7.4' + coverage: none + tools: phpstan + + # Install dependencies and handle caching in one go. + # Dependencies need to be installed to make sure the PHPCS and PHPUnit classes are recognized. + # @link https://github.com/marketplace/actions/install-composer-dependencies + - name: Install Composer dependencies + uses: "ramsey/composer-install@v2" + with: + # Bust the cache at least once a month - output format: YYYY-MM. + custom-cache-suffix: $(date -u "+%Y-%m") + + - name: Run PHPStan + run: phpstan analyse diff --git a/.github/workflows/quicktest.yml b/.github/workflows/quicktest.yml index bab7311f..becaac4c 100644 --- a/.github/workflows/quicktest.yml +++ b/.github/workflows/quicktest.yml @@ -1,10 +1,10 @@ name: Quicktest on: - # Run on pushes, including merges, to all branches except `master`. + # Run on pushes, including merges, to all branches except `main`. push: branches-ignore: - - master + - main paths-ignore: - '**.md' # Allow manually triggering the workflow. @@ -27,50 +27,30 @@ jobs: matrix: include: - php: '5.4' - phpcs_version: 'dev-master' - wpcs_version: '2.3.*' + dependencies: 'stable' - php: '5.4' - phpcs_version: '3.7.1' - wpcs_version: '2.3.*' + dependencies: 'lowest' - php: 'latest' - phpcs_version: 'dev-master' - wpcs_version: '2.3.*' + dependencies: 'stable' - php: 'latest' - phpcs_version: '3.7.1' - wpcs_version: '2.3.*' + dependencies: 'lowest' - name: "QTest${{ matrix.phpcs_version == 'dev-master' && ' + Lint' || '' }}: PHP ${{ matrix.php }} - PHPCS ${{ matrix.phpcs_version }}" + name: "QTest${{ matrix.dependencies == 'stable' && ' + Lint' || '' }}: PHP ${{ matrix.php }} - PHPCS ${{ matrix.dependencies }}" steps: - name: Checkout code uses: actions/checkout@v3 - # On stable PHPCS versions, allow for PHP deprecation notices. - # Unit tests don't need to fail on those for stable releases where those issues won't get fixed anymore. - # Note: the "elif" condition is temporary and should be removed once VIPCS updates to WPCS 3.0+. - - name: Setup ini config - id: set_ini - run: | - if [[ "${{ matrix.phpcs_version }}" != "dev-master" ]]; then - echo 'PHP_INI=error_reporting=E_ALL & ~E_DEPRECATED, display_errors=On' >> $GITHUB_OUTPUT - else - echo 'PHP_INI=error_reporting=-1, display_errors=On' >> $GITHUB_OUTPUT - fi - - name: Set up PHP uses: shivammathur/setup-php@v2 with: php-version: ${{ matrix.php }} - ini-values: ${{ steps.set_ini.outputs.PHP_INI }} + # With stable PHPCS dependencies, allow for PHP deprecation notices. + # Unit tests shouldn't fail on those for stable releases where those issues won't get fixed anymore. + ini-values: error_reporting=E_ALL & ~E_DEPRECATED, display_errors=On coverage: none - - name: 'Composer: set PHPCS version for tests' - run: composer require squizlabs/php_codesniffer:"${{ matrix.phpcs_version }}" --no-update --no-scripts --no-interaction - - - name: 'Composer: set WPCS version for tests' - run: composer require wp-coding-standards/wpcs:"${{ matrix.wpcs_version }}" --no-update --no-scripts --no-interaction - # Install dependencies and handle caching in one go. # @link https://github.com/marketplace/actions/install-composer-dependencies - name: Install Composer dependencies - normal @@ -86,14 +66,34 @@ jobs: if: ${{ startsWith( matrix.php, '8' ) || matrix.php == 'latest' }} uses: "ramsey/composer-install@v2" with: - composer-options: --ignore-platform-reqs + composer-options: --ignore-platform-req=php+ custom-cache-suffix: $(date -u "+%Y-%m") + - name: "Composer: downgrade PHPCS dependencies for tests (lowest)" + if: ${{ matrix.php == '5.4' && matrix.dependencies == 'lowest' }} + run: > + composer update --prefer-lowest --no-scripts --no-interaction + squizlabs/php_codesniffer + phpcsstandards/phpcsutils + phpcsstandards/phpcsextra + sirbrillig/phpcs-variable-analysis + wp-coding-standards/wpcs + + - name: "Composer: downgrade PHPCS dependencies for tests (lowest) - with ignore platform" + if: ${{ matrix.php == 'latest' && matrix.dependencies == 'lowest' }} + run: > + composer update --prefer-lowest --no-scripts --no-interaction --ignore-platform-req=php+ + squizlabs/php_codesniffer + phpcsstandards/phpcsutils + phpcsstandards/phpcsextra + sirbrillig/phpcs-variable-analysis + wp-coding-standards/wpcs + - name: Display PHPCS installed standards run: ./vendor/bin/phpcs -i - name: Lint against parse errors - if: matrix.phpcs_version == 'dev-master' + if: matrix.dependencies == 'stable' run: ./bin/php-lint - name: Run the unit tests diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c0f698fd..cc5ed0a6 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,11 +1,11 @@ name: Test on: - # Run on pushes to `master` and on all pull requests. + # Run on pushes to `main` and on all pull requests. # Prevent the "push" build from running when there are only irrelevant changes. push: branches: - - master + - main paths-ignore: - '**.md' pull_request: @@ -62,25 +62,31 @@ jobs: strategy: # Keys: # - php: The PHP versions to test against. - # - phpcs_version: The PHPCS versions to test against. + # - dependencies: The PHPCS dependencies versions to test against. # IMPORTANT: test runs shouldn't fail because of PHPCS being incompatible with a PHP version. # - PHPCS will run without errors on PHP 5.4 - 7.4 on any supported version. # - PHP 8.0 needs PHPCS 3.5.7+ to run without errors, and we require a higher minimum version. # - PHP 8.1 needs PHPCS 3.6.1+ to run without errors, but works best with 3.7.1+, and we require at least this minimum version. - # - The `wpcs_version` key is added to allow additional test builds when multiple WPCS versions - # would be supported. As, at this time, only the latest stable release of WPCS is supported, - # no additional versions are included in the array. matrix: php: ['5.4', '5.5', '5.6', '7.0', '7.1', '7.2', '7.3', '7.4', '8.0', '8.1', '8.2'] - phpcs_version: ['3.7.1', 'dev-master'] - wpcs_version: ['2.3.*'] + dependencies: ['lowest', 'stable'] include: + # Test against dev versions of all dependencies with select PHP versions for early detection of issues. + - php: '5.4' + dependencies: 'dev' + - php: '7.0' + dependencies: 'dev' + - php: '7.4' + dependencies: 'dev' + - php: '8.2' + dependencies: 'dev' + + # Test against upcoming PHP version. - php: '8.3' - phpcs_version: 'dev-master' - wpcs_version: '2.3.*' + dependencies: 'dev' - name: "Test: PHP ${{ matrix.php }} - PHPCS ${{ matrix.phpcs_version }} - WPCS ${{ matrix.wpcs_version }}" + name: "Test: PHP ${{ matrix.php }} - PHPCS ${{ matrix.dependencies }}" continue-on-error: ${{ matrix.php == '8.3' }} @@ -88,18 +94,15 @@ jobs: - name: Checkout code uses: actions/checkout@v3 - # On stable PHPCS versions, allow for PHP deprecation notices. + # With stable PHPCS dependencies, allow for PHP deprecation notices. # Unit tests don't need to fail on those for stable releases where those issues won't get fixed anymore. - # Note: the "elif" condition is temporary and should be removed once VIPCS updates to WPCS 3.0+. - name: Setup ini config id: set_ini run: | - if [[ "${{ matrix.phpcs_version }}" != "dev-master" ]]; then - echo 'PHP_INI=error_reporting=E_ALL & ~E_DEPRECATED' >> $GITHUB_OUTPUT - elif [[ "${{ matrix.php }}" == "8.1" ]]; then - echo 'PHP_INI=error_reporting=E_ALL & ~E_DEPRECATED' >> $GITHUB_OUTPUT + if [[ "${{ matrix.dependencies }}" != "dev" ]]; then + echo 'PHP_INI=error_reporting=E_ALL & ~E_DEPRECATED, display_errors=On' >> $GITHUB_OUTPUT else - echo 'PHP_INI=error_reporting=-1' >> $GITHUB_OUTPUT + echo 'PHP_INI=error_reporting=-1, display_errors=On' >> $GITHUB_OUTPUT fi - name: Install PHP @@ -109,11 +112,15 @@ jobs: ini-values: ${{ steps.set_ini.outputs.PHP_INI }} coverage: none - - name: 'Composer: set PHPCS version for tests' - run: composer require squizlabs/php_codesniffer:"${{ matrix.phpcs_version }}" --no-update --no-scripts --no-interaction - - - name: 'Composer: set WPCS version for tests' - run: composer require wp-coding-standards/wpcs:"${{ matrix.wpcs_version }}" --no-update --no-scripts --no-interaction + - name: "Composer: set PHPCS dependencies for tests (dev)" + if: ${{ matrix.dependencies == 'dev' }} + run: > + composer require --no-update --no-scripts --no-interaction + squizlabs/php_codesniffer:"dev-master" + phpcsstandards/phpcsutils:"dev-develop" + phpcsstandards/phpcsextra:"dev-develop" + sirbrillig/phpcs-variable-analysis:"2.x" + wp-coding-standards/wpcs:"dev-develop" # Install