diff --git a/composer.json b/composer.json index 568a526b..cda02909 100644 --- a/composer.json +++ b/composer.json @@ -1,6 +1,7 @@ { "require-dev": { - "dealerdirect/phpcodesniffer-composer-installer": "^0.7.1" + "dealerdirect/phpcodesniffer-composer-installer": "^0.7.1", + "wp-coding-standards/wpcs": "^2.3" }, "require": { "embed/embed": "^4.3", diff --git a/composer.lock b/composer.lock index a730062b..23211d77 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "a1fb82d56813359d39e2e661463e8dd0", + "content-hash": "d34836b165b17de57def80469fb24ee5", "packages": [ { "name": "composer/ca-bundle", @@ -435,22 +435,22 @@ }, { "name": "guzzlehttp/guzzle", - "version": "7.4.3", + "version": "7.4.5", "source": { "type": "git", "url": "https://github.com/guzzle/guzzle.git", - "reference": "74a8602c6faec9ef74b7a9391ac82c5e65b1cdab" + "reference": "1dd98b0564cb3f6bd16ce683cb755f94c10fbd82" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/guzzle/zipball/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab", - "reference": "74a8602c6faec9ef74b7a9391ac82c5e65b1cdab", + "url": "https://api.github.com/repos/guzzle/guzzle/zipball/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82", + "reference": "1dd98b0564cb3f6bd16ce683cb755f94c10fbd82", "shasum": "" }, "require": { "ext-json": "*", "guzzlehttp/promises": "^1.5", - "guzzlehttp/psr7": "^1.8.3 || ^2.1", + "guzzlehttp/psr7": "^1.9 || ^2.4", "php": "^7.2.5 || ^8.0", "psr/http-client": "^1.0", "symfony/deprecation-contracts": "^2.2 || ^3.0" @@ -539,7 +539,7 @@ ], "support": { "issues": "https://github.com/guzzle/guzzle/issues", - "source": "https://github.com/guzzle/guzzle/tree/7.4.3" + "source": "https://github.com/guzzle/guzzle/tree/7.4.5" }, "funding": [ { @@ -555,7 +555,7 @@ "type": "tidelift" } ], - "time": "2022-05-25T13:24:33+00:00" + "time": "2022-06-20T22:16:13+00:00" }, { "name": "guzzlehttp/promises", @@ -643,16 +643,16 @@ }, { "name": "guzzlehttp/psr7", - "version": "2.2.1", + "version": "2.4.0", "source": { "type": "git", "url": "https://github.com/guzzle/psr7.git", - "reference": "c94a94f120803a18554c1805ef2e539f8285f9a2" + "reference": "13388f00956b1503577598873fffb5ae994b5737" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/psr7/zipball/c94a94f120803a18554c1805ef2e539f8285f9a2", - "reference": "c94a94f120803a18554c1805ef2e539f8285f9a2", + "url": "https://api.github.com/repos/guzzle/psr7/zipball/13388f00956b1503577598873fffb5ae994b5737", + "reference": "13388f00956b1503577598873fffb5ae994b5737", "shasum": "" }, "require": { @@ -676,7 +676,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "2.2-dev" + "dev-master": "2.4-dev" } }, "autoload": { @@ -738,7 +738,7 @@ ], "support": { "issues": "https://github.com/guzzle/psr7/issues", - "source": "https://github.com/guzzle/psr7/tree/2.2.1" + "source": "https://github.com/guzzle/psr7/tree/2.4.0" }, "funding": [ { @@ -754,7 +754,7 @@ "type": "tidelift" } ], - "time": "2022-03-20T21:55:58+00:00" + "time": "2022-06-20T21:43:11+00:00" }, { "name": "ml/iri", @@ -1160,25 +1160,25 @@ }, { "name": "symfony/deprecation-contracts", - "version": "v3.0.1", + "version": "v3.1.0", "source": { "type": "git", "url": "https://github.com/symfony/deprecation-contracts.git", - "reference": "26954b3d62a6c5fd0ea8a2a00c0353a14978d05c" + "reference": "07f1b9cc2ffee6aaafcf4b710fbc38ff736bd918" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/26954b3d62a6c5fd0ea8a2a00c0353a14978d05c", - "reference": "26954b3d62a6c5fd0ea8a2a00c0353a14978d05c", + "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/07f1b9cc2ffee6aaafcf4b710fbc38ff736bd918", + "reference": "07f1b9cc2ffee6aaafcf4b710fbc38ff736bd918", "shasum": "" }, "require": { - "php": ">=8.0.2" + "php": ">=8.1" }, "type": "library", "extra": { "branch-alias": { - "dev-main": "3.0-dev" + "dev-main": "3.1-dev" }, "thanks": { "name": "symfony/contracts", @@ -1207,7 +1207,7 @@ "description": "A generic function and convention to trigger deprecation notices", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/deprecation-contracts/tree/v3.0.1" + "source": "https://github.com/symfony/deprecation-contracts/tree/v3.1.0" }, "funding": [ { @@ -1223,7 +1223,7 @@ "type": "tidelift" } ], - "time": "2022-01-02T09:55:41+00:00" + "time": "2022-02-25T11:15:52+00:00" }, { "name": "symfony/polyfill-php80", @@ -1449,16 +1449,16 @@ }, { "name": "squizlabs/php_codesniffer", - "version": "3.7.0", + "version": "3.7.1", "source": { "type": "git", "url": "https://github.com/squizlabs/PHP_CodeSniffer.git", - "reference": "a2cd51b45bcaef9c1f2a4bda48f2dd2fa2b95563" + "reference": "1359e176e9307e906dc3d890bcc9603ff6d90619" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/squizlabs/PHP_CodeSniffer/zipball/a2cd51b45bcaef9c1f2a4bda48f2dd2fa2b95563", - "reference": "a2cd51b45bcaef9c1f2a4bda48f2dd2fa2b95563", + "url": "https://api.github.com/repos/squizlabs/PHP_CodeSniffer/zipball/1359e176e9307e906dc3d890bcc9603ff6d90619", + "reference": "1359e176e9307e906dc3d890bcc9603ff6d90619", "shasum": "" }, "require": { @@ -1501,7 +1501,58 @@ "source": "https://github.com/squizlabs/PHP_CodeSniffer", "wiki": "https://github.com/squizlabs/PHP_CodeSniffer/wiki" }, - "time": "2022-06-13T06:31:38+00:00" + "time": "2022-06-18T07:21:10+00:00" + }, + { + "name": "wp-coding-standards/wpcs", + "version": "2.3.0", + "source": { + "type": "git", + "url": "https://github.com/WordPress/WordPress-Coding-Standards.git", + "reference": "7da1894633f168fe244afc6de00d141f27517b62" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/WordPress/WordPress-Coding-Standards/zipball/7da1894633f168fe244afc6de00d141f27517b62", + "reference": "7da1894633f168fe244afc6de00d141f27517b62", + "shasum": "" + }, + "require": { + "php": ">=5.4", + "squizlabs/php_codesniffer": "^3.3.1" + }, + "require-dev": { + "dealerdirect/phpcodesniffer-composer-installer": "^0.5 || ^0.6", + "phpcompatibility/php-compatibility": "^9.0", + "phpcsstandards/phpcsdevtools": "^1.0", + "phpunit/phpunit": "^4.0 || ^5.0 || ^6.0 || ^7.0" + }, + "suggest": { + "dealerdirect/phpcodesniffer-composer-installer": "^0.6 || This Composer plugin will sort out the PHPCS 'installed_paths' automatically." + }, + "type": "phpcodesniffer-standard", + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Contributors", + "homepage": "https://github.com/WordPress/WordPress-Coding-Standards/graphs/contributors" + } + ], + "description": "PHP_CodeSniffer rules (sniffs) to enforce WordPress coding conventions", + "keywords": [ + "phpcs", + "standards", + "wordpress" + ], + "support": { + "issues": "https://github.com/WordPress/WordPress-Coding-Standards/issues", + "source": "https://github.com/WordPress/WordPress-Coding-Standards", + "wiki": "https://github.com/WordPress/WordPress-Coding-Standards/wiki" + }, + "time": "2020-05-13T23:57:56+00:00" } ], "aliases": [], @@ -1511,5 +1562,5 @@ "prefer-lowest": false, "platform": [], "platform-dev": [], - "plugin-api-version": "2.2.0" + "plugin-api-version": "2.0.0" } diff --git a/src/api/wishes.php b/src/api/wishes.php index 9f529b75..d2265e15 100644 --- a/src/api/wishes.php +++ b/src/api/wishes.php @@ -8,7 +8,7 @@ namespace wishthis; -$api = true; +$api = true; $response = array( 'success' => false, ); diff --git a/vendor/composer/ClassLoader.php b/vendor/composer/ClassLoader.php index afef3fa2..247294d6 100644 --- a/vendor/composer/ClassLoader.php +++ b/vendor/composer/ClassLoader.php @@ -42,75 +42,30 @@ namespace Composer\Autoload; */ class ClassLoader { - /** @var ?string */ private $vendorDir; // PSR-4 - /** - * @var array[] - * @psalm-var array> - */ private $prefixLengthsPsr4 = array(); - /** - * @var array[] - * @psalm-var array> - */ private $prefixDirsPsr4 = array(); - /** - * @var array[] - * @psalm-var array - */ private $fallbackDirsPsr4 = array(); // PSR-0 - /** - * @var array[] - * @psalm-var array> - */ private $prefixesPsr0 = array(); - /** - * @var array[] - * @psalm-var array - */ private $fallbackDirsPsr0 = array(); - /** @var bool */ private $useIncludePath = false; - - /** - * @var string[] - * @psalm-var array - */ private $classMap = array(); - - /** @var bool */ private $classMapAuthoritative = false; - - /** - * @var bool[] - * @psalm-var array - */ private $missingClasses = array(); - - /** @var ?string */ private $apcuPrefix; - /** - * @var self[] - */ private static $registeredLoaders = array(); - /** - * @param ?string $vendorDir - */ public function __construct($vendorDir = null) { $this->vendorDir = $vendorDir; } - /** - * @return string[] - */ public function getPrefixes() { if (!empty($this->prefixesPsr0)) { @@ -120,47 +75,28 @@ class ClassLoader return array(); } - /** - * @return array[] - * @psalm-return array> - */ public function getPrefixesPsr4() { return $this->prefixDirsPsr4; } - /** - * @return array[] - * @psalm-return array - */ public function getFallbackDirs() { return $this->fallbackDirsPsr0; } - /** - * @return array[] - * @psalm-return array - */ public function getFallbackDirsPsr4() { return $this->fallbackDirsPsr4; } - /** - * @return string[] Array of classname => path - * @psalm-return array - */ public function getClassMap() { return $this->classMap; } /** - * @param string[] $classMap Class to filename map - * @psalm-param array $classMap - * - * @return void + * @param array $classMap Class to filename map */ public function addClassMap(array $classMap) { @@ -175,11 +111,9 @@ class ClassLoader * Registers a set of PSR-0 directories for a given prefix, either * appending or prepending to the ones previously set for this prefix. * - * @param string $prefix The prefix - * @param string[]|string $paths The PSR-0 root directories - * @param bool $prepend Whether to prepend the directories - * - * @return void + * @param string $prefix The prefix + * @param array|string $paths The PSR-0 root directories + * @param bool $prepend Whether to prepend the directories */ public function add($prefix, $paths, $prepend = false) { @@ -222,13 +156,11 @@ class ClassLoader * Registers a set of PSR-4 directories for a given namespace, either * appending or prepending to the ones previously set for this namespace. * - * @param string $prefix The prefix/namespace, with trailing '\\' - * @param string[]|string $paths The PSR-4 base directories - * @param bool $prepend Whether to prepend the directories + * @param string $prefix The prefix/namespace, with trailing '\\' + * @param array|string $paths The PSR-4 base directories + * @param bool $prepend Whether to prepend the directories * * @throws \InvalidArgumentException - * - * @return void */ public function addPsr4($prefix, $paths, $prepend = false) { @@ -272,10 +204,8 @@ class ClassLoader * Registers a set of PSR-0 directories for a given prefix, * replacing any others previously set for this prefix. * - * @param string $prefix The prefix - * @param string[]|string $paths The PSR-0 base directories - * - * @return void + * @param string $prefix The prefix + * @param array|string $paths The PSR-0 base directories */ public function set($prefix, $paths) { @@ -290,12 +220,10 @@ class ClassLoader * Registers a set of PSR-4 directories for a given namespace, * replacing any others previously set for this namespace. * - * @param string $prefix The prefix/namespace, with trailing '\\' - * @param string[]|string $paths The PSR-4 base directories + * @param string $prefix The prefix/namespace, with trailing '\\' + * @param array|string $paths The PSR-4 base directories * * @throws \InvalidArgumentException - * - * @return void */ public function setPsr4($prefix, $paths) { @@ -315,8 +243,6 @@ class ClassLoader * Turns on searching the include path for class files. * * @param bool $useIncludePath - * - * @return void */ public function setUseIncludePath($useIncludePath) { @@ -339,8 +265,6 @@ class ClassLoader * that have not been registered with the class map. * * @param bool $classMapAuthoritative - * - * @return void */ public function setClassMapAuthoritative($classMapAuthoritative) { @@ -361,8 +285,6 @@ class ClassLoader * APCu prefix to use to cache found/not-found classes, if the extension is enabled. * * @param string|null $apcuPrefix - * - * @return void */ public function setApcuPrefix($apcuPrefix) { @@ -383,8 +305,6 @@ class ClassLoader * Registers this instance as an autoloader. * * @param bool $prepend Whether to prepend the autoloader or not - * - * @return void */ public function register($prepend = false) { @@ -404,8 +324,6 @@ class ClassLoader /** * Unregisters this instance as an autoloader. - * - * @return void */ public function unregister() { @@ -420,7 +338,7 @@ class ClassLoader * Loads the given class or interface. * * @param string $class The name of the class - * @return true|null True if loaded, null otherwise + * @return bool|null True if loaded, null otherwise */ public function loadClass($class) { @@ -429,8 +347,6 @@ class ClassLoader return true; } - - return null; } /** @@ -485,11 +401,6 @@ class ClassLoader return self::$registeredLoaders; } - /** - * @param string $class - * @param string $ext - * @return string|false - */ private function findFileWithExtension($class, $ext) { // PSR-4 lookup @@ -561,10 +472,6 @@ class ClassLoader * Scope isolated include. * * Prevents access to $this/self from included files. - * - * @param string $file - * @return void - * @private */ function includeFile($file) { diff --git a/vendor/composer/InstalledVersions.php b/vendor/composer/InstalledVersions.php index d50e0c9f..bbe7b0c3 100644 --- a/vendor/composer/InstalledVersions.php +++ b/vendor/composer/InstalledVersions.php @@ -1,350 +1,511 @@ - * Jordi Boggiano - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ + + + + + + + + + namespace Composer; use Composer\Autoload\ClassLoader; use Composer\Semver\VersionParser; -/** - * This class is copied in every Composer installed project and available to all - * - * See also https://getcomposer.org/doc/07-runtime.md#installed-versions - * - * To require its presence, you can require `composer-runtime-api ^2.0` - */ + + + + + class InstalledVersions { - /** - * @var mixed[]|null - * @psalm-var array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array}|array{}|null - */ - private static $installed; +private static $installed = array ( + 'root' => + array ( + 'pretty_version' => 'dev-develop', + 'version' => 'dev-develop', + 'aliases' => + array ( + ), + 'reference' => '03788f71ffb580b6f1b6469fdc74463f381928d8', + 'name' => '__root__', + ), + 'versions' => + array ( + '__root__' => + array ( + 'pretty_version' => 'dev-develop', + 'version' => 'dev-develop', + 'aliases' => + array ( + ), + 'reference' => '03788f71ffb580b6f1b6469fdc74463f381928d8', + ), + 'composer/ca-bundle' => + array ( + 'pretty_version' => '1.3.2', + 'version' => '1.3.2.0', + 'aliases' => + array ( + ), + 'reference' => 'fd5dd441932a7e10ca6e5b490e272d34c8430640', + ), + 'dealerdirect/phpcodesniffer-composer-installer' => + array ( + 'pretty_version' => 'v0.7.2', + 'version' => '0.7.2.0', + 'aliases' => + array ( + ), + 'reference' => '1c968e542d8843d7cd71de3c5c9c3ff3ad71a1db', + ), + 'embed/embed' => + array ( + 'pretty_version' => 'v4.4.4', + 'version' => '4.4.4.0', + 'aliases' => + array ( + ), + 'reference' => '52c2d77f58672868346ae09b0fa1eecc818bdf42', + ), + 'gettext/gettext' => + array ( + 'pretty_version' => 'v5.6.1', + 'version' => '5.6.1.0', + 'aliases' => + array ( + ), + 'reference' => '017e249601d32b9a88c2eb4c10eac89bf582a7d3', + ), + 'gettext/languages' => + array ( + 'pretty_version' => '2.9.0', + 'version' => '2.9.0.0', + 'aliases' => + array ( + ), + 'reference' => 'ed56dd2c7f4024cc953ed180d25f02f2640e3ffa', + ), + 'gettext/translator' => + array ( + 'pretty_version' => 'v1.1.1', + 'version' => '1.1.1.0', + 'aliases' => + array ( + ), + 'reference' => 'b18ff33e8203de623854561f5e47e992fc5c50bb', + ), + 'grandel/include-directory' => + array ( + 'pretty_version' => 'v0.2.2', + 'version' => '0.2.2.0', + 'aliases' => + array ( + ), + 'reference' => 'a5c830e8f1527c818b521ab18f2accecb02f9919', + ), + 'guzzlehttp/guzzle' => + array ( + 'pretty_version' => '7.4.5', + 'version' => '7.4.5.0', + 'aliases' => + array ( + ), + 'reference' => '1dd98b0564cb3f6bd16ce683cb755f94c10fbd82', + ), + 'guzzlehttp/promises' => + array ( + 'pretty_version' => '1.5.1', + 'version' => '1.5.1.0', + 'aliases' => + array ( + ), + 'reference' => 'fe752aedc9fd8fcca3fe7ad05d419d32998a06da', + ), + 'guzzlehttp/psr7' => + array ( + 'pretty_version' => '2.4.0', + 'version' => '2.4.0.0', + 'aliases' => + array ( + ), + 'reference' => '13388f00956b1503577598873fffb5ae994b5737', + ), + 'ml/iri' => + array ( + 'pretty_version' => '1.1.4', + 'version' => '1.1.4.0', + 'aliases' => + array ( + ), + 'reference' => 'cbd44fa913e00ea624241b38cefaa99da8d71341', + ), + 'ml/json-ld' => + array ( + 'pretty_version' => '1.2.0', + 'version' => '1.2.0.0', + 'aliases' => + array ( + ), + 'reference' => 'c74a1aed5979ed1cfb1be35a55a305fd30e30b93', + ), + 'oscarotero/html-parser' => + array ( + 'pretty_version' => 'v0.1.6', + 'version' => '0.1.6.0', + 'aliases' => + array ( + ), + 'reference' => 'b61e92f634d0dc184339d24630a6968d3ac64ded', + ), + 'psr/http-client' => + array ( + 'pretty_version' => '1.0.1', + 'version' => '1.0.1.0', + 'aliases' => + array ( + ), + 'reference' => '2dfb5f6c5eff0e91e20e913f8c5452ed95b86621', + ), + 'psr/http-client-implementation' => + array ( + 'provided' => + array ( + 0 => '1.0', + ), + ), + 'psr/http-factory' => + array ( + 'pretty_version' => '1.0.1', + 'version' => '1.0.1.0', + 'aliases' => + array ( + ), + 'reference' => '12ac7fcd07e5b077433f5f2bee95b3a771bf61be', + ), + 'psr/http-factory-implementation' => + array ( + 'provided' => + array ( + 0 => '1.0', + ), + ), + 'psr/http-message' => + array ( + 'pretty_version' => '1.0.1', + 'version' => '1.0.1.0', + 'aliases' => + array ( + ), + 'reference' => 'f6561bf28d520154e4b0ec72be95418abe6d9363', + ), + 'psr/http-message-implementation' => + array ( + 'provided' => + array ( + 0 => '1.0', + ), + ), + 'qferr/mjml-php' => + array ( + 'pretty_version' => '1.1.0', + 'version' => '1.1.0.0', + 'aliases' => + array ( + ), + 'reference' => 'c6ea36c190e304e399a957f7e03b5a378faf41b9', + ), + 'ralouphie/getallheaders' => + array ( + 'pretty_version' => '3.0.3', + 'version' => '3.0.3.0', + 'aliases' => + array ( + ), + 'reference' => '120b605dfeb996808c31b6477290a714d356e822', + ), + 'squizlabs/php_codesniffer' => + array ( + 'pretty_version' => '3.7.1', + 'version' => '3.7.1.0', + 'aliases' => + array ( + ), + 'reference' => '1359e176e9307e906dc3d890bcc9603ff6d90619', + ), + 'symfony/deprecation-contracts' => + array ( + 'pretty_version' => 'v3.1.0', + 'version' => '3.1.0.0', + 'aliases' => + array ( + ), + 'reference' => '07f1b9cc2ffee6aaafcf4b710fbc38ff736bd918', + ), + 'symfony/polyfill-php80' => + array ( + 'pretty_version' => 'v1.26.0', + 'version' => '1.26.0.0', + 'aliases' => + array ( + ), + 'reference' => 'cfa0ae98841b9e461207c13ab093d76b0fa7bace', + ), + 'symfony/process' => + array ( + 'pretty_version' => 'v5.4.8', + 'version' => '5.4.8.0', + 'aliases' => + array ( + ), + 'reference' => '597f3fff8e3e91836bb0bd38f5718b56ddbde2f3', + ), + 'wp-coding-standards/wpcs' => + array ( + 'pretty_version' => '2.3.0', + 'version' => '2.3.0.0', + 'aliases' => + array ( + ), + 'reference' => '7da1894633f168fe244afc6de00d141f27517b62', + ), + ), +); +private static $canGetVendors; +private static $installedByVendor = array(); - /** - * @var bool|null - */ - private static $canGetVendors; - /** - * @var array[] - * @psalm-var array}> - */ - private static $installedByVendor = array(); - /** - * Returns a list of all package names which are present, either by being installed, replaced or provided - * - * @return string[] - * @psalm-return list - */ - public static function getInstalledPackages() - { - $packages = array(); - foreach (self::getInstalled() as $installed) { - $packages[] = array_keys($installed['versions']); - } - if (1 === \count($packages)) { - return $packages[0]; - } - return array_keys(array_flip(\call_user_func_array('array_merge', $packages))); - } - /** - * Returns a list of all package names with a specific type e.g. 'library' - * - * @param string $type - * @return string[] - * @psalm-return list - */ - public static function getInstalledPackagesByType($type) - { - $packagesByType = array(); - foreach (self::getInstalled() as $installed) { - foreach ($installed['versions'] as $name => $package) { - if (isset($package['type']) && $package['type'] === $type) { - $packagesByType[] = $name; - } - } - } - - return $packagesByType; - } - - /** - * Checks whether the given package is installed - * - * This also returns true if the package name is provided or replaced by another package - * - * @param string $packageName - * @param bool $includeDevRequirements - * @return bool - */ - public static function isInstalled($packageName, $includeDevRequirements = true) - { - foreach (self::getInstalled() as $installed) { - if (isset($installed['versions'][$packageName])) { - return $includeDevRequirements || empty($installed['versions'][$packageName]['dev_requirement']); - } - } - - return false; - } - - /** - * Checks whether the given package satisfies a version constraint - * - * e.g. If you want to know whether version 2.3+ of package foo/bar is installed, you would call: - * - * Composer\InstalledVersions::satisfies(new VersionParser, 'foo/bar', '^2.3') - * - * @param VersionParser $parser Install composer/semver to have access to this class and functionality - * @param string $packageName - * @param string|null $constraint A version constraint to check for, if you pass one you have to make sure composer/semver is required by your package - * @return bool - */ - public static function satisfies(VersionParser $parser, $packageName, $constraint) - { - $constraint = $parser->parseConstraints($constraint); - $provided = $parser->parseConstraints(self::getVersionRanges($packageName)); - - return $provided->matches($constraint); - } - - /** - * Returns a version constraint representing all the range(s) which are installed for a given package - * - * It is easier to use this via isInstalled() with the $constraint argument if you need to check - * whether a given version of a package is installed, and not just whether it exists - * - * @param string $packageName - * @return string Version constraint usable with composer/semver - */ - public static function getVersionRanges($packageName) - { - foreach (self::getInstalled() as $installed) { - if (!isset($installed['versions'][$packageName])) { - continue; - } - - $ranges = array(); - if (isset($installed['versions'][$packageName]['pretty_version'])) { - $ranges[] = $installed['versions'][$packageName]['pretty_version']; - } - if (array_key_exists('aliases', $installed['versions'][$packageName])) { - $ranges = array_merge($ranges, $installed['versions'][$packageName]['aliases']); - } - if (array_key_exists('replaced', $installed['versions'][$packageName])) { - $ranges = array_merge($ranges, $installed['versions'][$packageName]['replaced']); - } - if (array_key_exists('provided', $installed['versions'][$packageName])) { - $ranges = array_merge($ranges, $installed['versions'][$packageName]['provided']); - } - - return implode(' || ', $ranges); - } - - throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); - } - - /** - * @param string $packageName - * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as version, use satisfies or getVersionRanges if you need to know if a given version is present - */ - public static function getVersion($packageName) - { - foreach (self::getInstalled() as $installed) { - if (!isset($installed['versions'][$packageName])) { - continue; - } - - if (!isset($installed['versions'][$packageName]['version'])) { - return null; - } - - return $installed['versions'][$packageName]['version']; - } - - throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); - } - - /** - * @param string $packageName - * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as version, use satisfies or getVersionRanges if you need to know if a given version is present - */ - public static function getPrettyVersion($packageName) - { - foreach (self::getInstalled() as $installed) { - if (!isset($installed['versions'][$packageName])) { - continue; - } - - if (!isset($installed['versions'][$packageName]['pretty_version'])) { - return null; - } - - return $installed['versions'][$packageName]['pretty_version']; - } - - throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); - } - - /** - * @param string $packageName - * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as reference - */ - public static function getReference($packageName) - { - foreach (self::getInstalled() as $installed) { - if (!isset($installed['versions'][$packageName])) { - continue; - } - - if (!isset($installed['versions'][$packageName]['reference'])) { - return null; - } - - return $installed['versions'][$packageName]['reference']; - } - - throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); - } - - /** - * @param string $packageName - * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as install path. Packages of type metapackages also have a null install path. - */ - public static function getInstallPath($packageName) - { - foreach (self::getInstalled() as $installed) { - if (!isset($installed['versions'][$packageName])) { - continue; - } - - return isset($installed['versions'][$packageName]['install_path']) ? $installed['versions'][$packageName]['install_path'] : null; - } - - throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); - } - - /** - * @return array - * @psalm-return array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string} - */ - public static function getRootPackage() - { - $installed = self::getInstalled(); - - return $installed[0]['root']; - } - - /** - * Returns the raw installed.php data for custom implementations - * - * @deprecated Use getAllRawData() instead which returns all datasets for all autoloaders present in the process. getRawData only returns the first dataset loaded, which may not be what you expect. - * @return array[] - * @psalm-return array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array} - */ - public static function getRawData() - { - @trigger_error('getRawData only returns the first dataset loaded, which may not be what you expect. Use getAllRawData() instead which returns all datasets for all autoloaders present in the process.', E_USER_DEPRECATED); - - if (null === self::$installed) { - // only require the installed.php file if this file is loaded from its dumped location, - // and not from its source location in the composer/composer package, see https://github.com/composer/composer/issues/9937 - if (substr(__DIR__, -8, 1) !== 'C') { - self::$installed = include __DIR__ . '/installed.php'; - } else { - self::$installed = array(); - } - } - - return self::$installed; - } - - /** - * Returns the raw data of all installed.php which are currently loaded for custom implementations - * - * @return array[] - * @psalm-return list}> - */ - public static function getAllRawData() - { - return self::getInstalled(); - } - - /** - * Lets you reload the static array from another file - * - * This is only useful for complex integrations in which a project needs to use - * this class but then also needs to execute another project's autoloader in process, - * and wants to ensure both projects have access to their version of installed.php. - * - * A typical case would be PHPUnit, where it would need to make sure it reads all - * the data it needs from this class, then call reload() with - * `require $CWD/vendor/composer/installed.php` (or similar) as input to make sure - * the project in which it runs can then also use this class safely, without - * interference between PHPUnit's dependencies and the project's dependencies. - * - * @param array[] $data A vendor/composer/installed.php data set - * @return void - * - * @psalm-param array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array} $data - */ - public static function reload($data) - { - self::$installed = $data; - self::$installedByVendor = array(); - } - - /** - * @return array[] - * @psalm-return list}> - */ - private static function getInstalled() - { - if (null === self::$canGetVendors) { - self::$canGetVendors = method_exists('Composer\Autoload\ClassLoader', 'getRegisteredLoaders'); - } - - $installed = array(); - - if (self::$canGetVendors) { - foreach (ClassLoader::getRegisteredLoaders() as $vendorDir => $loader) { - if (isset(self::$installedByVendor[$vendorDir])) { - $installed[] = self::$installedByVendor[$vendorDir]; - } elseif (is_file($vendorDir.'/composer/installed.php')) { - $installed[] = self::$installedByVendor[$vendorDir] = require $vendorDir.'/composer/installed.php'; - if (null === self::$installed && strtr($vendorDir.'/composer', '\\', '/') === strtr(__DIR__, '\\', '/')) { - self::$installed = $installed[count($installed) - 1]; - } - } - } - } - - if (null === self::$installed) { - // only require the installed.php file if this file is loaded from its dumped location, - // and not from its source location in the composer/composer package, see https://github.com/composer/composer/issues/9937 - if (substr(__DIR__, -8, 1) !== 'C') { - self::$installed = require __DIR__ . '/installed.php'; - } else { - self::$installed = array(); - } - } - $installed[] = self::$installed; - - return $installed; - } +public static function getInstalledPackages() +{ +$packages = array(); +foreach (self::getInstalled() as $installed) { +$packages[] = array_keys($installed['versions']); +} + + +if (1 === \count($packages)) { +return $packages[0]; +} + +return array_keys(array_flip(\call_user_func_array('array_merge', $packages))); +} + + + + + + + + + +public static function isInstalled($packageName) +{ +foreach (self::getInstalled() as $installed) { +if (isset($installed['versions'][$packageName])) { +return true; +} +} + +return false; +} + + + + + + + + + + + + + + +public static function satisfies(VersionParser $parser, $packageName, $constraint) +{ +$constraint = $parser->parseConstraints($constraint); +$provided = $parser->parseConstraints(self::getVersionRanges($packageName)); + +return $provided->matches($constraint); +} + + + + + + + + + + +public static function getVersionRanges($packageName) +{ +foreach (self::getInstalled() as $installed) { +if (!isset($installed['versions'][$packageName])) { +continue; +} + +$ranges = array(); +if (isset($installed['versions'][$packageName]['pretty_version'])) { +$ranges[] = $installed['versions'][$packageName]['pretty_version']; +} +if (array_key_exists('aliases', $installed['versions'][$packageName])) { +$ranges = array_merge($ranges, $installed['versions'][$packageName]['aliases']); +} +if (array_key_exists('replaced', $installed['versions'][$packageName])) { +$ranges = array_merge($ranges, $installed['versions'][$packageName]['replaced']); +} +if (array_key_exists('provided', $installed['versions'][$packageName])) { +$ranges = array_merge($ranges, $installed['versions'][$packageName]['provided']); +} + +return implode(' || ', $ranges); +} + +throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); +} + + + + + +public static function getVersion($packageName) +{ +foreach (self::getInstalled() as $installed) { +if (!isset($installed['versions'][$packageName])) { +continue; +} + +if (!isset($installed['versions'][$packageName]['version'])) { +return null; +} + +return $installed['versions'][$packageName]['version']; +} + +throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); +} + + + + + +public static function getPrettyVersion($packageName) +{ +foreach (self::getInstalled() as $installed) { +if (!isset($installed['versions'][$packageName])) { +continue; +} + +if (!isset($installed['versions'][$packageName]['pretty_version'])) { +return null; +} + +return $installed['versions'][$packageName]['pretty_version']; +} + +throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); +} + + + + + +public static function getReference($packageName) +{ +foreach (self::getInstalled() as $installed) { +if (!isset($installed['versions'][$packageName])) { +continue; +} + +if (!isset($installed['versions'][$packageName]['reference'])) { +return null; +} + +return $installed['versions'][$packageName]['reference']; +} + +throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); +} + + + + + +public static function getRootPackage() +{ +$installed = self::getInstalled(); + +return $installed[0]['root']; +} + + + + + + + +public static function getRawData() +{ +return self::$installed; +} + + + + + + + + + + + + + + + + + + + +public static function reload($data) +{ +self::$installed = $data; +self::$installedByVendor = array(); +} + + + + +private static function getInstalled() +{ +if (null === self::$canGetVendors) { +self::$canGetVendors = method_exists('Composer\Autoload\ClassLoader', 'getRegisteredLoaders'); +} + +$installed = array(); + +if (self::$canGetVendors) { +foreach (ClassLoader::getRegisteredLoaders() as $vendorDir => $loader) { +if (isset(self::$installedByVendor[$vendorDir])) { +$installed[] = self::$installedByVendor[$vendorDir]; +} elseif (is_file($vendorDir.'/composer/installed.php')) { +$installed[] = self::$installedByVendor[$vendorDir] = require $vendorDir.'/composer/installed.php'; +} +} +} + +$installed[] = self::$installed; + +return $installed; +} } diff --git a/vendor/composer/autoload_real.php b/vendor/composer/autoload_real.php index 2c5e14e1..56b5e75a 100644 --- a/vendor/composer/autoload_real.php +++ b/vendor/composer/autoload_real.php @@ -65,16 +65,11 @@ class ComposerAutoloaderInit5f3db9fc1d0cf1dd6a77a1d84501b4b1 } } -/** - * @param string $fileIdentifier - * @param string $file - * @return void - */ function composerRequire5f3db9fc1d0cf1dd6a77a1d84501b4b1($fileIdentifier, $file) { if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) { - $GLOBALS['__composer_autoload_files'][$fileIdentifier] = true; - require $file; + + $GLOBALS['__composer_autoload_files'][$fileIdentifier] = true; } } diff --git a/vendor/composer/installed.json b/vendor/composer/installed.json index b305d60e..9972a8a9 100644 --- a/vendor/composer/installed.json +++ b/vendor/composer/installed.json @@ -525,23 +525,23 @@ }, { "name": "guzzlehttp/guzzle", - "version": "7.4.3", - "version_normalized": "7.4.3.0", + "version": "7.4.5", + "version_normalized": "7.4.5.0", "source": { "type": "git", "url": "https://github.com/guzzle/guzzle.git", - "reference": "74a8602c6faec9ef74b7a9391ac82c5e65b1cdab" + "reference": "1dd98b0564cb3f6bd16ce683cb755f94c10fbd82" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/guzzle/zipball/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab", - "reference": "74a8602c6faec9ef74b7a9391ac82c5e65b1cdab", + "url": "https://api.github.com/repos/guzzle/guzzle/zipball/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82", + "reference": "1dd98b0564cb3f6bd16ce683cb755f94c10fbd82", "shasum": "" }, "require": { "ext-json": "*", "guzzlehttp/promises": "^1.5", - "guzzlehttp/psr7": "^1.8.3 || ^2.1", + "guzzlehttp/psr7": "^1.9 || ^2.4", "php": "^7.2.5 || ^8.0", "psr/http-client": "^1.0", "symfony/deprecation-contracts": "^2.2 || ^3.0" @@ -561,7 +561,7 @@ "ext-intl": "Required for Internationalized Domain Name (IDN) support", "psr/log": "Required for using the Log middleware" }, - "time": "2022-05-25T13:24:33+00:00", + "time": "2022-06-20T22:16:13+00:00", "type": "library", "extra": { "branch-alias": { @@ -632,7 +632,7 @@ ], "support": { "issues": "https://github.com/guzzle/guzzle/issues", - "source": "https://github.com/guzzle/guzzle/tree/7.4.3" + "source": "https://github.com/guzzle/guzzle/tree/7.4.5" }, "funding": [ { @@ -739,17 +739,17 @@ }, { "name": "guzzlehttp/psr7", - "version": "2.2.1", - "version_normalized": "2.2.1.0", + "version": "2.4.0", + "version_normalized": "2.4.0.0", "source": { "type": "git", "url": "https://github.com/guzzle/psr7.git", - "reference": "c94a94f120803a18554c1805ef2e539f8285f9a2" + "reference": "13388f00956b1503577598873fffb5ae994b5737" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/psr7/zipball/c94a94f120803a18554c1805ef2e539f8285f9a2", - "reference": "c94a94f120803a18554c1805ef2e539f8285f9a2", + "url": "https://api.github.com/repos/guzzle/psr7/zipball/13388f00956b1503577598873fffb5ae994b5737", + "reference": "13388f00956b1503577598873fffb5ae994b5737", "shasum": "" }, "require": { @@ -770,11 +770,11 @@ "suggest": { "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses" }, - "time": "2022-03-20T21:55:58+00:00", + "time": "2022-06-20T21:43:11+00:00", "type": "library", "extra": { "branch-alias": { - "dev-master": "2.2-dev" + "dev-master": "2.4-dev" } }, "installation-source": "dist", @@ -837,7 +837,7 @@ ], "support": { "issues": "https://github.com/guzzle/psr7/issues", - "source": "https://github.com/guzzle/psr7/tree/2.2.1" + "source": "https://github.com/guzzle/psr7/tree/2.4.0" }, "funding": [ { @@ -1283,17 +1283,17 @@ }, { "name": "squizlabs/php_codesniffer", - "version": "3.7.0", - "version_normalized": "3.7.0.0", + "version": "3.7.1", + "version_normalized": "3.7.1.0", "source": { "type": "git", "url": "https://github.com/squizlabs/PHP_CodeSniffer.git", - "reference": "a2cd51b45bcaef9c1f2a4bda48f2dd2fa2b95563" + "reference": "1359e176e9307e906dc3d890bcc9603ff6d90619" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/squizlabs/PHP_CodeSniffer/zipball/a2cd51b45bcaef9c1f2a4bda48f2dd2fa2b95563", - "reference": "a2cd51b45bcaef9c1f2a4bda48f2dd2fa2b95563", + "url": "https://api.github.com/repos/squizlabs/PHP_CodeSniffer/zipball/1359e176e9307e906dc3d890bcc9603ff6d90619", + "reference": "1359e176e9307e906dc3d890bcc9603ff6d90619", "shasum": "" }, "require": { @@ -1305,7 +1305,7 @@ "require-dev": { "phpunit/phpunit": "^4.0 || ^5.0 || ^6.0 || ^7.0" }, - "time": "2022-06-13T06:31:38+00:00", + "time": "2022-06-18T07:21:10+00:00", "bin": [ "bin/phpcs", "bin/phpcbf" @@ -1342,27 +1342,27 @@ }, { "name": "symfony/deprecation-contracts", - "version": "v3.0.1", - "version_normalized": "3.0.1.0", + "version": "v3.1.0", + "version_normalized": "3.1.0.0", "source": { "type": "git", "url": "https://github.com/symfony/deprecation-contracts.git", - "reference": "26954b3d62a6c5fd0ea8a2a00c0353a14978d05c" + "reference": "07f1b9cc2ffee6aaafcf4b710fbc38ff736bd918" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/26954b3d62a6c5fd0ea8a2a00c0353a14978d05c", - "reference": "26954b3d62a6c5fd0ea8a2a00c0353a14978d05c", + "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/07f1b9cc2ffee6aaafcf4b710fbc38ff736bd918", + "reference": "07f1b9cc2ffee6aaafcf4b710fbc38ff736bd918", "shasum": "" }, "require": { - "php": ">=8.0.2" + "php": ">=8.1" }, - "time": "2022-01-02T09:55:41+00:00", + "time": "2022-02-25T11:15:52+00:00", "type": "library", "extra": { "branch-alias": { - "dev-main": "3.0-dev" + "dev-main": "3.1-dev" }, "thanks": { "name": "symfony/contracts", @@ -1392,7 +1392,7 @@ "description": "A generic function and convention to trigger deprecation notices", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/deprecation-contracts/tree/v3.0.1" + "source": "https://github.com/symfony/deprecation-contracts/tree/v3.1.0" }, "funding": [ { @@ -1560,11 +1560,66 @@ } ], "install-path": "../symfony/process" + }, + { + "name": "wp-coding-standards/wpcs", + "version": "2.3.0", + "version_normalized": "2.3.0.0", + "source": { + "type": "git", + "url": "https://github.com/WordPress/WordPress-Coding-Standards.git", + "reference": "7da1894633f168fe244afc6de00d141f27517b62" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/WordPress/WordPress-Coding-Standards/zipball/7da1894633f168fe244afc6de00d141f27517b62", + "reference": "7da1894633f168fe244afc6de00d141f27517b62", + "shasum": "" + }, + "require": { + "php": ">=5.4", + "squizlabs/php_codesniffer": "^3.3.1" + }, + "require-dev": { + "dealerdirect/phpcodesniffer-composer-installer": "^0.5 || ^0.6", + "phpcompatibility/php-compatibility": "^9.0", + "phpcsstandards/phpcsdevtools": "^1.0", + "phpunit/phpunit": "^4.0 || ^5.0 || ^6.0 || ^7.0" + }, + "suggest": { + "dealerdirect/phpcodesniffer-composer-installer": "^0.6 || This Composer plugin will sort out the PHPCS 'installed_paths' automatically." + }, + "time": "2020-05-13T23:57:56+00:00", + "type": "phpcodesniffer-standard", + "installation-source": "dist", + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Contributors", + "homepage": "https://github.com/WordPress/WordPress-Coding-Standards/graphs/contributors" + } + ], + "description": "PHP_CodeSniffer rules (sniffs) to enforce WordPress coding conventions", + "keywords": [ + "phpcs", + "standards", + "wordpress" + ], + "support": { + "issues": "https://github.com/WordPress/WordPress-Coding-Standards/issues", + "source": "https://github.com/WordPress/WordPress-Coding-Standards", + "wiki": "https://github.com/WordPress/WordPress-Coding-Standards/wiki" + }, + "install-path": "../wp-coding-standards/wpcs" } ], "dev": true, "dev-package-names": [ "dealerdirect/phpcodesniffer-composer-installer", - "squizlabs/php_codesniffer" + "squizlabs/php_codesniffer", + "wp-coding-standards/wpcs" ] } diff --git a/vendor/composer/installed.php b/vendor/composer/installed.php index 870debb0..42c4f3af 100644 --- a/vendor/composer/installed.php +++ b/vendor/composer/installed.php @@ -1,239 +1,252 @@ - array( - 'pretty_version' => 'dev-develop', - 'version' => 'dev-develop', - 'type' => 'library', - 'install_path' => __DIR__ . '/../../', - 'aliases' => array(), - 'reference' => 'e38691fe5efc940251b1b92d3fe3438a3088f3a7', - 'name' => '__root__', - 'dev' => true, + + array ( + 'pretty_version' => 'dev-develop', + 'version' => 'dev-develop', + 'aliases' => + array ( ), - 'versions' => array( - '__root__' => array( - 'pretty_version' => 'dev-develop', - 'version' => 'dev-develop', - 'type' => 'library', - 'install_path' => __DIR__ . '/../../', - 'aliases' => array(), - 'reference' => 'e38691fe5efc940251b1b92d3fe3438a3088f3a7', - 'dev_requirement' => false, - ), - 'composer/ca-bundle' => array( - 'pretty_version' => '1.3.2', - 'version' => '1.3.2.