dependencies and handle caching in one go. # @link https://github.com/marketplace/actions/install-composer-dependencies @@ -130,9 +137,29 @@ jobs: if: ${{ startsWith( matrix.php, '8' ) }} uses: "ramsey/composer-install@v2" with: - composer-options: --ignore-platform-reqs + composer-options: --ignore-platform-req=php+ custom-cache-suffix: $(date -u "+%Y-%m") + - name: "Composer: downgrade PHPCS dependencies for tests (lowest)" + if: ${{ ! startsWith( matrix.php, '8' ) && matrix.dependencies == 'lowest' }} + run: > + composer update --prefer-lowest --no-scripts --no-interaction + squizlabs/php_codesniffer + phpcsstandards/phpcsutils + phpcsstandards/phpcsextra + sirbrillig/phpcs-variable-analysis + wp-coding-standards/wpcs + + - name: "Composer: downgrade PHPCS dependencies for tests (lowest) - with ignore platform" + if: ${{ startsWith( matrix.php, '8' ) && matrix.dependencies == 'lowest' }} + run: > + composer update --prefer-lowest --no-scripts --no-interaction --ignore-platform-req=php+ + squizlabs/php_codesniffer + phpcsstandards/phpcsutils + phpcsstandards/phpcsextra + sirbrillig/phpcs-variable-analysis + wp-coding-standards/wpcs + - name: Run the unit tests run: ./bin/unit-tests diff --git a/.gitignore b/.gitignore index 4c8e37bd..8c5b8732 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ phpcs.xml .phpcs.xml phpunit.xml phpcs.cache +phpstan.neon diff --git a/.phpcs.xml.dist b/.phpcs.xml.dist index 0b06835d..a0049b7b 100644 --- a/.phpcs.xml.dist +++ b/.phpcs.xml.dist @@ -19,8 +19,7 @@ - - + diff --git a/CHANGELOG.md b/CHANGELOG.md index ef4c4be9..1105bddb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,48 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [3.0.0] - 2023-09-05 + +Props: @GaryJones, @jrfnl + +This release requires [WordPressCS 3.0.0](https://github.com/WordPress/WordPress-Coding-Standards/releases/tag/3.0.0). It is not compatible with WordPressCS 2.x. Users should read the [WordPressCS 3.0 upgrade guide for end-users](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Upgrade-Guide-to-WordPressCS-3.0.0-for-ruleset-maintainers). + +Increases requirements for PHPCS from 3.7.1 to 3.7.2. + +The tagged releases branch is now `main` instead of `master`. + +### Added +- [#777](https://github.com/Automattic/VIP-Coding-Standards/pull/777): 3.0: start using PHPCSUtils. +- [#779](https://github.com/Automattic/VIP-Coding-Standards/pull/779): 3.0: support WordPressCS 3.0. + +## Changed +- [#780](https://github.com/Automattic/VIP-Coding-Standards/pull/780): Performance/WPQueryParams: defer to the parent sniff. + - Two error codes changed: + - `WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn` is now `WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in`. + - `WordPressVIPMinimum.Performance.WPQueryParams.SuppressFiltersTrue` is now `WordPressVIPMinimum.Performance.WPQueryParams.SuppressFilters_suppress_filters`. + +### Removed +- [#774](https://github.com/Automattic/VIP-Coding-Standards/pull/774): Performance/BatcacheWhitelistedParams: remove the sniff. +- [#775](https://github.com/Automattic/VIP-Coding-Standards/pull/775): Compatibility/Zoninator: remove the sniff. +- [#776](https://github.com/Automattic/VIP-Coding-Standards/pull/776): Variables/VariableAnalysis: remove the sniff. + +### Fixed +- [#784](https://github.com/Automattic/VIP-Coding-Standards/pull/784): Performance/WPQueryParams: prevent false positives for `'exclude'` with `get_users()`. +- [#788](https://github.com/Automattic/VIP-Coding-Standards/pull/788): Security/Mustache: prevent false positives on block editor templates. + +### Maintenance +- [#778](https://github.com/Automattic/VIP-Coding-Standards/pull/778): CS: improve use statements. +- [#781](https://github.com/Automattic/VIP-Coding-Standards/pull/781): Performance/NoPaging: add extra tests. +- [#782](https://github.com/Automattic/VIP-Coding-Standards/pull/782): GH Actions: minor tweaks to the composer options used. +- [#783](https://github.com/Automattic/VIP-Coding-Standards/pull/783): Hooks/AlwaysReturnInFilter: remove redundant condition. +- [#785](https://github.com/Automattic/VIP-Coding-Standards/pull/785): Docs: remove redundant `@package` tags. +- [#786](https://github.com/Automattic/VIP-Coding-Standards/pull/786): Add PHPStan to QA checks. +- [#787](https://github.com/Automattic/VIP-Coding-Standards/pull/787): GH Actions: tweak the way the PHPCS/WPCS versions are set. +- [#789](https://github.com/Automattic/VIP-Coding-Standards/pull/789): Updates related to branch rename from `master` to `main`. +- [#790](https://github.com/Automattic/VIP-Coding-Standards/pull/790): PHPUnit: Use 7.5 schema. +- [#791](https://github.com/Automattic/VIP-Coding-Standards/pull/791): Docs: Update `CONTRIBUTING.md`. + + ## [2.3.4] - 2023-07-05 Props: kshaner, GaryJones, jrfnl, yolih @@ -632,7 +674,7 @@ Initial release. Props: david-binda, pkevan. - +[3.0.0]: https://github.com/Automattic/VIP-Coding-Standards/compare/2.3.4...3.0.0 [2.3.4]: https://github.com/Automattic/VIP-Coding-Standards/compare/2.3.3...2.3.4 [2.3.3]: https://github.com/Automattic/VIP-Coding-Standards/compare/2.3.2...2.3.3 [2.3.2]: https://github.com/Automattic/VIP-Coding-Standards/compare/2.3.1...2.3.2 diff --git a/README.md b/README.md index 6b5c15da..1006b175 100644 --- a/README.md +++ b/README.md @@ -16,8 +16,9 @@ Go to https://docs.wpvip.com/technical-references/code-review/phpcs-report/ to l ## Minimal requirements * PHP 5.4+ -* [PHPCS 3.7.1+](https://github.com/squizlabs/PHP_CodeSniffer/releases) -* [WPCS 2.3.0+](https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/releases) +* [PHPCS 3.7.2+](https://github.com/squizlabs/PHP_CodeSniffer/releases) +* [PHPCSUtils 1.0.8+](https://github.com/PHPCSStandards/PHPCSUtils) +* [WPCS 3.0.0+](https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/releases) * [VariableAnalysis 2.11.17+](https://github.com/sirbrillig/phpcs-variable-analysis/releases) ## Installation @@ -34,7 +35,7 @@ composer g config allow-plugins.dealerdirect/phpcodesniffer-composer-installer t composer g require automattic/vipwpcs ``` -This will install the latest compatible versions of PHPCS, WPCS and VariableAnalysis and register the external standards with PHP_CodeSniffer. +This will install the latest compatible versions of PHPCS, PHPCSUtils, PHPCSExtra, WPCS and VariableAnalysis and register the external standards with PHP_CodeSniffer. Please refer to the [installation instructions for installing PHP_CodeSniffer for WordPress.com VIP](https://docs.wpvip.com/how-tos/code-review/php_codesniffer/) for more details. diff --git a/WordPress-VIP-Go/ruleset-test.inc b/WordPress-VIP-Go/ruleset-test.inc index a5c9f6e5..773842b0 100644 --- a/WordPress-VIP-Go/ruleset-test.inc +++ b/WordPress-VIP-Go/ruleset-test.inc @@ -56,10 +56,10 @@ $x = sanitize_key( $_COOKIE['bar'] ); // phpcs:ignore WordPress.Security.Validat if ( isset( $_SERVER['HTTP_USER_AGENT'] ) && $_SERVER['HTTP_USER_AGENT'] === 'some_value' ) { // Error. } +// Make sure nonce verification is done in global scope to silence notices about use of superglobals without later on in the file. +isset( $_GET['my_nonce'] ) && wp_verify_nonce( sanitize_text_field( $_GET['my_nonce'] ) ); - - -// WordPress.WP.AlternativeFunctions.file_system_read_fopen +// WordPress.WP.AlternativeFunctions.file_system_operations_fopen fopen( 'file.txt', 'r' ); // Warning + Message. // WordPressVIPMinimum.Performance.FetchingRemoteData.FileGetContentsUnknown @@ -80,7 +80,7 @@ function foo_bar() { } // WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -do_something( $_POST ); // Error. +do_something( $_POST['key'] ); // Error + warning. if ( isset( $_POST['foo2'] ) ) { bar( wp_unslash( $_POST['foo2'] ) ); // Warning. } @@ -153,7 +153,7 @@ url_to_postid( $url ); // Warning + Message. wpcom_vip_old_slug_redirect(); // Ok. wp_old_slug_redirect(); // Warning. -// WordPress.CodeAnalysis.AssignmentInCondition.Found +// Generic.CodeAnalysis.AssignmentInCondition.Found if ($a = 123) { // Warning. } @@ -165,7 +165,7 @@ rawurlencode(); // Ok. extract( array( 'a' => 1 ) ); // Error. $obj->extract(); // Ok. -// WordPress.PHP.StrictComparisons.LooseComparison +// Universal.Operators.StrictComparisons true == $true; // Warning. false === $true; // Ok. @@ -279,10 +279,10 @@ $args( [ $query = new WP_Query( ['meta_key' => 'foo' ] ); // Ok. $args = 'foo=bar&meta_key=foo'; // Ok. -// WordPressVIPMinimum.Performance.BatcacheWhitelistedParams -if ( isset( $_GET['migSource'] ) && wp_verify_nonce( sanitize_text_field( $_GET['migSource'] ) ) ) { - $test = sanitize_text_field( $_GET['migSource'] ); // Ok. -} + + + + @@ -322,8 +322,8 @@ class MyWidget extends WP_Widget { class BadTestClass extends WP_CLI_Command { // Warning. } -// WordPressVIPMinimum.Compatibility.ZoninatorSniff -wpcom_vip_load_plugin( 'zoninator', 'plugins', '0.8' ); // Warning. + + // WordPressVIPMinimum.Constants.ConstantString define( WPCOM_VIP ); // Error. @@ -557,7 +557,7 @@ echo " \ No newline at end of file + + +// Issue 541#issuecomment-1692323177: don't flag GB syntax. +
diff --git a/WordPressVIPMinimum/Tests/Security/MustacheUnitTest.php b/WordPressVIPMinimum/Tests/Security/MustacheUnitTest.php index 001c88cf..2c441539 100644 --- a/WordPressVIPMinimum/Tests/Security/MustacheUnitTest.php +++ b/WordPressVIPMinimum/Tests/Security/MustacheUnitTest.php @@ -12,8 +12,6 @@ /** * Unit test class for the unescaped output in Mustache templating engine. * - * @package VIPCS\WordPressVIPMinimum - * * @covers \WordPressVIPMinimum\Sniffs\Security\MustacheSniff */ class MustacheUnitTest extends AbstractSniffUnitTest { diff --git a/WordPressVIPMinimum/Tests/Security/PHPFilterFunctionsUnitTest.php b/WordPressVIPMinimum/Tests/Security/PHPFilterFunctionsUnitTest.php index edc3333f..dae998cc 100644 --- a/WordPressVIPMinimum/Tests/Security/PHPFilterFunctionsUnitTest.php +++ b/WordPressVIPMinimum/Tests/Security/PHPFilterFunctionsUnitTest.php @@ -12,8 +12,6 @@ /** * Unit test class for the WP_Query params sniff. * - * @package VIPCS\WordPressVIPMinimum - * * @covers \WordPressVIPMinimum\Sniffs\Security\PHPFilterFunctionsSniff */ class PHPFilterFunctionsUnitTest extends AbstractSniffUnitTest { diff --git a/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.php b/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.php index 70af9cda..1a7d9fc5 100644 --- a/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.php +++ b/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.php @@ -12,8 +12,6 @@ /** * Unit test class for the ProperEscapingFunction sniff. * - * @package VIPCS\WordPressVIPMinimum - * * @covers \WordPressVIPMinimum\Sniffs\Security\ProperEscapingFunctionSniff */ class ProperEscapingFunctionUnitTest extends AbstractSniffUnitTest { diff --git a/WordPressVIPMinimum/Tests/Security/StaticStrreplaceUnitTest.php b/WordPressVIPMinimum/Tests/Security/StaticStrreplaceUnitTest.php index 2209a462..c67ff014 100644 --- a/WordPressVIPMinimum/Tests/Security/StaticStrreplaceUnitTest.php +++ b/WordPressVIPMinimum/Tests/Security/StaticStrreplaceUnitTest.php @@ -12,8 +12,6 @@ /** * Unit test class for the StaticStrreplace sniff. * - * @package VIPCS\WordPressVIPMinimum - * * @covers \WordPressVIPMinimum\Sniffs\Security\StaticStrreplaceSniff */ class StaticStrreplaceUnitTest extends AbstractSniffUnitTest { diff --git a/WordPressVIPMinimum/Tests/Security/TwigUnitTest.php b/WordPressVIPMinimum/Tests/Security/TwigUnitTest.php index 7d6c54c4..0c390843 100644 --- a/WordPressVIPMinimum/Tests/Security/TwigUnitTest.php +++ b/WordPressVIPMinimum/Tests/Security/TwigUnitTest.php @@ -12,8 +12,6 @@ /** * Unit test class for the unescaped output in Twig templating engine. * - * @package VIPCS\WordPressVIPMinimum - * * @covers \WordPressVIPMinimum\Sniffs\Security\TwigSniff */ class TwigUnitTest extends AbstractSniffUnitTest { diff --git a/WordPressVIPMinimum/Tests/Security/UnderscorejsUnitTest.php b/WordPressVIPMinimum/Tests/Security/UnderscorejsUnitTest.php index b70cc8fe..28e5ed37 100644 --- a/WordPressVIPMinimum/Tests/Security/UnderscorejsUnitTest.php +++ b/WordPressVIPMinimum/Tests/Security/UnderscorejsUnitTest.php @@ -12,8 +12,6 @@ /** * Unit test class for the unescaped output in Underscore.js templating engine. * - * @package VIPCS\WordPressVIPMinimum - * * @covers \WordPressVIPMinimum\Sniffs\Security\UnderscorejsSniff */ class UnderscorejsUnitTest extends AbstractSniffUnitTest { diff --git a/WordPressVIPMinimum/Tests/Security/VuejsUnitTest.php b/WordPressVIPMinimum/Tests/Security/VuejsUnitTest.php index d539d831..74c490f1 100644 --- a/WordPressVIPMinimum/Tests/Security/VuejsUnitTest.php +++ b/WordPressVIPMinimum/Tests/Security/VuejsUnitTest.php @@ -12,8 +12,6 @@ /** * Unit test class for the unescaped output in Vue.js templating engine. * - * @package VIPCS\WordPressVIPMinimum - * * @covers \WordPressVIPMinimum\Sniffs\Security\VuejsSniff */ class VuejsUnitTest extends AbstractSniffUnitTest { diff --git a/WordPressVIPMinimum/Tests/UserExperience/AdminBarRemovalUnitTest.php b/WordPressVIPMinimum/Tests/UserExperience/AdminBarRemovalUnitTest.php index 1c19641c..6fd137c6 100644 --- a/WordPressVIPMinimum/Tests/UserExperience/AdminBarRemovalUnitTest.php +++ b/WordPressVIPMinimum/Tests/UserExperience/AdminBarRemovalUnitTest.php @@ -12,9 +12,7 @@ /** * Unit test class for the AdminBarRemoval sniff. * - * @package VIPCS\WordPressVIPMinimum - * - * @since 0.5.0 + * @since 0.5.0 * * @covers \WordPressVIPMinimum\Sniffs\UserExperience\AdminBarRemovalSniff */ diff --git a/WordPressVIPMinimum/Tests/Variables/RestrictedVariablesUnitTest.php b/WordPressVIPMinimum/Tests/Variables/RestrictedVariablesUnitTest.php index 5feb1d8a..36b833b2 100644 --- a/WordPressVIPMinimum/Tests/Variables/RestrictedVariablesUnitTest.php +++ b/WordPressVIPMinimum/Tests/Variables/RestrictedVariablesUnitTest.php @@ -12,10 +12,8 @@ /** * Unit test class for the VIP_RestrictedVariables sniff. * - * @package WPCS\WordPressCodingStandards - * - * @since 0.3.0 - * @since 0.13.0 Class name changed: this class is now namespaced. + * @since 0.3.0 + * @since 0.13.0 Class name changed: this class is now namespaced. * * @covers \WordPressVIPMinimum\Sniffs\Variables\RestrictedVariablesSniff */ diff --git a/WordPressVIPMinimum/Tests/Variables/ServerVariablesUnitTest.php b/WordPressVIPMinimum/Tests/Variables/ServerVariablesUnitTest.php index 39678f40..d836a2c8 100644 --- a/WordPressVIPMinimum/Tests/Variables/ServerVariablesUnitTest.php +++ b/WordPressVIPMinimum/Tests/Variables/ServerVariablesUnitTest.php @@ -12,8 +12,6 @@ /** * Unit test class for the Variable Analysis sniff. * - * @package VIPCS\WordPressVIPMinimum - * * @covers \WordPressVIPMinimum\Sniffs\Variables\ServerVariablesSniff */ class ServerVariablesUnitTest extends AbstractSniffUnitTest { diff --git a/WordPressVIPMinimum/Tests/Variables/VariableAnalysisUnitTest.inc b/WordPressVIPMinimum/Tests/Variables/VariableAnalysisUnitTest.inc deleted file mode 100644 index 2c8d0347..00000000 --- a/WordPressVIPMinimum/Tests/Variables/VariableAnalysisUnitTest.inc +++ /dev/null @@ -1,29 +0,0 @@ -bar(); // Undefined $this in trait OK. - } - function bar() {} -} - -function test() { - try { - do_something_silly(); - } catch ( Exception $e ) {} // OK. -} - -class MyClass { - function my_function() { - return function() { - $this->my_callback(); // OK - new VariableAnalysis doesn't flag $this as undefined in closure. - }; - } - - function my_callback() {} - } diff --git a/WordPressVIPMinimum/Tests/Variables/VariableAnalysisUnitTest.php b/WordPressVIPMinimum/Tests/Variables/VariableAnalysisUnitTest.php deleted file mode 100644 index f32045fd..00000000 --- a/WordPressVIPMinimum/Tests/Variables/VariableAnalysisUnitTest.php +++ /dev/null @@ -1,41 +0,0 @@ - => - */ - public function getErrorList() { - return []; - } - - /** - * Returns the lines where warnings should occur. - * - * @return array => - */ - public function getWarningList() { - return [ - 1 => 1, - 5 => 2, - ]; - } -} diff --git a/WordPressVIPMinimum/ruleset-test.inc b/WordPressVIPMinimum/ruleset-test.inc index 38617dd0..0b25bfef 100644 --- a/WordPressVIPMinimum/ruleset-test.inc +++ b/WordPressVIPMinimum/ruleset-test.inc @@ -2,7 +2,7 @@ 999, // Warning. ); _query_posts( 'posts_per_page=999' ); // Warning. @@ -45,7 +45,7 @@ $query_args['posts_per_page'] = 999; // Warning. date_default_timezone_set( 'FooBar' ); // Error. // WordPress.DB.PreparedSQL -$b = function () { +$b = function () { // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable global $wpdb; $listofthings = wp_cache_get( 'foo' ); if ( ! $listofthings ) { @@ -57,7 +57,7 @@ $b = function () { }; // WordPress.DB.DirectDatabaseQuery -$baz = $wpdb->get_results( $wpdb->prepare( 'SELECT X FROM Y ' ) ); // Warning x 2. +$baz = $wpdb->get_results( $wpdb->prepare( 'SELECT X FROM Y ' ) ); // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable -- Warning x 2. // WordPress.DB.SlowDBQuery $test = [ @@ -72,11 +72,11 @@ new WP_Query( array( // WordPress.WP.GlobalVariablesOverride $GLOBALS['wpdb'] = 'test'; // Error. -// WordPress.PHP.StrictComparisons +// Universal.Operators.StrictComparisons if ( true == $true ) { // Warning. } -// WordPress.CodeAnalysis.AssignmentInCondition +// Generic.CodeAnalysis.AssignmentInCondition if ( $test = get_post( $post ) ) { // Warning. } @@ -139,9 +139,9 @@ serialize(); // Warning. unserialize(); // Warning. urlencode(); // Warning. passthru( 'cat myfile.zip', $err ); // Warning. -$process = proc_open( 'php', $descriptorspec, $pipes, $cwd, $env ); // Warning. -$last_line = system( 'ls', $retval ); // Warning. -$handle = popen( '/bin/ls', 'r' ); // Warning. +$process = proc_open( 'php', $descriptorspec, $pipes, $cwd, $env ); // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable -- Warning. +$last_line = system( 'ls', $retval ); // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable -- Warning. +$handle = popen( '/bin/ls', 'r' ); // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable -- Warning. // WordPress.PHP.DiscouragedPHPFunctions.runtime_configuration_error_reporting error_reporting(); // Error. @@ -174,7 +174,7 @@ dl(); // Error. exec( 'whoami' ); // Error. // WordPress.PHP.DiscouragedPHPFunctions.system_calls_shell_exec -$output = shell_exec( 'ls -lart' ); // Error. +$output = shell_exec( 'ls -lart' ); // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable -- Error. // WordPress.PHP.DevelopmentFunctions var_dump(); // Warning. @@ -243,7 +243,7 @@ curl_init(); // Warning + Message. curl_close( $ch ); // Warning + Message. CURL_getinfo(); // Warning + Message. parse_url( 'http://example.com/' ); // Warning. -$json = json_encode( $thing ); // Warning. +$json = json_encode( $thing ); // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable -- Warning. readfile(); // Warning. fclose(); // Warning. fopen(); // Warning. @@ -278,8 +278,8 @@ class MyWidget extends WP_Widget { // WordPressVIPMinimum.Classes.RestrictedExtendClasses class BadTestClass extends WP_CLI_Command { } // Warning. -// WordPressVIPMinimum.Compatibility.ZoninatorSniff -wpcom_vip_load_plugin( 'zoninator', 'plugins', '0.8' ); // Warning. + + // WordPressVIPMinimum.Constants.ConstantString define( WPCOM_VIP ); // Error. @@ -402,7 +402,7 @@ wp_remote_get( $url ); // Warning. setcookie( 'cookie[three]', 'cookiethree' ); // Error. get_posts(); // Warning. wp_get_recent_posts(); // Warning. -$wp_random_testing = create_function( '$a, $b', 'return ( $b / $a ); '); // Warning. +$wp_random_testing = create_function( '$a, $b', 'return ( $b / $a ); '); // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable -- Warning. wpcom_vip_get_term_link(); // Warning. wpcom_vip_get_term_by(); // Warning. wpcom_vip_get_category_by_slug(); // Warning. @@ -442,16 +442,16 @@ add_filter( 'robots_txt', function() { // Warning. return 'test'; } ); -// WordPressVIPMinimum.Performance.BatcacheWhitelistedParams -// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotValidated -$test = sanitize_text_field( $_GET["utm_medium"] ); // Warning. + + + // WordPressVIPMinimum.Performance.CacheValueOverride -$bad_wp_users = wp_cache_get( md5( self::CACHE_KEY . '_wp_users'), self::CACHE_GROUP ); -$bad_wp_users = false; // Error. +$bad_wp_users = wp_cache_get( md5( self::CACHE_KEY . '_wp_users'), self::CACHE_GROUP ); // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable +$bad_wp_users = false; // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable -- Error. // WordPressVIPMinimum.Performance.FetchingRemoteData -$external_resource = file_get_contents( 'https://example.com' ); // Warning. +$external_resource = file_get_contents( 'https://example.com' ); // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable -- Warning. // WordPressVIPMinimum.Performance.LowExpiryCacheTime wp_cache_set( 'test', $data, $group, 100 ); // Warning. @@ -459,13 +459,13 @@ wp_cache_add( 123, $data, null, 1.5 * MINUTE_IN_SECONDS ); // Warning. wp_cache_replace( 'test', $data, $group, 