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/./ca-bundle', - 'aliases' => array(), - 'reference' => 'fd5dd441932a7e10ca6e5b490e272d34c8430640', - 'dev_requirement' => false, - ), - 'dealerdirect/phpcodesniffer-composer-installer' => array( - 'pretty_version' => 'v0.7.2', - 'version' => '0.7.2.0', - 'type' => 'composer-plugin', - 'install_path' => __DIR__ . '/../dealerdirect/phpcodesniffer-composer-installer', - 'aliases' => array(), - 'reference' => '1c968e542d8843d7cd71de3c5c9c3ff3ad71a1db', - 'dev_requirement' => true, - ), - 'embed/embed' => array( - 'pretty_version' => 'v4.4.4', - 'version' => '4.4.4.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../embed/embed', - 'aliases' => array(), - 'reference' => '52c2d77f58672868346ae09b0fa1eecc818bdf42', - 'dev_requirement' => false, - ), - 'gettext/gettext' => array( - 'pretty_version' => 'v5.6.1', - 'version' => '5.6.1.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../gettext/gettext', - 'aliases' => array(), - 'reference' => '017e249601d32b9a88c2eb4c10eac89bf582a7d3', - 'dev_requirement' => false, - ), - 'gettext/languages' => array( - 'pretty_version' => '2.9.0', - 'version' => '2.9.0.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../gettext/languages', - 'aliases' => array(), - 'reference' => 'ed56dd2c7f4024cc953ed180d25f02f2640e3ffa', - 'dev_requirement' => false, - ), - 'gettext/translator' => array( - 'pretty_version' => 'v1.1.1', - 'version' => '1.1.1.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../gettext/translator', - 'aliases' => array(), - 'reference' => 'b18ff33e8203de623854561f5e47e992fc5c50bb', - 'dev_requirement' => false, - ), - 'grandel/include-directory' => array( - 'pretty_version' => 'v0.2.2', - 'version' => '0.2.2.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../grandel/include-directory', - 'aliases' => array(), - 'reference' => 'a5c830e8f1527c818b521ab18f2accecb02f9919', - 'dev_requirement' => false, - ), - 'guzzlehttp/guzzle' => array( - 'pretty_version' => '7.4.3', - 'version' => '7.4.3.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../guzzlehttp/guzzle', - 'aliases' => array(), - 'reference' => '74a8602c6faec9ef74b7a9391ac82c5e65b1cdab', - 'dev_requirement' => false, - ), - 'guzzlehttp/promises' => array( - 'pretty_version' => '1.5.1', - 'version' => '1.5.1.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../guzzlehttp/promises', - 'aliases' => array(), - 'reference' => 'fe752aedc9fd8fcca3fe7ad05d419d32998a06da', - 'dev_requirement' => false, - ), - 'guzzlehttp/psr7' => array( - 'pretty_version' => '2.2.1', - 'version' => '2.2.1.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../guzzlehttp/psr7', - 'aliases' => array(), - 'reference' => 'c94a94f120803a18554c1805ef2e539f8285f9a2', - 'dev_requirement' => false, - ), - 'ml/iri' => array( - 'pretty_version' => '1.1.4', - 'version' => '1.1.4.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../ml/iri/ML/IRI', - 'aliases' => array(), - 'reference' => 'cbd44fa913e00ea624241b38cefaa99da8d71341', - 'dev_requirement' => false, - ), - 'ml/json-ld' => array( - 'pretty_version' => '1.2.0', - 'version' => '1.2.0.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../ml/json-ld', - 'aliases' => array(), - 'reference' => 'c74a1aed5979ed1cfb1be35a55a305fd30e30b93', - 'dev_requirement' => false, - ), - 'oscarotero/html-parser' => array( - 'pretty_version' => 'v0.1.6', - 'version' => '0.1.6.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../oscarotero/html-parser', - 'aliases' => array(), - 'reference' => 'b61e92f634d0dc184339d24630a6968d3ac64ded', - 'dev_requirement' => false, - ), - 'psr/http-client' => array( - 'pretty_version' => '1.0.1', - 'version' => '1.0.1.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../psr/http-client', - 'aliases' => array(), - 'reference' => '2dfb5f6c5eff0e91e20e913f8c5452ed95b86621', - 'dev_requirement' => false, - ), - 'psr/http-client-implementation' => array( - 'dev_requirement' => false, - 'provided' => array( - 0 => '1.0', - ), - ), - 'psr/http-factory' => array( - 'pretty_version' => '1.0.1', - 'version' => '1.0.1.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../psr/http-factory', - 'aliases' => array(), - 'reference' => '12ac7fcd07e5b077433f5f2bee95b3a771bf61be', - 'dev_requirement' => false, - ), - 'psr/http-factory-implementation' => array( - 'dev_requirement' => false, - 'provided' => array( - 0 => '1.0', - ), - ), - 'psr/http-message' => array( - 'pretty_version' => '1.0.1', - 'version' => '1.0.1.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../psr/http-message', - 'aliases' => array(), - 'reference' => 'f6561bf28d520154e4b0ec72be95418abe6d9363', - 'dev_requirement' => false, - ), - 'psr/http-message-implementation' => array( - 'dev_requirement' => false, - 'provided' => array( - 0 => '1.0', - ), - ), - 'qferr/mjml-php' => array( - 'pretty_version' => '1.1.0', - 'version' => '1.1.0.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../qferr/mjml-php', - 'aliases' => array(), - 'reference' => 'c6ea36c190e304e399a957f7e03b5a378faf41b9', - 'dev_requirement' => false, - ), - 'ralouphie/getallheaders' => array( - 'pretty_version' => '3.0.3', - 'version' => '3.0.3.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../ralouphie/getallheaders', - 'aliases' => array(), - 'reference' => '120b605dfeb996808c31b6477290a714d356e822', - 'dev_requirement' => false, - ), - 'squizlabs/php_codesniffer' => array( - 'pretty_version' => '3.7.0', - 'version' => '3.7.0.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../squizlabs/php_codesniffer', - 'aliases' => array(), - 'reference' => 'a2cd51b45bcaef9c1f2a4bda48f2dd2fa2b95563', - 'dev_requirement' => true, - ), - 'symfony/deprecation-contracts' => array( - 'pretty_version' => 'v3.0.1', - 'version' => '3.0.1.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../symfony/deprecation-contracts', - 'aliases' => array(), - 'reference' => '26954b3d62a6c5fd0ea8a2a00c0353a14978d05c', - 'dev_requirement' => false, - ), - 'symfony/polyfill-php80' => array( - 'pretty_version' => 'v1.26.0', - 'version' => '1.26.0.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../symfony/polyfill-php80', - 'aliases' => array(), - 'reference' => 'cfa0ae98841b9e461207c13ab093d76b0fa7bace', - 'dev_requirement' => false, - ), - 'symfony/process' => array( - 'pretty_version' => 'v5.4.8', - 'version' => '5.4.8.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../symfony/process', - 'aliases' => array(), - 'reference' => '597f3fff8e3e91836bb0bd38f5718b56ddbde2f3', - 'dev_requirement' => false, - ), + 'reference' => '03788f71ffb580b6f1b6469fdc74463f381928d8', + 'name' => '__root__', + ), + 'versions' => + array ( + '__root__' => + array ( + 'pretty_version' => 'dev-develop', + 'version' => 'dev-develop', + 'aliases' => + array ( + ), + 'reference' => '03788f71ffb580b6f1b6469fdc74463f381928d8', ), + 'composer/ca-bundle' => + array ( + 'pretty_version' => '1.3.2', + 'version' => '1.3.2.0', + 'aliases' => + array ( + ), + 'reference' => 'fd5dd441932a7e10ca6e5b490e272d34c8430640', + ), + 'dealerdirect/phpcodesniffer-composer-installer' => + array ( + 'pretty_version' => 'v0.7.2', + 'version' => '0.7.2.0', + 'aliases' => + array ( + ), + 'reference' => '1c968e542d8843d7cd71de3c5c9c3ff3ad71a1db', + ), + 'embed/embed' => + array ( + 'pretty_version' => 'v4.4.4', + 'version' => '4.4.4.0', + 'aliases' => + array ( + ), + 'reference' => '52c2d77f58672868346ae09b0fa1eecc818bdf42', + ), + 'gettext/gettext' => + array ( + 'pretty_version' => 'v5.6.1', + 'version' => '5.6.1.0', + 'aliases' => + array ( + ), + 'reference' => '017e249601d32b9a88c2eb4c10eac89bf582a7d3', + ), + 'gettext/languages' => + array ( + 'pretty_version' => '2.9.0', + 'version' => '2.9.0.0', + 'aliases' => + array ( + ), + 'reference' => 'ed56dd2c7f4024cc953ed180d25f02f2640e3ffa', + ), + 'gettext/translator' => + array ( + 'pretty_version' => 'v1.1.1', + 'version' => '1.1.1.0', + 'aliases' => + array ( + ), + 'reference' => 'b18ff33e8203de623854561f5e47e992fc5c50bb', + ), + 'grandel/include-directory' => + array ( + 'pretty_version' => 'v0.2.2', + 'version' => '0.2.2.0', + 'aliases' => + array ( + ), + 'reference' => 'a5c830e8f1527c818b521ab18f2accecb02f9919', + ), + 'guzzlehttp/guzzle' => + array ( + 'pretty_version' => '7.4.5', + 'version' => '7.4.5.0', + 'aliases' => + array ( + ), + 'reference' => '1dd98b0564cb3f6bd16ce683cb755f94c10fbd82', + ), + 'guzzlehttp/promises' => + array ( + 'pretty_version' => '1.5.1', + 'version' => '1.5.1.0', + 'aliases' => + array ( + ), + 'reference' => 'fe752aedc9fd8fcca3fe7ad05d419d32998a06da', + ), + 'guzzlehttp/psr7' => + array ( + 'pretty_version' => '2.4.0', + 'version' => '2.4.0.0', + 'aliases' => + array ( + ), + 'reference' => '13388f00956b1503577598873fffb5ae994b5737', + ), + 'ml/iri' => + array ( + 'pretty_version' => '1.1.4', + 'version' => '1.1.4.0', + 'aliases' => + array ( + ), + 'reference' => 'cbd44fa913e00ea624241b38cefaa99da8d71341', + ), + 'ml/json-ld' => + array ( + 'pretty_version' => '1.2.0', + 'version' => '1.2.0.0', + 'aliases' => + array ( + ), + 'reference' => 'c74a1aed5979ed1cfb1be35a55a305fd30e30b93', + ), + 'oscarotero/html-parser' => + array ( + 'pretty_version' => 'v0.1.6', + 'version' => '0.1.6.0', + 'aliases' => + array ( + ), + 'reference' => 'b61e92f634d0dc184339d24630a6968d3ac64ded', + ), + 'psr/http-client' => + array ( + 'pretty_version' => '1.0.1', + 'version' => '1.0.1.0', + 'aliases' => + array ( + ), + 'reference' => '2dfb5f6c5eff0e91e20e913f8c5452ed95b86621', + ), + 'psr/http-client-implementation' => + array ( + 'provided' => + array ( + 0 => '1.0', + ), + ), + 'psr/http-factory' => + array ( + 'pretty_version' => '1.0.1', + 'version' => '1.0.1.0', + 'aliases' => + array ( + ), + 'reference' => '12ac7fcd07e5b077433f5f2bee95b3a771bf61be', + ), + 'psr/http-factory-implementation' => + array ( + 'provided' => + array ( + 0 => '1.0', + ), + ), + 'psr/http-message' => + array ( + 'pretty_version' => '1.0.1', + 'version' => '1.0.1.0', + 'aliases' => + array ( + ), + 'reference' => 'f6561bf28d520154e4b0ec72be95418abe6d9363', + ), + 'psr/http-message-implementation' => + array ( + 'provided' => + array ( + 0 => '1.0', + ), + ), + 'qferr/mjml-php' => + array ( + 'pretty_version' => '1.1.0', + 'version' => '1.1.0.0', + 'aliases' => + array ( + ), + 'reference' => 'c6ea36c190e304e399a957f7e03b5a378faf41b9', + ), + 'ralouphie/getallheaders' => + array ( + 'pretty_version' => '3.0.3', + 'version' => '3.0.3.0', + 'aliases' => + array ( + ), + 'reference' => '120b605dfeb996808c31b6477290a714d356e822', + ), + 'squizlabs/php_codesniffer' => + array ( + 'pretty_version' => '3.7.1', + 'version' => '3.7.1.0', + 'aliases' => + array ( + ), + 'reference' => '1359e176e9307e906dc3d890bcc9603ff6d90619', + ), + 'symfony/deprecation-contracts' => + array ( + 'pretty_version' => 'v3.1.0', + 'version' => '3.1.0.0', + 'aliases' => + array ( + ), + 'reference' => '07f1b9cc2ffee6aaafcf4b710fbc38ff736bd918', + ), + 'symfony/polyfill-php80' => + array ( + 'pretty_version' => 'v1.26.0', + 'version' => '1.26.0.0', + 'aliases' => + array ( + ), + 'reference' => 'cfa0ae98841b9e461207c13ab093d76b0fa7bace', + ), + 'symfony/process' => + array ( + 'pretty_version' => 'v5.4.8', + 'version' => '5.4.8.0', + 'aliases' => + array ( + ), + 'reference' => '597f3fff8e3e91836bb0bd38f5718b56ddbde2f3', + ), + 'wp-coding-standards/wpcs' => + array ( + 'pretty_version' => '2.3.0', + 'version' => '2.3.0.0', + 'aliases' => + array ( + ), + 'reference' => '7da1894633f168fe244afc6de00d141f27517b62', + ), + ), ); diff --git a/vendor/composer/platform_check.php b/vendor/composer/platform_check.php index b168ddd5..4c3a5d68 100644 --- a/vendor/composer/platform_check.php +++ b/vendor/composer/platform_check.php @@ -4,8 +4,8 @@ $issues = array(); -if (!(PHP_VERSION_ID >= 80002)) { - $issues[] = 'Your Composer dependencies require a PHP version ">= 8.0.2". You are running ' . PHP_VERSION . '.'; +if (!(PHP_VERSION_ID >= 80100)) { + $issues[] = 'Your Composer dependencies require a PHP version ">= 8.1.0". You are running ' . PHP_VERSION . '.'; } if ($issues) { diff --git a/vendor/guzzlehttp/guzzle/CHANGELOG.md b/vendor/guzzlehttp/guzzle/CHANGELOG.md index 8d19ea86..3aaf11bf 100644 --- a/vendor/guzzlehttp/guzzle/CHANGELOG.md +++ b/vendor/guzzlehttp/guzzle/CHANGELOG.md @@ -2,6 +2,16 @@ Please refer to [UPGRADING](UPGRADING.md) guide for upgrading to a major version. +## 7.4.5 - 2022-06-20 + +* Fix change in port should be considered a change in origin +* Fix `CURLOPT_HTTPAUTH` option not cleared on change of origin + +## 7.4.4 - 2022-06-09 + +* Fix failure to strip Authorization header on HTTP downgrade +* Fix failure to strip the Cookie header on change in host or HTTP downgrade + ## 7.4.3 - 2022-05-25 * Fix cross-domain cookie leakage diff --git a/vendor/guzzlehttp/guzzle/README.md b/vendor/guzzlehttp/guzzle/README.md index c96b246e..f287fa98 100644 --- a/vendor/guzzlehttp/guzzle/README.md +++ b/vendor/guzzlehttp/guzzle/README.md @@ -44,7 +44,7 @@ We use GitHub issues only to discuss bugs and new features. For support please r - [Documentation](https://docs.guzzlephp.org) - [Stack Overflow](https://stackoverflow.com/questions/tagged/guzzle) -- [#guzzle](https://app.slack.com/client/T0D2S9JCT/CE6UAAKL4) channel on [PHP-HTTP Slack](http://slack.httplug.io/) +- [#guzzle](https://app.slack.com/client/T0D2S9JCT/CE6UAAKL4) channel on [PHP-HTTP Slack](https://slack.httplug.io/) - [Gitter](https://gitter.im/guzzle/guzzle) @@ -73,10 +73,10 @@ composer require guzzlehttp/guzzle [guzzle-5-repo]: https://github.com/guzzle/guzzle/tree/5.3 [guzzle-6-repo]: https://github.com/guzzle/guzzle/tree/6.5 [guzzle-7-repo]: https://github.com/guzzle/guzzle -[guzzle-3-docs]: http://guzzle3.readthedocs.org -[guzzle-5-docs]: http://docs.guzzlephp.org/en/5.3/ -[guzzle-6-docs]: http://docs.guzzlephp.org/en/6.5/ -[guzzle-7-docs]: http://docs.guzzlephp.org/en/latest/ +[guzzle-3-docs]: https://guzzle3.readthedocs.io/ +[guzzle-5-docs]: https://docs.guzzlephp.org/en/5.3/ +[guzzle-6-docs]: https://docs.guzzlephp.org/en/6.5/ +[guzzle-7-docs]: https://docs.guzzlephp.org/en/latest/ ## Security diff --git a/vendor/guzzlehttp/guzzle/composer.json b/vendor/guzzlehttp/guzzle/composer.json index 9d60de42..7e043b03 100644 --- a/vendor/guzzlehttp/guzzle/composer.json +++ b/vendor/guzzlehttp/guzzle/composer.json @@ -54,7 +54,7 @@ "php": "^7.2.5 || ^8.0", "ext-json": "*", "guzzlehttp/promises": "^1.5", - "guzzlehttp/psr7": "^1.8.3 || ^2.1", + "guzzlehttp/psr7": "^1.9 || ^2.4", "psr/http-client": "^1.0", "symfony/deprecation-contracts": "^2.2 || ^3.0" }, diff --git a/vendor/guzzlehttp/guzzle/src/RedirectMiddleware.php b/vendor/guzzlehttp/guzzle/src/RedirectMiddleware.php index 89c06526..f67d448b 100644 --- a/vendor/guzzlehttp/guzzle/src/RedirectMiddleware.php +++ b/vendor/guzzlehttp/guzzle/src/RedirectMiddleware.php @@ -88,10 +88,8 @@ class RedirectMiddleware $this->guardMax($request, $response, $options); $nextRequest = $this->modifyRequest($request, $options, $response); - // If authorization is handled by curl, unset it if host is different. - if ($request->getUri()->getHost() !== $nextRequest->getUri()->getHost() - && defined('\CURLOPT_HTTPAUTH') - ) { + // If authorization is handled by curl, unset it if URI is cross-origin. + if (Psr7\UriComparator::isCrossOrigin($request->getUri(), $nextRequest->getUri()) && defined('\CURLOPT_HTTPAUTH')) { unset( $options['curl'][\CURLOPT_HTTPAUTH], $options['curl'][\CURLOPT_USERPWD] @@ -142,7 +140,7 @@ class RedirectMiddleware } /** - * Check for too many redirects + * Check for too many redirects. * * @throws TooManyRedirectsException Too many redirects. */ @@ -178,7 +176,7 @@ class RedirectMiddleware $modify['body'] = ''; } - $uri = $this->redirectUri($request, $response, $protocols); + $uri = self::redirectUri($request, $response, $protocols); if (isset($options['idn_conversion']) && ($options['idn_conversion'] !== false)) { $idnOptions = ($options['idn_conversion'] === true) ? \IDNA_DEFAULT : $options['idn_conversion']; $uri = Utils::idnUriConvert($uri, $idnOptions); @@ -198,19 +196,23 @@ class RedirectMiddleware $modify['remove_headers'][] = 'Referer'; } - // Remove Authorization header if host is different. - if ($request->getUri()->getHost() !== $modify['uri']->getHost()) { + // Remove Authorization and Cookie headers if URI is cross-origin. + if (Psr7\UriComparator::isCrossOrigin($request->getUri(), $modify['uri'])) { $modify['remove_headers'][] = 'Authorization'; + $modify['remove_headers'][] = 'Cookie'; } return Psr7\Utils::modifyRequest($request, $modify); } /** - * Set the appropriate URL on the request based on the location header + * Set the appropriate URL on the request based on the location header. */ - private function redirectUri(RequestInterface $request, ResponseInterface $response, array $protocols): UriInterface - { + private static function redirectUri( + RequestInterface $request, + ResponseInterface $response, + array $protocols + ): UriInterface { $location = Psr7\UriResolver::resolve( $request->getUri(), new Psr7\Uri($response->getHeaderLine('Location')) diff --git a/vendor/guzzlehttp/psr7/CHANGELOG.md b/vendor/guzzlehttp/psr7/CHANGELOG.md index 14637cbb..90e22ff9 100644 --- a/vendor/guzzlehttp/psr7/CHANGELOG.md +++ b/vendor/guzzlehttp/psr7/CHANGELOG.md @@ -7,6 +7,30 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased +## 2.4.0 - 2022-06-20 + +### Added + +- Added provisional PHP 8.2 support +- Added `UriComparator::isCrossOrigin` method + +## 2.3.0 - 2022-06-09 + +### Fixed + +- Added `Header::splitList` method +- Added `Utils::tryGetContents` method +- Improved `Stream::getContents` method +- Updated mimetype mappings + +## 2.2.2 - 2022-06-08 + +### Fixed + +- Fix `Message::parseRequestUri` for numeric headers +- Re-wrap exceptions thrown in `fread` into runtime exceptions +- Throw an exception when multipart options is misformatted + ## 2.2.1 - 2022-03-20 ### Fixed diff --git a/vendor/guzzlehttp/psr7/README.md b/vendor/guzzlehttp/psr7/README.md index ed81c927..eea803a0 100644 --- a/vendor/guzzlehttp/psr7/README.md +++ b/vendor/guzzlehttp/psr7/README.md @@ -1,6 +1,6 @@ # PSR-7 Message Implementation -This repository contains a full [PSR-7](http://www.php-fig.org/psr/psr-7/) +This repository contains a full [PSR-7](https://www.php-fig.org/psr/psr-7/) message implementation, several stream decorators, and some helpful functionality like query string parsing. @@ -527,6 +527,17 @@ When fopen fails, PHP normally raises a warning. This function adds an error handler that checks for errors and throws an exception instead. +## `GuzzleHttp\Psr7\Utils::tryGetContents` + +`public static function tryGetContents(resource $stream): string` + +Safely gets the contents of a given stream. + +When stream_get_contents fails, PHP normally raises a warning. This +function adds an error handler that checks for errors and throws an +exception instead. + + ## `GuzzleHttp\Psr7\Utils::uriFor` `public static function uriFor(string|UriInterface $uri): UriInterface` @@ -658,7 +669,7 @@ manually but instead is used indirectly via `Psr\Http\Message\UriInterface::__to `public static function fromParts(array $parts): UriInterface` -Creates a URI from a hash of [`parse_url`](http://php.net/manual/en/function.parse-url.php) components. +Creates a URI from a hash of [`parse_url`](https://www.php.net/manual/en/function.parse-url.php) components. ### `GuzzleHttp\Psr7\Uri::withQueryValue` @@ -683,6 +694,16 @@ associative array of key => value. Creates a new URI with a specific query string value removed. Any existing query string values that exactly match the provided key are removed. +## Cross-Origin Detection + +`GuzzleHttp\Psr7\UriComparator` provides methods to determine if a modified URL should be considered cross-origin. + +### `GuzzleHttp\Psr7\UriComparator::isCrossOrigin` + +`public static function isCrossOrigin(UriInterface $original, UriInterface $modified): bool` + +Determines if a modified URL should be considered cross-origin with respect to an original URL. + ## Reference Resolution `GuzzleHttp\Psr7\UriResolver` provides methods to resolve a URI reference in the context of a base URI according @@ -808,14 +829,24 @@ This of course assumes they will be resolved against the same base URI. If this equivalence or difference of relative references does not mean anything. +## Version Guidance + +| Version | Status | PHP Version | +|---------|----------------|------------------| +| 1.x | Security fixes | >=5.4,<8.1 | +| 2.x | Latest | ^7.2.5 \|\| ^8.0 | + + ## Security If you discover a security vulnerability within this package, please send an email to security@tidelift.com. All security vulnerabilities will be promptly addressed. Please do not disclose security-related issues publicly until a fix has been announced. Please see [Security Policy](https://github.com/guzzle/psr7/security/policy) for more information. + ## License Guzzle is made available under the MIT License (MIT). Please see [License File](LICENSE) for more information. + ## For Enterprise Available as part of the Tidelift Subscription diff --git a/vendor/guzzlehttp/psr7/composer.json b/vendor/guzzlehttp/psr7/composer.json index 1aed3ed6..d2c7106c 100644 --- a/vendor/guzzlehttp/psr7/composer.json +++ b/vendor/guzzlehttp/psr7/composer.json @@ -79,7 +79,7 @@ }, "extra": { "branch-alias": { - "dev-master": "2.2-dev" + "dev-master": "2.4-dev" } }, "config": { @@ -87,9 +87,6 @@ "bamarni/composer-bin-plugin": true }, "preferred-install": "dist", - "sort-packages": true, - "allow-plugins": { - "bamarni/composer-bin-plugin": true - } + "sort-packages": true } } diff --git a/vendor/guzzlehttp/psr7/src/CachingStream.php b/vendor/guzzlehttp/psr7/src/CachingStream.php index 7a70ee94..f34722cf 100644 --- a/vendor/guzzlehttp/psr7/src/CachingStream.php +++ b/vendor/guzzlehttp/psr7/src/CachingStream.php @@ -20,6 +20,11 @@ final class CachingStream implements StreamInterface /** @var int Number of bytes to skip reading due to a write on the buffer */ private $skipReadBytes = 0; + /** + * @var StreamInterface + */ + private $stream; + /** * We will treat the buffer object as the body of the stream * diff --git a/vendor/guzzlehttp/psr7/src/DroppingStream.php b/vendor/guzzlehttp/psr7/src/DroppingStream.php index d78070ae..6e3d209d 100644 --- a/vendor/guzzlehttp/psr7/src/DroppingStream.php +++ b/vendor/guzzlehttp/psr7/src/DroppingStream.php @@ -17,6 +17,9 @@ final class DroppingStream implements StreamInterface /** @var int */ private $maxLength; + /** @var StreamInterface */ + private $stream; + /** * @param StreamInterface $stream Underlying stream to decorate. * @param int $maxLength Maximum size before dropping data. diff --git a/vendor/guzzlehttp/psr7/src/FnStream.php b/vendor/guzzlehttp/psr7/src/FnStream.php index c2156184..3a1a9512 100644 --- a/vendor/guzzlehttp/psr7/src/FnStream.php +++ b/vendor/guzzlehttp/psr7/src/FnStream.php @@ -12,6 +12,7 @@ use Psr\Http\Message\StreamInterface; * Allows for easy testing and extension of a provided stream without needing * to create a concrete class for a simple extension point. */ +#[\AllowDynamicProperties] final class FnStream implements StreamInterface { private const SLOTS = [ diff --git a/vendor/guzzlehttp/psr7/src/Header.php b/vendor/guzzlehttp/psr7/src/Header.php index b219b87b..10744ed4 100644 --- a/vendor/guzzlehttp/psr7/src/Header.php +++ b/vendor/guzzlehttp/psr7/src/Header.php @@ -19,20 +19,22 @@ final class Header static $trimmed = "\"' \n\t\r"; $params = $matches = []; - foreach (self::normalize($header) as $val) { - $part = []; - foreach (preg_split('/;(?=([^"]*"[^"]*")*[^"]*$)/', $val) as $kvp) { - if (preg_match_all('/<[^>]+>|[^=]+/', $kvp, $matches)) { - $m = $matches[0]; - if (isset($m[1])) { - $part[trim($m[0], $trimmed)] = trim($m[1], $trimmed); - } else { - $part[] = trim($m[0], $trimmed); + foreach ((array) $header as $value) { + foreach (self::splitList($value) as $val) { + $part = []; + foreach (preg_split('/;(?=([^"]*"[^"]*")*[^"]*$)/', $val) as $kvp) { + if (preg_match_all('/<[^>]+>|[^=]+/', $kvp, $matches)) { + $m = $matches[0]; + if (isset($m[1])) { + $part[trim($m[0], $trimmed)] = trim($m[1], $trimmed); + } else { + $part[] = trim($m[0], $trimmed); + } } } - } - if ($part) { - $params[] = $part; + if ($part) { + $params[] = $part; + } } } @@ -44,25 +46,86 @@ final class Header * headers into an array of headers with no comma separated values. * * @param string|array $header Header to normalize. + * + * @deprecated Use self::splitList() instead. */ public static function normalize($header): array { $result = []; foreach ((array) $header as $value) { - foreach ((array) $value as $v) { - if (strpos($v, ',') === false) { - $trimmed = trim($v); - if ($trimmed !== '') { - $result[] = $trimmed; - } + foreach (self::splitList($value) as $parsed) { + $result[] = $parsed; + } + } + + return $result; + } + + /** + * Splits a HTTP header defined to contain comma-separated list into + * each individual value. Empty values will be removed. + * + * Example headers include 'accept', 'cache-control' and 'if-none-match'. + * + * This method must not be used to parse headers that are not defined as + * a list, such as 'user-agent' or 'set-cookie'. + * + * @param string|string[] $values Header value as returned by MessageInterface::getHeader() + * + * @return string[] + */ + public static function splitList($values): array + { + if (!\is_array($values)) { + $values = [$values]; + } + + $result = []; + foreach ($values as $value) { + if (!\is_string($value)) { + throw new \TypeError('$header must either be a string or an array containing strings.'); + } + + $v = ''; + $isQuoted = false; + $isEscaped = false; + for ($i = 0, $max = \strlen($value); $i < $max; $i++) { + if ($isEscaped) { + $v .= $value[$i]; + $isEscaped = false; + continue; } - foreach (preg_split('/,(?=([^"]*"([^"]|\\\\.)*")*[^"]*$)/', $v) as $vv) { - $trimmed = trim($vv); - if ($trimmed !== '') { - $result[] = $trimmed; + + if (!$isQuoted && $value[$i] === ',') { + $v = \trim($v); + if ($v !== '') { + $result[] = $v; } + + $v = ''; + continue; } + + if ($isQuoted && $value[$i] === '\\') { + $isEscaped = true; + $v .= $value[$i]; + + continue; + } + if ($value[$i] === '"') { + $isQuoted = !$isQuoted; + $v .= $value[$i]; + + continue; + } + + $v .= $value[$i]; + } + + $v = \trim($v); + if ($v !== '') { + $result[] = $v; } } diff --git a/vendor/guzzlehttp/psr7/src/InflateStream.php b/vendor/guzzlehttp/psr7/src/InflateStream.php index 8e3cf171..8e00f1c3 100644 --- a/vendor/guzzlehttp/psr7/src/InflateStream.php +++ b/vendor/guzzlehttp/psr7/src/InflateStream.php @@ -21,6 +21,9 @@ final class InflateStream implements StreamInterface { use StreamDecoratorTrait; + /** @var StreamInterface */ + private $stream; + public function __construct(StreamInterface $stream) { $resource = StreamWrapper::getResource($stream); diff --git a/vendor/guzzlehttp/psr7/src/LazyOpenStream.php b/vendor/guzzlehttp/psr7/src/LazyOpenStream.php index 6b604296..5618331f 100644 --- a/vendor/guzzlehttp/psr7/src/LazyOpenStream.php +++ b/vendor/guzzlehttp/psr7/src/LazyOpenStream.php @@ -10,6 +10,7 @@ use Psr\Http\Message\StreamInterface; * Lazily reads or writes to a file that is opened only after an IO operation * take place on the stream. */ +#[\AllowDynamicProperties] final class LazyOpenStream implements StreamInterface { use StreamDecoratorTrait; diff --git a/vendor/guzzlehttp/psr7/src/LimitStream.php b/vendor/guzzlehttp/psr7/src/LimitStream.php index 9762d38a..fb223255 100644 --- a/vendor/guzzlehttp/psr7/src/LimitStream.php +++ b/vendor/guzzlehttp/psr7/src/LimitStream.php @@ -19,6 +19,9 @@ final class LimitStream implements StreamInterface /** @var int Limit the number of bytes that can be read */ private $limit; + /** @var StreamInterface */ + private $stream; + /** * @param StreamInterface $stream Stream to wrap * @param int $limit Total number of bytes to allow to be read diff --git a/vendor/guzzlehttp/psr7/src/Message.php b/vendor/guzzlehttp/psr7/src/Message.php index 9b825b30..335a6dd3 100644 --- a/vendor/guzzlehttp/psr7/src/Message.php +++ b/vendor/guzzlehttp/psr7/src/Message.php @@ -175,6 +175,9 @@ final class Message public static function parseRequestUri(string $path, array $headers): string { $hostKey = array_filter(array_keys($headers), function ($k) { + // Numeric array keys are converted to int by PHP. + $k = (string) $k; + return strtolower($k) === 'host'; }); diff --git a/vendor/guzzlehttp/psr7/src/MessageTrait.php b/vendor/guzzlehttp/psr7/src/MessageTrait.php index a8696b98..d2dc28b6 100644 --- a/vendor/guzzlehttp/psr7/src/MessageTrait.php +++ b/vendor/guzzlehttp/psr7/src/MessageTrait.php @@ -145,11 +145,9 @@ trait MessageTrait { $this->headerNames = $this->headers = []; foreach ($headers as $header => $value) { - if (is_int($header)) { - // Numeric array keys are converted to int by PHP but having a header name '123' is not forbidden by the spec - // and also allowed in withHeader(). So we need to cast it to string again for the following assertion to pass. - $header = (string) $header; - } + // Numeric array keys are converted to int by PHP. + $header = (string) $header; + $this->assertHeader($header); $value = $this->normalizeHeaderValue($value); $normalized = strtolower($header); diff --git a/vendor/guzzlehttp/psr7/src/MimeType.php b/vendor/guzzlehttp/psr7/src/MimeType.php index 3bcb07ae..0debbd18 100644 --- a/vendor/guzzlehttp/psr7/src/MimeType.php +++ b/vendor/guzzlehttp/psr7/src/MimeType.php @@ -32,6 +32,7 @@ final class MimeType 'aep' => 'application/vnd.audiograph', 'afm' => 'application/x-font-type1', 'afp' => 'application/vnd.ibm.modcap', + 'age' => 'application/vnd.age', 'ahead' => 'application/vnd.ahead.space', 'ai' => 'application/pdf', 'aif' => 'audio/x-aiff', @@ -60,6 +61,8 @@ final class MimeType 'atomsvc' => 'application/atomsvc+xml', 'atx' => 'application/vnd.antix.game-component', 'au' => 'audio/x-au', + 'avci' => 'image/avci', + 'avcs' => 'image/avcs', 'avi' => 'video/x-msvideo', 'avif' => 'image/avif', 'aw' => 'application/applixware', @@ -154,6 +157,7 @@ final class MimeType 'com' => 'application/x-msdownload', 'conf' => 'text/plain', 'cpio' => 'application/x-cpio', + 'cpl' => 'application/cpl+xml', 'cpp' => 'text/x-c', 'cpt' => 'application/mac-compactpro', 'crd' => 'application/x-mscardfile', @@ -316,6 +320,7 @@ final class MimeType 'gca' => 'application/x-gca-compressed', 'gdl' => 'model/vnd.gdl', 'gdoc' => 'application/vnd.google-apps.document', + 'ged' => 'text/vnd.familysearch.gedcom', 'geo' => 'application/vnd.dynageo', 'geojson' => 'application/geo+json', 'gex' => 'application/vnd.geometry-explorer', @@ -576,6 +581,7 @@ final class MimeType 'mpd' => 'application/dash+xml', 'mpe' => 'video/mpeg', 'mpeg' => 'video/mpeg', + 'mpf' => 'application/media-policy-dataset+xml', 'mpg' => 'video/mpeg', 'mpg4' => 'video/mp4', 'mpga' => 'audio/mpeg', @@ -719,6 +725,7 @@ final class MimeType 'pgm' => 'image/x-portable-graymap', 'pgn' => 'application/x-chess-pgn', 'pgp' => 'application/pgp', + 'phar' => 'application/octet-stream', 'php' => 'application/x-httpd-php', 'php3' => 'application/x-httpd-php', 'php4' => 'application/x-httpd-php', @@ -753,7 +760,7 @@ final class MimeType 'pptm' => 'application/vnd.ms-powerpoint.presentation.macroEnabled.12', 'pptx' => 'application/vnd.openxmlformats-officedocument.presentationml.presentation', 'pqa' => 'application/vnd.palm', - 'prc' => 'application/x-pilot', + 'prc' => 'model/prc', 'pre' => 'application/vnd.lotus-freelance', 'prf' => 'application/pics-rules', 'provx' => 'application/provenance+xml', @@ -993,6 +1000,7 @@ final class MimeType 'txd' => 'application/vnd.genomatix.tuxedo', 'txf' => 'application/vnd.mobius.txf', 'txt' => 'text/plain', + 'u3d' => 'model/u3d', 'u8dsn' => 'message/global-delivery-status', 'u8hdr' => 'message/global-headers', 'u8mdn' => 'message/global-disposition-notification', @@ -1089,6 +1097,7 @@ final class MimeType 'webp' => 'image/webp', 'wg' => 'application/vnd.pmi.widget', 'wgt' => 'application/widget', + 'wif' => 'application/watcherinfo+xml', 'wks' => 'application/vnd.ms-works', 'wm' => 'video/x-ms-wm', 'wma' => 'audio/x-ms-wma', diff --git a/vendor/guzzlehttp/psr7/src/MultipartStream.php b/vendor/guzzlehttp/psr7/src/MultipartStream.php index c2517228..3ae2c84a 100644 --- a/vendor/guzzlehttp/psr7/src/MultipartStream.php +++ b/vendor/guzzlehttp/psr7/src/MultipartStream.php @@ -17,6 +17,9 @@ final class MultipartStream implements StreamInterface /** @var string */ private $boundary; + /** @var StreamInterface */ + private $stream; + /** * @param array $elements Array of associative arrays, each containing a * required "name" key mapping to the form field, @@ -68,6 +71,9 @@ final class MultipartStream implements StreamInterface $stream = new AppendStream(); foreach ($elements as $element) { + if (!is_array($element)) { + throw new \UnexpectedValueException("An array is expected"); + } $this->addElement($stream, $element); } diff --git a/vendor/guzzlehttp/psr7/src/NoSeekStream.php b/vendor/guzzlehttp/psr7/src/NoSeekStream.php index 99e25b9e..161a224f 100644 --- a/vendor/guzzlehttp/psr7/src/NoSeekStream.php +++ b/vendor/guzzlehttp/psr7/src/NoSeekStream.php @@ -13,6 +13,9 @@ final class NoSeekStream implements StreamInterface { use StreamDecoratorTrait; + /** @var StreamInterface */ + private $stream; + public function seek($offset, $whence = SEEK_SET): void { throw new \RuntimeException('Cannot seek a NoSeekStream'); diff --git a/vendor/guzzlehttp/psr7/src/Stream.php b/vendor/guzzlehttp/psr7/src/Stream.php index d389427c..ecd31861 100644 --- a/vendor/guzzlehttp/psr7/src/Stream.php +++ b/vendor/guzzlehttp/psr7/src/Stream.php @@ -96,13 +96,11 @@ class Stream implements StreamInterface throw new \RuntimeException('Stream is detached'); } - $contents = stream_get_contents($this->stream); - - if ($contents === false) { - throw new \RuntimeException('Unable to read stream contents'); + if (!$this->readable) { + throw new \RuntimeException('Cannot read from non-readable stream'); } - return $contents; + return Utils::tryGetContents($this->stream); } public function close(): void @@ -229,7 +227,12 @@ class Stream implements StreamInterface return ''; } - $string = fread($this->stream, $length); + try { + $string = fread($this->stream, $length); + } catch (\Exception $e) { + throw new \RuntimeException('Unable to read from stream', 0, $e); + } + if (false === $string) { throw new \RuntimeException('Unable to read from stream'); } diff --git a/vendor/guzzlehttp/psr7/src/UriComparator.php b/vendor/guzzlehttp/psr7/src/UriComparator.php new file mode 100644 index 00000000..70c582aa --- /dev/null +++ b/vendor/guzzlehttp/psr7/src/UriComparator.php @@ -0,0 +1,52 @@ +getHost(), $modified->getHost()) !== 0) { + return true; + } + + if ($original->getScheme() !== $modified->getScheme()) { + return true; + } + + if (self::computePort($original) !== self::computePort($modified)) { + return true; + } + + return false; + } + + private static function computePort(UriInterface $uri): int + { + $port = $uri->getPort(); + + if (null !== $port) { + return $port; + } + + return 'https' === $uri->getScheme() ? 443 : 80; + } + + private function __construct() + { + // cannot be instantiated + } +} diff --git a/vendor/guzzlehttp/psr7/src/Utils.php b/vendor/guzzlehttp/psr7/src/Utils.php index e590ad68..3a4cf394 100644 --- a/vendor/guzzlehttp/psr7/src/Utils.php +++ b/vendor/guzzlehttp/psr7/src/Utils.php @@ -386,6 +386,53 @@ final class Utils return $handle; } + /** + * Safely gets the contents of a given stream. + * + * When stream_get_contents fails, PHP normally raises a warning. This + * function adds an error handler that checks for errors and throws an + * exception instead. + * + * @param resource $stream + * + * @throws \RuntimeException if the stream cannot be read + */ + public static function tryGetContents($stream): string + { + $ex = null; + set_error_handler(static function (int $errno, string $errstr) use (&$ex): bool { + $ex = new \RuntimeException(sprintf( + 'Unable to read stream contents: %s', + $errstr + )); + + return true; + }); + + try { + /** @var string|false $contents */ + $contents = stream_get_contents($stream); + + if ($contents === false) { + $ex = new \RuntimeException('Unable to read stream contents'); + } + } catch (\Throwable $e) { + $ex = new \RuntimeException(sprintf( + 'Unable to read stream contents: %s', + $e->getMessage() + ), 0, $e); + } + + restore_error_handler(); + + if ($ex) { + /** @var $ex \RuntimeException */ + throw $ex; + } + + return $contents; + } + /** * Returns a UriInterface for the given value. * diff --git a/vendor/symfony/deprecation-contracts/composer.json b/vendor/symfony/deprecation-contracts/composer.json index 1c1b4ba0..f5de4eb4 100644 --- a/vendor/symfony/deprecation-contracts/composer.json +++ b/vendor/symfony/deprecation-contracts/composer.json @@ -15,7 +15,7 @@ } ], "require": { - "php": ">=8.0.2" + "php": ">=8.1" }, "autoload": { "files": [ @@ -25,7 +25,7 @@ "minimum-stability": "dev", "extra": { "branch-alias": { - "dev-main": "3.0-dev" + "dev-main": "3.1-dev" }, "thanks": { "name": "symfony/contracts", diff --git a/vendor/wp-coding-standards/wpcs/.gitattributes b/vendor/wp-coding-standards/wpcs/.gitattributes new file mode 100644 index 00000000..c12f94cf --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/.gitattributes @@ -0,0 +1,25 @@ +# +# Exclude these files from release archives. +# This will also make them unavailable when using Composer with `--prefer-dist`. +# If you develop for WPCS using Composer, use `--prefer-source`. +# https://blog.madewithlove.be/post/gitattributes/ +# +/.travis.yml export-ignore +/.phpcs.xml.dist export-ignore +/phpunit.xml.dist export-ignore +/.github export-ignore +/bin export-ignore +/WordPress/Tests export-ignore + +# +# Auto detect text files and perform LF normalization +# http://davidlaing.com/2012/09/19/customise-your-gitattributes-to-become-a-git-ninja/ +# +* text=auto + +# +# The above will handle all files NOT found below +# +*.md text +*.php text +*.inc text diff --git a/vendor/wp-coding-standards/wpcs/.gitignore b/vendor/wp-coding-standards/wpcs/.gitignore new file mode 100644 index 00000000..bfec4c3c --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/.gitignore @@ -0,0 +1,5 @@ +vendor +composer.lock +phpunit.xml +phpcs.xml +.phpcs.xml diff --git a/vendor/wp-coding-standards/wpcs/CHANGELOG.md b/vendor/wp-coding-standards/wpcs/CHANGELOG.md new file mode 100644 index 00000000..f8c8c987 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/CHANGELOG.md @@ -0,0 +1,1208 @@ +# Change Log for WordPress Coding Standards + +All notable changes to this project will be documented in this file. + +This projects adheres to [Semantic Versioning](https://semver.org/) and [Keep a CHANGELOG](https://keepachangelog.com/). + +## [Unreleased] + +_No documentation available about unreleased changes as of yet._ + +## [2.3.0] - 2020-05-14 + +### Added +- The `WordPress.WP.I18n` sniff contains a new check for translatable text strings which are wrapped in HTML tags, like `

Translate me

`. Those tags should be moved out of the translatable string. + Note: Translatable strings wrapped in `` tags where the URL is intended to be localized will not trigger this check. + +### Changed +- The default value for `minimum_supported_wp_version`, as used by a [number of sniffs detecting usage of deprecated WP features](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Customizable-sniff-properties#minimum-wp-version-to-check-for-usage-of-deprecated-functions-classes-and-function-parameters), has been updated to `5.1`. +- The `WordPress.WP.DeprecatedFunctions` sniff will now detect functions deprecated in WP 5.4. +- Improved grammar of an error message in the `WordPress.WP.DiscouragedFunctions` sniff. +- CI: The codebase is now - preliminary - being tested against the PHPCS 4.x development branch. + +### Fixed +- All function call detection sniffs: fixed a bug where constants with the same name as one of the targeted functions could inadvertently be recognized as if they were a called function. +- `WordPress.DB.PreparedSQL`: fixed a bug where the sniff would trigger on the namespace separator character `\\`. +- `WordPress.Security.EscapeOutput`: fixed a bug with the variable replacement in one of the error messages. + + +## [2.2.1] - 2020-02-04 + +### Added +- Metrics to the `WordPress.Arrays.CommaAfterArrayItem` sniff. These can be displayed using `--report=info`. +- The `sanitize_hex_color()` and the `sanitize_hex_color_no_hash()` functions to the `escapingFunctions` list used by the `WordPress.Security.EscapeOutput` sniff. + +### Changed +- The recommended version of the suggested DealerDirect PHPCS Composer plugin is now `^0.6`. + +### Fixed +- `WordPress.PHP.NoSilencedErrors`: depending on the custom properties set, the metrics would be different. +- `WordPress.WhiteSpace.ControlStructureSpacing`: fixed undefined index notice for closures with `use`. +- `WordPress.WP.GlobalVariablesOverride`: fixed undefined offset notice when the `treat_files_as_scoped` property would be set to `true`. +- `WordPress.WP.I18n`: fixed a _Trying to access array offset on value of type null_ error when the sniff was run on PHP 7.4 and would encounter a translation function expecting singular and plural texts for which one of these arguments was missing. + +## [2.2.0] - 2019-11-11 + +Note: The repository has moved. The new URL is https://github.com/WordPress/WordPress-Coding-Standards. +The move does not affect the package name for Packagist. This remains the same: `wp-coding-standards/wpcs`. + +### Added +- New `WordPress.DateTime.CurrentTimeTimestamp` sniff to the `WordPress-Core` ruleset, which checks against the use of the WP native `current_time()` function to retrieve a timestamp as this won't be a _real_ timestamp. Includes an auto-fixer. +- New `WordPress.DateTime.RestrictedFunctions` sniff to the `WordPress-Core` ruleset, which checks for the use of certain date/time related functions. Initially this sniff forbids the use of the PHP native `date_default_timezone_set()` and `date()` functions. +- New `WordPress.PHP.DisallowShortTernary` sniff to the `WordPress-Core` ruleset, which, as the name implies, disallows the use of short ternaries. +- New `WordPress.CodeAnalysis.EscapedNotTranslated` sniff to the `WordPress-Extra` ruleset which will warn when a text string is escaped for output, but not being translated, while the arguments passed to the function call give the impression that translation is intended. +- New `WordPress.NamingConventions.ValidPostTypeSlug` sniff to the `WordPress-Extra` ruleset which will examine calls to `register_post_type()` and throw errors when an invalid post type slug is used. +- `Generic.Arrays.DisallowShortArraySyntax` to the `WordPress-Core` ruleset. +- `WordPress.NamingConventions.PrefixAllGlobals`: the `PHP` prefix has been added to the prefix blacklist as it is reserved by PHP itself. +- The `wp_sanitize_redirect()` function to the `sanitizingFunctions` list used by the `WordPress.Security.NonceVerification`, `WordPress.Security.ValidatedSanitizedInput` and `WordPress.Security.EscapeOutput` sniffs. +- The `sanitize_key()` and the `highlight_string()` functions to the `escapingFunctions` list used by the `WordPress.Security.EscapeOutput` sniff. +- The `RECOVERY_MODE_COOKIE` constant to the list of WP Core constants which may be defined by plugins and themes and therefore don't need to be prefixed (`WordPress.NamingConventions.PrefixAllGlobals`). +- `$content_width`, `$plugin`, `$mu_plugin` and `$network_plugin` to the list of WP globals which is used by both the `WordPress.Variables.GlobalVariables` and the `WordPress.NamingConventions.PrefixAllGlobals` sniffs. +- `Sniff::is_short_list()` utility method to determine whether a _short array_ open/close token actually represents a PHP 7.1+ short list. +- `Sniff::find_list_open_close()` utility method to find the opener and closer for `list()` constructs, including short lists. +- `Sniff::get_list_variables()` utility method which will retrieve an array with the token pointers to the variables which are being assigned to in a `list()` construct. Includes support for short lists. +- `Sniff::is_function_deprecated()` static utility method to determine whether a declared function has been marked as deprecated in the function DocBlock. +- End-user documentation to the following existing sniffs: `WordPress.Arrays.ArrayIndentation`, `WordPress.Arrays.ArrayKeySpacingRestrictions`, `WordPress.Arrays.MultipleStatementAlignment`, `WordPress.Classes.ClassInstantiation`, `WordPress.NamingConventions.ValidHookName`, `WordPress.PHP.IniSet`, `WordPress.Security.SafeRedirect`, `WordPress.WhiteSpace.CastStructureSpacing`, `WordPress.WhiteSpace.DisallowInlineTabs`, `WordPress.WhiteSpace.PrecisionAlignment`, `WordPress.WP.CronInterval`, `WordPress.WP.DeprecatedClasses`, `WordPress.WP.DeprecatedFunctions`, `WordPress.WP.DeprecatedParameters`, `WordPress.WP.DeprecatedParameterValues`, `WordPress.WP.EnqueuedResources`, `WordPress.WP.PostsPerPage`. + This documentation can be exposed via the [`PHP_CodeSniffer` `--generator=...` command-line argument](https://github.com/squizlabs/PHP_CodeSniffer/wiki/Usage). + +### Changed +- The default value for `minimum_supported_wp_version`, as used by a [number of sniffs detecting usage of deprecated WP features](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Customizable-sniff-properties#minimum-wp-version-to-check-for-usage-of-deprecated-functions-classes-and-function-parameters), has been updated to `5.0`. +- The `WordPress.Arrays.ArrayKeySpacingRestrictions` sniff has two new error codes: `TooMuchSpaceBeforeKey` and `TooMuchSpaceAfterKey`. Both auto-fixable. + The sniff will now check that there is _exactly_ one space on the inside of the square brackets around the array key for non-string, non-numeric array keys. Previously, it only checked that there was whitespace, not how much whitespace. +- `WordPress.Arrays.ArrayKeySpacingRestrictions`: the fixers have been made more efficient and less fixer-conflict prone. +- `WordPress.NamingConventions.PrefixAllGlobals`: plugin/theme prefixes should be at least three characters long. A new `ShortPrefixPassed` error has been added for when the prefix passed does not comply with this rule. +- `WordPress.WhiteSpace.CastStructureSpacing` now allows for no whitespace before a cast when the cast is preceded by the spread `...` operator. This pre-empts a fixer conflict for when the spacing around the spread operator will start to get checked. +- The `WordPress.WP.DeprecatedClasses` sniff will now detect classes deprecated in WP 4.9 and WP 5.3. +- The `WordPress.WP.DeprecatedFunctions` sniff will now detect functions deprecated in WP 5.3. +- `WordPress.NamingConventions.ValidHookName` now has "cleaner" error messages and higher precision for the line on which an error is thrown. +- `WordPress.Security.EscapeOutput`: if an error refers to array access via a variable, the array index key will now be included in the error message. +- The processing of the `WordPress` ruleset by `PHP_CodeSniffer` will now be faster. +- Various minor code tweaks and clean up. +- Various minor documentation fixes. +- Documentation: updated the repo URL in all relevant places. + +### Deprecated +- The `WordPress.WP.TimezoneChange` sniff. Use the `WordPress.DateTime.RestrictedFunctions` instead. + The deprecated sniff will be removed in WPCS 3.0.0. + +### Fixed +- All sniffs in the `WordPress.Arrays` category will no longer treat _short lists_ as if they were a short array. +- The `WordPress.NamingConventions.ValidFunctionName` and the `WordPress.NamingConventions.PrefixAllGlobals` sniff will now ignore functions marked as `@deprecated`. +- Both the `WordPress.NamingConventions.PrefixAllGlobals` sniff as well as the `WordPress.WP.GlobalVariablesOverride` sniff have been updated to recognize variables being declared via (long/short) `list()` constructs and handle them correctly. +- Both the `WordPress.NamingConventions.PrefixAllGlobals` sniff as well as the `WordPress.WP.GlobalVariablesOverride` sniff will now take a limited list of WP global variables _which are intended to be overwritten by plugins/themes_ into account. + Initially this list contains the `$content_width` and the `$wp_cockneyreplace` variables. +- `WordPress.NamingConventions.ValidHookName`: will no longer examine a string array access index key as if it were a part of the hook name. +- `WordPress.Security.EscapeOutput`: will no longer trigger on the typical `basename( __FILE__ )` pattern if found as the first parameter passed to a call to `_deprecated_file()`. +- `WordPress.WP.CapitalPDangit`: now allows for the `.test` TLD in URLs. +- WPCS is now fully compatible with PHP 7.4. + Note: `PHP_CodeSniffer` itself is only compatible with PHP 7.4 from PHPCS 3.5.0 onwards. + + +## [2.1.1] - 2019-05-21 + +### Changed +- The `WordPress.WP.CapitalPDangit` will now ignore misspelled instances of `WordPress` within constant declarations. + This covers both constants declared using `defined()` as well as constants declared using the `const` keyword. +- The default value for `minimum_supported_wp_version`, as used by a [number of sniffs detecting usage of deprecated WP features](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Customizable-sniff-properties#minimum-wp-version-to-check-for-usage-of-deprecated-functions-classes-and-function-parameters), has been updated to `4.9`. + +### Removed +- `paginate_comments_links()` from the list of auto-escaped functions `Sniff::$autoEscapedFunctions`. + This affects the `WordPress.Security.EscapeOutput` sniff. + +### Fixed +- The `$current_blog` and `$tag_ID` variables have been added to the list of WordPress global variables. + This fixes some false positives from the `WordPress.NamingConventions.PrefixAllGlobals` and the `WordPress.WP.GlobalVariablesOverride` sniffs. +- The generic `TestCase` class name has been added to the `$test_class_whitelist`. + This fixes some false positives from the `WordPress.NamingConventions.FileName`, `WordPress.NamingConventions.PrefixAllGlobals` and the `WordPress.WP.GlobalVariablesOverride` sniffs. +- The `WordPress.NamingConventions.ValidVariableName` sniff will now correctly recognize `$tag_ID` as a WordPress native, mixed-case variable. +- The `WordPress.Security.NonceVerification` sniff will now correctly recognize nonce verification within a nested closure or anonymous class. + + +## [2.1.0] - 2019-04-08 + +### Added +- New `WordPress.PHP.IniSet` sniff to the `WordPress-Extra` ruleset. + This sniff will detect calls to `ini_set()` and `ini_alter()` and warn against their use as changing configuration values at runtime leads to an unpredictable runtime environment, which can result in conflicts between core/plugins/themes. + - The sniff will not throw notices about a very limited set of "safe" ini directives. + - For a number of ini directives for which there are alternative, non-conflicting ways to achieve the same available, the sniff will throw an `error` and advise using the alternative. +- `doubleval()`, `count()` and `sizeof()` to `Sniff::$unslashingSanitizingFunctions` property. + While `count()` and its alias `sizeof()`, don't actually unslash or sanitize, the output of these functions is safe to use without unslashing or sanitizing. + This affects the `WordPress.Security.ValidatedSanitizedInput` and the `WordPress.Security.NonceVerification` sniffs. +- The new WP 5.1 `WP_UnitTestCase_Base` class to the `Sniff::$test_class_whitelist` property. +- New `Sniff::get_array_access_keys()` utility method to retrieve all array keys for a variable using multi-level array access. +- New `Sniff::is_class_object_call()`, `Sniff::is_token_namespaced()` utility methods. + These should help make the checking of whether or not a function call is a global function, method call or a namespaced function call more consistent. + This also implements allowing for the [namespace keyword being used as an operator](https://www.php.net/manual/en/language.namespaces.nsconstants.php#example-258). +- New `Sniff::is_in_function_call()` utility method to facilitate checking whether a token is (part of) a parameter passed to a specific (set of) function(s). +- New `Sniff::is_in_type_test()` utility method to determine if a variable is being type tested, along with a `Sniff::$typeTestFunctions` property containing the names of the functions this applies to. +- New `Sniff::is_in_array_comparison()` utility method to determine if a variable is (part of) a parameter in an array-value comparison, along with a `Sniff::$arrayCompareFunctions` property containing the names of the relevant functions. +- New `Sniff::$arrayWalkingFunctions` property containing the names of array functions which apply a callback to the array, but don't change the array by reference. +- New `Sniff::$unslashingFunctions` property containing the names of functions which unslash data passed to them and return the unslashed result. + +### Changed +- Moved the `WordPress.PHP.StrictComparisons`, `WordPress.PHP.StrictInArray` and the `WordPress.CodeAnalysis.AssignmentInCondition` sniff from the `WordPress-Extra` to the `WordPress-Core` ruleset. +- The `Squiz.Commenting.InlineComment.SpacingAfter` error is no longer included in the `WordPress-Docs` ruleset. +- The default value for `minimum_supported_wp_version`, as used by a [number of sniffs detecting usage of deprecated WP features](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Customizable-sniff-properties#minimum-wp-version-to-check-for-usage-of-deprecated-functions-classes-and-function-parameters), has been updated to `4.8`. +- The `WordPress.WP.DeprecatedFunctions` sniff will now detect functions deprecated in WP 5.1. +- The `WordPress.Security.NonceVerification` sniff now allows for variable type testing, comparisons, unslashing and sanitization before the nonce check. A nonce check within the same scope, however, is still required. +- The `WordPress.Security.ValidatedSanitizedInput` sniff now allows for using a superglobal in an array-value comparison without sanitization, same as when the superglobal is used in a scalar value comparison. +- `WordPress.NamingConventions.PrefixAllGlobals`: some of the error messages have been made more explicit. +- The error messages for the `WordPress.Security.ValidatedSanitizedInput` sniff will now contain information on the index keys accessed. +- The error message for the `WordPress.Security.ValidatedSanitizedInput.InputNotValidated` has been reworded to make it more obvious what the actual issue being reported is. +- The error message for the `WordPress.Security.ValidatedSanitizedInput.MissingUnslash` has been reworded. +- The `Sniff::is_comparison()` method now has a new `$include_coalesce` parameter to allow for toggling whether the null coalesce operator should be seen as a comparison operator. Defaults to `true`. +- All sniffs are now also being tested against PHP 7.4 (unstable) for consistent sniff results. +- The recommended version of the suggested DealerDirect PHPCS Composer plugin is now `^0.5.0`. +- Various minor code tweaks and clean up. + +### Removed +- `ini_set` and `ini_alter` from the list of functions detected by the `WordPress.PHP.DiscouragedFunctions` sniff. + These are now covered via the new `WordPress.PHP.IniSet` sniff. +- `in_array()` and `array_key_exists()` from the list of `Sniff::$sanitizingFunctions`. These are now handled differently. + +### Fixed +- The `WordPress.NamingConventions.PrefixAllGlobals` sniff would underreport when global functions would be autoloaded via a Composer autoload `files` configuration. +- The `WordPress.Security.EscapeOutput` sniff will now recognize `map_deep()` for escaping the values in an array via a callback to an output escaping function. This should prevent false positives. +- The `WordPress.Security.NonceVerification` sniff will no longer inadvertently allow for a variable to be sanitized without a nonce check within the same scope. +- The `WordPress.Security.ValidatedSanitizedInput` sniff will no longer throw errors when a variable is only being type tested. +- The `WordPress.Security.ValidatedSanitizedInput` sniff will now correctly recognize the null coalesce (PHP 7.0) and null coalesce equal (PHP 7.4) operators and will now throw errors for missing unslashing and sanitization where relevant. +- The `WordPress.WP.AlternativeFunctions` sniff will no longer recommend using the WP_FileSystem when PHP native input streams, like `php://input`, or the PHP input stream constants are being read or written to. +- The `WordPress.WP.AlternativeFunctions` sniff will no longer report on usage of the `curl_version()` function. +- The `WordPress.WP.CronInterval` sniff now has improved function recognition which should lower the chance of false positives. +- The `WordPress.WP.EnqueuedResources` sniff will no longer throw false positives for inline jQuery code trying to access a stylesheet link tag. +- Various bugfixes for the `Sniff::has_nonce_check()` method: + - The method will no longer incorrectly identify methods/namespaced functions mirroring the name of WP native nonce verification functions as if they were the global functions. + This will prevent some false negatives. + - The method will now skip over nested closed scopes, such as closures and anonymous classes. This should prevent some false negatives for nonce verification being done while not in the correct scope. + + These fixes affect the `WordPress.Security.NonceVerification` sniff. +- The `Sniff::is_in_isset_or_empty()` method now also checks for usage of `array_key_exist()` and `key_exists()` and will regard these as correct ways to validate a variable. + This should prevent false positives for the `WordPress.Security.ValidatedSanitizedInput` and the `WordPress.Security.NonceVerification` sniffs. +- Various bugfixes for the `Sniff::is_sanitized()` method: + - The method presumed the WordPress coding style regarding code layout, which could lead to false positives. + - The method will no longer incorrectly identify methods/namespaced functions mirroring the name of WP/PHP native unslashing/sanitization functions as if they were the global functions. + This will prevent some false negatives. + - The method will now recognize `map_deep()` for sanitizing an array via a callback to a sanitization function. This should prevent false positives. + - The method will now recognize `stripslashes_deep()` and `stripslashes_from_strings_only()` as valid unslashing functions. This should prevent false positives. + All these fixes affect both the `WordPress.Security.ValidatedSanitizedInput` and the `WordPress.Security.NonceVerification` sniff. +- Various bugfixes for the `Sniff::is_validated()` method: + - The method did not verify correctly whether a variable being validated was the same variable as later used which could lead to false negatives. + - The method did not verify correctly whether a variable being validated had the same array index keys as the variable as later used which could lead to both false negatives as well as false positives. + - The method now also checks for usage of `array_key_exist()` and `key_exists()` and will regard these as correct ways to validate a variable. This should prevent some false positives. + - The methods will now recognize the null coalesce and the null coalesce equal operators as ways to validate a variable. This prevents some false positives. + The results from the `WordPress.Security.ValidatedSanitizedInput` sniff should be more accurate because of these fixes. +- A potential "Undefined index" notice from the `Sniff::is_assignment()` method. + + +## [2.0.0] - 2019-01-16 + +### Important information about this release: + +WordPressCS 2.0.0 contains breaking changes, both for people using custom rulesets as well as for sniff developers who maintain a custom PHPCS standard based on WordPressCS. + +Support for `PHP_CodeSniffer` 2.x has been dropped, the new minimum `PHP_CodeSniffer` version is 3.3.1. +Also, all previously deprecated sniffs, properties and methods have been removed. + +Please read the complete changelog carefully before you upgrade. + +If you are a maintainer of an external standard based on WordPressCS and any of your custom sniffs are based on or extend WPCS sniffs, please read the [Developers Upgrade Guide to WordPressCS 2.0.0](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Upgrade-Guide-to-WordPressCS-2.0.0-for-Developers-of-external-standards). + +### Changes since 2.0.0-RC1 + +#### Fixed + +- `WordPress-Extra`: Reverted back to including the `Squiz.WhiteSpace.LanguageConstructSpacing` sniff instead of the new `Generic.WhiteSpace.LanguageConstructSpacing` sniff as the new sniff is not (yet) available when the PEAR install of PHPCS is used. + +### Changes since 1.2.1 +For a full list of changes from the 1.2.1 version, please review the following changelog: +* https://github.com/WordPress/WordPress-Coding-Standards/releases/tag/2.0.0-RC1 + + +## [2.0.0-RC1] - 2018-12-31 + +### Important information about this release: + +This is the first release candidate for WordPressCS 2.0.0. +WordPressCS 2.0.0 contains breaking changes, both for people using custom rulesets as well as for sniff developers who maintain a custom PHPCS standard based on WordPressCS. + +Support for `PHP_CodeSniffer` 2.x has been dropped, the new minimum `PHP_CodeSniffer` version is 3.3.1. +Also, all previously deprecated sniffs, properties and methods have been removed. + +Please read the complete changelog carefully before you upgrade. + +If you are a maintainer of an external standard based on WordPressCS and any of your custom sniffs are based on or extend WPCS sniffs, please read the [Developers Upgrade Guide to WordPressCS 2.0.0](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Upgrade-Guide-to-WordPressCS-2.0.0-for-Developers-of-external-standards). + +### Added +- `Generic.PHP.DiscourageGoto`, `Generic.PHP.LowerCaseType`, `Generic.WhiteSpace.ArbitraryParenthesesSpacing` and `PSR12.Keywords.ShortFormTypeKeywords` to the `WordPress-Core` ruleset. +- Checking the spacing around the `instanceof` operator to the `WordPress.WhiteSpace.OperatorSpacing` sniff. + +### Changed +- The minimum required `PHP_CodeSniffer` version to 3.3.1 (was 2.9.0). +- The namespace used by WordPressCS has been changed from `WordPress` to `WordPressCS\WordPress`. + This was not possible while `PHP_CodeSniffer` 2.x was still supported, but WordPressCS, as a good Open Source citizen, does not want to occupy the `WordPress` namespace and is releasing its use of it now this is viable. +- The `WordPress.DB.PreparedSQL` sniff used the same error code for two different errors. + The `NotPrepared` error code remains, however an additional `InterpolatedNotPrepared` error code has been added for the second error. + If you are referencing the old error code in a ruleset XML file or in inline annotations, you may need to update it. +- The `WordPress.NamingConventions.PrefixAllGlobals` sniff used the same error code for some errors as well as warnings. + The `NonPrefixedConstantFound` error code remains for the related error, but the warning will now use the new `VariableConstantNameFound` error code. + The `NonPrefixedHooknameFound` error code remains for the related error, but the warning will now use the new `DynamicHooknameFound` error code. + If you are referencing the old error codes in a ruleset XML file or in inline annotations, you may need to update these to use the new codes instead. +- `WordPress.NamingConventions.ValidVariableName`: the error messages and error codes used by this sniff have been changed for improved usability and consistency. + - The error messages will now show a suggestion for a valid alternative name for the variable. + - The `NotSnakeCaseMemberVar` error code has been renamed to `UsedPropertyNotSnakeCase`. + - The `NotSnakeCase` error code has been renamed to `VariableNotSnakeCase`. + - The `MemberNotSnakeCase` error code has been renamed to `PropertyNotSnakeCase`. + - The `StringNotSnakeCase` error code has been renamed to `InterpolatedVariableNotSnakeCase`. + If you are referencing the old error codes in a ruleset XML file or in inline annotations, you may need to update these to use the new codes instead. +- The `WordPress.Security.NonceVerification` sniff used the same error code for both an error as well as a warning. + The old error code `NoNonceVerification` is no longer used. + The `error` now uses the `Missing` error code, while the `warning` now uses the `Recommended` error code. + If you are referencing the old error code in a ruleset XML file or in inline annotations, please update these to use the new codes instead. +- The `WordPress.WP.DiscouragedConstants` sniff used to have two error codes `UsageFound` and `DeclarationFound`. + These error codes will now be prefixed by the name of the constant found to allow for more fine-grained excluding/ignoring of warnings generated by this sniff. + If you are referencing the old error codes in a ruleset XML file or in inline annotations, you may need to update these to use the new codes instead. +- The `WordPress.WP.GlobalVariablesOverride.OverrideProhibited` error code has been replaced by the `WordPress.WP.GlobalVariablesOverride.Prohibited` error code. + If you are referencing the old error code in a ruleset XML file or in inline annotations, you may need to update it. +- `WordPress-Extra`: Replaced the inclusion of the `Generic.Files.OneClassPerFile`, `Generic.Files.OneInterfacePerFile` and the `Generic.Files.OneTraitPerFile` sniffs with the new `Generic.Files.OneObjectStructurePerFile` sniff. +- `WordPress-Extra`: Replaced the inclusion of the `Squiz.WhiteSpace.LanguageConstructSpacing` sniff with the new `Generic.WhiteSpace.LanguageConstructSpacing` sniff. +- `WordPress-Extra`: Replaced the inclusion of the `Squiz.Scope.MemberVarScope` sniff with the more comprehensive `PSR2.Classes.PropertyDeclaration` sniff. +- `WordPress.NamingConventions.ValidFunctionName`: Added a unit test confirming support for interfaces extending multiple interfaces. +- `WordPress.NamingConventions.ValidVariableName`: Added unit tests confirming support for multi-variable/property declarations. +- The `get_name_suggestion()` method has been moved from the `WordPress.NamingConventions.ValidFunctionName` sniff to the base `Sniff` class, renamed to `get_snake_case_name_suggestion()` and made static. +- The rulesets are now validated against the `PHP_CodeSniffer` XSD schema. +- Updated the [custom ruleset example](https://github.com/WordPress/WordPress-Coding-Standards/blob/develop/phpcs.xml.dist.sample) to use the recommended ruleset syntax for `PHP_CodeSniffer` 3.3.1+, including using the new [array property format](https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.3.0) which is now supported. +- Dev: The command to run the unit tests has changed. Please see the updated instructions in the [CONTRIBUTING.md](https://github.com/WordPress/WordPress-Coding-Standards/blob/develop/.github/CONTRIBUTING.md) file. + The `bin/pre-commit` example git hook has been updated to match. Additionally a `run-tests` script has been added to the `composer.json` file for your convenience. + To facilitate this, PHPUnit has been added to `require-dev`, even though it is strictly speaking a dependency of PHPCS, not of WPCS. +- Dev: The DealerDirect PHPCS Composer plugin has been added to `require-dev`. +- Various code tweaks and clean up. +- User facing documentation, including the wiki, as well as inline documentation has been updated for all the changes contained in WordPressCS 2.0 and other recommended best practices for `PHP_CodeSniffer` 3.3.1+. + +### Deprecated +- The use of the [WordPressCS native whitelist comments](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Whitelisting-code-which-flags-errors), which were introduced in WPCS 0.4.0, have been deprecated and support will be removed in WPCS 3.0.0. + The WordPressCS native whitelist comments will continue to work for now, but a deprecation warning will be thrown when they are encountered. + You are encouraged to upgrade our whitelist comment to use the [PHPCS native selective ignore annotations](https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.2.0) as introduced in `PHP_CodeSniffer` 3.2.0, as soon as possible. + +### Removed +- Support for PHP 5.3. PHP 5.4 is the minimum requirement for `PHP_CodeSniffer` 3.x. + Includes removing any and all workarounds which were in place to still support PHP 5.3. +- Support for `PHP_CodeSniffer` < 3.3.1. + Includes removing any and all workarounds which were in place for supporting older `PHP_CodeSniffer` versions. +- The `WordPress-VIP` standard which was deprecated since WordPressCS 1.0.0. + For checking a theme/plugin for hosting on the WordPress.com VIP platform, please use the [Automattic VIP coding standards](https://github.com/Automattic/VIP-Coding-Standards) instead. +- Support for array properties set in a custom ruleset without the `type="array"` attribute. + Support for this was deprecated in WPCS 1.0.0. + If in doubt about how properties should be set in your custom ruleset, please refer to the [Customizable sniff properties](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Customizable-sniff-properties) wiki page which contains XML code examples for setting each and every WPCS native sniff property. + As the minimum `PHP_CodeSniffer` version is now 3.3.1, you can now also use the [new format for setting array properties](https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.3.0), so this would be a great moment to review and update your custom ruleset. + Note: the ability to set select properties from the command-line as comma-delimited strings is _not_ affected by this change. +- The following sniffs have been removed outright without deprecation. + If you are referencing these sniffs in a ruleset XML file or in inline annotations, please update these to reference the replacement sniffs instead. + - `WordPress.Functions.FunctionCallSignatureNoParams` - superseded by a bug fix in the upstream `PEAR.Functions.FunctionCallSignature` sniff. + - `WordPress.PHP.DiscourageGoto` - replaced by the same sniff which is now available upstream: `Generic.PHP.DiscourageGoto`. + - `WordPress.WhiteSpace.SemicolonSpacing` - superseded by a bug fix in the upstream `Squiz.WhiteSpace.SemicolonSpacing` sniff. + - `WordPress.WhiteSpace.ArbitraryParenthesesSpacing` - replaced by the same sniff which is now available upstream: `Generic.WhiteSpace.ArbitraryParenthesesSpacing`. +- The following "base" sniffs which were previously already deprecated and turned into abstract base classes, have been removed: + - `WordPress.Arrays.ArrayAssignmentRestrictions` - use the `AbstractArrayAssignmentRestrictionsSniff` class instead. + - `WordPress.Functions.FunctionRestrictions` - use the `AbstractFunctionRestrictionsSniff` class instead. + - `WordPress.Variables.VariableRestrictions` without replacement. +- The following sniffs which were previously deprecated, have been removed: + - `WordPress.Arrays.ArrayDeclaration` - use the other sniffs in the `WordPress.Arrays` category instead. + - `WordPress.CSRF.NonceVerification` - use `WordPress.Security.NonceVerification` instead. + - `WordPress.Functions.DontExtract` - use `WordPress.PHP.DontExtract` instead. + - `WordPress.Variables.GlobalVariables` - use `WordPress.WP.GlobalVariablesOverride` instead. + - `WordPress.VIP.CronInterval` - use `WordPress.WP.CronInterval` instead. + - `WordPress.VIP.DirectDatabaseQuery` - use `WordPress.DB.DirectDatabaseQuery` instead. + - `WordPress.VIP.PluginMenuSlug` - use `WordPress.Security.PluginMenuSlug` instead. + - `WordPress.VIP.SlowDBQuery` - use `WordPress.DB.SlowDBQuery` instead. + - `WordPress.VIP.TimezoneChange` - use `WordPress.WP.TimezoneChange` instead. + - `WordPress.VIP.ValidatedSanitizedInput` - use `WordPress.Security.ValidatedSanitizedInput` instead. + - `WordPress.WP.PreparedSQL` - use `WordPress.DB.PreparedSQL` instead. + - `WordPress.XSS.EscapeOutput` - use `WordPress.Security.EscapeOutput` instead. + - `WordPress.PHP.DiscouragedFunctions` without direct replacement. + The checks previously contained in this sniff were moved to separate sniffs in WPCS 0.11.0. + - `WordPress.Variables.VariableRestrictions` without replacement. + - `WordPress.VIP.AdminBarRemoval` without replacement. + - `WordPress.VIP.FileSystemWritesDisallow` without replacement. + - `WordPress.VIP.OrderByRand` without replacement. + - `WordPress.VIP.PostsPerPage` without replacement. + Part of the previous functionality was split off in WPCS 1.0.0 to the `WordPress.WP.PostsPerPage` sniff. + - `WordPress.VIP.RestrictedFunctions` without replacement. + - `WordPress.VIP.RestrictedVariables` without replacement. + - `WordPress.VIP.SessionFunctionsUsage` without replacement. + - `WordPress.VIP.SessionVariableUsage` without replacement. + - `WordPress.VIP.SuperGlobalInputUsage` without replacement. +- The `WordPress.DB.SlowDBQuery.DeprecatedWhitelistFlagFound` error code which is superseded by the blanket deprecation warning for using the now deprecated WPCS native whitelist comments. +- The `WordPress.PHP.TypeCasts.NonLowercaseFound` error code which has been replaced by the upstream `Generic.PHP.LowerCaseType` sniff. +- The `WordPress.PHP.TypeCasts.LongBoolFound` and `WordPress.PHP.TypeCasts.LongIntFound` error codes which has been replaced by the new upstream `PSR12.Keywords.ShortFormTypeKeywords` sniff. +- The `WordPress.Security.EscapeOutput.OutputNotEscapedShortEcho` error code which was only ever used if WPCS was run on