2*MINUTE_IN_SECONDS ); // Warning. // WordPressVIPMinimum.Performance.NoPaging -$args = array( +$args = array( // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable 'nopaging' => true, // Error. ); _query_posts( 'nopaging=true' ); // Error. // WordPressVIPMinimum.Performance.OrderByRand -$args = array( +$args = array( // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable "orderby" => "RAND", // Error. ); $query_args['orderby'] = 'rand'; // Error. @@ -585,9 +585,9 @@ echo ''; / users"; // Error. -$x = foo( sanitize_text_field( $_SERVER['HTTP_USER_AGENT'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotValidated -- Warning. -foo( $_SESSION['bar'] ); // Error. +$query = "SELECT * FROM $wpdb->users"; // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable -- Error. +$x = foo( sanitize_text_field( $_SERVER['HTTP_USER_AGENT'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotValidated,VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable -- Warning. +foo( $_SESSION['bar'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput -- Error. // WordPressVIPMinimum.Variables.ServerVariables // phpcs:disable WordPress.Security.ValidatedSanitizedInput.InputNotValidated,WordPress.Security.ValidatedSanitizedInput.InputNotSanitized @@ -614,6 +614,9 @@ class MyClass { >>>>>>> // Error. diff --git a/WordPressVIPMinimum/ruleset-test.php b/WordPressVIPMinimum/ruleset-test.php index 58e54c38..05076415 100644 --- a/WordPressVIPMinimum/ruleset-test.php +++ b/WordPressVIPMinimum/ruleset-test.php @@ -197,7 +197,7 @@ 597 => 1, 612 => 1, 614 => 1, - 618 => 1, + 621 => 1, ], 'warnings' => [ 32 => 1, @@ -248,7 +248,6 @@ 256 => 1, 264 => 2, 279 => 1, - 282 => 1, 288 => 1, 293 => 1, 294 => 1, @@ -273,7 +272,6 @@ 439 => 1, 440 => 1, 441 => 1, - 447 => 1, 454 => 1, 457 => 1, 458 => 1, @@ -292,6 +290,7 @@ 559 => 1, 565 => 1, 589 => 1, + 618 => 1, ], 'messages' => [ 130 => [ diff --git a/WordPressVIPMinimum/ruleset.xml b/WordPressVIPMinimum/ruleset.xml index 25833535..13670326 100644 --- a/WordPressVIPMinimum/ruleset.xml +++ b/WordPressVIPMinimum/ruleset.xml @@ -1,6 +1,16 @@ WordPress VIP Minimum Coding Standards + + + + @@ -26,8 +36,11 @@ - - + + warning + + + @@ -122,10 +135,32 @@ - - - + + + + + + + + + + + + + + + + + + + + + + + + + @@ -153,32 +188,4 @@ - - - 0 - - - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - diff --git a/composer.json b/composer.json index 1fc19981..7f4db735 100644 --- a/composer.json +++ b/composer.json @@ -17,10 +17,11 @@ ], "require": { "php": ">=5.4", - "dealerdirect/phpcodesniffer-composer-installer": "^0.4.1 || ^0.5 || ^0.6.2 || ^0.7 || ^1.0", + "phpcsstandards/phpcsextra": "^1.1.0", + "phpcsstandards/phpcsutils": "^1.0.8", "sirbrillig/phpcs-variable-analysis": "^2.11.17", - "squizlabs/php_codesniffer": "^3.7.1", - "wp-coding-standards/wpcs": "^2.3" + "squizlabs/php_codesniffer": "^3.7.2", + "wp-coding-standards/wpcs": "^3.0" }, "require-dev": { "php-parallel-lint/php-parallel-lint": "^1.3.2", diff --git a/phpstan.neon.dist b/phpstan.neon.dist new file mode 100644 index 00000000..d6d59ff5 --- /dev/null +++ b/phpstan.neon.dist @@ -0,0 +1,13 @@ +parameters: + #phpVersion: 50400 # Needs to be 70100 or higher... sigh... + level: 5 + paths: + - WordPressVIPMinimum + - tests + bootstrapFiles: + - tests/bootstrap.php + scanDirectories: + - vendor/wp-coding-standards/wpcs/WordPress + treatPhpDocTypesAsCertain: false + + ignoreErrors: diff --git a/phpunit.xml.dist b/phpunit.xml.dist index 82c63521..299e2f35 100644 --- a/phpunit.xml.dist +++ b/phpunit.xml.dist @@ -1,7 +1,7 @@ phpcs_bin, $this->ruleset diff --git a/tests/bootstrap.php b/tests/bootstrap.php index bb063fdc..667f58a7 100644 --- a/tests/bootstrap.php +++ b/tests/bootstrap.php @@ -48,7 +48,8 @@ If you use Composer, please run `composer install`. Otherwise, make sure you set a `PHPCS_DIR` environment variable in your phpunit.xml file -pointing to the PHPCS directory. +pointing to the PHPCS directory and that PHPCSUtils is included in the `installed_paths` +for that PHPCS install. Please read the contributors guidelines for more information: https://github.com/Automattic/VIP-Coding-Standards/blob/develop/.github/CONTRIBUTING.md