PHP 5.3 with the `short_open_tag` ini directive set to `off`. +- The following sniff categories which were previously deprecated, have been removed, though select categories may be reinstated in the future: + - `CSRF` + - `Functions` + - `Variables` + - `VIP` + - `XSS` +- `WordPress.NamingConventions.ValidVariableName`: The `customVariableWhitelist` property, which had been deprecated since WordPressCS 0.11.0. Use the `customPropertiesWhitelist` property instead. +- `WordPress.Security.EscapeOutput`: The `customSanitizingFunctions` property, which had been deprecated since WordPressCS 0.5.0. Use the `customEscapingFunctions` property instead. +- `WordPress.Security.NonceVerification`: The `errorForSuperGlobals` and `warnForSuperGlobals` properties, which had been deprecated since WordPressCS 0.12.0. +- The `vip_powered_wpcom` function from the `Sniff::$autoEscapedFunctions` list which is used by the `WordPress.Security.EscapeOutput` sniff. +- The `AbstractVariableRestrictionsSniff` class, which was deprecated since WordPressCS 1.0.0. +- The `Sniff::has_html_open_tag()` utility method, which was deprecated since WordPressCS 1.0.0. +- The internal `$php_reserved_vars` property from the `WordPress.NamingConventions.ValidVariableName` sniff in favour of using a PHPCS native property which is now available. +- The class aliases and WPCS native autoloader used for PHPCS cross-version support. +- The unit test framework workarounds for PHPCS cross-version unit testing. +- Support for the `@codingStandardsChangeSetting` annotation, which is generally only used in unit tests. +- The old generic GitHub issue template which was replaced by more specific issue templates in WPCS 1.2.0. + +### Fixed +- Support for PHP 7.3. + `PHP_CodeSniffer` < 3.3.1 was not fully compatible with PHP 7.3. Now the minimum required PHPCS has been upped to `PHP_CodeSniffer` 3.3.1, WordPressCS will run on PHP 7.3 without issue. +- `WordPress.Arrays.ArrayDeclarationSpacing`: improved fixing of the placement of array items following an array item with a trailing multi-line comment. +- `WordPress.NamingConventions.ValidFunctionName`: the sniff will no longer throw false positives nor duplicate errors for methods declared in nested anonymous classes. + The error message has also been improved for methods in anonymous classes. +- `WordPress.NamingConventions.ValidFunctionName`: the sniff will no longer throw false positives for PHP 4-style class constructors/destructors where the name of the constructor/destructor method did not use the same case as the class name. + + +## [1.2.1] - 2018-12-18 + +Note: This will be the last release supporting PHP_CodeSniffer 2.x. + +### Changed +- The default value for `minimum_supported_wp_version`, as used by a [number of sniffs detecting usage of deprecated WP features](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Customizable-sniff-properties#minimum-wp-version-to-check-for-usage-of-deprecated-functions-classes-and-function-parameters), has been updated to `4.7`. +- The `WordPress.NamingConventions.PrefixAllGlobals` sniff will now report the error for hook names and constant names declared with `define()` on the line containing the parameter for the hook/constant name. Previously, it would report the error on the line containing the function call. +- Various minor housekeeping fixes to inline documentation, rulesets, code. + +### Removed +- `comment_author_email_link()`, `comment_author_email()`, `comment_author_IP()`, `comment_author_link()`, `comment_author_rss()`, `comment_author_url_link()`, `comment_author_url()`, `comment_author()`, `comment_date()`, `comment_excerpt()`, `comment_form_title()`, `comment_form()`, `comment_id_fields()`, `comment_ID()`, `comment_reply_link()`, `comment_text_rss()`, `comment_text()`, `comment_time()`, `comment_type()`, `comments_link()`, `comments_number()`, `comments_popup_link()`, `comments_popup_script()`, `comments_rss_link()`, `delete_get_calendar_cache()`, `edit_bookmark_link()`, `edit_comment_link()`, `edit_post_link()`, `edit_tag_link()`, `get_footer()`, `get_header()`, `get_sidebar()`, `get_the_title()`, `next_comments_link()`, `next_image_link()`, `next_post_link()`, `next_posts_link()`, `permalink_anchor()`, `posts_nav_link()`, `previous_comments_link()`, `previous_image_link()`, `previous_post_link()`, `previous_posts_link()`, `sticky_class()`, `the_attachment_link()`, `the_author_link()`, `the_author_meta()`, `the_author_posts_link()`, `the_author_posts()`, `the_category_rss()`, `the_category()`, `the_content_rss()`, `the_content()`, `the_date_xml()`, `the_excerpt_rss()`, `the_excerpt()`, `the_feed_link()`, `the_ID()`, `the_meta()`, `the_modified_author()`, `the_modified_date()`, `the_modified_time()`, `the_permalink()`, `the_post_thumbnail()`, `the_search_query()`, `the_shortlink()`, `the_tags()`, `the_taxonomies()`, `the_terms()`, `the_time()`, `the_title_rss()`, `the_title()`, `wp_enqueue_script()`, `wp_meta()`, `wp_shortlink_header()` and `wp_shortlink_wp_head()` from the list of auto-escaped functions `Sniff::$autoEscapedFunctions`. This affects the `WordPress.Security.EscapeOutput` sniff. + +### Fixed +- The `WordPress.WhiteSpace.PrecisionAlignment` sniff would loose the value of a custom set `ignoreAlignmentTokens` property when scanning more than one file. + + +## [1.2.0] - 2018-11-12 + +### Added +- New `WordPress.PHP.TypeCasts` sniff to the `WordPress-Core` ruleset. + This new sniff checks that PHP type casts are: + * lowercase; + * short form, i.e. `(bool)` not `(boolean)`; + * normalized, i.e. `(float)` not `(real)`. + Additionally, the new sniff discourages the use of the `(unset)` and `(binary)` type casts. +- New `WordPress.Utils.I18nTextDomainFixer` sniff which can compehensively replace/add `text-domain`s in a plugin or theme. + Important notes: + - This sniff is disabled by default and intended as a utility tool. + - The sniff will fix the text domains in all I18n function calls as well as in a plugin/theme `Text Domain:` header. + - Passing the following properties will activate the sniff: + - `old_text_domain`: an array with one or more (old) text domains which need to be replaced; + - `new_text_domain`: the correct (new) text domain as a string. +- The `WordPress.NamingConventions.PrefixAllGlobals` sniff will now also verify that namespace names use a valid prefix. + * The sniff allows for underscores and (other) non-word characters in a passed prefix to be converted to namespace separators when used in a namespace name. + In other words, if a prefix of `my_plugin` is passed as a value to the `prefixes` property, a namespace name of both `My\Plugin` as well as `My_Plugin\\`, will be accepted automatically. + * Passing a prefix property value containing namespace separators will now also be allowed and will no longer trigger a warning. +- `WordPress` to the prefix blacklist for the `WordPress.NamingConventions.PrefixAllGlobals` sniff. + While the prefix cannot be `WordPress`, a prefix can still _start with_ or _contain_ `WordPress`. +- Additional unit tests covering a change in the tokenizer which will be included in the upcoming `PHP_CodeSniffer` 3.4.0 release. +- A variety of issue templates for use on GitHub. + +### Changed +- The `Sniff::valid_direct_scope()` method will now return the `$stackPtr` to the valid scope if a valid direct scope has been detected. Previously, it would return `true`. +- Minor hardening and efficiency improvements to the `WordPress.NamingConventions.PrefixAllGlobals` sniff. +- The inline documentation of the `WordPress-Core` ruleset has been updated to be in line again with [the handbook](https://make.wordpress.org/core/handbook/best-practices/coding-standards/php/). +- The inline links to documentation about the VIP requirements have been updated. +- Updated the [custom ruleset example](https://github.com/WordPress/WordPress-Coding-Standards/blob/develop/phpcs.xml.dist.sample) to recommend using `PHPCompatibilityWP` rather than `PHPCompatibility`. +- All sniffs are now also being tested against PHP 7.3 for consistent sniff results. + Note: PHP 7.3 is only supported in combination with PHPCS 3.3.1 or higher as `PHP_CodeSniffer` itself has an incompatibility in earlier versions. +- Minor grammar fixes in text strings and documentation. +- Minor consistency improvement for the unit test case files. +- Minor tweaks to the `composer.json` file. +- Updated the PHPCompatibility `dev` dependency. + +### Removed +- The `WordPress.WhiteSpace.CastStructureSpacing.NoSpaceAfterCloseParenthesis` error code as an error for the same issue was already being thrown by an included upstream sniff. + +### Fixed +- The `WordPress.CodeAnalysis.EmptyStatement` would throw a false positive for an empty condition in a `for()` statement. +- The `Sniff::is_class_property()` method could, in certain circumstances, incorrectly recognize parameters in a method declaration as class properties. It would also, incorrectly, fail to recognize class properties when the object they are declared in, was nested in parentheses. + This affected, amongst others, the `GlobalVariablesOverride` sniff. +- The `Sniff::get_declared_namespace_name()` method could get confused over whitespace and comments within a namespace name, which could lead to incorrect results (mostly underreporting). + This affected, amongst others, the `GlobalVariablesOverride` sniff. + The return value of the method will now no longer contain any whitespace or comments encountered. +- The `Sniff::has_whitelist_comment()` method would sometimes incorrectly regard `// phpcs:set` comments as whitelist comments. + +## [1.1.0] - 2018-09-10 + +### Added +- New `WordPress.PHP.NoSilencedErrors` sniff. This sniff replaces the `Generic.PHP.NoSilencedErrors` sniff which was previously used and included in the `WordPress-Core` ruleset. + The WordPress specific version of the sniff differs from the PHPCS version in that it: + * Allows the error control operator `@` if it preceeds a function call to a limited list of PHP functions for which no amount of error checking can prevent a PHP warning from being thrown. + * Allows for a used-defined list of (additional) function names to be passed to the sniff via the `custom_whitelist` property in a custom ruleset, for which - if the error control operator is detected in front of a function call to one of the functions in this whitelist - no warnings will be thrown. + * Displays a brief snippet of code in the `warning` message text to show the context in which the error control operator is being used. The length of the snippet (in tokens) can be customized via the `context_length` property. + * Contains a public `use_default_whitelist` property which can be set from a custom ruleset which regulates whether or not the standard whitelist of PHP functions should be used by the sniff. + The user-defined whitelist will always be respected. + By default, this property is set to `true` for the `WordPress-Core` ruleset and to `false` for the `WordPress-Extra` ruleset (which is stricter regarding these kind of best practices). +- Metrics to the `WordPress.NamingConventions.PrefixAllGlobals` sniff to aid people in determining the most commonly used prefix in a legacy project. + For an example of how to use this feature, please see the detailed explanation in the [pull request](https://github.com/WordPress/WordPress-Coding-Standards/pull/1437). + +### Changed +- The `PEAR.Functions.FunctionCallSignature` sniff, which is part of the `WordPress-Core` ruleset, used to allow multiple function call parameters per line in multi-line function calls. This will no longer be allowed. + As of this release, if a function call is multi-line, each parameter should start on a new line and an `error` will be thrown if the code being analysed does not comply with that rule. + The sniff behaviour for single-line function calls is not affected by this change. +- Moved the `WordPress.CodeAnalysis.EmptyStatement` sniff from the `WordPress-Extra` to the `WordPress-Core` ruleset. +- Moved the `Squiz.PHP.CommentedOutCode` sniff from the `WordPress-Docs` to the `WordPress-Extra` ruleset and lowered the threshold for determining whether or not a comment is commented out code from 45% to 40%. +- The `WordPress.NamingConventions.PrefixAllGlobals` sniff now has improved support for recognizing whether or not (non-prefixed) globals are declared in the context of unit tests. +- The `is_foreach_as()` method has been moved from the `GlobalVariablesOverrideSniff` class to the WordPress `Sniff` base class. +- The `Sniff::is_token_in_test_method()` utility method now has improved support for recognizing test methods in anonymous classes. +- Minor efficiency improvement to the `Sniff::is_safe_casted()` method. +- CI: Minor tweaks to the Travis script. +- CI: Improved Composer scripts for use by WPCS developers. +- Dev: Removed IDE specific files from `.gitignore`. +- Readme: Improved the documentation about the project history and the badge display. + +### Fixed +- The `WordPress.Security.ValidatedSanitizedInput` sniff will now recognize array keys in superglobals independently of the string quote-style used for the array key. +- The `WordPress.WhiteSpace.PrecisionAlignment` sniff will no longer throw false positives for DocBlocks for JavaScript functions within inline HTML. +- `WordPress.WP.DeprecatedClasses`: The error codes for this sniff were unstable as they were based on the code being analysed instead of on fixed values. +- Various bugfixes for the `WordPress.WP.GlobalVariablesOverride` sniff: + - Previously, the sniff only checked variables in the global namespace when a `global` statement would be encountered. As of now, all variable assignments in the global namespace will be checked. + - Nested functions/closures/classes which don't import the global variable will now be skipped over when encountered within another function, preventing false positives. + - Parameters in function declarations will no longer throw false positives. + - The error message for assignments to a subkey of the `$GLOBALS` superglobal has been improved. + - Various efficiency improvements. +- The `Sniff::is_in_isset_or_empty()` method presumed the WordPress coding style regarding code layout, which could lead to incorrect results (mostly underreporting). + This affected, amongst others, the `WordPress.Security.ValidatedSanitizedInput` sniff. +- Broken links in the inline developer documentation. + + +## [1.0.0] - 2018-07-25 + +### Important information about this release: + +If you use the WordPress Coding Standards with a custom ruleset, please be aware that a number of sniffs have been moved between categories and that the old sniff names have been deprecated. +If you selectively include any of these sniffs in your custom ruleset or set custom property values for these sniffs, your custom ruleset will need to be updated. + +The `WordPress-VIP` ruleset has also been deprecated. If you used that ruleset to check your theme/plugin for hosting on the WordPress.com VIP platform, please use the [Automattic VIP coding standards](https://github.com/Automattic/VIP-Coding-Standards) instead. +If you used that ruleset for any other reason, you should probably use the `WordPress-Extra` or `WordPress` ruleset instead. + +These and some related changes have been annotated in detail in the `Deprecated` section of this changelog. + +Please read the complete changelog carefully before you upgrade. + +If you are a maintainer of an external standard based on WPCS and any of your custom sniffs are based on or extend WPCS sniffs, the same applies. + +### Added +- `WordPress.PHP.PregQuoteDelimiter` sniff to the `WordPress-Extra` ruleset to warn about calls to `preg_quote()` which don't pass the `$delimiter` parameter. +- `WordPress.Security.SafeRedirect` sniff to the `WordPress-Extra` ruleset to warn about potential open redirect vulnerabilities. +- `WordPress.WP.DeprecatedParameterValues` sniff to the `WordPress-Extra` ruleset to detect deprecated parameter values being passed to select functions. +- `WordPress.WP.EnqueuedResourceParameters` sniff to the `WordPress-Extra` ruleset to detect: + - Calls to the script/style register/enqueue functions which don't pass a `$version` for the script/style, which can cause issues with browser caching; and/or + - Calls to the register/enqueue script functions which don't pass the `$in_footer` parameter, which causes scripts - by default - to be loaded in the HTML header in a layout rendering blocking manner. +- Detection of calls to `strip_tags()` and various PHP native `..rand()` functions to the `WordPress.WP.AlternativeFunctions` sniff. +- `readonly()` to the list of auto-escaped functions `Sniff::$autoEscapedFunctions`. This affects the `WordPress.Security.EscapeOutput` sniff. +- The `WordPress.Security.PluginMenuSlug`, `WordPress.WP.CronInterval`, `WordPress.WP.PostsPerPage` and `WordPress.WP.TimezoneChange` sniffs are now included in the `WordPress-Extra` ruleset. Previously, they were already included in the `WordPress` and `WordPress-VIP` rulesets. +- New utility method `Sniff::is_use_of_global_constant()`. +- A rationale to the package suggestion made via `composer.json`. +- CI: Validation of the `composer.json` file on each build. +- A wiki page with instructions on how to [set up WPCS to run with Eclipse on XAMPP](https://github.com/WordPress/WordPress-Coding-Standards/wiki/How-to-use-WPCS-with-Eclipse-and-XAMPP). +- Readme: A link to an external resource with more examples for setting up PHPCS for CI. +- Readme: A badge-based quick overview of the project. + +### Changed +- The `WordPress` ruleset no longer includes the `WordPress-VIP` ruleset, nor does it include any of the (deprecated) `VIP` sniffs anymore. +- The following sniffs have been moved to a new category: + - `CronInterval` from the `VIP` category to the `WP` category. + - `DirectDatabaseQuery` from the `VIP` category to the `DB` category. + - `DontExtract` from the `Functions` category to the `PHP` category. + - `EscapeOutput` from the `XSS` category to the `Security` category. + - `GlobalVariables` from the `Variables` category to the `WP` category. + - `NonceVerification` from the `CSRF` category to the `Security` category. + - `PluginMenuSlug` from the `VIP` category to the `Security` category. + - `PreparedSQL` from the `WP` category to the `DB` category. + - `SlowDBQuery` from the `VIP` category to the `DB` category. + - `TimezoneChange` from the `VIP` category to the `WP` category. + - `ValidatedSanitizedInput` from the `VIP` category to the `Security` category. +- The `WordPress.VIP.PostsPerPage` sniff has been split into two distinct sniffs: + - `WordPress.WP.PostsPerPage` which will check for the use of a high pagination limit and will throw a `warning` when this is encountered. For the `VIP` ruleset, the error level remains `error`. + - `WordPress.VIP.PostsPerPage` wich will check for disabling of pagination. +- The default value for `minimum_supported_wp_version`, as used by a [number of sniffs detecting usage of deprecated WP features](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Customizable-sniff-properties#minimum-wp-version-to-check-for-usage-of-deprecated-functions-classes-and-function-parameters), has been updated to `4.6`. +- The `WordPress.WP.AlternativeFunctions` sniff will now only throw a warning if/when the recommended alternative function is available in the minimum supported WP version of a project. + In addition to this, certain alternatives are only valid alternatives in certain circumstances, like when the WP version only supports the first parameter of the PHP function it is trying to replace. + This will now be taken into account for: + - `wp_strip_all_tags()` is only a valid alternative for the PHP native `strip_tags()` when the second parameter `$allowed_tags` has not been passed. + - `wp_parse_url()` only added support for the second parameter `$component` of the PHP native `parse_url()` function in WP 4.7.0. +- The `WordPress.WP.DeprecatedFunctions` sniff will now detect functions deprecated in WP 4.9. +- The `WordPress.WP.GlobalVariablesOverride` sniff will now display the name of the variable being overridden in the error message. +- The `WordPress.WP.I18n` sniff now extends the `AbstractFunctionRestrictionSniff`. +- Assignments in conditions in ternaries as detected by the `WordPress.CodeAnalysis.AssignmentInCondition` sniff will now be reported under a separate error code `FoundInTernaryCondition`. +- The default error level for the notices from the `WordPress.DB.DirectDatabaseQuery` sniff has been lowered from `error` to `warning`. For the `VIP` ruleset, the error level remains `error`. +- The default error level for the notices from the `WordPress.Security.PluginMenuSlug` sniff has been lowered from `error` to `warning`. For the `VIP` ruleset, the error level remains `error`. +- The default error level for the notices from the `WordPress.WP.CronInterval` sniff has been lowered from `error` to `warning`. For the `VIP` ruleset, the error level remains `error`. +- The `Sniff::get_function_call_parameters()` utility method now has improved handling of closures when passed as function call parameters. +- Rulesets: a number of error codes were previously silenced by explicitly `exclude`-ing them. Now, they will be silenced by setting the `severity` to `0` which makes it more easily discoverable for maintainers of custom rulesets how to enable these error codes again. +- Various performance optimizations which should most notably make a difference when running WPCS on PHP 7. +- References to the WordPress.com VIP platform have been clarified. +- Unit Tests: custom properties set in unit test files are reset after use. +- Various improvements to the ruleset used by the WPCS project itself and minor code clean up related to this. +- CI: Each change will now also be tested against the lowest supported PHPCS 3 version. +- CI: Each change will now also be checked for PHP cross-version compatibility. +- CI: The rulesets will now also be tested on each change to ensure no unexpected messages are thrown. +- CI: Minor changes to the script to make the build testing faster. +- Updated the [custom ruleset example](https://github.com/WordPress/WordPress-Coding-Standards/blob/develop/phpcs.xml.dist.sample) for the changes contained in this release and to reflect current best practices regarding the PHPCompatibility standard. +- The instructions on how to set up WPCS for various IDEs have been moved from the `README` to the [wiki](https://github.com/WordPress/WordPress-Coding-Standards/wiki). +- Updated output examples in `README.md` and `CONTRIBUTING.md` and other minor changes to these files. +- Updated references to the PHPCompatibility standard to reflect its new location and recommend using PHPCompatibilityWP. + +### Deprecated +- The `WordPress-VIP` ruleset has been deprecated. + For checking a theme/plugin for hosting on the WordPress.com VIP platform, please use the [Automattic VIP coding standards](https://github.com/Automattic/VIP-Coding-Standards) instead. + If you used the `WordPress-VIP` ruleset for any other reason, you should probably use the `WordPress-Extra` or `WordPress` ruleset instead. +- The following sniffs have been deprecated and will be removed in WPCS 2.0.0: + - `WordPress.CSRF.NonceVerification` - use `WordPress.Security.NonceVerification` instead. + - `WordPress.Functions.DontExtract` - use `WordPress.PHP.DontExtract` instead. + - `WordPress.Variables.GlobalVariables` - use `WordPress.WP.GlobalVariablesOverride` instead. + - `WordPress.VIP.CronInterval` - use `WordPress.WP.CronInterval` instead. + - `WordPress.VIP.DirectDatabaseQuery` - use `WordPress.DB.DirectDatabaseQuery` instead. + - `WordPress.VIP.PluginMenuSlug` - use `WordPress.Security.PluginMenuSlug` instead. + - `WordPress.VIP.SlowDBQuery` - use `WordPress.DB.SlowDBQuery` instead. + - `WordPress.VIP.TimezoneChange` - use `WordPress.WP.TimezoneChange` instead. + - `WordPress.VIP.ValidatedSanitizedInput` - use `WordPress.Security.ValidatedSanitizedInput` instead. + - `WordPress.WP.PreparedSQL` - use `WordPress.DB.PreparedSQL` instead. + - `WordPress.XSS.EscapeOutput` - use `WordPress.Security.EscapeOutput` instead. + - `WordPress.VIP.AdminBarRemoval` without replacement. + - `WordPress.VIP.FileSystemWritesDisallow` without replacement. + - `WordPress.VIP.OrderByRand` without replacement. + - `WordPress.VIP.RestrictedFunctions` without replacement. + - `WordPress.VIP.RestrictedVariables` without replacement. + - `WordPress.VIP.SessionFunctionsUsage` without replacement. + - `WordPress.VIP.SessionVariableUsage` without replacement. + - `WordPress.VIP.SuperGlobalInputUsage` without replacement. +- The following sniff categories have been deprecated and will be removed in WPCS 2.0.0: + - `CSRF` + - `Variables` + - `XSS` +- The `posts_per_page` property in the `WordPress.VIP.PostsPerPage` sniff has been deprecated as the related functionality has been moved to the `WordPress.WP.PostsPerPage` sniff. + See [WP PostsPerPage: post limit](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Customizable-sniff-properties#wp-postsperpage-post-limit) for more information about this property. +- The `exclude` property which is available to most sniffs which extend the `AbstractArrayAssignmentRestrictions`, `AbstractFunctionRestrictions` and `AbstractVariableRestrictions` classes or any of their children, used to be a `string` property and expected a comma-delimited list of groups to exclude. + The type of the property has now been changed to `array`. Custom rulesets which pass this property need to be adjusted to reflect this change. + Support for passing the property as a comma-delimited string has been deprecated and will be removed in WPCS 2.0.0. + See [Excluding a group of checks](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Customizable-sniff-properties#excluding-a-group-of-checks) for more information about the sniffs affected by this change. +- The `AbstractVariableRestrictionsSniff` class has been deprecated as all sniffs depending on this class have been deprecated. Unless a new sniff is created in the near future which uses this class, the abstract class will be removed in WPCS 2.0.0. +- The `Sniff::has_html_open_tag()` utility method has been deprecated as it is now only used by deprecated sniffs. The method will be removed in WPCS 2.0.0. + +### Removed +- `cancel_comment_reply_link()`, `get_bookmark()`, `get_comment_date()`, `get_comment_time()`, `get_template_part()`, `has_post_thumbnail()`, `is_attachement()`, `post_password_required()` and `wp_attachment_is_image()` from the list of auto-escaped functions `Sniff::$autoEscapedFunctions`. This affects the `WordPress.Security.EscapeOutput` sniff. +- WPCS no longer explicitly supports HHVM and builds are no longer tested against HHVM. + For now, running WPCS on HHVM to test PHP code may still work for a little while, but HHVM has announced they are [dropping PHP support](https://hhvm.com/blog/2017/09/18/the-future-of-hhvm.html). + +### Fixed +- Compatibility with PHP 7.3. A change in PHP 7.3 was causing the `WordPress.DB.RestrictedClasses`, `WordPress.DB.RestrictedFunctions` and the `WordPress.WP.AlternativeFunctions` sniffs to fail to correctly detect issues. +- Compatibility with the latest releases from [PHP_CodeSniffer](https://github.com/squizlabs/PHP_CodeSniffer). + PHPCS 3.2.0 introduced new annotations which can be used inline to selectively disable/ignore certain sniffs. + **Note**: The initial implementation of the new annotations was buggy. If you intend to start using these new style annotations, you are strongly advised to use PHPCS 3.3.0 or higher. + For more information about these annotations, please refer to the [PHPCS Wiki](https://github.com/squizlabs/PHP_CodeSniffer/wiki/Advanced-Usage#ignoring-parts-of-a-file). + - The [WPCS native whitelist comments](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Whitelisting-code-which-flags-errors) can now be combined with the new style PHPCS whitelist annotations in the `-- for reasons` part of the annotation. + - `WordPress.Arrays.ArrayDeclarationSpacing`: the fixer will now handle the new style annotations correctly. + - `WordPress.Arrays.CommaAfterArrayItem`: prevent a fixer loop when new style annotations are encountered. + - `WordPress.Files.FileName`: respect the new style annotations if these would selectively disable this sniff. + - `WordPress.WhiteSpace.ControlStructureSpacing`: handle the new style annotations correctly for the "blank line at the start/end of control structure" checks and prevent a fixer conflict when the new style annotations are encountered. + - `WordPress.WhiteSpace.PrecisionAlignment`: allow for checking of for precision alignment on lines containing new style annotations when `phpcs` is run with `--ignore-annotations`. +- The `Sniff::is_test_class()` method now has improved recognition of namespaced test classes. + This positively affects the `WordPress.Files.FileName`, `WordPress.NamingConventions.PrefixAllGlobals` and `WordPress.WP.GlobalVariablesOverride` sniffs, which each allow for test classes to (partially) not comply with the rules these sniffs check for. + This fixes the following bugs: + - Namespaced classes where the classname was one of the whitelisted global classes would incorrectly be recognized as a test class, even though they were not the same class. + This also happened if a namespaced class `extend`ed one of the whitelisted global classes. + - A namespaced custom test class where the name was split between the namespace declaration and the extended class declaration was not correctly recognized as the whitelisted test class. + - A namespaced test class which extended another class using a FQCN prefixed with a `\\` would not be correctly recognized. + - The `custom_test_class_whitelist` property which is available for each of these sniffs expects to be passed a Fully Qualified Class Name. FQCNs prefixed with a global namespace indicator will now be correctly handled. +- The determination of whether a `T_STRING` is a function call or not has been improved in the `AbstractFunctionRestrictions` class. This improvement benefits all sniffs which extend this abstract and any of its children (> 10 sniffs) and fixes the following false positives: + - Class declarations will no longer be confused with function calls. + - Use statement alias declarations will no longer be confused with function calls. +- Various bugs in the `WordPress.Arrays.ArrayIndentation` sniff: + - The sniff will no longer throw false positives or try to fix multi-line text strings where the closing quote is on a line by itself. + - The sniff would go into a fixer loop when it encountered a multi-line trailing comment after an array item. +- The `WordPress.CodeAnalysis.AssignmentInCondition` was throwing false positives for ternaries in nested, but unrelated, parentheses. +- The `WordPress.CodeAnalysis.EmptyStatement` and `WordPress.Files.FileName` sniffs underreported as they did not take PHP short open echo tags into account. +- Various bugs in the `WordPress.NamingConventions.PrefixAllGlobals` sniff: + - Parameters in a closure declaration were incorrectly being regarded as global variables. + - Non-prefixed variables created by a `foreach()` construct in the global namespace were previously not detected. + - Non-prefixed globals found in namespaced test classes should be ignored by the sniff, but were not. + - Definition of non-prefixed global WP constants which are intended to be overruled, should not trigger an error from this sniff. + - The sniff presumed the WP naming conventions for PHP constructs, while it should check for the construct being prefixed regardless of whether camelCase, PascalCase, snake_case or other naming conventions are used. + - The sniff presumed the WP naming conventions for prefixes used in hook names. The sniff will now be more tolerant when non-conventional word separators are used in prefixes for hooks. +- The `WordPress.NamingConventions.ValidFunctionName` sniff no longer "hides" one message behind another. The sniff will now correctly throw a message about function names not being in `snake_case`, even when the `FunctionDoubleUnderscore` or `MethodDoubleUnderscore` error codes have been excluded. +- The `WordPress.PHP.StrictInArray` sniff will no longer throw an error when `in_array`, `array_search` or `array_keys` are used in a file `use` statement. +- Various bugs in the `WordPress.Security.EscapeOutput` sniff: + - A limited list of native PHP constants which are safe to use, such as `PHP_EOL`, has been added. When any of these constants are encountered, the sniff will no longer demand output escaping for them. + - The sniff was underreporting issues with variables passed to `trigger_error()`. + - While reporting an issue, sometimes the wrong error message was used. The sniff logic has been adjusted to prevent this. + - The sniff will now correctly ignore the open and close brackets of short arrays. + - The sniff would throw false positives when `echo`, `print`, `exit` or `die` were encountered as constants, function or class names. While it may not be a good idea to use PHP keywords in such a way, it is allowed, so the sniff should handle this correctly. +- The `WordPress.WhiteSpace.ControlStructureSpacing` sniff would inadvertently throw an error for the spacing around the colon for a return type in a function declaration. +- The `WordPress.WP.AlternativeFunctions` sniff used to flag all function calls to `file_get_contents()` twice, suggesting to use `wp_remote_get()` - which is only applicable for remote URLs - and the `WP_FileSystem` API - which is not needed when just _reading_ local files. These messages contradicted each other. + The sniff will now try to determine whether the file requested is local or remote and will only throw a `warning` suggesting to use `wp_remote_get()`, if a remote URL is being requested or when it could not be determined if the requested file is local or remote. +- The expected default value for `wp_upload_bits()` in the `WordPress.WP.DeprecatedParameters` sniff. +- The `WordPress.WP.GlobalVariablesOverride` sniff previously did not detect variables created by a `foreach()` construct which would override WP global variables. +- Various bugs in the `WordPress.WP.I18n` sniff: + - The sniff will no longer throw false positives for calls to methods carrying the same name as any of the global WP functions being targeted and has improved handling of parse errors and live coding. + - A numeric `0` would throw a false positive for "no translatable content found". +- The fixer in the `WordPress.WhiteSpace.ControlStructureSpacing` sniff will no longer inadvertently remove return type declarations. +- Various bugs in the `WordPress.WhiteSpace.PrecisionAlignment` sniff: + - Inline HTML before the first PHP open tag was not being examined. + - Files which only contained short open echo tags for PHP were not being examined. + - The last line of inline HTML in a file was not being examined. +- Some best practice sniffs presumed the WordPress coding style regarding code layout, which could lead to incorrect results (mostly underreporting). + The following sniffs have received fixes related to this: + - `WordPress.DB.PreparedSQL` + - `WordPress.NamingConventions.ValidVariableName` + - `WordPress.WP.CronInterval` + - `WordPress.WP.I18n` +- Various minor fixes based on visual inspection and Scrutinizer analysis feedback. +- Typo in the instructions contained in `CONTRIBUTING.md`. +- Broken link in the `README.md` file. + + +## [0.14.1] - 2018-02-15 + +### Fixed +- The `WordPress.NamingConventions.PrefixAllGlobals` sniff contained a bug which could inadvertently trigger class autoloading of the project being sniffed and by extension could cause fatal errors during the PHPCS run. + +## [0.14.0] - 2017-11-01 + +### Added +- `WordPress.Arrays.MultipleStatementAlignment` sniff to the `WordPress-Core` ruleset which will align the array assignment operator for multi-item, multi-line associative arrays. + This new sniff offers four custom properties to customize its behaviour: [`ignoreNewlines`](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Customizable-sniff-properties#array-alignment-allow-for-new-lines), [`exact`](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Customizable-sniff-properties#array-alignment-allow-non-exact-alignment), [`maxColumn`](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Customizable-sniff-properties#array-alignment-maximum-column) and [`alignMultilineItems`](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Customizable-sniff-properties#array-alignment-dealing-with-multi-line-items). +- `WordPress.DB.PreparedSQLPlaceholders` sniff to the `WordPress-Core` ruleset which will analyse the placeholders passed to `$wpdb->prepare()` for their validity, check whether queries using `IN ()` and `LIKE` statements are created correctly and will check whether a correct number of replacements are passed. + This sniff should help detect queries which are impacted by the security fixes to `$wpdb->prepare()` which shipped with WP 4.8.2 and 4.8.3. + The sniff also adds a new ["PreparedSQLPlaceholders replacement count" whitelist comment](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Whitelisting-code-which-flags-errors#preparedsql-placeholders-vs-replacements) for pertinent replacement count vs placeholder mismatches. Please consider carefully whether something could be a bug when you are tempted to use the whitelist comment and if so, [report it](https://github.com/WordPress/WordPress-Coding-Standards/issues/new). +- `WordPress.PHP.DiscourageGoto` sniff to the `WordPress-Core` ruleset. +- `WordPress.PHP.RestrictedFunctions` sniff to the `WordPress-Core` ruleset which initially forbids the use of `create_function()`. + This was previous only discouraged under certain circumstances. +- `WordPress.WhiteSpace.ArbitraryParenthesesSpacing` sniff to the `WordPress-Core` ruleset which checks the spacing on the inside of arbitrary parentheses. +- `WordPress.WhiteSpace.PrecisionAlignment` sniff to the `WordPress-Core` ruleset which will throw a warning when precision alignment is detected in PHP, JS and CSS files. +- `WordPress.WhiteSpace.SemicolonSpacing` sniff to the `WordPress-Core` ruleset which will throw a (fixable) error when whitespace is found before a semi-colon, except for when the semi-colon denotes an empty `for()` condition. +- `WordPress.CodeAnalysis.AssignmentInCondition` sniff to the `WordPress-Extra` ruleset. +- `WordPress.WP.DiscouragedConstants` sniff to the `WordPress-Extra` and `WordPress-VIP` rulesets to detect usage of deprecated WordPress constants, such as `STYLESHEETPATH` and `HEADER_IMAGE`. +- Ability to pass the `minimum_supported_version` to use for the `DeprecatedFunctions`, `DeprecatedClasses` and `DeprecatedParameters` sniff in one go. You can pass a `minimum_supported_wp_version` runtime variable for this [from the command line or pass it using a `config` directive in a custom ruleset](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Customizable-sniff-properties#setting-minimum-supported-wp-version-for-all-sniffs-in-one-go-wpcs-0140). +- `Generic.Formatting.MultipleStatementAlignment` - customized to have a `maxPadding` of `40` -, `Generic.Functions.FunctionCallArgumentSpacing` and `Squiz.WhiteSpace.ObjectOperatorSpacing` to the `WordPress-Core` ruleset. +- `Squiz.Scope.MethodScope`, `Squiz.Scope.MemberVarScope`, `Squiz.WhiteSpace.ScopeKeywordSpacing`, `PSR2.Methods.MethodDeclaration`, `Generic.Files.OneClassPerFile`, `Generic.Files.OneInterfacePerFile`, `Generic.Files.OneTraitPerFile`, `PEAR.Files.IncludingFile`, `Squiz.WhiteSpace.LanguageConstructSpacing`, `PSR2.Namespaces.NamespaceDeclaration` to the `WordPress-Extra` ruleset. +- The `is_class_constant()`, `is_class_property` and `valid_direct_scope()` utility methods to the `WordPress\Sniff` class. + +### Changed +- When passing an array property via a custom ruleset to PHP_CodeSniffer, spaces around the key/value are taken as intentional and parsed as part of the array key/value. In practice, this leads to confusion and WPCS does not expect any values which could be preceded/followed by a space, so for the WordPress Coding Standard native array properties, like `customAutoEscapedFunction`, `text_domain`, `prefixes`, WPCS will now trim whitespace from the keys/values received before use. +- The WPCS native whitelist comments used to only work when they were put on the _end of the line_ of the code they applied to. As of now, they will also be recognized when they are be put at the _end of the statement_ they apply to. +- The `WordPress.Arrays.ArrayDeclarationSpacing` sniff used to enforce all associative arrays to be multi-line. The handbook has been updated to only require this for multi-item associative arrays and the sniff has been updated accordingly. + [The original behaviour can still be enforced](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Customizable-sniff-properties#arrays-forcing-single-item-associative-arrays-to-be-multi-line) by setting the new `allow_single_item_single_line_associative_arrays` property to `false` in a custom ruleset. +- The `WordPress.NamingConventions.PrefixAllGlobals` sniff will now allow for a limited list of WP core hooks which are intended to be called by plugins and themes. +- The `WordPress.PHP.DiscouragedFunctions` sniff used to include `create_function`. This check has been moved to the new `WordPress.PHP.RestrictedFunctions` sniff. +- The `WordPress.PHP.StrictInArray` sniff now has a separate error code `FoundNonStrictFalse` for when the `$strict` parameter has been set to `false`. This allows for excluding the warnings for that particular situation, which will normally be intentional, via a custom ruleset. +- The `WordPress.VIP.CronInterval` sniff now allows for customizing the minimum allowed cron interval by [setting a property in a custom ruleset](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Customizable-sniff-properties#vip-croninterval-minimum-interval). +- The `WordPress.VIP.RestrictedFunctions` sniff used to prohibit the use of certain WP native functions, recommending the use of `wpcom_vip_get_term_link()`, `wpcom_vip_get_term_by()` and `wpcom_vip_get_category_by_slug()` instead, as the WP native functions were not being cached. As the results of the relevant WP native functions are cached as of WP 4.8, the advice has now been reversed i.e. use the WP native functions instead of `wpcom...` functions. +- The `WordPress.VIP.PostsPerPage` sniff now allows for customizing the `post_per_page` limit for which the sniff will trigger by [setting a property in a custom ruleset](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Customizable-sniff-properties#vip-postsperpage-post-limit). +- The `WordPress.WP.I18n` sniff will now allow and actively encourage omitting the text domain in I18n function calls if the text domain passed via the `text_domain` property is `default`, i.e. the domain used by Core. + When `default` is one of several text domains passed via the `text_domain` property, the error thrown when the domain is missing has been downgraded to a `warning`. +- The `WordPress.XSS.EscapeOutput` sniff now has a separate error code `OutputNotEscapedShortEcho` and the error message texts have been updated. +- Moved `Squiz.PHP.Eval` from the `WordPress-Extra` and `WordPress-VIP` to the `WordPress-Core` ruleset. +- Removed two sniffs from the `WordPress-VIP` ruleset which were already included via the `WordPress-Core` ruleset. +- The unit test suite is now compatible with PHPCS 3.1.0+ and PHPUnit 6.x. +- Some tidying up of the unit test case files. +- All sniffs are now also being tested against PHP 7.2 for consistent sniff results. +- An attempt is made to detect potential fixer conflicts early via a special build test. +- Various minor documentation fixes. +- Improved the Atom setup instructions in the Readme. +- Updated the unit testing information in Contributing. +- Updated the [custom ruleset example](https://github.com/WordPress/WordPress-Coding-Standards/blob/develop/phpcs.xml.dist.sample) for the changes contained in this release and to make it more explicit what is recommended versus example code. +- The minimum recommended version for the suggested `DealerDirect/phpcodesniffer-composer-installer` Composer plugin has gone up to `0.4.3`. This patch version fixes support for PHP 5.3. + +### Fixed +- The `WordPress.Arrays.ArrayIndentation` sniff did not correctly handle array items with multi-line strings as a value. +- The `WordPress.Arrays.ArrayIndentation` sniff did not correctly handle array items directly after an array item with a trailing comment. +- The `WordPress.Classes.ClassInstantiation` sniff will now correctly handle detection when using `new $array['key']` or `new $array[0]`. +- The `WordPress.NamingConventions.PrefixAllGlobals` sniff did not allow for arbitrary word separators in hook names. +- The `WordPress.NamingConventions.PrefixAllGlobals` sniff did not correctly recognize namespaced constants as prefixed. +- The `WordPress.PHP.StrictInArray` sniff would erronously trigger if the `true` for `$strict` was passed in uppercase. +- The `WordPress.PHP.YodaConditions` sniff could get confused over complex ternaries containing assignments. This has been remedied. +- The `WordPress.WP.PreparedSQL` sniff would erronously throw errors about comments found within a DB function call. +- The `WordPress.WP.PreparedSQL` sniff would erronously throw errors about `(int)`, `(float)` and `(bool)` casts and would also flag the subsequent variable which had been safe casted. +- The `WordPress.XSS.EscapeOutput` sniff would erronously trigger when using a fully qualified function call - including the global namespace `\` indicator - to one of the escaping functions. +- The lists of WP global variables and WP mixed case variables have been synchronized, which fixes some false positives. + + +## [0.13.1] - 2017-08-07 + +### Fixed +- Fatal error when using PHPCS 3.x with the `installed_paths` config variable set via the ruleset. + +## [0.13.0] - 2017-08-03 + +### Added +- Support for PHP_CodeSniffer 3.0.2+. The minimum required PHPCS version (2.9.0) stays the same. +- Support for the PHPCS 3 `--ignore-annotations` command line option. If you pass this option, both PHPCS native `@ignore ...` annotations as well as the WPCS specific [whitelist flags](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Whitelisting-code-which-flags-errors) will be ignored. + +### Changed +- The minimum required PHP version is now 5.3 when used in combination with PHPCS 2.x and PHP 5.4 when used in combination with PHPCS 3.x. +- The way the unit tests can be run is now slightly different for PHPCS 2.x versus 3.x. For more details, please refer to the updated information in the [Contributing Guidelines](CONTRIBUTING.md). +- Release archives will no longer contain the unit tests and other typical development files. You can still get these by using Composer with `--prefer-source` or by checking out a git clone of the repository. +- Various textual improvements to the Readme. +- Various textual improvements to the Contributing Guidelines. +- Minor internal changes. + +### Removed +- The `WordPress.Arrays.ArrayDeclaration` sniff has been deprecated. The last remaining checks this sniff contained have been moved to the `WordPress.Arrays.ArrayDeclarationSpacing` sniff. +- Work-arounds which were in place to support PHP 5.2. + +### Fixed +- A minor bug where the auto-fixer could accidentally remove a comment near an array opener. + + +## [0.12.0] - 2017-07-21 + +### Added +- A default file encoding setting to the `WordPress-Core` ruleset. All files sniffed will now be regarded as `utf-8` by default. +- `WordPress.Arrays.ArrayIndentation` sniff to the `WordPress-Core` ruleset to verify - and auto-fix - the indentation of array items and the array closer for multi-line arrays. This replaces the (partial) indentation fixing contained within the `WordPress.Array.ArrayDeclarationSpacing` sniff. +- `WordPress.Arrays.CommaAfterArrayItem` sniff to the `WordPress-Core` ruleset to enforce that each array item is followed by a comma - except for the last item in a single-line array - and checks the spacing around the comma. This replaces (and improves) the checks which were previously included in the `WordPress.Arrays.ArrayDeclaration` sniff which were causing incorrect fixes and fixer conflicts. +- `WordPress.Functions.FunctionCallSignatureNoParams` sniff to the `WordPress-Core` ruleset to verify that function calls without parameters do not have any whitespace between the parentheses. +- `WordPress.WhiteSpace.DisallowInlineTabs` to the `WordPress-Core` ruleset to verify - and auto-fix - that spaces are used for mid-line alignment. +- `WordPress.WP.CapitalPDangit` sniff to the `WordPress-Core` ruleset to - where relevant - verify that `WordPress` is spelled correctly. For misspellings in text strings and comment text, the sniff can auto-fix violations. +- `Squiz.Classes.SelfMemberReference` whitespace related checks to the `WordPress-Core` ruleset and the additional check for using `self` rather than a FQN to the `WordPress-Extra` ruleset. +- `Squiz.PHP.EmbeddedPhp` sniff to the `WordPress-Core` ruleset to check PHP code embedded within HTML blocks. +- `PSR2.ControlStructures.SwitchDeclaration` to the `WordPress-Core` ruleset to check for the correct layout of `switch` control structures. +- `WordPress.Classes.ClassInstantion` sniff to the `WordPress-Extra` ruleset to detect - and auto-fix - missing parentheses on object instantiation and superfluous whitespace in PHP and JS files. The sniff will also detect `new` being assigned by reference. +- `WordPress.CodeAnalysis.EmptyStatement` sniff to the `WordPress-Extra` ruleset to detect - and auto-fix - superfluous semi-colons and empty PHP open-close tag combinations. +- `WordPress.NamingConventions.PrefixAllGlobals` sniff to the `WordPress-Extra` ruleset to verify that all functions, classes, interfaces, traits, variables, constants and hook names which are declared/defined in the global namespace are prefixed with one of the prefixes provided via a custom property or via the command line. + To activate this sniff, [one or more allowed prefixes should be provided to the sniff](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Customizable-sniff-properties#naming-conventions-prefix-everything-in-the-global-namespace). This can be done using a custom ruleset or via the command line. + PHP superglobals and WP global variables are exempt from variable name prefixing. Deprecated hook names will also be disregarded when non-prefixed. Back-fills for known native PHP functionality is also accounted for. + For verified exceptions, [unprefixed code can be whitelisted](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Whitelisting-code-which-flags-errors#non-prefixed-functionclassvariableconstant-in-the-global-namespace). + Code in unit test files is automatically exempt from this sniff. +- `WordPress.WP.DeprecatedClasses` sniff to the `WordPress-Extra` ruleset to detect usage of deprecated WordPress classes. +- `WordPress.WP.DeprecatedParameters` sniff to the `WordPress-Extra` ruleset to detect deprecated parameters being passed to WordPress functions with a value other than the expected default. +- The `sanitize_textarea_field()` function to the `sanitizingFunctions` list used by the `WordPress.CSRF.NonceVerification`, `WordPress.VIP.ValidatedSanitizedInput` and `WordPress.XSS.EscapeOutput` sniffs. +- The `find_array_open_closer()` utility method to the `WordPress_Sniff` class. +- Information about setting `installed_paths` using a custom ruleset to the Readme. +- Additional support links to the `composer.json` file. +- Support for Composer PHPCS plugins which sort out the `installed_paths` setting. +- Linting and code-style check of the XML ruleset files provided by WPCS. + +### Changed +- The minimum required PHP_CodeSniffer version to 2.9.0 (was 2.8.1). **Take note**: PHPCS 3.x is not (yet) supported. The next release is expected to fix that. +- Improved support for detecting issues in code using heredoc and/or nowdoc syntax. +- Improved sniff efficiency, precision and performance for a number of sniffs. +- Updated a few sniffs to take advantage of new features and fixes which are included in PHP_CodeSniffer 2.9.0. +- `WordPress.Files.Filename`: The "file name mirrors the class name prefixed with 'class'" check for PHP files containing a class will no longer be applied to typical unit test classes, i.e. for classes which extend `WP_UnitTestCase`, `PHPUnit_Framework_TestCase` and `PHPUnit\Framework\TestCase`. Additional test case base classes can be passed to the sniff using the new [`custom_test_class_whitelist` property](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Customizable-sniff-properties#custom-unit-test-classes). +- The `WordPress.Files.FileName` sniff allows now for more theme-specific template hierarchy based file name exceptions. +- The whitelist flag for the `WordPress.VIP.SlowQuery` sniff was `tax_query` which was unintuitive. This has now been changed to `slow query` to be in line with other whitelist flags. +- The `WordPress.WhiteSpace.OperatorSpacing` sniff will now ignore operator spacing within `declare()` statements. +- The `WordPress.WhiteSpace.OperatorSpacing` sniff now extends the upstream `Squiz.WhiteSpace.OperatorSpacing` sniff for improved results and will now also examine the spacing around ternary operators and logical (`&&`, `||`) operators. +- The `WordPress.WP.DeprecatedFunctions` sniff will now detect functions deprecated in WP 4.7 and 4.8. Additionally, a number of other deprecated functions which were previously not being detected have been added to the sniff and for a number of functions the "alternative" for the deprecated function has been added/improved. +- The `WordPress.XSS.EscapeOutput` sniff will now also detect unescaped output when the short open echo tags `` PHP open tags. +- `WordPress.Classes.ClassOpeningStatement` sniff to the `WordPress-Core` ruleset to flag - and fix - class opening brace placement. +- `WordPress.NamingConventions.ValidHookName` sniff to the `WordPress-Core` ruleset to flag filter and action hooks which don't comply with the guideline of lowercase letters and underscores. For maintaining backward-compatibility of hook names an `additionalWordDelimiters` property can be added via a custom ruleset. +- `WordPress.Functions.DontExtract` sniff to the `WordPress-Core` ruleset to flag usage of the `extract()` function. +- `WordPress.PHP.POSIXFunctions` sniff to the `WordPress-Core` ruleset to flag usage of regex functions from the POSIX PHP extension which was deprecated since PHP 5.3 and removed in PHP 7. +- `WordPress.DB.RestrictedFunctions` and `WordPress.DB.RestrictedClasses` sniffs to the `WordPress-Core` ruleset to flag usage of direct database calls using PHP functions and classes rather than the WP functions for the same. +- Abstract `AbstractClassRestrictions` parent class to allow for easier sniffing for usage of specific classes. +- `Squiz.Strings.ConcatenationSpacing`, `PSR2.ControlStructures.ElseIfDeclaration`, `PSR2.Files.ClosingTag`, `Generic.NamingConventions.UpperCaseConstantName` to the `WordPress-Core` ruleset. +- Ability to add arbitrary variables to the whitelist via a custom ruleset property for the `WordPress.NamingConventions.ValidVariableName` sniff. +- Ability to use a whitelist comment for tax queries for the `WordPress.VIP.SlowDBQuery` sniff. +- Instructions on how to use WPCS with Atom and SublimeLinter to the Readme. +- Reference to the [wiki](https://github.com/WordPress/WordPress-Coding-Standards/wiki) to the Readme. +- Recommendation to also use the [PHPCompatibility](https://github.com/PHPCompatibility/PHPCompatibility) ruleset to the Readme. + +### Changed +- The minimum required PHP_CodeSniffer version to 2.6.0. +- Moved the `WordPress.WP.PreparedSQL` sniff from `WordPress-Extra` to `WordPress-Core`. +- `WordPress.PHP.StrictInArray` will now also flag non-strict usage of `array_keys()` and `array_search()`. +- Added `_deprecated_constructor()` and `_deprecated_hook()` to the list of printing functions. +- Added numerous additional functions to sniff for to the `WordPress.VIP.RestrictedFunctions` sniff as per the VIP guidelines. +- Upped the `posts_per_page` limit from 50 to 100 in `WordPress.VIP.PostsPerPage` sniff as per the VIP guidelines. +- Added `cat_ID` to the whitelisted exceptions for the `WordPress.NamingConventions.ValidVariableName` sniff. +- Added `__debugInfo` to the magic method whitelist for class methods starting with double underscore in the `WordPress.NamingConventions.ValidFunctionName` sniff. +- An error will now also be thrown for non-magic _functions_ using a double underscore prefix - `WordPress.NamingConventions.ValidFunctionName` sniff. +- The `WordPress.Arrays.ArrayAssignmentRestrictions`, `WordPress.Functions.FunctionRestrictions`, `WordPress.Variables.VariableRestrictions` sniffs weren't in actual fact sniffs, but parent classes for child sniffs. These have now all been turned into proper abstract parent classes and moved to the main `WordPress` directory. +- The array provided to `AbstractFunctionRestrictions` can now take a `whitelist` key to whitelist select functions when blocking a group of functions by function prefix. +- Updated installation instructions in the readme. +- The `WordPress-Core` ruleset is now ordered according to the handbook +- The WPCS code base itself now complies with the WordPress-Core, -Extra and -Docs coding standards. +- Various other code quality and code consistency improvements under the hood. + +### Removed +- `Squiz.Functions.FunctionDeclarationArgumentSpacing.SpacingBeforeClose` from the `WordPress-Core` standard (was causing duplicate messages for the same issue). +- `Squiz.Commenting.FunctionComment.ScalarTypeHintMissing`, `Squiz.Commenting.InlineComment.NotCapital` from the `WordPress-Docs` standard. +- Removed the sniffing for `get_pages()` from the `WordPress.VIP.RestrictedFunctions` sniff as per the VIP guidelines. +- Removed the sniffing for `extract()` from the `WordPress.VIP.RestrictedFunctions` sniff as it's now covered in a separate sniff. +- Removed the sniffing for the POSIX functions from the `WordPress.PHP.DiscouragedFunctions` sniff as it's now covered in a separate sniff. + +### Fixed +- Error message precision for the `WordPress.NamingConventions.ValidVariableName` sniff. +- Bug in the `WordPress.WhiteSpace.ControlStructureSpacing.BlankLineAfterEnd` sniff which was incorrectly being triggered on last method of class. +- Function name sniffs based on the `AbstractFunctionRestrictions` parent class will now do a case-insensitive function name comparison. +- Function name sniffs in the `WordPress.PHP.DiscouragedFunctions` sniff will now do a case-insensitive function name comparison. +- Whitelist comments directly followed by a PHP closing tag were not being recognized. +- Some PHP Magic constants were not recognized by the `WordPress.XSS.EscapeOutput` sniff. +- An error message suggesting camel caps rather than the intended snake case format in the `WordPress.NamingConventions.ValidFunctionName` sniff. +- `WordPress.WhiteSpace.ControlStructureSpacing` should no longer throw error notices during live code review. +- Errors will be no longer be thrown for methods not complying with the naming conventions when the class extends a parent class or implements an interface - `WordPress.NamingConventions.ValidFunctionName` sniff. + + +## [0.9.0] - 2016-02-01 + +### Added +- `count()` to the list of auto-escaped functions. +- `Squiz.PHP.CommentedOutCode` sniff to `WordPress-VIP` ruleset. +- Support for PHP 5.2. +- `attachment_url_to_postid()` and `parse_url()` to the restricted functions for `WordPress-VIP`. +- `WordPress.VIP.OrderByRand` sniff. +- `WordPress.PHP.StrictInArray` sniff for `WordPress-VIP` and `WordPress-Extra`. +- `get_tag_link()`, `get_category_link()`, `get_cat_ID()`, `url_to_post_id()`, `attachment_url_to_postid()` +`get_posts()`, `wp_get_recent_posts()`, `get_pages()`, `get_children()`, `wp_get_post_terms()` +`wp_get_post_categories()`, `wp_get_post_tags()`, `wp_get_object_terms()`, `term_exists()`, +`count_user_posts()`, `wp_old_slug_redirect()`, `get_adjacent_post()`, `get_previous_post()`, +`get_next_post()` to uncached functions in `WordPress.VIP.RestrictedFunctions` sniff. +- `wp_handle_upload()` and `array_key_exists()` to the list of sanitizing functions. +- Checking for object properties in `WordPress.PHP.YodaConditions` sniff. +- `WordPress.NamingConventions.ValidVariableName` sniff. +- Flagging of function calls incorporated into database queries in `WordPress.WP.PreparedSQL`. +- Recognition of escaping and auto-escaped functions in `WordPress.WP.PreparedSQL`. +- `true`, `false`, and `null` to the tokens ignored in `WordPress.XSS.EscapeOutput`. + +### Fixed +- Incorrect ternary detection in `WordPress.XSS.EscapeOutput` sniff. +- False positives when detecting variables interpolated into strings in the +`WordPress.WP.PreparedSQL` and `WordPress.VIP.ValidatedSanitizedInput` sniffs. +- False positives in `WordPress.PHP.YodaConditions` when the variable is being casted. +- `$wpdb` properties being flagged in `WordPress.WP.PreparedSQL` sniff. +- False positive in `WordPress.PHP.YodaConditions` when the a string is on the left side of the +comparison. + +## [0.8.0] - 2015-10-02 + +### Added +- `implode()` and `join()` to the list of formatting functions in the `WordPress.XSS.EscapeOutput` +sniff. This is useful when you need to have HTML in the `$glue` parameter. +- Support in the `WordPress.XSS.EscapeOutput` sniff for escaping an array of values +using `array_map()`. (Otherwise the support for `implode()` isn't of much use :) +- Docs for running WPCS in Sublime Text. +- `nl2br()` to the list of formatting functions. +- `wp_dropdown_pages()` to the list of printing functions. +- Error codes to all error/warning messages. +- `WordPress.WP.PreparedSQL` sniff for flagging unprepared SQL queries. + +### Removed +- Sniffing for the number of spaces before a closure's opening parenthesis from the +default configuration of the `WordPress.WhiteSpace.ControlStructureSpacing` sniff. It +can be re-enabled per-project as desired. + +### Fixed +- The `WordPress.XSS.EscapeOutput` sniff giving error messages with the closing +parenthesis in them instead of the offending function's name. + +## [0.7.1] - 2015-08-31 + +### Changed +- The default number of spaces before a closure's opening parenthesis from 1 to 0. + +## [0.7.0] - 2015-08-30 + +### Added +- Automatic error fixing to the `WordPress.Arrays.ArrayKeySpacingRestrictions` sniff. +- Functions and closures to the control structures checked by the `WordPress.WhiteSpace.ControlStructureSpacing` +sniff. +- Sniffing and fixing for extra spacing in the `WordPress.WhiteSpace.ControlStructureSpacing` +sniff. (Previously it only checked for insufficient spacing.) +- `.twig` files to the default ignored files. +- `esc_url_raw()` and `hash_equals()` to the list of sanitizing functions. +- `intval()` and `boolval()` to list of unslashing functions. +- `do_shortcode()` to the list of auto-escaped functions. + +### Removed +- `WordPress.Functions.FunctionDeclarationArgumentSpacing` in favor of the upstream +sniff `Squiz.Functions.FunctionDeclarationArgumentSpacing`. + +### Fixed +- Reference to incorrect issue in the inline docs of the `WordPress.VIP.SessionVariableUsage` +sniff. +- `WordPress.XSS.EscapeOutput` sniff incorrectly handling ternary conditions in +`echo` statements without parentheses in some cases. + +## [0.6.0] - 2015-06-30 + +### Added +- Support for `wp_cache_add()` and `wp_cache_delete()`, as well as custom cache +functions,in the `WordPress.VIP.DirectDatabaseQuery` sniff. + +### Removed +- `WordPress.Functions.FunctionRestrictions` and `WordPress.Variables.VariableRestrictions` +from the `WordPress-VIP` standard, since they are just parents for other sniffs. + +## [0.5.0] - 2015-06-01 + +### Added +- `WordPress.CSRF.NonceVerification` sniff to flag form processing without nonce verification. +- `in_array()` and `is_array()` to the list of sanitizing functions. +- Support for automatic error fixing to the `WordPress.Arrays.ArrayDeclaration` sniff. +- `WordPress.PHP.StrictComparisions` to the `WordPress-VIP` and `WordPress-Extra` rulesets. +- `WordPress-Docs` ruleset to sniff for proper commenting. +- `Generic.PHP.LowerCaseKeyword`, `Generic.Files.EndFileNewline`, `Generic.Files.LowercasedFilename`, +`Generic.Formatting.SpaceAfterCast`, and `Generic.Functions.OpeningFunctionBraceKernighanRitchie` to the `WordPress-Core` ruleset. +- `Generic.PHP.DeprecatedFunctions`, `Generic.PHP.ForbiddenFunctions`, `Generic.Functions.CallTimePassByReference`, +`Generic.Formatting.DisallowMultipleStatements`, `Generic.CodeAnalysis.EmptyStatement`, +`Generic.CodeAnalysis.ForLoopShouldBeWhileLoop`, `Generic.CodeAnalysis.ForLoopWithTestFunctionCall`, +`Generic.CodeAnalysis.JumbledIncrementer`, `Generic.CodeAnalysis.UnconditionalIfStatement`, +`Generic.CodeAnalysis.UnnecessaryFinalModifier`, `Generic.CodeAnalysis.UselessOverridingMethod`, +`Generic.Classes.DuplicateClassName`, and `Generic.Strings.UnnecessaryStringConcat` to the `WordPress-Extra` ruleset. +- Error for missing use of `wp_unslash()` on superglobal data to the `WordPress.VIP.ValidatedSanitizedInput` sniff. + +### Changed +- The `WordPress.VIP.ValidatedSanitizedInput` sniff to require sanitization of input even when it is being directly escaped and output. +- The minimum required PHP_CodeSniffer version to 2.2.0. +- The `WordPress.VIP.ValidatedSanitizedInput` and `WordPress.XSS.EscapeOutput` sniffs: +the list of escaping functions was split from the list of sanitizing functions. The `customSanitizingFunctions` +property has been moved to the `ValidatedSanitizedInput` sniff, and the `customEscapingFunctions` +property should now be used instead for the `EscapeOutput` sniff. +- The `WordPress.Arrays.ArrayDeclaration` sniff to give errors for `NoSpaceAfterOpenParenthesis`, `SpaceAfterArrayOpener`, and `SpaceAfterArrayCloser`, instead of warnings. +- The `WordPress.NamingConventions.ValidFunctionName` sniff to allow camelCase method names in classes that implement interfaces. + +### Fixed +- The `WordPress.VIP.ValidatedSanitizedInput` sniff not reporting missing validation when reporting missing sanitization. +- The `WordPress.VIP.ValidatedSanitizedInput` sniff flagging superglobals as needing sanitization when they were only being used in a comparison using `if` or `switch`, etc. + +## [0.4.0] - 2015-05-01 + +### Added +- Change log file. +- Handling for string-interpolated input variables in the `WordPress.VIP.ValidatedSanitizedInput` sniff. +- Errors for using uncached functions when cached equivalents exist. +- `space_before_colon` setting for the `WordPress.WhiteSpace.ControlStructureSpacing` sniff, for control structures using alternative syntax. Possible values: `'required'`, `'optional'`, `'forbidden'`. +- Support for `sanitization` whitelisting comments for the `WordPress.VIP.ValidatedSanitizedInput` sniff. +- Granular error/warning names for all errors and warnings. +- Handling for ternary conditions in the `WordPress.XSS.EscapeOutput` sniff. +- `die`, `exit`, `printf`, `vprintf`, `wp_die`, `_deprecated_argument`, `_deprecated_function`, `_deprecated_file`, `_doing_it_wrong`, `trigger_error`, and `user_error` to the list of printing functions in the `WordPress.XSS.EscapeOutput` sniff. +- `customPrintingFunctions` setting for the `WordPress.XSS.EscapeOutput` sniff. +- `rawurlencode()` and `wp_parse_id_list()` to the list of "sanitizing" functions in the `WordPress.XSS.EscapeOutput` sniff. +- `json_encode()` to the list of discouraged functions in the `WordPress.PHP.DiscouragedFunctions` sniff, in favor of `wp_json_encode()`. +- `vip_powered_wpcom()` to the list of auto-escaped functions in the `WordPress.XSS.EscapeOutput` sniff. +- `debug_print_backtrace()` and `var_export()` to the list of discouraged functions in the `WordPress.PHP.DiscouragedFunctions` sniff. +- Smart handling for formatting functions (`sprintf()` and `wp_sprintf()`) in the `WordPress.XSS.EscapeOutput` sniff. +- `WordPress.PHP.StrictComparisons` sniff. +- Correct handling of `array_map()` in the `WordPress.VIP.ValidatedSanitizedInput` sniff. +- `$_COOKIE` and `$_FILE` to the list of superglobals flagged by the `WordPress.VIP.ValidatedSanitizedInput` and `WordPress.VIP.SuperGlobalInputUsage` sniffs. +- `$_SERVER` to the list of superglobals flagged by the `WordPress.VIP.SuperGlobalInputUsage` sniff. +- `Squiz.ControlStructures.ControlSignature` sniff to the rulesets. + +### Changed +- `WordPress.Arrays.ArrayKeySpacingRestrictions` sniff to give errors for `NoSpacesAroundArrayKeys` and `SpacesAroundArrayKeys` instead of just warnings. +- `WordPress.NamingConventions.ValidFunctionName` sniff to allow for camel caps method names in child classes. +- `WordPress.XSS.EscapeOutput` sniff to allow for integers (e.g. `echo 5` and `print( -1 )`). + +### Removed +- Errors for mixed key/keyless array elements in the `WordPress.Arrays.ArrayDeclaration` sniff. +- BOM from `WordPress.WhiteSpace.OperatorSpacing` sniff file. +- `$content_width` from the list of non-overwritable globals in the `WordPress.Variables.GlobalVariables` sniff. +- `WordPress.Arrays.ArrayAssignmentRestrictions` sniff from the `WordPress-VIP` ruleset. + +### Fixed +- Incorrect errors for `else` statements using alternative syntax. +- `WordPress.VIP.ValidatedSanitizedInput` sniff not always treating casting as sanitization. +- `WordPress.XSS.EscapeOutput` sniff flagging comments as needing to be escaped. +- `WordPress.XSS.EscapeOutput` sniff not sniffing comma-delimited `echo` arguments after encountering the first escaping function in the statement. +- `WordPress.PHP.YodaConditions` sniff not flagging comparisons to constants or function calls. +- `WordPress.Arrays.ArrayDeclaration` sniff not ignoring doc comments. +- Link to phpStorm instructions in `README.md`. +- Poor performance of the `WordPress.Arrays.ArrayAssignmentRestrictions` sniff. +- Poor performance of the `WordPress.Files.FileName` sniff. + +## [0.3.0] - 2014-12-11 + +See the comparison for full list. + +### Changed +- Use semantic version tags for releases. + +## [2013-10-06] + +See the comparison for full list. + +## 2013-06-11 + +Initial tagged release. + +[Unreleased]: https://github.com/WordPress/WordPress-Coding-Standards/compare/master...HEAD +[2.2.1]: https://github.com/WordPress/WordPress-Coding-Standards/compare/2.2.0...2.2.1 +[2.2.0]: https://github.com/WordPress/WordPress-Coding-Standards/compare/2.1.1...2.2.0 +[2.1.1]: https://github.com/WordPress/WordPress-Coding-Standards/compare/2.1.0...2.1.1 +[2.1.0]: https://github.com/WordPress/WordPress-Coding-Standards/compare/2.0.0...2.1.0 +[2.0.0]: https://github.com/WordPress/WordPress-Coding-Standards/compare/2.0.0-RC1...2.0.0 +[2.0.0-RC1]: https://github.com/WordPress/WordPress-Coding-Standards/compare/1.2.1...2.0.0-RC1 +[1.2.1]: https://github.com/WordPress/WordPress-Coding-Standards/compare/1.2.0...1.2.1 +[1.2.0]: https://github.com/WordPress/WordPress-Coding-Standards/compare/1.1.0...1.2.0 +[1.1.0]: https://github.com/WordPress/WordPress-Coding-Standards/compare/1.0.0...1.1.0 +[1.0.0]: https://github.com/WordPress/WordPress-Coding-Standards/compare/0.14.1...1.0.0 +[0.14.1]: https://github.com/WordPress/WordPress-Coding-Standards/compare/0.14.0...0.14.1 +[0.14.0]: https://github.com/WordPress/WordPress-Coding-Standards/compare/0.13.1...0.14.0 +[0.13.1]: https://github.com/WordPress/WordPress-Coding-Standards/compare/0.13.0...0.13.1 +[0.13.0]: https://github.com/WordPress/WordPress-Coding-Standards/compare/0.12.0...0.13.0 +[0.12.0]: https://github.com/WordPress/WordPress-Coding-Standards/compare/0.11.0...0.12.0 +[0.11.0]: https://github.com/WordPress/WordPress-Coding-Standards/compare/0.10.0...0.11.0 +[0.10.0]: https://github.com/WordPress/WordPress-Coding-Standards/compare/0.9.0...0.10.0 +[0.9.0]: https://github.com/WordPress/WordPress-Coding-Standards/compare/0.8.0...0.9.0 +[0.8.0]: https://github.com/WordPress/WordPress-Coding-Standards/compare/0.7.1...0.8.0 +[0.7.1]: https://github.com/WordPress/WordPress-Coding-Standards/compare/0.7.0...0.7.1 +[0.7.0]: https://github.com/WordPress/WordPress-Coding-Standards/compare/0.6.0...0.7.0 +[0.6.0]: https://github.com/WordPress/WordPress-Coding-Standards/compare/0.5.0...0.6.0 +[0.5.0]: https://github.com/WordPress/WordPress-Coding-Standards/compare/0.4.0...0.5.0 +[0.4.0]: https://github.com/WordPress/WordPress-Coding-Standards/compare/0.3.0...0.4.0 +[0.3.0]: https://github.com/WordPress/WordPress-Coding-Standards/compare/2013-10-06...0.3.0 +[2013-10-06]: https://github.com/WordPress/WordPress-Coding-Standards/compare/2013-06-11...2013-10-06 diff --git a/vendor/wp-coding-standards/wpcs/LICENSE b/vendor/wp-coding-standards/wpcs/LICENSE new file mode 100644 index 00000000..359e1a72 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2009 John Godley and contributors. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/wp-coding-standards/wpcs/README.md b/vendor/wp-coding-standards/wpcs/README.md new file mode 100644 index 00000000..42eda804 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/README.md @@ -0,0 +1,296 @@ + + + +# WordPress Coding Standards for PHP_CodeSniffer + +* [Introduction](#introduction) +* [Project history](#project-history) +* [Installation](#installation) + + [Requirements](#requirements) + + [Composer](#composer) + + [Standalone](#standalone) +* [Rulesets](#rulesets) + + [Standards subsets](#standards-subsets) + + [Using a custom ruleset](#using-a-custom-ruleset) + + [Customizing sniff behaviour](#customizing-sniff-behaviour) + + [Recommended additional rulesets](#recommended-additional-rulesets) +* [How to use](#how-to-use) + + [Command line](#command-line) + + [Using PHPCS and WPCS from within your IDE](#using-phpcs-and-wpcs-from-within-your-ide) +* [Running your code through WPCS automatically using CI tools](#running-your-code-through-wpcs-automatically-using-ci-tools) + + [Travis CI](#travis-ci) +* [Fixing errors or whitelisting them](#fixing-errors-or-whitelisting-them) + + [Tools shipped with WPCS](#tools-shipped-with-wpcs) +* [Contributing](#contributing) +* [License](#license) + +## Introduction + +This project is a collection of [PHP_CodeSniffer](https://github.com/squizlabs/PHP_CodeSniffer) rules (sniffs) to validate code developed for WordPress. It ensures code quality and adherence to coding conventions, especially the official [WordPress Coding Standards](https://make.wordpress.org/core/handbook/best-practices/coding-standards/). + +## Project history + + - On 22nd April 2009, the original project from [Urban Giraffe](https://urbangiraffe.com/articles/wordpress-codesniffer-standard/) was packaged and published. + - In May 2011 the project was forked and [added](https://github.com/WordPress/WordPress-Coding-Standards/commit/04fd547c691ca2baae3fa8e195a46b0c9dd671c5) to GitHub by [Chris Adams](https://chrisadams.me.uk/). + - In April 2012 [XWP](https://xwp.co/) started to dedicate resources to develop and lead the creation of the sniffs and rulesets for `WordPress-Core`, `WordPress-VIP` (WordPress.com VIP), and `WordPress-Extra`. + - In May 2015, an initial documentation ruleset was [added](https://github.com/WordPress/WordPress-Coding-Standards/commit/b1a4bf8232a22563ef66f8a529357275a49f47dc#diff-a17c358c3262a26e9228268eb0a7b8c8) as `WordPress-Docs`. + - In 2015, [J.D. Grimes](https://github.com/JDGrimes) began significant contributions, along with maintenance from [Gary Jones](https://github.com/GaryJones). + - In 2016, [Juliette Reinders Folmer](https://github.com/jrfnl) began contributing heavily, adding more commits in a year than anyone else in the five years since the project was added to GitHub. + - In July 2018, version [`1.0.0`](https://github.com/WordPress/WordPress-Coding-Standards/releases/tag/1.0.0) of the project was released. + +## Installation + +### Requirements + +The WordPress Coding Standards require PHP 5.4 or higher and [PHP_CodeSniffer](https://github.com/squizlabs/PHP_CodeSniffer) version **3.3.1** or higher. + +### Composer + +Standards can be installed with the [Composer](https://getcomposer.org/) dependency manager: + + composer create-project wp-coding-standards/wpcs --no-dev + +Running this command will: + +1. Install WordPress standards into `wpcs` directory. +2. Install PHP_CodeSniffer. +3. Register WordPress standards in PHP_CodeSniffer configuration. +4. Make `phpcs` command available from `wpcs/vendor/bin`. + +For the convenience of using `phpcs` as a global command, you may want to add the path to the `wpcs/vendor/bin` directory to a `PATH` environment variable for your operating system. + +#### Installing WPCS as a dependency + +When installing the WordPress Coding Standards as a dependency in a larger project, the above mentioned step 3 will not be executed automatically. + +There are two actively maintained Composer plugins which can handle the registration of standards with PHP_CodeSniffer for you: +* [composer-phpcodesniffer-standards-plugin](https://github.com/higidi/composer-phpcodesniffer-standards-plugin) +* [phpcodesniffer-composer-installer](https://github.com/DealerDirect/phpcodesniffer-composer-installer):"^0.6" + +It is strongly suggested to `require` one of these plugins in your project to handle the registration of external standards with PHPCS for you. + +### Standalone + +1. Install PHP_CodeSniffer by following its [installation instructions](https://github.com/squizlabs/PHP_CodeSniffer#installation) (via Composer, Phar file, PEAR, or Git checkout). + + Do ensure that PHP_CodeSniffer's version matches our [requirements](#requirements), if, for example, you're using [VVV](https://github.com/Varying-Vagrant-Vagrants/VVV). + +2. Clone the WordPress standards repository: + + git clone -b master https://github.com/WordPress/WordPress-Coding-Standards.git wpcs + +3. Add its path to the PHP_CodeSniffer configuration: + + phpcs --config-set installed_paths /path/to/wpcs + + **Pro-tip:** Alternatively, you can tell PHP_CodeSniffer the path to the WordPress standards by adding the following snippet to your custom ruleset: + ```xml + + ``` + +To summarize: + +```bash +cd ~/projects +git clone https://github.com/squizlabs/PHP_CodeSniffer.git phpcs +git clone -b master https://github.com/WordPress/WordPress-Coding-Standards.git wpcs +cd phpcs +./bin/phpcs --config-set installed_paths ../wpcs +``` + +And then add the `~/projects/phpcs/bin` directory to your `PATH` environment variable via your `.bashrc`. + +You should then see `WordPress-Core` et al listed when you run `phpcs -i`. + +## Rulesets + +### Standards subsets + +The project encompasses a super-set of the sniffs that the WordPress community may need. If you use the `WordPress` standard you will get all the checks. + +You can use the following as standard names when invoking `phpcs` to select sniffs, fitting your needs: + +* `WordPress` - complete set with all of the sniffs in the project + - `WordPress-Core` - main ruleset for [WordPress core coding standards](https://make.wordpress.org/core/handbook/best-practices/coding-standards/) + - `WordPress-Docs` - additional ruleset for [WordPress inline documentation standards](https://make.wordpress.org/core/handbook/best-practices/inline-documentation-standards/) + - `WordPress-Extra` - extended ruleset for recommended best practices, not sufficiently covered in the WordPress core coding standards + - includes `WordPress-Core` + +**Note:** The WPCS package used to include a `WordPress-VIP` ruleset and associated sniffs, prior to WPCS 2.0.0. +The `WordPress-VIP` ruleset was originally intended to aid with the [WordPress.com VIP coding requirements](https://vip.wordpress.com/documentation/vip-go/code-review-blockers-warnings-notices/), but has been superseded. It is recommended to use the [official VIP coding standards](https://github.com/Automattic/VIP-Coding-Standards) ruleset instead for checking code against the VIP platform requirements. + +### Using a custom ruleset + +If you need to further customize the selection of sniffs for your project - you can create a custom ruleset file. When you name this file either `.phpcs.xml`, `phpcs.xml`, `.phpcs.xml.dist` or `phpcs.xml.dist`, PHP_CodeSniffer will automatically locate it as long as it is placed in the directory from which you run the CodeSniffer or in a directory above it. If you follow these naming conventions you don't have to supply a `--standard` arg. For more info, read about [using a default configuration file](https://github.com/squizlabs/PHP_CodeSniffer/wiki/Advanced-Usage#using-a-default-configuration-file). See also provided [`phpcs.xml.dist.sample`](phpcs.xml.dist.sample) file and [fully annotated example](https://github.com/squizlabs/PHP_CodeSniffer/wiki/Annotated-ruleset.xml) in the PHP_CodeSniffer documentation. + +### Customizing sniff behaviour + +The WordPress Coding Standard contains a number of sniffs which are configurable. This means that you can turn parts of the sniff on or off, or change the behaviour by setting a property for the sniff in your custom `.phpcs.xml.dist` file. + +You can find a complete list of all the properties you can change in the [wiki](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Customizable-sniff-properties). + +### Recommended additional rulesets + +The [PHPCompatibility](https://github.com/PHPCompatibility/PHPCompatibility) ruleset and its subset [PHPCompatibilityWP](https://github.com/PHPCompatibility/PHPCompatibilityWP) come highly recommended. +The [PHPCompatibility](https://github.com/PHPCompatibility/PHPCompatibility) sniffs are designed to analyse your code for cross-PHP version compatibility. + +The [PHPCompatibilityWP](https://github.com/PHPCompatibility/PHPCompatibilityWP) ruleset is based on PHPCompatibility, but specifically crafted to prevent false positives for projects which expect to run within the context of WordPress, i.e. core, plugins and themes. + +Install either as a separate ruleset and run it separately against your code or add it to your custom ruleset, like so: +```xml + + + *\.php$ + +``` + +Whichever way you run it, do make sure you set the `testVersion` to run the sniffs against. The `testVersion` determines for which PHP versions you will receive compatibility information. The recommended setting for this at this moment is `5.2-` to support the same PHP versions as WordPress Core supports. + +For more information about setting the `testVersion`, see: +* [PHPCompatibility: Sniffing your code for compatibility with specific PHP version(s)](https://github.com/PHPCompatibility/PHPCompatibility#sniffing-your-code-for-compatibility-with-specific-php-versions) +* [PHPCompatibility: Using a custom ruleset](https://github.com/PHPCompatibility/PHPCompatibility#using-a-custom-ruleset) + +## How to use + +### Command line + +Run the `phpcs` command line tool on a given file or directory, for example: + + phpcs --standard=WordPress wp-load.php + +Will result in following output: + + ------------------------------------------------------------------------------------------ + FOUND 8 ERRORS AND 10 WARNINGS AFFECTING 11 LINES + ------------------------------------------------------------------------------------------ + 24 | WARNING | [ ] error_reporting() can lead to full path disclosure. + 24 | WARNING | [ ] error_reporting() found. Changing configuration at runtime is rarely + | | necessary. + 37 | WARNING | [x] "require_once" is a statement not a function; no parentheses are + | | required + 39 | WARNING | [ ] Silencing errors is discouraged + 39 | WARNING | [ ] Silencing errors is discouraged + 42 | WARNING | [x] "require_once" is a statement not a function; no parentheses are + | | required + 46 | ERROR | [ ] Inline comments must end in full-stops, exclamation marks, or + | | question marks + 46 | ERROR | [x] There must be no blank line following an inline comment + 49 | WARNING | [x] "require_once" is a statement not a function; no parentheses are + | | required + 54 | WARNING | [x] "require_once" is a statement not a function; no parentheses are + | | required + 63 | WARNING | [ ] Detected access of super global var $_SERVER, probably needs manual + | | inspection. + 63 | ERROR | [ ] Detected usage of a non-validated input variable: $_SERVER + 63 | ERROR | [ ] Missing wp_unslash() before sanitization. + 63 | ERROR | [ ] Detected usage of a non-sanitized input variable: $_SERVER + 69 | WARNING | [x] "require_once" is a statement not a function; no parentheses are + | | required + 74 | ERROR | [ ] Inline comments must end in full-stops, exclamation marks, or + | | question marks + 92 | ERROR | [ ] All output should be run through an escaping function (see the + | | Security sections in the WordPress Developer Handbooks), found + | | '$die'. + 92 | ERROR | [ ] All output should be run through an escaping function (see the + | | Security sections in the WordPress Developer Handbooks), found '__'. + ------------------------------------------------------------------------------------------ + PHPCBF CAN FIX THE 6 MARKED SNIFF VIOLATIONS AUTOMATICALLY + ------------------------------------------------------------------------------------------ + +### Using PHPCS and WPCS from within your IDE + +* **PhpStorm** : Please see "[PHP Code Sniffer with WordPress Coding Standards Integration](https://confluence.jetbrains.com/display/PhpStorm/WordPress+Development+using+PhpStorm#WordPressDevelopmentusingPhpStorm-PHPCodeSnifferwithWordPressCodingStandardsIntegrationinPhpStorm)" in the PhpStorm documentation. +* **Sublime Text** : Please see "[Setting up WPCS to work in Sublime Text](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Setting-up-WPCS-to-work-in-Sublime-Text)" in the wiki. +* **Atom**: Please see "[Setting up WPCS to work in Atom](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Setting-up-WPCS-to-work-in-Atom)" in the wiki. +* **Visual Studio**: Please see "[Setting up PHP CodeSniffer in Visual Studio Code](https://tommcfarlin.com/php-codesniffer-in-visual-studio-code/)", a tutorial by Tom McFarlin. +* **Eclipse with XAMPP**: Please see "[Setting up WPCS when using Eclipse with XAMPP](https://github.com/WordPress/WordPress-Coding-Standards/wiki/How-to-use-WPCS-with-Eclipse-and-XAMPP)" in the wiki. + + +## Running your code through WPCS automatically using CI tools + +### [Travis CI](https://travis-ci.com/) + +To integrate PHPCS with WPCS with Travis CI, you'll need to install both `before_install` and add the run command to the `script`. +If your project uses Composer, the typical instructions might be different. + +If you use a matrix setup in Travis to test your code against different PHP and/or WordPress versions, you don't need to run PHPCS on each variant of the matrix as the results will be same. +You can set an environment variable in the Travis matrix to only run the sniffs against one setup in the matrix. + +#### Travis CI example +```yaml +language: php + +matrix: + include: + # Arbitrary PHP version to run the sniffs against. + - php: '7.0' + env: SNIFF=1 + +before_install: + - if [[ "$SNIFF" == "1" ]]; then export PHPCS_DIR=/tmp/phpcs; fi + - if [[ "$SNIFF" == "1" ]]; then export SNIFFS_DIR=/tmp/sniffs; fi + # Install PHP_CodeSniffer. + - if [[ "$SNIFF" == "1" ]]; then git clone -b master --depth 1 https://github.com/squizlabs/PHP_CodeSniffer.git $PHPCS_DIR; fi + # Install WordPress Coding Standards. + - if [[ "$SNIFF" == "1" ]]; then git clone -b master --depth 1 https://github.com/WordPress/WordPress-Coding-Standards.git $SNIFFS_DIR; fi + # Set install path for WordPress Coding Standards. + - if [[ "$SNIFF" == "1" ]]; then $PHPCS_DIR/bin/phpcs --config-set installed_paths $SNIFFS_DIR; fi + # After CodeSniffer install you should refresh your path. + - if [[ "$SNIFF" == "1" ]]; then phpenv rehash; fi + +script: + # Run against WordPress Coding Standards. + # If you use a custom ruleset, change `--standard=WordPress` to point to your ruleset file, + # for example: `--standard=wpcs.xml`. + # You can use any of the normal PHPCS command line arguments in the command: + # https://github.com/squizlabs/PHP_CodeSniffer/wiki/Usage + - if [[ "$SNIFF" == "1" ]]; then $PHPCS_DIR/bin/phpcs -p . --standard=WordPress; fi +``` + +More examples and advice about integrating PHPCS in your Travis build tests can be found here: https://github.com/jrfnl/make-phpcs-work-for-you/tree/master/travis-examples + + +## Fixing errors or whitelisting them + +You can find information on how to deal with some of the more frequent issues in the [wiki](https://github.com/WordPress/WordPress-Coding-Standards/wiki). + +### Tools shipped with WPCS + +Since version 1.2.0, WPCS has a special sniff category `Utils`. + +This sniff category contains some tools which, generally speaking, will only be needed to be run once over a codebase and for which the fixers can be considered _risky_, i.e. very careful review by a developer is needed before accepting the fixes made by these sniffs. + +The sniffs in this category are disabled by default and can only be activated by adding some properties for each sniff via a custom ruleset. + +At this moment, WPCS offer the following tools: +* `WordPress.Utils.I18nTextDomainFixer` - This sniff can replace the text domain used in a code-base. + The sniff will fix the text domains in both I18n function calls as well as in a plugin/theme header. + Passing the following properties will activate the sniff: + - `old_text_domain`: an array with one or more (old) text domain names which need to be replaced; + - `new_text_domain`: the correct (new) text domain as a string. + + +## Contributing + +See [CONTRIBUTING](.github/CONTRIBUTING.md), including information about [unit testing](.github/CONTRIBUTING.md#unit-testing) the standard. + +## License + +See [LICENSE](LICENSE) (MIT). diff --git a/vendor/wp-coding-standards/wpcs/WordPress-Core/ruleset.xml b/vendor/wp-coding-standards/wpcs/WordPress-Core/ruleset.xml new file mode 100644 index 00000000..0bff5a0d --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress-Core/ruleset.xml @@ -0,0 +1,529 @@ + + + + Non-controversial generally-agreed upon WordPress Coding Standards + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 0 + + + 0 + + + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + error + The "goto" language construct should not be used. + + + + + error + eval() is a security risk so not allowed. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 0 + + + + + + + + + + + + + + + + diff --git a/vendor/wp-coding-standards/wpcs/WordPress-Docs/ruleset.xml b/vendor/wp-coding-standards/wpcs/WordPress-Docs/ruleset.xml new file mode 100644 index 00000000..e16001ed --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress-Docs/ruleset.xml @@ -0,0 +1,109 @@ + + + + WordPress Coding Standards for Inline Documentation and Comments + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/vendor/wp-coding-standards/wpcs/WordPress-Extra/ruleset.xml b/vendor/wp-coding-standards/wpcs/WordPress-Extra/ruleset.xml new file mode 100644 index 00000000..4a2f9599 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress-Extra/ruleset.xml @@ -0,0 +1,187 @@ + + + + Best practices beyond core WordPress Coding Standards + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + warning + + + warning + + + warning + + + + + + + + + + + + warning + Best practice suggestion: Declare only one class/interface/trait in a file. + + + + + + + + + + + + 5 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + error + + + error + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/vendor/wp-coding-standards/wpcs/WordPress/AbstractArrayAssignmentRestrictionsSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/AbstractArrayAssignmentRestrictionsSniff.php new file mode 100644 index 00000000..7c662cd0 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/AbstractArrayAssignmentRestrictionsSniff.php @@ -0,0 +1,240 @@ +setup_groups() ) { + return array(); + } + + return array( + \T_DOUBLE_ARROW, + \T_CLOSE_SQUARE_BRACKET, + \T_CONSTANT_ENCAPSED_STRING, + \T_DOUBLE_QUOTED_STRING, + ); + } + + /** + * Groups of variables to restrict. + * + * This method should be overridden in extending classes. + * + * Example: groups => array( + * 'groupname' => array( + * 'type' => 'error' | 'warning', + * 'message' => 'Dont use this one please!', + * 'keys' => array( 'key1', 'another_key' ), + * 'callback' => array( 'class', 'method' ), // Optional. + * ) + * ) + * + * @return array + */ + abstract public function getGroups(); + + /** + * Cache the groups. + * + * @since 0.13.0 + * + * @return bool True if the groups were setup. False if not. + */ + protected function setup_groups() { + $this->groups_cache = $this->getGroups(); + + if ( empty( $this->groups_cache ) && empty( self::$groups ) ) { + return false; + } + + // Allow for adding extra unit tests. + if ( ! empty( self::$groups ) ) { + $this->groups_cache = array_merge( $this->groups_cache, self::$groups ); + } + + return true; + } + + /** + * Processes this test, when one of its tokens is encountered. + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return void + */ + public function process_token( $stackPtr ) { + + $this->excluded_groups = $this->merge_custom_array( $this->exclude ); + if ( array_diff_key( $this->groups_cache, $this->excluded_groups ) === array() ) { + // All groups have been excluded. + // Don't remove the listener as the exclude property can be changed inline. + return; + } + + $token = $this->tokens[ $stackPtr ]; + + if ( \T_CLOSE_SQUARE_BRACKET === $token['code'] ) { + $equal = $this->phpcsFile->findNext( \T_WHITESPACE, ( $stackPtr + 1 ), null, true ); + if ( \T_EQUAL !== $this->tokens[ $equal ]['code'] ) { + return; // This is not an assignment! + } + } + + // Instances: Multi-dimensional array, keyed by line. + $inst = array(); + + /* + * Covers: + * $foo = array( 'bar' => 'taz' ); + * $foo['bar'] = $taz; + */ + if ( \in_array( $token['code'], array( \T_CLOSE_SQUARE_BRACKET, \T_DOUBLE_ARROW ), true ) ) { + $operator = $stackPtr; // T_DOUBLE_ARROW. + if ( \T_CLOSE_SQUARE_BRACKET === $token['code'] ) { + $operator = $this->phpcsFile->findNext( \T_EQUAL, ( $stackPtr + 1 ) ); + } + + $keyIdx = $this->phpcsFile->findPrevious( array( \T_WHITESPACE, \T_CLOSE_SQUARE_BRACKET ), ( $operator - 1 ), null, true ); + if ( ! is_numeric( $this->tokens[ $keyIdx ]['content'] ) ) { + $key = $this->strip_quotes( $this->tokens[ $keyIdx ]['content'] ); + $valStart = $this->phpcsFile->findNext( array( \T_WHITESPACE ), ( $operator + 1 ), null, true ); + $valEnd = $this->phpcsFile->findNext( array( \T_COMMA, \T_SEMICOLON ), ( $valStart + 1 ), null, false, null, true ); + $val = $this->phpcsFile->getTokensAsString( $valStart, ( $valEnd - $valStart ) ); + $val = $this->strip_quotes( $val ); + $inst[ $key ][] = array( $val, $token['line'] ); + } + } elseif ( \in_array( $token['code'], array( \T_CONSTANT_ENCAPSED_STRING, \T_DOUBLE_QUOTED_STRING ), true ) ) { + // $foo = 'bar=taz&other=thing'; + if ( preg_match_all( '#(?:^|&)([a-z_]+)=([^&]*)#i', $this->strip_quotes( $token['content'] ), $matches ) <= 0 ) { + return; // No assignments here, nothing to check. + } + foreach ( $matches[1] as $i => $_k ) { + $inst[ $_k ][] = array( $matches[2][ $i ], $token['line'] ); + } + } + + if ( empty( $inst ) ) { + return; + } + + foreach ( $this->groups_cache as $groupName => $group ) { + + if ( isset( $this->excluded_groups[ $groupName ] ) ) { + continue; + } + + $callback = ( isset( $group['callback'] ) && is_callable( $group['callback'] ) ) ? $group['callback'] : array( $this, 'callback' ); + + foreach ( $inst as $key => $assignments ) { + foreach ( $assignments as $occurance ) { + list( $val, $line ) = $occurance; + + if ( ! \in_array( $key, $group['keys'], true ) ) { + continue; + } + + $output = \call_user_func( $callback, $key, $val, $line, $group ); + + if ( ! isset( $output ) || false === $output ) { + continue; + } elseif ( true === $output ) { + $message = $group['message']; + } else { + $message = $output; + } + + $this->addMessage( + $message, + $stackPtr, + ( 'error' === $group['type'] ), + $this->string_to_errorcode( $groupName . '_' . $key ), + array( $key, $val ) + ); + } + } + } + } + + /** + * Callback to process each confirmed key, to check value. + * + * This method must be extended to add the logic to check assignment value. + * + * @param string $key Array index / key. + * @param mixed $val Assigned value. + * @param int $line Token line. + * @param array $group Group definition. + * @return mixed FALSE if no match, TRUE if matches, STRING if matches + * with custom error message passed to ->process(). + */ + abstract public function callback( $key, $val, $line, $group ); + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/AbstractClassRestrictionsSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/AbstractClassRestrictionsSniff.php new file mode 100644 index 00000000..9374622e --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/AbstractClassRestrictionsSniff.php @@ -0,0 +1,245 @@ + array( + * 'lambda' => array( + * 'type' => 'error' | 'warning', + * 'message' => 'Avoid direct calls to the database.', + * 'classes' => array( 'PDO', '\Namespace\Classname' ), + * ) + * ) + * + * You can use * wildcards to target a group of (namespaced) classes. + * Aliased namespaces (use ..) are currently not supported. + * + * Documented here for clarity. Not (re)defined as it is already defined in the parent class. + * + * @return array + * + abstract public function getGroups(); + */ + + /** + * Returns an array of tokens this test wants to listen for. + * + * @return array + */ + public function register() { + // Prepare the function group regular expressions only once. + if ( false === $this->setup_groups( 'classes' ) ) { + return array(); + } + + return array( + \T_DOUBLE_COLON, + \T_NEW, + \T_EXTENDS, + \T_IMPLEMENTS, + ); + } + + /** + * Processes this test, when one of its tokens is encountered. + * + * {@internal Unlike in the `AbstractFunctionRestrictionsSniff`, + * we can't do a preliminary check on classes as at this point + * we don't know the class name yet.}} + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + public function process_token( $stackPtr ) { + // Reset the temporary storage before processing the token. + unset( $this->classname ); + + $this->excluded_groups = $this->merge_custom_array( $this->exclude ); + if ( array_diff_key( $this->groups, $this->excluded_groups ) === array() ) { + // All groups have been excluded. + // Don't remove the listener as the exclude property can be changed inline. + return; + } + + if ( true === $this->is_targetted_token( $stackPtr ) ) { + return $this->check_for_matches( $stackPtr ); + } + } + + /** + * Determine if we have a valid classname for the target token. + * + * @since 0.11.0 This logic was originally contained in the `process()` method. + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return bool + */ + public function is_targetted_token( $stackPtr ) { + + $token = $this->tokens[ $stackPtr ]; + $classname = ''; + + if ( \in_array( $token['code'], array( \T_NEW, \T_EXTENDS, \T_IMPLEMENTS ), true ) ) { + if ( \T_NEW === $token['code'] ) { + $nameEnd = ( $this->phpcsFile->findNext( array( \T_OPEN_PARENTHESIS, \T_WHITESPACE, \T_SEMICOLON, \T_OBJECT_OPERATOR ), ( $stackPtr + 2 ) ) - 1 ); + } else { + $nameEnd = ( $this->phpcsFile->findNext( array( \T_CLOSE_CURLY_BRACKET, \T_WHITESPACE ), ( $stackPtr + 2 ) ) - 1 ); + } + + $length = ( $nameEnd - ( $stackPtr + 1 ) ); + $classname = $this->phpcsFile->getTokensAsString( ( $stackPtr + 2 ), $length ); + + if ( \T_NS_SEPARATOR !== $this->tokens[ ( $stackPtr + 2 ) ]['code'] ) { + $classname = $this->get_namespaced_classname( $classname, ( $stackPtr - 1 ) ); + } + } + + if ( \T_DOUBLE_COLON === $token['code'] ) { + $nameEnd = $this->phpcsFile->findPrevious( \T_STRING, ( $stackPtr - 1 ) ); + $nameStart = ( $this->phpcsFile->findPrevious( array( \T_STRING, \T_NS_SEPARATOR, \T_NAMESPACE ), ( $nameEnd - 1 ), null, true, null, true ) + 1 ); + $length = ( $nameEnd - ( $nameStart - 1 ) ); + $classname = $this->phpcsFile->getTokensAsString( $nameStart, $length ); + + if ( \T_NS_SEPARATOR !== $this->tokens[ $nameStart ]['code'] ) { + $classname = $this->get_namespaced_classname( $classname, ( $nameStart - 1 ) ); + } + } + + // Stop if we couldn't determine a classname. + if ( empty( $classname ) ) { + return false; + } + + // Nothing to do if 'parent', 'self' or 'static'. + if ( \in_array( $classname, array( 'parent', 'self', 'static' ), true ) ) { + return false; + } + + $this->classname = $classname; + return true; + } + + /** + * Verify if the current token is one of the targetted classes. + * + * @since 0.11.0 Split out from the `process()` method. + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + public function check_for_matches( $stackPtr ) { + $skip_to = array(); + + foreach ( $this->groups as $groupName => $group ) { + + if ( isset( $this->excluded_groups[ $groupName ] ) ) { + continue; + } + + if ( preg_match( $group['regex'], $this->classname ) === 1 ) { + $skip_to[] = $this->process_matched_token( $stackPtr, $groupName, $this->classname ); + } + } + + if ( empty( $skip_to ) || min( $skip_to ) === 0 ) { + return; + } + + return min( $skip_to ); + } + + /** + * Prepare the class name for use in a regular expression. + * + * The getGroups() method allows for providing class names with a wildcard * to target + * a group of classes within a namespace. It also allows for providing class names as + * 'ordinary' names or prefixed with one or more namespaces. + * This prepare routine takes that into account while still safely escaping the + * class name for use in a regular expression. + * + * @param string $classname Class name, potentially prefixed with namespaces. + * @return string Regex escaped class name. + */ + protected function prepare_name_for_regex( $classname ) { + $classname = trim( $classname, '\\' ); // Make sure all classnames have a \ prefix, but only one. + return parent::prepare_name_for_regex( $classname ); + } + + /** + * See if the classname was found in a namespaced file and if so, add the namespace to the classname. + * + * @param string $classname The full classname as found. + * @param int $search_from The token position to search up from. + * @return string Classname, potentially prefixed with the namespace. + */ + protected function get_namespaced_classname( $classname, $search_from ) { + // Don't do anything if this is already a fully qualified classname. + if ( empty( $classname ) || '\\' === $classname[0] ) { + return $classname; + } + + // Remove the namespace keyword if used. + if ( 0 === strpos( $classname, 'namespace\\' ) ) { + $classname = substr( $classname, 10 ); + } + + $namespace_keyword = $this->phpcsFile->findPrevious( \T_NAMESPACE, $search_from ); + if ( false === $namespace_keyword ) { + // No namespace keyword found at all, so global namespace. + $classname = '\\' . $classname; + } else { + $namespace = $this->determine_namespace( $search_from ); + + if ( ! empty( $namespace ) ) { + $classname = '\\' . $namespace . '\\' . $classname; + } else { + // No actual namespace found, so global namespace. + $classname = '\\' . $classname; + } + } + + return $classname; + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/AbstractFunctionParameterSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/AbstractFunctionParameterSniff.php new file mode 100644 index 00000000..ab68a1dc --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/AbstractFunctionParameterSniff.php @@ -0,0 +1,112 @@ +target_functions ) ) { + return array(); + } + + return array( + $this->group_name => array( + 'functions' => array_keys( $this->target_functions ), + ), + ); + } + + /** + * Process a matched token. + * + * @param int $stackPtr The position of the current token in the stack. + * @param string $group_name The name of the group which was matched. + * @param string $matched_content The token content (function name) which was matched. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + public function process_matched_token( $stackPtr, $group_name, $matched_content ) { + + $parameters = $this->get_function_call_parameters( $stackPtr ); + + if ( empty( $parameters ) ) { + return $this->process_no_parameters( $stackPtr, $group_name, $matched_content ); + } else { + return $this->process_parameters( $stackPtr, $group_name, $matched_content, $parameters ); + } + } + + /** + * Process the parameters of a matched function. + * + * This method has to be made concrete in child classes. + * + * @param int $stackPtr The position of the current token in the stack. + * @param string $group_name The name of the group which was matched. + * @param string $matched_content The token content (function name) which was matched. + * @param array $parameters Array with information about the parameters. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + abstract public function process_parameters( $stackPtr, $group_name, $matched_content, $parameters ); + + /** + * Process the function if no parameters were found. + * + * Defaults to doing nothing. Can be overloaded in child classes to handle functions + * were parameters are expected, but none found. + * + * @param int $stackPtr The position of the current token in the stack. + * @param string $group_name The name of the group which was matched. + * @param string $matched_content The token content (function name) which was matched. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + public function process_no_parameters( $stackPtr, $group_name, $matched_content ) { + return; + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/AbstractFunctionRestrictionsSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/AbstractFunctionRestrictionsSniff.php new file mode 100644 index 00000000..53ea9a25 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/AbstractFunctionRestrictionsSniff.php @@ -0,0 +1,342 @@ + array( + * 'lambda' => array( + * 'type' => 'error' | 'warning', + * 'message' => 'Use anonymous functions instead please!', + * 'functions' => array( 'file_get_contents', 'create_function', 'mysql_*' ), + * // Only useful when using wildcards: + * 'whitelist' => array( 'mysql_to_rfc3339' => true, ), + * ) + * ) + * + * You can use * wildcards to target a group of functions. + * When you use * wildcards, you may inadvertently restrict too many + * functions. In that case you can add the `whitelist` key to + * whitelist individual functions to prevent false positives. + * + * @return array + */ + abstract public function getGroups(); + + /** + * Returns an array of tokens this test wants to listen for. + * + * @return array + */ + public function register() { + // Prepare the function group regular expressions only once. + if ( false === $this->setup_groups( 'functions' ) ) { + return array(); + } + + return array( + \T_STRING, + ); + } + + /** + * Set up the regular expressions for each group. + * + * @since 0.10.0 + * + * @param string $key The group array index key where the input for the regular expression can be found. + * @return bool True if the groups were setup. False if not. + */ + protected function setup_groups( $key ) { + // Prepare the function group regular expressions only once. + $this->groups = $this->getGroups(); + + if ( empty( $this->groups ) && empty( self::$unittest_groups ) ) { + return false; + } + + // Allow for adding extra unit tests. + if ( ! empty( self::$unittest_groups ) ) { + $this->groups = array_merge( $this->groups, self::$unittest_groups ); + } + + $all_items = array(); + foreach ( $this->groups as $groupName => $group ) { + if ( empty( $group[ $key ] ) ) { + unset( $this->groups[ $groupName ] ); + } else { + $items = array_map( array( $this, 'prepare_name_for_regex' ), $group[ $key ] ); + $all_items[] = $items; + $items = implode( '|', $items ); + + $this->groups[ $groupName ]['regex'] = sprintf( $this->regex_pattern, $items ); + } + } + + if ( empty( $this->groups ) ) { + return false; + } + + // Create one "super-regex" to allow for initial filtering. + $all_items = \call_user_func_array( 'array_merge', $all_items ); + $all_items = implode( '|', array_unique( $all_items ) ); + $this->prelim_check_regex = sprintf( $this->regex_pattern, $all_items ); + + return true; + } + + /** + * Processes this test, when one of its tokens is encountered. + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + public function process_token( $stackPtr ) { + + $this->excluded_groups = $this->merge_custom_array( $this->exclude ); + if ( array_diff_key( $this->groups, $this->excluded_groups ) === array() ) { + // All groups have been excluded. + // Don't remove the listener as the exclude property can be changed inline. + return; + } + + // Preliminary check. If the content of the T_STRING is not one of the functions we're + // looking for, we can bow out before doing the heavy lifting of checking whether + // this is a function call. + if ( preg_match( $this->prelim_check_regex, $this->tokens[ $stackPtr ]['content'] ) !== 1 ) { + return; + } + + if ( true === $this->is_targetted_token( $stackPtr ) ) { + return $this->check_for_matches( $stackPtr ); + } + } + + /** + * Verify is the current token is a function call. + * + * @since 0.11.0 Split out from the `process()` method. + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return bool + */ + public function is_targetted_token( $stackPtr ) { + + if ( \T_STRING !== $this->tokens[ $stackPtr ]['code'] ) { + return false; + } + + // Exclude function definitions, class methods, and namespaced calls. + if ( $this->is_class_object_call( $stackPtr ) === true ) { + return false; + } + + if ( $this->is_token_namespaced( $stackPtr ) === true ) { + return false; + } + + $prev = $this->phpcsFile->findPrevious( Tokens::$emptyTokens, ( $stackPtr - 1 ), null, true ); + if ( false !== $prev ) { + // Skip sniffing on function, class definitions or for function aliases in use statements. + $skipped = array( + \T_FUNCTION => \T_FUNCTION, + \T_CLASS => \T_CLASS, + \T_AS => \T_AS, // Use declaration alias. + ); + + if ( isset( $skipped[ $this->tokens[ $prev ]['code'] ] ) ) { + return false; + } + } + + // Check if this could even be a function call. + $next = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $stackPtr + 1 ), null, true ); + if ( false === $next ) { + return false; + } + + // Check for `use function ... (as|;)`. + if ( ( \T_STRING === $this->tokens[ $prev ]['code'] && 'function' === $this->tokens[ $prev ]['content'] ) + && ( \T_AS === $this->tokens[ $next ]['code'] || \T_SEMICOLON === $this->tokens[ $next ]['code'] ) + ) { + return true; + } + + // If it's not a `use` statement, there should be parenthesis. + if ( \T_OPEN_PARENTHESIS !== $this->tokens[ $next ]['code'] ) { + return false; + } + + return true; + } + + /** + * Verify if the current token is one of the targetted functions. + * + * @since 0.11.0 Split out from the `process()` method. + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + public function check_for_matches( $stackPtr ) { + $token_content = strtolower( $this->tokens[ $stackPtr ]['content'] ); + $skip_to = array(); + + foreach ( $this->groups as $groupName => $group ) { + + if ( isset( $this->excluded_groups[ $groupName ] ) ) { + continue; + } + + if ( isset( $group['whitelist'][ $token_content ] ) ) { + continue; + } + + if ( preg_match( $group['regex'], $token_content ) === 1 ) { + $skip_to[] = $this->process_matched_token( $stackPtr, $groupName, $token_content ); + } + } + + if ( empty( $skip_to ) || min( $skip_to ) === 0 ) { + return; + } + + return min( $skip_to ); + } + + /** + * Process a matched token. + * + * @since 0.11.0 Split out from the `process()` method. + * + * @param int $stackPtr The position of the current token in the stack. + * @param string $group_name The name of the group which was matched. + * @param string $matched_content The token content (function name) which was matched. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + public function process_matched_token( $stackPtr, $group_name, $matched_content ) { + + $this->addMessage( + $this->groups[ $group_name ]['message'], + $stackPtr, + ( 'error' === $this->groups[ $group_name ]['type'] ), + $this->string_to_errorcode( $group_name . '_' . $matched_content ), + array( $matched_content ) + ); + } + + /** + * Prepare the function name for use in a regular expression. + * + * The getGroups() method allows for providing function names with a wildcard * to target + * a group of functions. This prepare routine takes that into account while still safely + * escaping the function name for use in a regular expression. + * + * @since 0.10.0 + * + * @param string $function Function name. + * @return string Regex escaped function name. + */ + protected function prepare_name_for_regex( $function ) { + $function = str_replace( array( '.*', '*' ), '@@', $function ); // Replace wildcards with placeholder. + $function = preg_quote( $function, '`' ); + $function = str_replace( '@@', '.*', $function ); // Replace placeholder with regex wildcard. + + return $function; + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Docs/Arrays/ArrayIndentationStandard.xml b/vendor/wp-coding-standards/wpcs/WordPress/Docs/Arrays/ArrayIndentationStandard.xml new file mode 100644 index 00000000..5b9a1dee --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Docs/Arrays/ArrayIndentationStandard.xml @@ -0,0 +1,112 @@ + + + + + + + 22, +); + ]]> + + + 22, + ); + ]]> + + + + + + + + 22, + 'comment_count' => array( + 'value' => 25, + 'compare' => '>=', + ), + 'post_type' => array( + 'post', + 'page', + ), +); + ]]> + + + 22, + 'comment_count' => array( + 'value' => 25, + 'compare' => '>=', + ), + 'post_type' => array( + 'post', + 'page', + ), +); + ]]> + + + + + + + + 'start of phrase' + . 'concatented additional phrase' + . 'more text', +); + ]]> + + + 'start of phrase' +. 'concatented additional phrase' +. 'more text', +); + ]]> + + + + + + + + << + start of phrase + concatented additional phrase + more text +EOD +, +); + ]]> + + + diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Docs/Arrays/ArrayKeySpacingRestrictionsStandard.xml b/vendor/wp-coding-standards/wpcs/WordPress/Docs/Arrays/ArrayKeySpacingRestrictionsStandard.xml new file mode 100644 index 00000000..c1e27a13 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Docs/Arrays/ArrayKeySpacingRestrictionsStandard.xml @@ -0,0 +1,27 @@ + + + + + + + [ $post_id ]; +$post_title = $post[ 'concatenated' . $title ]; +$post = $posts[ HOME_PAGE ]; +$post = $posts[123]; +$post_title = $post['post_title']; + ]]> + + + [$post_id]; +$post_title = $post['concatenated' . $title ]; +$post = $posts[HOME_PAGE]; +$post = $posts[ 123 ]; +$post_title = $post[ 'post_title' ]; + ]]> + + + diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Docs/Arrays/MultipleStatementAlignmentStandard.xml b/vendor/wp-coding-standards/wpcs/WordPress/Docs/Arrays/MultipleStatementAlignmentStandard.xml new file mode 100644 index 00000000..b3f87cbb --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Docs/Arrays/MultipleStatementAlignmentStandard.xml @@ -0,0 +1,46 @@ + + + + + + + => 22 ); +$bar = array( 'year' => $current_year ); + ]]> + + + =>22 ); +$bar = array( 'year'=> $current_year ); + ]]> + + + + + + + + => 22, + 'year' => $current_year, + 'monthnum' => $current_month, +); + ]]> + + + => 22, + 'year' => $current_year, + 'monthnum' => $current_month, +); + ]]> + + + diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Docs/Classes/ClassInstantiationStandard.xml b/vendor/wp-coding-standards/wpcs/WordPress/Docs/Classes/ClassInstantiationStandard.xml new file mode 100644 index 00000000..cdd749ec --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Docs/Classes/ClassInstantiationStandard.xml @@ -0,0 +1,53 @@ + + + + + + + (); + ]]> + + + + + + + + + + + + + + (); + ]]> + + + + + + + + new Foobar(); + ]]> + + + & new Foobar(); + ]]> + + + diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Docs/CodeAnalysis/EscapedNotTranslatedStandard.xml b/vendor/wp-coding-standards/wpcs/WordPress/Docs/CodeAnalysis/EscapedNotTranslatedStandard.xml new file mode 100644 index 00000000..3755a3c9 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Docs/CodeAnalysis/EscapedNotTranslatedStandard.xml @@ -0,0 +1,20 @@ + + + + + + + esc_html__( 'text', 'domain' ); + ]]> + + + esc_html( 'text', 'domain' ); + ]]> + + + diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Docs/DateTime/CurrentTimeTimestampStandard.xml b/vendor/wp-coding-standards/wpcs/WordPress/Docs/DateTime/CurrentTimeTimestampStandard.xml new file mode 100644 index 00000000..add8ed23 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Docs/DateTime/CurrentTimeTimestampStandard.xml @@ -0,0 +1,31 @@ + + + + + + + time(); + ]]> + + + current_time( 'timestamp', true ); + ]]> + + + + + 'Y-m-d' ); + ]]> + + + current_time( 'U', false ); + ]]> + + + diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Docs/NamingConventions/ValidHookNameStandard.xml b/vendor/wp-coding-standards/wpcs/WordPress/Docs/NamingConventions/ValidHookNameStandard.xml new file mode 100644 index 00000000..479dbd9b --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Docs/NamingConventions/ValidHookNameStandard.xml @@ -0,0 +1,32 @@ + + + + + + + + 'prefix_hook_name', $var ); + ]]> + + + 'Prefix_Hook_NAME', $var ); + ]]> + + + + + 'prefix_hook_name', $var ); + ]]> + + + 'prefix\hook-name', $var ); + ]]> + + + diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Docs/NamingConventions/ValidPostTypeSlugStandard.xml b/vendor/wp-coding-standards/wpcs/WordPress/Docs/NamingConventions/ValidPostTypeSlugStandard.xml new file mode 100644 index 00000000..86be1bbe --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Docs/NamingConventions/ValidPostTypeSlugStandard.xml @@ -0,0 +1,117 @@ + + + + + + + 'my_short_slug', + array() +); + ]]> + + + 'my_own_post_type_too_long', + array() +); + ]]> + + + + + + + + 'my_post_type_slug', + array() +); + ]]> + + + 'my/post/type/slug', + array() +); + ]]> + + + + + + + + 'my_post_active', + array() +); + ]]> + + + "my_post_{$status}", + array() +); + ]]> + + + + + + + + 'prefixed_author', + array() +); + ]]> + + + 'author', + array() +); + ]]> + + + + + + + + 'prefixed_author', + array() +); + ]]> + + + 'wp_author', + array() +); + ]]> + + + diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Docs/PHP/DisallowShortTernaryStandard.xml b/vendor/wp-coding-standards/wpcs/WordPress/Docs/PHP/DisallowShortTernaryStandard.xml new file mode 100644 index 00000000..c81b2fd8 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Docs/PHP/DisallowShortTernaryStandard.xml @@ -0,0 +1,20 @@ + + + + + + + ? + $data['height'] : 0; + ]]> + + + ? : 0; + ]]> + + + diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Docs/PHP/IniSetStandard.xml b/vendor/wp-coding-standards/wpcs/WordPress/Docs/PHP/IniSetStandard.xml new file mode 100644 index 00000000..dfc74e91 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Docs/PHP/IniSetStandard.xml @@ -0,0 +1,36 @@ + + + + + + + + + + 'short_open_tag', 'off' ); + ]]> + + + + + + + + wp_raise_memory_limit(); + ]]> + + + 'memory_limit', '256M' ); + ]]> + + + diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Docs/Security/SafeRedirectStandard.xml b/vendor/wp-coding-standards/wpcs/WordPress/Docs/Security/SafeRedirectStandard.xml new file mode 100644 index 00000000..c2bcf5b8 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Docs/Security/SafeRedirectStandard.xml @@ -0,0 +1,19 @@ + + + + + + + wp_safe_redirect( $location ); + ]]> + + + wp_redirect( $location ); + ]]> + + + diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Docs/WP/CronIntervalStandard.xml b/vendor/wp-coding-standards/wpcs/WordPress/Docs/WP/CronIntervalStandard.xml new file mode 100644 index 00000000..55a9037d --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Docs/WP/CronIntervalStandard.xml @@ -0,0 +1,41 @@ + + + + + + + HOUR_IN_SECONDS, + 'display' => __( 'Every hour' ) + ); + return $schedules; +} + +add_filter( + 'cron_schedules', + 'adjust_schedules' +); + ]]> + + + 9 * 60, + 'display' => __( 'Every 9 minutes' ) + ); + return $schedules; +} + +add_filter( + 'cron_schedules', + 'adjust_schedules' +); + ]]> + + + diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Docs/WP/DeprecatedClassesStandard.xml b/vendor/wp-coding-standards/wpcs/WordPress/Docs/WP/DeprecatedClassesStandard.xml new file mode 100644 index 00000000..4d06f6e3 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Docs/WP/DeprecatedClassesStandard.xml @@ -0,0 +1,19 @@ + + + + + + + WP_User_Query(); + ]]> + + + WP_User_Search(); // Deprecated WP 3.1. + ]]> + + + diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Docs/WP/DeprecatedFunctionsStandard.xml b/vendor/wp-coding-standards/wpcs/WordPress/Docs/WP/DeprecatedFunctionsStandard.xml new file mode 100644 index 00000000..7fcc9c4e --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Docs/WP/DeprecatedFunctionsStandard.xml @@ -0,0 +1,19 @@ + + + + + + + get_sites(); + ]]> + + + wp_get_sites(); // Deprecated WP 4.6. + ]]> + + + diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Docs/WP/DeprecatedParameterValuesStandard.xml b/vendor/wp-coding-standards/wpcs/WordPress/Docs/WP/DeprecatedParameterValuesStandard.xml new file mode 100644 index 00000000..0348fdff --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Docs/WP/DeprecatedParameterValuesStandard.xml @@ -0,0 +1,19 @@ + + + + + + + 'url' ); + ]]> + + + 'home' ); // Deprecated WP 2.2.0. + ]]> + + + diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Docs/WP/DeprecatedParametersStandard.xml b/vendor/wp-coding-standards/wpcs/WordPress/Docs/WP/DeprecatedParametersStandard.xml new file mode 100644 index 00000000..6399ca62 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Docs/WP/DeprecatedParametersStandard.xml @@ -0,0 +1,36 @@ + + + after the deprecated parameter, only ever pass the default value. + ]]> + + + + + + + $string ); + ]]> + + + + + '', 'yes' ); + ]]> + + + 'oops', 'yes' ); + ]]> + + + diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Docs/WP/EnqueuedResourcesStandard.xml b/vendor/wp-coding-standards/wpcs/WordPress/Docs/WP/EnqueuedResourcesStandard.xml new file mode 100644 index 00000000..3857df3d --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Docs/WP/EnqueuedResourcesStandard.xml @@ -0,0 +1,53 @@ + + + + + + + wp_enqueue_script( + 'someScript-js', + $path_to_file, + array( 'jquery' ), + '1.0.0', + true +); + ]]> + + + ', + esc_url( $path_to_file ) +); + ]]> + + + + + + + + wp_enqueue_style( + 'style-name', + $path_to_file, + array(), + '1.0.0' +); + ]]> + + + ', + esc_url( $path_to_file ) +); + ]]> + + + diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Docs/WP/PostsPerPageStandard.xml b/vendor/wp-coding-standards/wpcs/WordPress/Docs/WP/PostsPerPageStandard.xml new file mode 100644 index 00000000..aa24f740 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Docs/WP/PostsPerPageStandard.xml @@ -0,0 +1,69 @@ + + + + + + + -1, +); +$args = array( + 'posts_per_page' => 100, +); +$args = array( + 'posts_per_page' => '10', +); + +$query_args['posts_per_page'] = 100; + +_query_posts( 'nopaging=1&posts_per_page=50' ); + ]]> + + + 101, +); + +$query_args['posts_per_page'] = 200; + +_query_posts( 'nopaging=1&posts_per_page=999' ); + ]]> + + + + + -1, +); +$args = array( + 'numberposts' => 100, +); +$args = array( + 'numberposts' => '10', +); + +$query_args['numberposts'] = '-1'; + +_query_posts( 'numberposts=50' ); + ]]> + + + 101, +); + +$query_args['numberposts'] = '200'; + +_query_posts( 'numberposts=999' ); + ]]> + + + diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Docs/WhiteSpace/CastStructureSpacingStandard.xml b/vendor/wp-coding-standards/wpcs/WordPress/Docs/WhiteSpace/CastStructureSpacingStandard.xml new file mode 100644 index 00000000..8539325b --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Docs/WhiteSpace/CastStructureSpacingStandard.xml @@ -0,0 +1,23 @@ + + + + + + + (int) '420'; + +// No space between spread operator and cast. +$a = function_call( ...(array) $mixed ); + ]]> + + + =(int) '420'; + ]]> + + + diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Docs/WhiteSpace/DisallowInlineTabsStandard.xml b/vendor/wp-coding-standards/wpcs/WordPress/Docs/WhiteSpace/DisallowInlineTabsStandard.xml new file mode 100644 index 00000000..16f1da2f --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Docs/WhiteSpace/DisallowInlineTabsStandard.xml @@ -0,0 +1,25 @@ + + + + + + + [space]=> 'lor', + 'b'[space][space][space]=> 'em', +); + ]]> + + + [tab]=> 'lor', + 'b'[tab]=> 'em', +); + ]]> + + + diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Docs/WhiteSpace/PrecisionAlignmentStandard.xml b/vendor/wp-coding-standards/wpcs/WordPress/Docs/WhiteSpace/PrecisionAlignmentStandard.xml new file mode 100644 index 00000000..ca819ffd --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Docs/WhiteSpace/PrecisionAlignmentStandard.xml @@ -0,0 +1,31 @@ + + + + + + + [tab]$var = true; + ]]> + + + [space][space]$var = true; + ]]> + + + + + [tab][space][space][space][space]$var = true; + ]]> + + + [tab][space][space][space]$var = true; + ]]> + + + diff --git a/vendor/wp-coding-standards/wpcs/WordPress/PHPCSHelper.php b/vendor/wp-coding-standards/wpcs/WordPress/PHPCSHelper.php new file mode 100644 index 00000000..1599a97a --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/PHPCSHelper.php @@ -0,0 +1,109 @@ +config->tabWidth ) && $phpcsFile->config->tabWidth > 0 ) { + $tab_width = $phpcsFile->config->tabWidth; + } + + return $tab_width; + } + + /** + * Check whether the `--ignore-annotations` option has been used. + * + * @since 0.13.0 + * + * @param \PHP_CodeSniffer\Files\File $phpcsFile Optional. The current file being processed. + * + * @return bool True if annotations should be ignored, false otherwise. + */ + public static function ignore_annotations( File $phpcsFile = null ) { + if ( isset( $phpcsFile, $phpcsFile->config->annotations ) ) { + return ! $phpcsFile->config->annotations; + } else { + $annotations = Config::getConfigData( 'annotations' ); + if ( isset( $annotations ) ) { + return ! $annotations; + } + } + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniff.php new file mode 100644 index 00000000..55ca6e74 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniff.php @@ -0,0 +1,3424 @@ + true`, i.e. the array item is set as the array key. + * This allows for sniffs to verify whether something is in one of these + * lists using `isset()` rather than `in_array()` which is a much more + * efficient (faster) check to execute and therefore improves the + * performance of the sniffs. + * The `true` value in those cases is used as a placeholder and has no + * meaning in and of itself. + * In the rare few cases where the array values *do* have meaning, this + * is documented in the property documentation.}} + */ +abstract class Sniff implements PHPCS_Sniff { + + /** + * Regex to get complex variables from T_DOUBLE_QUOTED_STRING or T_HEREDOC. + * + * @since 0.14.0 + * + * @var string + */ + const REGEX_COMPLEX_VARS = '`(?:(\{)?(?[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)(?:->\$?(?P>varname)|\[[^\]]+\]|::\$?(?P>varname)|\([^\)]*\))*(?(3)\}|)(?(2)\}|)(?(1)\}|)`'; + + /** + * Minimum supported WordPress version. + * + * Currently used by the `WordPress.WP.AlternativeFunctions`, + * `WordPress.WP.DeprecatedClasses`, `WordPress.WP.DeprecatedFunctions` + * and the `WordPress.WP.DeprecatedParameter` sniff. + * + * These sniffs will throw an error when usage of a deprecated class/function/parameter + * is detected if the class/function/parameter was deprecated before the minimum + * supported WP version; a warning otherwise. + * By default, it is set to presume that a project will support the current + * WP version and up to three releases before. + * + * This property allows changing the minimum supported WP version used by + * these sniffs by setting a property in a custom phpcs.xml ruleset. + * This property will need to be set for each sniff which uses it. + * + * Example usage: + * + * + * + * + * + * + * Alternatively, the value can be passed in one go for all sniff using it via + * the command line or by setting a `` value in a custom phpcs.xml ruleset. + * Note: the `_wp_` in the command line property name! + * + * CL: `phpcs --runtime-set minimum_supported_wp_version 4.5` + * Ruleset: `` + * + * @since 0.14.0 Previously the individual sniffs each contained this property. + * + * @internal When the value of this property is changed, it will also need + * to be changed in the `WP/AlternativeFunctionsUnitTest.inc` file. + * + * @var string WordPress version. + */ + public $minimum_supported_version = '5.1'; + + /** + * Custom list of classes which test classes can extend. + * + * This property allows end-users to add to the $test_class_whitelist via their ruleset. + * This property will need to be set for each sniff which uses the + * `is_test_class()` method. + * Currently the method is used by the `WordPress.WP.GlobalVariablesOverride`, + * `WordPress.NamingConventions.PrefixAllGlobals` and the `WordPress.Files.Filename` sniffs. + * + * Example usage: + * + * + * + * + * + * + * + * + * + * @since 0.11.0 + * + * @var string|string[] + */ + public $custom_test_class_whitelist = array(); + + /** + * List of the functions which verify nonces. + * + * @since 0.5.0 + * @since 0.11.0 Changed from public static to protected non-static. + * + * @var array + */ + protected $nonceVerificationFunctions = array( + 'wp_verify_nonce' => true, + 'check_admin_referer' => true, + 'check_ajax_referer' => true, + ); + + /** + * Functions that escape values for display. + * + * @since 0.5.0 + * @since 0.11.0 Changed from public static to protected non-static. + * + * @var array + */ + protected $escapingFunctions = array( + 'absint' => true, + 'esc_attr__' => true, + 'esc_attr_e' => true, + 'esc_attr_x' => true, + 'esc_attr' => true, + 'esc_html__' => true, + 'esc_html_e' => true, + 'esc_html_x' => true, + 'esc_html' => true, + 'esc_js' => true, + 'esc_sql' => true, + 'esc_textarea' => true, + 'esc_url_raw' => true, + 'esc_url' => true, + 'filter_input' => true, + 'filter_var' => true, + 'floatval' => true, + 'highlight_string' => true, + 'intval' => true, + 'json_encode' => true, + 'like_escape' => true, + 'number_format' => true, + 'rawurlencode' => true, + 'sanitize_hex_color' => true, + 'sanitize_hex_color_no_hash' => true, + 'sanitize_html_class' => true, + 'sanitize_key' => true, + 'sanitize_user_field' => true, + 'tag_escape' => true, + 'urlencode_deep' => true, + 'urlencode' => true, + 'wp_json_encode' => true, + 'wp_kses_allowed_html' => true, + 'wp_kses_data' => true, + 'wp_kses_post' => true, + 'wp_kses' => true, + ); + + /** + * Functions whose output is automatically escaped for display. + * + * @since 0.5.0 + * @since 0.11.0 Changed from public static to protected non-static. + * + * @var array + */ + protected $autoEscapedFunctions = array( + 'allowed_tags' => true, + 'bloginfo' => true, + 'body_class' => true, + 'calendar_week_mod' => true, + 'category_description' => true, + 'checked' => true, + 'comment_class' => true, + 'count' => true, + 'disabled' => true, + 'do_shortcode' => true, + 'do_shortcode_tag' => true, + 'get_archives_link' => true, + 'get_attachment_link' => true, + 'get_avatar' => true, + 'get_bookmark_field' => true, + 'get_calendar' => true, + 'get_comment_author_link' => true, + 'get_current_blog_id' => true, + 'get_delete_post_link' => true, + 'get_search_form' => true, + 'get_search_query' => true, + 'get_the_author_link' => true, + 'get_the_author' => true, + 'get_the_date' => true, + 'get_the_ID' => true, + 'get_the_post_thumbnail' => true, + 'get_the_term_list' => true, + 'post_type_archive_title' => true, + 'readonly' => true, + 'selected' => true, + 'single_cat_title' => true, + 'single_month_title' => true, + 'single_post_title' => true, + 'single_tag_title' => true, + 'single_term_title' => true, + 'tag_description' => true, + 'term_description' => true, + 'the_author' => true, + 'the_date' => true, + 'the_title_attribute' => true, + 'walk_nav_menu_tree' => true, + 'wp_dropdown_categories' => true, + 'wp_dropdown_users' => true, + 'wp_generate_tag_cloud' => true, + 'wp_get_archives' => true, + 'wp_get_attachment_image' => true, + 'wp_get_attachment_link' => true, + 'wp_link_pages' => true, + 'wp_list_authors' => true, + 'wp_list_bookmarks' => true, + 'wp_list_categories' => true, + 'wp_list_comments' => true, + 'wp_login_form' => true, + 'wp_loginout' => true, + 'wp_nav_menu' => true, + 'wp_register' => true, + 'wp_tag_cloud' => true, + 'wp_title' => true, + ); + + /** + * Functions that sanitize values. + * + * This list is complementary to the `$unslashingSanitizingFunctions` + * list. + * Sanitizing functions should be added to this list if they do *not* + * implicitely unslash data and to the `$unslashingsanitizingFunctions` + * list if they do. + * + * @since 0.5.0 + * @since 0.11.0 Changed from public static to protected non-static. + * + * @var array + */ + protected $sanitizingFunctions = array( + '_wp_handle_upload' => true, + 'esc_url_raw' => true, + 'filter_input' => true, + 'filter_var' => true, + 'hash_equals' => true, + 'is_email' => true, + 'number_format' => true, + 'sanitize_bookmark_field' => true, + 'sanitize_bookmark' => true, + 'sanitize_email' => true, + 'sanitize_file_name' => true, + 'sanitize_hex_color_no_hash' => true, + 'sanitize_hex_color' => true, + 'sanitize_html_class' => true, + 'sanitize_meta' => true, + 'sanitize_mime_type' => true, + 'sanitize_option' => true, + 'sanitize_sql_orderby' => true, + 'sanitize_term_field' => true, + 'sanitize_term' => true, + 'sanitize_text_field' => true, + 'sanitize_textarea_field' => true, + 'sanitize_title_for_query' => true, + 'sanitize_title_with_dashes' => true, + 'sanitize_title' => true, + 'sanitize_user_field' => true, + 'sanitize_user' => true, + 'validate_file' => true, + 'wp_handle_sideload' => true, + 'wp_handle_upload' => true, + 'wp_kses_allowed_html' => true, + 'wp_kses_data' => true, + 'wp_kses_post' => true, + 'wp_kses' => true, + 'wp_parse_id_list' => true, + 'wp_redirect' => true, + 'wp_safe_redirect' => true, + 'wp_sanitize_redirect' => true, + 'wp_strip_all_tags' => true, + ); + + /** + * Sanitizing functions that implicitly unslash the data passed to them. + * + * This list is complementary to the `$sanitizingFunctions` list. + * Sanitizing functions should be added to this list if they also + * implicitely unslash data and to the `$sanitizingFunctions` list + * if they don't. + * + * @since 0.5.0 + * @since 0.11.0 Changed from public static to protected non-static. + * + * @var array + */ + protected $unslashingSanitizingFunctions = array( + 'absint' => true, + 'boolval' => true, + 'count' => true, + 'doubleval' => true, + 'floatval' => true, + 'intval' => true, + 'sanitize_key' => true, + 'sizeof' => true, + ); + + /** + * Functions which unslash the data passed to them. + * + * @since 2.1.0 + * + * @var array + */ + protected $unslashingFunctions = array( + 'stripslashes_deep' => true, + 'stripslashes_from_strings_only' => true, + 'wp_unslash' => true, + ); + + /** + * List of PHP native functions to test the type of a variable. + * + * Using these functions is safe in combination with superglobals without + * unslashing or sanitization. + * + * They should, however, not be regarded as unslashing or sanitization functions. + * + * @since 2.1.0 + * + * @var array + */ + protected $typeTestFunctions = array( + 'is_array' => true, + 'is_bool' => true, + 'is_callable' => true, + 'is_countable' => true, + 'is_double' => true, + 'is_float' => true, + 'is_int' => true, + 'is_integer' => true, + 'is_iterable' => true, + 'is_long' => true, + 'is_null' => true, + 'is_numeric' => true, + 'is_object' => true, + 'is_real' => true, + 'is_resource' => true, + 'is_scalar' => true, + 'is_string' => true, + ); + + /** + * Token which when they preceed code indicate the value is safely casted. + * + * @since 1.1.0 + * + * @var array + */ + protected $safe_casts = array( + \T_INT_CAST => true, + \T_DOUBLE_CAST => true, + \T_BOOL_CAST => true, + \T_UNSET_CAST => true, + ); + + /** + * List of array functions which apply a callback to the array. + * + * These are often used for sanitization/escaping an array variable. + * + * Note: functions which alter the array by reference are not listed here on purpose. + * These cannot easily be used for sanitization as they can't be combined with unslashing. + * Similarly, they cannot be used for late escaping as the return value is a boolean, not + * the altered array. + * + * @since 2.1.0 + * + * @var array => + */ + protected $arrayWalkingFunctions = array( + 'array_map' => 1, + 'map_deep' => 2, + ); + + /** + * Array functions to compare a $needle to a predefined set of values. + * + * If the value is set to an integer, the function needs to have at least that + * many parameters for it to be considered as a comparison. + * + * @since 2.1.0 + * + * @var array => + */ + protected $arrayCompareFunctions = array( + 'in_array' => true, + 'array_search' => true, + 'array_keys' => 2, + ); + + /** + * Functions that format strings. + * + * These functions are often used for formatting values just before output, and + * it is common practice to escape the individual parameters passed to them as + * needed instead of escaping the entire result. This is especially true when the + * string being formatted contains HTML, which makes escaping the full result + * more difficult. + * + * @since 0.5.0 + * @since 0.11.0 Changed from public static to protected non-static. + * + * @var array + */ + protected $formattingFunctions = array( + 'array_fill' => true, + 'ent2ncr' => true, + 'implode' => true, + 'join' => true, + 'nl2br' => true, + 'sprintf' => true, + 'vsprintf' => true, + 'wp_sprintf' => true, + ); + + /** + * Functions which print output incorporating the values passed to them. + * + * @since 0.5.0 + * @since 0.11.0 Changed from public static to protected non-static. + * + * @var array + */ + protected $printingFunctions = array( + '_deprecated_argument' => true, + '_deprecated_constructor' => true, + '_deprecated_file' => true, + '_deprecated_function' => true, + '_deprecated_hook' => true, + '_doing_it_wrong' => true, + '_e' => true, + '_ex' => true, + 'printf' => true, + 'trigger_error' => true, + 'user_error' => true, + 'vprintf' => true, + 'wp_die' => true, + 'wp_dropdown_pages' => true, + ); + + /** + * Functions that escape values for use in SQL queries. + * + * @since 0.9.0 + * @since 0.11.0 Changed from public static to protected non-static. + * + * @var array + */ + protected $SQLEscapingFunctions = array( + 'absint' => true, + 'esc_sql' => true, + 'floatval' => true, + 'intval' => true, + 'like_escape' => true, + ); + + /** + * Functions whose output is automatically escaped for use in SQL queries. + * + * @since 0.9.0 + * @since 0.11.0 Changed from public static to protected non-static. + * + * @var array + */ + protected $SQLAutoEscapedFunctions = array( + 'count' => true, + ); + + /** + * A list of functions that get data from the cache. + * + * @since 0.6.0 + * @since 0.11.0 Changed from public static to protected non-static. + * + * @var array + */ + protected $cacheGetFunctions = array( + 'wp_cache_get' => true, + ); + + /** + * A list of functions that set data in the cache. + * + * @since 0.6.0 + * @since 0.11.0 Changed from public static to protected non-static. + * + * @var array + */ + protected $cacheSetFunctions = array( + 'wp_cache_set' => true, + 'wp_cache_add' => true, + ); + + /** + * A list of functions that delete data from the cache. + * + * @since 0.6.0 + * @since 0.11.0 Changed from public static to protected non-static. + * + * @var array + */ + protected $cacheDeleteFunctions = array( + 'wp_cache_delete' => true, + 'clean_attachment_cache' => true, + 'clean_blog_cache' => true, + 'clean_bookmark_cache' => true, + 'clean_category_cache' => true, + 'clean_comment_cache' => true, + 'clean_network_cache' => true, + 'clean_object_term_cache' => true, + 'clean_page_cache' => true, + 'clean_post_cache' => true, + 'clean_term_cache' => true, + 'clean_user_cache' => true, + ); + + /** + * A list of functions that invoke WP hooks (filters/actions). + * + * @since 0.10.0 + * @since 0.11.0 Changed from public static to protected non-static. + * + * @var array + */ + protected $hookInvokeFunctions = array( + 'do_action' => true, + 'do_action_ref_array' => true, + 'do_action_deprecated' => true, + 'apply_filters' => true, + 'apply_filters_ref_array' => true, + 'apply_filters_deprecated' => true, + ); + + /** + * A list of functions that are used to interact with the WP plugins API. + * + * @since 0.10.0 + * @since 0.11.0 Changed from public static to protected non-static. + * + * @var array => + */ + protected $hookFunctions = array( + 'has_filter' => 1, + 'add_filter' => 1, + 'remove_filter' => 1, + 'remove_all_filters' => 1, + 'doing_filter' => 1, // Hook name optional. + 'has_action' => 1, + 'add_action' => 1, + 'doing_action' => 1, // Hook name optional. + 'did_action' => 1, + 'remove_action' => 1, + 'remove_all_actions' => 1, + 'current_filter' => 0, // No hook name argument. + ); + + /** + * List of global WP variables. + * + * @since 0.3.0 + * @since 0.11.0 Changed visibility from public to protected. + * @since 0.12.0 Renamed from `$globals` to `$wp_globals` to be more descriptive. + * @since 0.12.0 Moved here from the WordPress.Variables.GlobalVariables sniff. + * + * @var array + */ + protected $wp_globals = array( + '_links_add_base' => true, + '_links_add_target' => true, + '_menu_item_sort_prop' => true, + '_nav_menu_placeholder' => true, + '_new_bundled_files' => true, + '_old_files' => true, + '_parent_pages' => true, + '_registered_pages' => true, + '_updated_user_settings' => true, + '_wp_additional_image_sizes' => true, + '_wp_admin_css_colors' => true, + '_wp_default_headers' => true, + '_wp_deprecated_widgets_callbacks' => true, + '_wp_last_object_menu' => true, + '_wp_last_utility_menu' => true, + '_wp_menu_nopriv' => true, + '_wp_nav_menu_max_depth' => true, + '_wp_post_type_features' => true, + '_wp_real_parent_file' => true, + '_wp_registered_nav_menus' => true, + '_wp_sidebars_widgets' => true, + '_wp_submenu_nopriv' => true, + '_wp_suspend_cache_invalidation' => true, + '_wp_theme_features' => true, + '_wp_using_ext_object_cache' => true, + 'action' => true, + 'active_signup' => true, + 'admin_body_class' => true, + 'admin_page_hooks' => true, + 'all_links' => true, + 'allowedentitynames' => true, + 'allowedposttags' => true, + 'allowedtags' => true, + 'auth_secure_cookie' => true, + 'authordata' => true, + 'avail_post_mime_types' => true, + 'avail_post_stati' => true, + 'blog_id' => true, + 'blog_title' => true, + 'blogname' => true, + 'cat' => true, + 'cat_id' => true, + 'charset_collate' => true, + 'comment' => true, + 'comment_alt' => true, + 'comment_depth' => true, + 'comment_status' => true, + 'comment_thread_alt' => true, + 'comment_type' => true, + 'comments' => true, + 'compress_css' => true, + 'compress_scripts' => true, + 'concatenate_scripts' => true, + 'content_width' => true, + 'current_blog' => true, + 'current_screen' => true, + 'current_site' => true, + 'current_user' => true, + 'currentcat' => true, + 'currentday' => true, + 'currentmonth' => true, + 'custom_background' => true, + 'custom_image_header' => true, + 'default_menu_order' => true, + 'descriptions' => true, + 'domain' => true, + 'editor_styles' => true, + 'error' => true, + 'errors' => true, + 'EZSQL_ERROR' => true, + 'feeds' => true, + 'GETID3_ERRORARRAY' => true, + 'hook_suffix' => true, + 'HTTP_RAW_POST_DATA' => true, + 'id' => true, + 'in_comment_loop' => true, + 'interim_login' => true, + 'is_apache' => true, + 'is_chrome' => true, + 'is_gecko' => true, + 'is_IE' => true, + 'is_IIS' => true, + 'is_iis7' => true, + 'is_macIE' => true, + 'is_NS4' => true, + 'is_opera' => true, + 'is_safari' => true, + 'is_winIE' => true, + 'l10n' => true, + 'link' => true, + 'link_id' => true, + 'locale' => true, + 'locked_post_status' => true, + 'lost' => true, + 'm' => true, + 'map' => true, + 'menu' => true, + 'menu_order' => true, + 'merged_filters' => true, + 'mode' => true, + 'monthnum' => true, + 'more' => true, + 'mu_plugin' => true, + 'multipage' => true, + 'names' => true, + 'nav_menu_selected_id' => true, + 'network_plugin' => true, + 'new_whitelist_options' => true, + 'numpages' => true, + 'one_theme_location_no_menus' => true, + 'opml' => true, + 'order' => true, + 'orderby' => true, + 'overridden_cpage' => true, + 'page' => true, + 'paged' => true, + 'pagenow' => true, + 'pages' => true, + 'parent_file' => true, + 'pass_allowed_html' => true, + 'pass_allowed_protocols' => true, + 'path' => true, + 'per_page' => true, + 'PHP_SELF' => true, + 'phpmailer' => true, + 'plugin_page' => true, + 'plugin' => true, + 'plugins' => true, + 'post' => true, + 'post_default_category' => true, + 'post_default_title' => true, + 'post_ID' => true, + 'post_id' => true, + 'post_mime_types' => true, + 'post_type' => true, + 'post_type_object' => true, + 'posts' => true, + 'preview' => true, + 'previouscat' => true, + 'previousday' => true, + 'previousweekday' => true, + 'redir_tab' => true, + 'required_mysql_version' => true, + 'required_php_version' => true, + 'rnd_value' => true, + 'role' => true, + 's' => true, + 'search' => true, + 'self' => true, + 'shortcode_tags' => true, + 'show_admin_bar' => true, + 'sidebars_widgets' => true, + 'status' => true, + 'submenu' => true, + 'submenu_file' => true, + 'super_admins' => true, + 'tab' => true, + 'table_prefix' => true, + 'tabs' => true, + 'tag' => true, + 'tag_ID' => true, + 'targets' => true, + 'tax' => true, + 'taxnow' => true, + 'taxonomy' => true, + 'term' => true, + 'text_direction' => true, + 'theme_field_defaults' => true, + 'themes_allowedtags' => true, + 'timeend' => true, + 'timestart' => true, + 'tinymce_version' => true, + 'title' => true, + 'totals' => true, + 'type' => true, + 'typenow' => true, + 'updated_timestamp' => true, + 'upgrading' => true, + 'urls' => true, + 'user_email' => true, + 'user_ID' => true, + 'user_identity' => true, + 'user_level' => true, + 'user_login' => true, + 'user_url' => true, + 'userdata' => true, + 'usersearch' => true, + 'whitelist_options' => true, + 'withcomments' => true, + 'wp' => true, + 'wp_actions' => true, + 'wp_admin_bar' => true, + 'wp_cockneyreplace' => true, + 'wp_current_db_version' => true, + 'wp_current_filter' => true, + 'wp_customize' => true, + 'wp_dashboard_control_callbacks' => true, + 'wp_db_version' => true, + 'wp_did_header' => true, + 'wp_embed' => true, + 'wp_file_descriptions' => true, + 'wp_filesystem' => true, + 'wp_filter' => true, + 'wp_hasher' => true, + 'wp_header_to_desc' => true, + 'wp_importers' => true, + 'wp_json' => true, + 'wp_list_table' => true, + 'wp_local_package' => true, + 'wp_locale' => true, + 'wp_meta_boxes' => true, + 'wp_object_cache' => true, + 'wp_plugin_paths' => true, + 'wp_post_statuses' => true, + 'wp_post_types' => true, + 'wp_queries' => true, + 'wp_query' => true, + 'wp_registered_sidebars' => true, + 'wp_registered_widget_controls' => true, + 'wp_registered_widget_updates' => true, + 'wp_registered_widgets' => true, + 'wp_rewrite' => true, + 'wp_rich_edit' => true, + 'wp_rich_edit_exists' => true, + 'wp_roles' => true, + 'wp_scripts' => true, + 'wp_settings_errors' => true, + 'wp_settings_fields' => true, + 'wp_settings_sections' => true, + 'wp_smiliessearch' => true, + 'wp_styles' => true, + 'wp_taxonomies' => true, + 'wp_the_query' => true, + 'wp_theme_directories' => true, + 'wp_themes' => true, + 'wp_user_roles' => true, + 'wp_version' => true, + 'wp_widget_factory' => true, + 'wp_xmlrpc_server' => true, + 'wpcommentsjavascript' => true, + 'wpcommentspopupfile' => true, + 'wpdb' => true, + 'wpsmiliestrans' => true, + 'year' => true, + ); + + /** + * A list of superglobals that incorporate user input. + * + * @since 0.5.0 + * @since 0.11.0 Changed from static to non-static. + * + * @var string[] + */ + protected $input_superglobals = array( + '$_COOKIE', + '$_GET', + '$_FILES', + '$_POST', + '$_REQUEST', + '$_SERVER', + ); + + /** + * Whitelist of classes which test classes can extend. + * + * @since 0.11.0 + * + * @var string[] + */ + protected $test_class_whitelist = array( + 'WP_UnitTestCase_Base' => true, + 'WP_UnitTestCase' => true, + 'WP_Ajax_UnitTestCase' => true, + 'WP_Canonical_UnitTestCase' => true, + 'WP_Test_REST_TestCase' => true, + 'WP_Test_REST_Controller_Testcase' => true, + 'WP_Test_REST_Post_Type_Controller_Testcase' => true, + 'WP_XMLRPC_UnitTestCase' => true, + 'PHPUnit_Framework_TestCase' => true, + 'PHPUnit\Framework\TestCase' => true, + // PHPUnit native TestCase class when imported via use statement. + 'TestCase' => true, + ); + + /** + * The current file being sniffed. + * + * @since 0.4.0 + * + * @var \PHP_CodeSniffer\Files\File + */ + protected $phpcsFile; + + /** + * The list of tokens in the current file being sniffed. + * + * @since 0.4.0 + * + * @var array + */ + protected $tokens; + + /** + * Set sniff properties and hand off to child class for processing of the token. + * + * @since 0.11.0 + * + * @param \PHP_CodeSniffer\Files\File $phpcsFile The file being scanned. + * @param int $stackPtr The position of the current token + * in the stack passed in $tokens. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + public function process( File $phpcsFile, $stackPtr ) { + $this->init( $phpcsFile ); + return $this->process_token( $stackPtr ); + } + + /** + * Processes a sniff when one of its tokens is encountered. + * + * @since 0.11.0 + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + abstract public function process_token( $stackPtr ); + + /** + * Initialize the class for the current process. + * + * This method must be called by child classes before using many of the methods + * below. + * + * @since 0.4.0 + * + * @param \PHP_CodeSniffer\Files\File $phpcsFile The file currently being processed. + */ + protected function init( File $phpcsFile ) { + $this->phpcsFile = $phpcsFile; + $this->tokens = $phpcsFile->getTokens(); + } + + /** + * Strip quotes surrounding an arbitrary string. + * + * Intended for use with the contents of a T_CONSTANT_ENCAPSED_STRING / T_DOUBLE_QUOTED_STRING. + * + * @since 0.11.0 + * + * @param string $string The raw string. + * @return string String without quotes around it. + */ + public function strip_quotes( $string ) { + return preg_replace( '`^([\'"])(.*)\1$`Ds', '$2', $string ); + } + + /** + * Add a PHPCS message to the output stack as either a warning or an error. + * + * @since 0.11.0 + * + * @param string $message The message. + * @param int $stackPtr The position of the token the message relates to. + * @param bool $is_error Optional. Whether to report the message as an 'error' or 'warning'. + * Defaults to true (error). + * @param string $code Optional error code for the message. Defaults to 'Found'. + * @param array $data Optional input for the data replacements. + * @param int $severity Optional. Severity level. Defaults to 0 which will translate to + * the PHPCS default severity level. + * @return bool + */ + protected function addMessage( $message, $stackPtr, $is_error = true, $code = 'Found', $data = array(), $severity = 0 ) { + return $this->throwMessage( $message, $stackPtr, $is_error, $code, $data, $severity, false ); + } + + /** + * Add a fixable PHPCS message to the output stack as either a warning or an error. + * + * @since 0.11.0 + * + * @param string $message The message. + * @param int $stackPtr The position of the token the message relates to. + * @param bool $is_error Optional. Whether to report the message as an 'error' or 'warning'. + * Defaults to true (error). + * @param string $code Optional error code for the message. Defaults to 'Found'. + * @param array $data Optional input for the data replacements. + * @param int $severity Optional. Severity level. Defaults to 0 which will translate to + * the PHPCS default severity level. + * @return bool + */ + protected function addFixableMessage( $message, $stackPtr, $is_error = true, $code = 'Found', $data = array(), $severity = 0 ) { + return $this->throwMessage( $message, $stackPtr, $is_error, $code, $data, $severity, true ); + } + + /** + * Add a PHPCS message to the output stack as either a warning or an error. + * + * @since 0.11.0 + * + * @param string $message The message. + * @param int $stackPtr The position of the token the message relates to. + * @param bool $is_error Optional. Whether to report the message as an 'error' or 'warning'. + * Defaults to true (error). + * @param string $code Optional error code for the message. Defaults to 'Found'. + * @param array $data Optional input for the data replacements. + * @param int $severity Optional. Severity level. Defaults to 0 which will translate to + * the PHPCS default severity level. + * @param bool $fixable Optional. Whether this is a fixable error. Defaults to false. + * @return bool + */ + private function throwMessage( $message, $stackPtr, $is_error = true, $code = 'Found', $data = array(), $severity = 0, $fixable = false ) { + + $method = 'add'; + if ( true === $fixable ) { + $method .= 'Fixable'; + } + + if ( true === $is_error ) { + $method .= 'Error'; + } else { + $method .= 'Warning'; + } + + return \call_user_func( array( $this->phpcsFile, $method ), $message, $stackPtr, $code, $data, $severity ); + } + + /** + * Convert an arbitrary string to an alphanumeric string with underscores. + * + * Pre-empt issues with arbitrary strings being used as error codes in XML and PHP. + * + * @since 0.11.0 + * + * @param string $base_string Arbitrary string. + * + * @return string + */ + protected function string_to_errorcode( $base_string ) { + return preg_replace( '`[^a-z0-9_]`i', '_', $base_string ); + } + + /** + * Transform the name of a PHP construct (function, variable etc) to one in snake_case. + * + * @since 2.0.0 Moved from the `WordPress.NamingConventions.ValidFunctionName` sniff + * to this class, renamed from `get_name_suggestion` and made static + * so it can also be used by classes which don't extend this class. + * + * @param string $name The construct name. + * + * @return string + */ + public static function get_snake_case_name_suggestion( $name ) { + $suggested = preg_replace( '`([A-Z])`', '_$1', $name ); + $suggested = strtolower( $suggested ); + $suggested = str_replace( '__', '_', $suggested ); + $suggested = trim( $suggested, '_' ); + return $suggested; + } + + /** + * Merge a pre-set array with a ruleset provided array. + * + * - By default flips custom lists to allow for using `isset()` instead + * of `in_array()`. + * - When `$flip` is true: + * * Presumes the base array is in a `'value' => true` format. + * * Any custom items will be given the value `false` to be able to + * distinguish them from pre-set (base array) values. + * * Will filter previously added custom items out from the base array + * before merging/returning to allow for resetting to the base array. + * + * {@internal Function is static as it doesn't use any of the properties or others + * methods anyway and this way the `WordPress.NamingConventions.ValidVariableName` sniff + * which extends an upstream sniff can also use it.}} + * + * @since 0.11.0 + * @since 2.0.0 No longer supports custom array properties which were incorrectly + * passed as a string. + * + * @param array $custom Custom list as provided via a ruleset. + * @param array $base Optional. Base list. Defaults to an empty array. + * Expects `value => true` format when `$flip` is true. + * @param bool $flip Optional. Whether or not to flip the custom list. + * Defaults to true. + * @return array + */ + public static function merge_custom_array( $custom, $base = array(), $flip = true ) { + if ( true === $flip ) { + $base = array_filter( $base ); + } + + if ( empty( $custom ) || ! \is_array( $custom ) ) { + return $base; + } + + if ( true === $flip ) { + $custom = array_fill_keys( $custom, false ); + } + + if ( empty( $base ) ) { + return $custom; + } + + return array_merge( $base, $custom ); + } + + /** + * Get the last pointer in a line. + * + * @since 0.4.0 + * + * @param integer $stackPtr The position of the current token in the stack passed + * in $tokens. + * + * @return integer Position of the last pointer on that line. + */ + protected function get_last_ptr_on_line( $stackPtr ) { + + $tokens = $this->tokens; + $currentLine = $tokens[ $stackPtr ]['line']; + $nextPtr = ( $stackPtr + 1 ); + + while ( isset( $tokens[ $nextPtr ] ) && $tokens[ $nextPtr ]['line'] === $currentLine ) { + $nextPtr++; + // Do nothing, we just want the last token of the line. + } + + // We've made it to the next line, back up one to the last in the previous line. + // We do this for micro-optimization of the above loop. + $lastPtr = ( $nextPtr - 1 ); + + return $lastPtr; + } + + /** + * Overrule the minimum supported WordPress version with a command-line/config value. + * + * Handle setting the minimum supported WP version in one go for all sniffs which + * expect it via the command line or via a `` variable in a ruleset. + * The config variable overrules the default `$minimum_supported_version` and/or a + * `$minimum_supported_version` set for individual sniffs through the ruleset. + * + * @since 0.14.0 + */ + protected function get_wp_version_from_cl() { + $cl_supported_version = trim( PHPCSHelper::get_config_data( 'minimum_supported_wp_version' ) ); + if ( ! empty( $cl_supported_version ) + && filter_var( $cl_supported_version, \FILTER_VALIDATE_FLOAT ) !== false + ) { + $this->minimum_supported_version = $cl_supported_version; + } + } + + /** + * Find whitelisting comment. + * + * Comment must be at the end of the line or at the end of the statement + * and must use // format. + * It can be prefixed or suffixed with anything e.g. "foobar" will match: + * ... // foobar okay + * ... // WPCS: foobar whitelist. + * + * There is an exception, and that is when PHP is being interspersed with HTML. + * In that case, the comment should always come at the end of the statement (right + * before the closing tag, ?>). For example: + * + * + * + * @since 0.4.0 + * @since 0.14.0 Whitelist comments at the end of the statement are now also accepted. + * + * @deprecated 2.0.0 Use the PHPCS native `phpcs:ignore` annotations instead. + * + * @param string $comment Comment to find. + * @param integer $stackPtr The position of the current token in the stack passed + * in $tokens. + * + * @return boolean True if whitelisting comment was found, false otherwise. + */ + protected function has_whitelist_comment( $comment, $stackPtr ) { + + // Respect the PHPCS 3.x --ignore-annotations setting. + if ( true === PHPCSHelper::ignore_annotations( $this->phpcsFile ) ) { + return false; + } + + static $thrown_notices = array(); + + $deprecation_notice = 'Using the WPCS native whitelist comments is deprecated. Please use the PHPCS native "phpcs:ignore Standard.Category.SniffName.ErrorCode" annotations instead. Found: %s'; + $deprecation_code = 'DeprecatedWhitelistCommentFound'; + $filename = $this->phpcsFile->getFileName(); + + $regex = '#\b' . preg_quote( $comment, '#' ) . '\b#i'; + + // There is a findEndOfStatement() method, but it considers more tokens than + // we need to consider here. + $end_of_statement = $this->phpcsFile->findNext( array( \T_CLOSE_TAG, \T_SEMICOLON ), $stackPtr ); + + if ( false !== $end_of_statement ) { + // If the statement was ended by a semicolon, check if there is a whitelist comment directly after it. + if ( \T_SEMICOLON === $this->tokens[ $end_of_statement ]['code'] ) { + $lastPtr = $this->phpcsFile->findNext( \T_WHITESPACE, ( $end_of_statement + 1 ), null, true ); + } elseif ( \T_CLOSE_TAG === $this->tokens[ $end_of_statement ]['code'] ) { + // If the semicolon was left out and it was terminated by an ending tag, we need to look backwards. + $lastPtr = $this->phpcsFile->findPrevious( \T_WHITESPACE, ( $end_of_statement - 1 ), null, true ); + } + + if ( ( \T_COMMENT === $this->tokens[ $lastPtr ]['code'] + || ( isset( Tokens::$phpcsCommentTokens[ $this->tokens[ $lastPtr ]['code'] ] ) + && \T_PHPCS_SET !== $this->tokens[ $lastPtr ]['code'] ) ) + && $this->tokens[ $lastPtr ]['line'] === $this->tokens[ $end_of_statement ]['line'] + && preg_match( $regex, $this->tokens[ $lastPtr ]['content'] ) === 1 + ) { + if ( isset( $thrown_notices[ $filename ][ $lastPtr ] ) === false + && isset( Tokens::$phpcsCommentTokens[ $this->tokens[ $lastPtr ]['code'] ] ) === false + ) { + $this->phpcsFile->addWarning( + $deprecation_notice, + $lastPtr, + $deprecation_code, + array( $this->tokens[ $lastPtr ]['content'] ) + ); + + $thrown_notices[ $filename ][ $lastPtr ] = true; + } + + return true; + } + } + + // No whitelist comment found so far. Check at the end of the stackPtr line. + // Note: a T_COMMENT includes the new line character, so may be the last token on the line! + $end_of_line = $this->get_last_ptr_on_line( $stackPtr ); + $lastPtr = $this->phpcsFile->findPrevious( \T_WHITESPACE, $end_of_line, null, true ); + + if ( ( \T_COMMENT === $this->tokens[ $lastPtr ]['code'] + || ( isset( Tokens::$phpcsCommentTokens[ $this->tokens[ $lastPtr ]['code'] ] ) + && \T_PHPCS_SET !== $this->tokens[ $lastPtr ]['code'] ) ) + && $this->tokens[ $lastPtr ]['line'] === $this->tokens[ $stackPtr ]['line'] + && preg_match( $regex, $this->tokens[ $lastPtr ]['content'] ) === 1 + ) { + if ( isset( $thrown_notices[ $filename ][ $lastPtr ] ) === false + && isset( Tokens::$phpcsCommentTokens[ $this->tokens[ $lastPtr ]['code'] ] ) === false + ) { + $this->phpcsFile->addWarning( + $deprecation_notice, + $lastPtr, + $deprecation_code, + array( $this->tokens[ $lastPtr ]['content'] ) + ); + + $thrown_notices[ $filename ][ $lastPtr ] = true; + } + + return true; + } + + return false; + } + + /** + * Check if a token is used within a unit test. + * + * Unit test methods are identified as such: + * - Method is within a known unit test class; + * - or Method is within a class/trait which extends a known unit test class. + * + * @since 0.11.0 + * @since 1.1.0 Supports anonymous test classes and improved handling of nested scopes. + * + * @param int $stackPtr The position of the token to be examined. + * + * @return bool True if the token is within a unit test, false otherwise. + */ + protected function is_token_in_test_method( $stackPtr ) { + // Is the token inside of a function definition ? + $functionToken = $this->phpcsFile->getCondition( $stackPtr, \T_FUNCTION ); + if ( false === $functionToken ) { + // No conditions or no function condition. + return false; + } + + $conditions = $this->tokens[ $stackPtr ]['conditions']; + foreach ( $conditions as $token => $condition ) { + if ( $token === $functionToken ) { + // Only examine the conditions the function is nested in, not those nested within the function. + break; + } + + if ( isset( Tokens::$ooScopeTokens[ $condition ] ) ) { + $is_test_class = $this->is_test_class( $token ); + if ( true === $is_test_class ) { + return true; + } + } + } + + return false; + } + + /** + * Check if a class token is part of a unit test suite. + * + * Unit test classes are identified as such: + * - Class which either extends WP_UnitTestCase or PHPUnit_Framework_TestCase + * or a custom whitelisted unit test class. + * + * @since 0.12.0 Split off from the `is_token_in_test_method()` method. + * @since 1.0.0 Improved recognition of namespaced class names. + * + * @param int $stackPtr The position of the token to be examined. + * This should be a class, anonymous class or trait token. + * + * @return bool True if the class is a unit test class, false otherwise. + */ + protected function is_test_class( $stackPtr ) { + + if ( isset( $this->tokens[ $stackPtr ], Tokens::$ooScopeTokens[ $this->tokens[ $stackPtr ]['code'] ] ) === false ) { + return false; + } + + // Add any potentially whitelisted custom test classes to the whitelist. + $whitelist = $this->merge_custom_array( + $this->custom_test_class_whitelist, + $this->test_class_whitelist + ); + + /* + * Show some tolerance for user input. + * The custom test class names should be passed as FQN without a prefixing `\`. + */ + foreach ( $whitelist as $k => $v ) { + $whitelist[ $k ] = ltrim( $v, '\\' ); + } + + // Is the class/trait one of the whitelisted test classes ? + $namespace = $this->determine_namespace( $stackPtr ); + $className = $this->phpcsFile->getDeclarationName( $stackPtr ); + if ( '' !== $namespace ) { + if ( isset( $whitelist[ $namespace . '\\' . $className ] ) ) { + return true; + } + } elseif ( isset( $whitelist[ $className ] ) ) { + return true; + } + + // Does the class/trait extend one of the whitelisted test classes ? + $extendedClassName = $this->phpcsFile->findExtendedClassName( $stackPtr ); + if ( false === $extendedClassName ) { + return false; + } + + if ( '\\' === $extendedClassName[0] ) { + if ( isset( $whitelist[ substr( $extendedClassName, 1 ) ] ) ) { + return true; + } + } elseif ( '' !== $namespace ) { + if ( isset( $whitelist[ $namespace . '\\' . $extendedClassName ] ) ) { + return true; + } + } elseif ( isset( $whitelist[ $extendedClassName ] ) ) { + return true; + } + + /* + * Not examining imported classes via `use` statements as with the variety of syntaxes, + * this would get very complicated. + * After all, users can add an `` for a particular sniff to their + * custom ruleset to selectively exclude the test directory. + */ + + return false; + } + + /** + * Check if this variable is being assigned a value. + * + * E.g., $var = 'foo'; + * + * Also handles array assignments to arbitrary depth: + * + * $array['key'][ $foo ][ something() ] = $bar; + * + * @since 0.5.0 + * + * @param int $stackPtr The index of the token in the stack. This must point to + * either a T_VARIABLE or T_CLOSE_SQUARE_BRACKET token. + * + * @return bool Whether the token is a variable being assigned a value. + */ + protected function is_assignment( $stackPtr ) { + + static $valid = array( + \T_VARIABLE => true, + \T_CLOSE_SQUARE_BRACKET => true, + ); + + // Must be a variable, constant or closing square bracket (see below). + if ( ! isset( $valid[ $this->tokens[ $stackPtr ]['code'] ] ) ) { + return false; + } + + $next_non_empty = $this->phpcsFile->findNext( + Tokens::$emptyTokens, + ( $stackPtr + 1 ), + null, + true, + null, + true + ); + + // No token found. + if ( false === $next_non_empty ) { + return false; + } + + // If the next token is an assignment, that's all we need to know. + if ( isset( Tokens::$assignmentTokens[ $this->tokens[ $next_non_empty ]['code'] ] ) ) { + return true; + } + + // Check if this is an array assignment, e.g., `$var['key'] = 'val';` . + if ( \T_OPEN_SQUARE_BRACKET === $this->tokens[ $next_non_empty ]['code'] + && isset( $this->tokens[ $next_non_empty ]['bracket_closer'] ) + ) { + return $this->is_assignment( $this->tokens[ $next_non_empty ]['bracket_closer'] ); + } + + return false; + } + + /** + * Check if this token has an associated nonce check. + * + * @since 0.5.0 + * + * @param int $stackPtr The position of the current token in the stack of tokens. + * + * @return bool + */ + protected function has_nonce_check( $stackPtr ) { + + /** + * A cache of the scope that we last checked for nonce verification in. + * + * @var array { + * @var string $file The name of the file. + * @var int $start The index of the token where the scope started. + * @var int $end The index of the token where the scope ended. + * @var bool|int $nonce_check The index of the token where an nonce check + * was found, or false if none was found. + * } + */ + static $last; + + $start = 0; + $end = $stackPtr; + + $tokens = $this->phpcsFile->getTokens(); + + // If we're in a function, only look inside of it. + // Once PHPCS 3.5.0 comes out this should be changed to the new Conditions::GetLastCondition() method. + if ( isset( $tokens[ $stackPtr ]['conditions'] ) === true ) { + $conditions = $tokens[ $stackPtr ]['conditions']; + $conditions = array_reverse( $conditions, true ); + foreach ( $conditions as $tokenPtr => $condition ) { + if ( \T_FUNCTION === $condition || \T_CLOSURE === $condition ) { + $start = $tokens[ $tokenPtr ]['scope_opener']; + break; + } + } + } + + $allow_nonce_after = false; + if ( $this->is_in_isset_or_empty( $stackPtr ) + || $this->is_in_type_test( $stackPtr ) + || $this->is_comparison( $stackPtr ) + || $this->is_in_array_comparison( $stackPtr ) + || $this->is_in_function_call( $stackPtr, $this->unslashingFunctions ) !== false + || $this->is_only_sanitized( $stackPtr ) + ) { + $allow_nonce_after = true; + } + + // We allow for certain actions, such as an isset() check to come before the nonce check. + // If this superglobal is inside such a check, look for the nonce after it as well, + // all the way to the end of the scope. + if ( true === $allow_nonce_after ) { + $end = ( 0 === $start ) ? $this->phpcsFile->numTokens : $tokens[ $start ]['scope_closer']; + } + + // Check if we've looked here before. + $filename = $this->phpcsFile->getFilename(); + + if ( is_array( $last ) + && $filename === $last['file'] + && $start === $last['start'] + ) { + + if ( false !== $last['nonce_check'] ) { + // If we have already found an nonce check in this scope, we just + // need to check whether it comes before this token. It is OK if the + // check is after the token though, if this was only a isset() check. + return ( true === $allow_nonce_after || $last['nonce_check'] < $stackPtr ); + } elseif ( $end <= $last['end'] ) { + // If not, we can still go ahead and return false if we've already + // checked to the end of the search area. + return false; + } + + // We haven't checked this far yet, but we can still save work by + // skipping over the part we've already checked. + $start = $last['end']; + } else { + $last = array( + 'file' => $filename, + 'start' => $start, + 'end' => $end, + ); + } + + // Loop through the tokens looking for nonce verification functions. + for ( $i = $start; $i < $end; $i++ ) { + // Skip over nested closed scope constructs. + if ( \T_FUNCTION === $tokens[ $i ]['code'] + || \T_CLOSURE === $tokens[ $i ]['code'] + || isset( Tokens::$ooScopeTokens[ $tokens[ $i ]['code'] ] ) + ) { + if ( isset( $tokens[ $i ]['scope_closer'] ) ) { + $i = $tokens[ $i ]['scope_closer']; + } + continue; + } + + // If this isn't a function name, skip it. + if ( \T_STRING !== $tokens[ $i ]['code'] ) { + continue; + } + + // If this is one of the nonce verification functions, we can bail out. + if ( isset( $this->nonceVerificationFunctions[ $tokens[ $i ]['content'] ] ) ) { + /* + * Now, make sure it is a call to a global function. + */ + if ( $this->is_class_object_call( $i ) === true ) { + continue; + } + + if ( $this->is_token_namespaced( $i ) === true ) { + continue; + } + + $last['nonce_check'] = $i; + return true; + } + } + + // We're still here, so no luck. + $last['nonce_check'] = false; + + return false; + } + + /** + * Check if a token is inside of an isset(), empty() or array_key_exists() statement. + * + * @since 0.5.0 + * @since 2.1.0 Now checks for the token being used as the array parameter + * in function calls to array_key_exists() and key_exists() as well. + * + * @param int $stackPtr The index of the token in the stack. + * + * @return bool Whether the token is inside an isset() or empty() statement. + */ + protected function is_in_isset_or_empty( $stackPtr ) { + + if ( ! isset( $this->tokens[ $stackPtr ]['nested_parenthesis'] ) ) { + return false; + } + + $nested_parenthesis = $this->tokens[ $stackPtr ]['nested_parenthesis']; + + end( $nested_parenthesis ); + $open_parenthesis = key( $nested_parenthesis ); + + $previous_non_empty = $this->phpcsFile->findPrevious( Tokens::$emptyTokens, ( $open_parenthesis - 1 ), null, true, null, true ); + if ( false === $previous_non_empty ) { + return false; + } + + $previous_code = $this->tokens[ $previous_non_empty ]['code']; + if ( \T_ISSET === $previous_code || \T_EMPTY === $previous_code ) { + return true; + } + + $valid_functions = array( + 'array_key_exists' => true, + 'key_exists' => true, // Alias. + ); + + $functionPtr = $this->is_in_function_call( $stackPtr, $valid_functions ); + if ( false !== $functionPtr ) { + $second_param = $this->get_function_call_parameter( $functionPtr, 2 ); + if ( $stackPtr >= $second_param['start'] && $stackPtr <= $second_param['end'] ) { + return true; + } + } + + return false; + } + + /** + * Check if a particular token is a (static or non-static) call to a class method or property. + * + * @internal Note: this may still mistake a namespaced function imported via a `use` statement for + * a global function! + * + * @since 2.1.0 + * + * @param int $stackPtr The index of the token in the stack. + * + * @return bool + */ + protected function is_class_object_call( $stackPtr ) { + $before = $this->phpcsFile->findPrevious( Tokens::$emptyTokens, ( $stackPtr - 1 ), null, true, null, true ); + + if ( false === $before ) { + return false; + } + + if ( \T_OBJECT_OPERATOR !== $this->tokens[ $before ]['code'] + && \T_DOUBLE_COLON !== $this->tokens[ $before ]['code'] + ) { + return false; + } + + return true; + } + + /** + * Check if a particular token is prefixed with a namespace. + * + * @internal This will give a false positive if the file is not namespaced and the token is prefixed + * with `namespace\`. + * + * @since 2.1.0 + * + * @param int $stackPtr The index of the token in the stack. + * + * @return bool + */ + protected function is_token_namespaced( $stackPtr ) { + $prev = $this->phpcsFile->findPrevious( Tokens::$emptyTokens, ( $stackPtr - 1 ), null, true, null, true ); + + if ( false === $prev ) { + return false; + } + + if ( \T_NS_SEPARATOR !== $this->tokens[ $prev ]['code'] ) { + return false; + } + + $before_prev = $this->phpcsFile->findPrevious( Tokens::$emptyTokens, ( $prev - 1 ), null, true, null, true ); + if ( false === $before_prev ) { + return false; + } + + if ( \T_STRING !== $this->tokens[ $before_prev ]['code'] + && \T_NAMESPACE !== $this->tokens[ $before_prev ]['code'] + ) { + return false; + } + + return true; + } + + /** + * Check if a token is (part of) a parameter for a function call to a select list of functions. + * + * This is useful, for instance, when trying to determine the context a variable is used in. + * + * For example: this function could be used to determine if the variable `$foo` is used + * in a global function call to the function `is_foo()`. + * In that case, a call to this function would return the stackPtr to the T_STRING `is_foo` + * for code like: `is_foo( $foo, 'some_other_param' )`, while it would return `false` for + * the following code `is_bar( $foo, 'some_other_param' )`. + * + * @since 2.1.0 + * + * @param int $stackPtr The index of the token in the stack. + * @param array $valid_functions List of valid function names. + * Note: The keys to this array should be the function names + * in lowercase. Values are irrelevant. + * @param bool $global Optional. Whether to make sure that the function call is + * to a global function. If `false`, calls to methods, be it static + * `Class::method()` or via an object `$obj->method()`, and + * namespaced function calls, like `MyNS\function_name()` will + * also be accepted. + * Defaults to `true`. + * @param bool $allow_nested Optional. Whether to allow for nested function calls within the + * call to this function. + * I.e. when checking whether a token is within a function call + * to `strtolower()`, whether to accept `strtolower( trim( $var ) )` + * or only `strtolower( $var )`. + * Defaults to `false`. + * + * @return int|bool Stack pointer to the function call T_STRING token or false otherwise. + */ + protected function is_in_function_call( $stackPtr, $valid_functions, $global = true, $allow_nested = false ) { + if ( ! isset( $this->tokens[ $stackPtr ]['nested_parenthesis'] ) ) { + return false; + } + + $nested_parenthesis = $this->tokens[ $stackPtr ]['nested_parenthesis']; + if ( false === $allow_nested ) { + $nested_parenthesis = array_reverse( $nested_parenthesis, true ); + } + + foreach ( $nested_parenthesis as $open => $close ) { + + $prev_non_empty = $this->phpcsFile->findPrevious( Tokens::$emptyTokens, ( $open - 1 ), null, true, null, true ); + if ( false === $prev_non_empty || \T_STRING !== $this->tokens[ $prev_non_empty ]['code'] ) { + continue; + } + + if ( isset( $valid_functions[ strtolower( $this->tokens[ $prev_non_empty ]['content'] ) ] ) === false ) { + if ( false === $allow_nested ) { + // Function call encountered, but not to one of the allowed functions. + return false; + } + + continue; + } + + if ( false === $global ) { + return $prev_non_empty; + } + + /* + * Now, make sure it is a global function. + */ + if ( $this->is_class_object_call( $prev_non_empty ) === true ) { + continue; + } + + if ( $this->is_token_namespaced( $prev_non_empty ) === true ) { + continue; + } + + return $prev_non_empty; + } + + return false; + } + + /** + * Check if a token is inside of an is_...() statement. + * + * @since 2.1.0 + * + * @param int $stackPtr The index of the token in the stack. + * + * @return bool Whether the token is being type tested. + */ + protected function is_in_type_test( $stackPtr ) { + /* + * Casting the potential integer stack pointer return value to boolean here is fine. + * The return can never be `0` as there will always be a PHP open tag before the + * function call. + */ + return (bool) $this->is_in_function_call( $stackPtr, $this->typeTestFunctions ); + } + + /** + * Check if something is only being sanitized. + * + * @since 0.5.0 + * + * @param int $stackPtr The index of the token in the stack. + * + * @return bool Whether the token is only within a sanitization. + */ + protected function is_only_sanitized( $stackPtr ) { + + // If it isn't being sanitized at all. + if ( ! $this->is_sanitized( $stackPtr ) ) { + return false; + } + + // If this isn't set, we know the value must have only been casted, because + // is_sanitized() would have returned false otherwise. + if ( ! isset( $this->tokens[ $stackPtr ]['nested_parenthesis'] ) ) { + return true; + } + + // At this point we're expecting the value to have not been casted. If it + // was, it wasn't *only* casted, because it's also in a function. + if ( $this->is_safe_casted( $stackPtr ) ) { + return false; + } + + // The only parentheses should belong to the sanitizing function. If there's + // more than one set, this isn't *only* sanitization. + return ( \count( $this->tokens[ $stackPtr ]['nested_parenthesis'] ) === 1 ); + } + + /** + * Check if something is being casted to a safe value. + * + * @since 0.5.0 + * + * @param int $stackPtr The index of the token in the stack. + * + * @return bool Whether the token being casted. + */ + protected function is_safe_casted( $stackPtr ) { + + // Get the last non-empty token. + $prev = $this->phpcsFile->findPrevious( + Tokens::$emptyTokens, + ( $stackPtr - 1 ), + null, + true + ); + + if ( false === $prev ) { + return false; + } + + // Check if it is a safe cast. + return isset( $this->safe_casts[ $this->tokens[ $prev ]['code'] ] ); + } + + /** + * Check if something is being sanitized. + * + * @since 0.5.0 + * + * @param int $stackPtr The index of the token in the stack. + * @param bool $require_unslash Whether to give an error if no unslashing function + * is used on the variable before sanitization. + * + * @return bool Whether the token being sanitized. + */ + protected function is_sanitized( $stackPtr, $require_unslash = false ) { + + // First we check if it is being casted to a safe value. + if ( $this->is_safe_casted( $stackPtr ) ) { + return true; + } + + // If this isn't within a function call, we know already that it's not safe. + if ( ! isset( $this->tokens[ $stackPtr ]['nested_parenthesis'] ) ) { + if ( $require_unslash ) { + $this->add_unslash_error( $stackPtr ); + } + + return false; + } + + // Get the function that it's in. + $nested_parenthesis = $this->tokens[ $stackPtr ]['nested_parenthesis']; + $nested_openers = array_keys( $nested_parenthesis ); + $function_opener = array_pop( $nested_openers ); + $functionPtr = $this->phpcsFile->findPrevious( Tokens::$emptyTokens, ( $function_opener - 1 ), null, true, null, true ); + + // If it is just being unset, the value isn't used at all, so it's safe. + if ( \T_UNSET === $this->tokens[ $functionPtr ]['code'] ) { + return true; + } + + $valid_functions = $this->sanitizingFunctions; + $valid_functions += $this->unslashingSanitizingFunctions; + $valid_functions += $this->unslashingFunctions; + $valid_functions += $this->arrayWalkingFunctions; + + $functionPtr = $this->is_in_function_call( $stackPtr, $valid_functions ); + + // If this isn't a call to one of the valid functions, it sure isn't a sanitizing function. + if ( false === $functionPtr ) { + if ( true === $require_unslash ) { + $this->add_unslash_error( $stackPtr ); + } + + return false; + } + + $functionName = $this->tokens[ $functionPtr ]['content']; + + // Check if an unslashing function is being used. + if ( isset( $this->unslashingFunctions[ $functionName ] ) ) { + + $is_unslashed = true; + + // Remove the unslashing functions. + $valid_functions = array_diff_key( $valid_functions, $this->unslashingFunctions ); + + // Check is any of the remaining (sanitizing) functions is used. + $higherFunctionPtr = $this->is_in_function_call( $functionPtr, $valid_functions ); + + // If there is no other valid function being used, this value is unsanitized. + if ( false === $higherFunctionPtr ) { + return false; + } + + $functionPtr = $higherFunctionPtr; + $functionName = $this->tokens[ $functionPtr ]['content']; + + } else { + $is_unslashed = false; + } + + // Arrays might be sanitized via an array walking function using a callback. + if ( isset( $this->arrayWalkingFunctions[ $functionName ] ) ) { + + // Get the callback parameter. + $callback = $this->get_function_call_parameter( $functionPtr, $this->arrayWalkingFunctions[ $functionName ] ); + + if ( ! empty( $callback ) ) { + /* + * If this is a function callback (not a method callback array) and we're able + * to resolve the function name, do so. + */ + $first_non_empty = $this->phpcsFile->findNext( + Tokens::$emptyTokens, + $callback['start'], + ( $callback['end'] + 1 ), + true + ); + + if ( false !== $first_non_empty && \T_CONSTANT_ENCAPSED_STRING === $this->tokens[ $first_non_empty ]['code'] ) { + $functionName = $this->strip_quotes( $this->tokens[ $first_non_empty ]['content'] ); + } + } + } + + // If slashing is required, give an error. + if ( ! $is_unslashed && $require_unslash && ! isset( $this->unslashingSanitizingFunctions[ $functionName ] ) ) { + $this->add_unslash_error( $stackPtr ); + } + + // Check if this is a sanitizing function. + if ( isset( $this->sanitizingFunctions[ $functionName ] ) || isset( $this->unslashingSanitizingFunctions[ $functionName ] ) ) { + return true; + } + + return false; + } + + /** + * Add an error for missing use of unslashing. + * + * @since 0.5.0 + * + * @param int $stackPtr The index of the token in the stack. + */ + public function add_unslash_error( $stackPtr ) { + + $this->phpcsFile->addError( + '%s data not unslashed before sanitization. Use wp_unslash() or similar', + $stackPtr, + 'MissingUnslash', + array( $this->tokens[ $stackPtr ]['content'] ) + ); + } + + /** + * Get the index keys of an array variable. + * + * E.g., "bar" and "baz" in $foo['bar']['baz']. + * + * @since 2.1.0 + * + * @param int $stackPtr The index of the variable token in the stack. + * @param bool $all Whether to get all keys or only the first. + * Defaults to `true`(= all). + * + * @return array An array of index keys whose value is being accessed. + * or an empty array if this is not array access. + */ + protected function get_array_access_keys( $stackPtr, $all = true ) { + + $keys = array(); + + if ( \T_VARIABLE !== $this->tokens[ $stackPtr ]['code'] ) { + return $keys; + } + + $current = $stackPtr; + + do { + // Find the next non-empty token. + $open_bracket = $this->phpcsFile->findNext( + Tokens::$emptyTokens, + ( $current + 1 ), + null, + true + ); + + // If it isn't a bracket, this isn't an array-access. + if ( false === $open_bracket + || \T_OPEN_SQUARE_BRACKET !== $this->tokens[ $open_bracket ]['code'] + || ! isset( $this->tokens[ $open_bracket ]['bracket_closer'] ) + ) { + break; + } + + $key = $this->phpcsFile->getTokensAsString( + ( $open_bracket + 1 ), + ( $this->tokens[ $open_bracket ]['bracket_closer'] - $open_bracket - 1 ) + ); + + $keys[] = trim( $key ); + $current = $this->tokens[ $open_bracket ]['bracket_closer']; + } while ( isset( $this->tokens[ $current ] ) && true === $all ); + + return $keys; + } + + /** + * Get the index key of an array variable. + * + * E.g., "bar" in $foo['bar']. + * + * @since 0.5.0 + * @since 2.1.0 Now uses get_array_access_keys() under the hood. + * + * @param int $stackPtr The index of the token in the stack. + * + * @return string|false The array index key whose value is being accessed. + */ + protected function get_array_access_key( $stackPtr ) { + + $keys = $this->get_array_access_keys( $stackPtr, false ); + + if ( isset( $keys[0] ) ) { + return $keys[0]; + } + + return false; + } + + /** + * Check if the existence of a variable is validated with isset(), empty(), array_key_exists() + * or key_exists(). + * + * When $in_condition_only is false, (which is the default), this is considered + * valid: + * + * ```php + * if ( isset( $var ) ) { + * // Do stuff, like maybe return or exit (but could be anything) + * } + * + * foo( $var ); + * ``` + * + * When it is true, that would be invalid, the use of the variable must be within + * the scope of the validating condition, like this: + * + * ```php + * if ( isset( $var ) ) { + * foo( $var ); + * } + * ``` + * + * @since 0.5.0 + * @since 2.1.0 Now recognizes array_key_exists() and key_exists() as validation functions. + * @since 2.1.0 Stricter check on whether the correct variable and the correct + * array keys are being validated. + * + * @param int $stackPtr The index of this token in the stack. + * @param array|string $array_keys An array key to check for ("bar" in $foo['bar']) + * or an array of keys for multi-level array access. + * @param bool $in_condition_only Whether to require that this use of the + * variable occur within the scope of the + * validating condition, or just in the same + * scope as it (default). + * + * @return bool Whether the var is validated. + */ + protected function is_validated( $stackPtr, $array_keys = array(), $in_condition_only = false ) { + + if ( $in_condition_only ) { + /* + * This is a stricter check, requiring the variable to be used only + * within the validation condition. + */ + + // If there are no conditions, there's no validation. + if ( empty( $this->tokens[ $stackPtr ]['conditions'] ) ) { + return false; + } + + $conditions = $this->tokens[ $stackPtr ]['conditions']; + end( $conditions ); // Get closest condition. + $conditionPtr = key( $conditions ); + $condition = $this->tokens[ $conditionPtr ]; + + if ( ! isset( $condition['parenthesis_opener'] ) ) { + // Live coding or parse error. + return false; + } + + $scope_start = $condition['parenthesis_opener']; + $scope_end = $condition['parenthesis_closer']; + + } else { + /* + * We are are more loose, requiring only that the variable be validated + * in the same function/file scope as it is used. + */ + + $scope_start = 0; + + // Check if we are in a function. + $function = $this->phpcsFile->getCondition( $stackPtr, \T_FUNCTION ); + + // If so, we check only within the function, otherwise the whole file. + if ( false !== $function ) { + $scope_start = $this->tokens[ $function ]['scope_opener']; + } else { + // Check if we are in a closure. + $closure = $this->phpcsFile->getCondition( $stackPtr, \T_CLOSURE ); + + // If so, we check only within the closure. + if ( false !== $closure ) { + $scope_start = $this->tokens[ $closure ]['scope_opener']; + } + } + + $scope_end = $stackPtr; + } + + if ( ! empty( $array_keys ) && ! is_array( $array_keys ) ) { + $array_keys = (array) $array_keys; + } + + $bare_array_keys = array_map( array( $this, 'strip_quotes' ), $array_keys ); + $targets = array( + \T_ISSET => 'construct', + \T_EMPTY => 'construct', + \T_UNSET => 'construct', + \T_STRING => 'function_call', + \T_COALESCE => 'coalesce', + \T_COALESCE_EQUAL => 'coalesce', + ); + + // phpcs:ignore Generic.CodeAnalysis.JumbledIncrementer.Found -- On purpose, see below. + for ( $i = ( $scope_start + 1 ); $i < $scope_end; $i++ ) { + + if ( isset( $targets[ $this->tokens[ $i ]['code'] ] ) === false ) { + continue; + } + + switch ( $targets[ $this->tokens[ $i ]['code'] ] ) { + case 'construct': + $issetOpener = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $i + 1 ), null, true, null, true ); + if ( false === $issetOpener || \T_OPEN_PARENTHESIS !== $this->tokens[ $issetOpener ]['code'] ) { + // Parse error or live coding. + continue 2; + } + + $issetCloser = $this->tokens[ $issetOpener ]['parenthesis_closer']; + + // Look for this variable. We purposely stomp $i from the parent loop. + for ( $i = ( $issetOpener + 1 ); $i < $issetCloser; $i++ ) { + + if ( \T_VARIABLE !== $this->tokens[ $i ]['code'] ) { + continue; + } + + if ( $this->tokens[ $stackPtr ]['content'] !== $this->tokens[ $i ]['content'] ) { + continue; + } + + // If we're checking for specific array keys (ex: 'hello' in + // $_POST['hello']), that must match too. Quote-style, however, doesn't matter. + if ( ! empty( $bare_array_keys ) ) { + $found_keys = $this->get_array_access_keys( $i ); + $found_keys = array_map( array( $this, 'strip_quotes' ), $found_keys ); + $diff = array_diff_assoc( $bare_array_keys, $found_keys ); + if ( ! empty( $diff ) ) { + continue; + } + } + + return true; + } + + break; + + case 'function_call': + // Only check calls to array_key_exists() and key_exists(). + if ( 'array_key_exists' !== $this->tokens[ $i ]['content'] + && 'key_exists' !== $this->tokens[ $i ]['content'] + ) { + continue 2; + } + + $next_non_empty = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $i + 1 ), null, true, null, true ); + if ( false === $next_non_empty || \T_OPEN_PARENTHESIS !== $this->tokens[ $next_non_empty ]['code'] ) { + // Not a function call. + continue 2; + } + + if ( $this->is_class_object_call( $i ) === true ) { + // Method call. + continue 2; + } + + if ( $this->is_token_namespaced( $i ) === true ) { + // Namespaced function call. + continue 2; + } + + $params = $this->get_function_call_parameters( $i ); + if ( count( $params ) < 2 ) { + continue 2; + } + + $param2_first_token = $this->phpcsFile->findNext( Tokens::$emptyTokens, $params[2]['start'], ( $params[2]['end'] + 1 ), true ); + if ( false === $param2_first_token + || \T_VARIABLE !== $this->tokens[ $param2_first_token ]['code'] + || $this->tokens[ $param2_first_token ]['content'] !== $this->tokens[ $stackPtr ]['content'] + ) { + continue 2; + } + + if ( ! empty( $bare_array_keys ) ) { + // Prevent the original array from being altered. + $bare_keys = $bare_array_keys; + $last_key = array_pop( $bare_keys ); + + /* + * For multi-level array access, the complete set of keys could be split between + * the first and the second parameter, but could also be completely in the second + * parameter, so we need to check both options. + */ + + $found_keys = $this->get_array_access_keys( $param2_first_token ); + $found_keys = array_map( array( $this, 'strip_quotes' ), $found_keys ); + + // First try matching the complete set against the second parameter. + $diff = array_diff_assoc( $bare_array_keys, $found_keys ); + if ( empty( $diff ) ) { + return true; + } + + // If that failed, try getting an exact match for the subset against the + // second parameter and the last key against the first. + if ( $bare_keys === $found_keys && $this->strip_quotes( $params[1]['raw'] ) === $last_key ) { + return true; + } + + // Didn't find the correct array keys. + continue 2; + } + + return true; + + case 'coalesce': + $prev = $i; + do { + $prev = $this->phpcsFile->findPrevious( Tokens::$emptyTokens, ( $prev - 1 ), null, true, null, true ); + // Skip over array keys, like $_GET['key']['subkey']. + if ( \T_CLOSE_SQUARE_BRACKET === $this->tokens[ $prev ]['code'] ) { + $prev = $this->tokens[ $prev ]['bracket_opener']; + continue; + } + + break; + } while ( $prev >= ( $scope_start + 1 ) ); + + // We should now have reached the variable. + if ( \T_VARIABLE !== $this->tokens[ $prev ]['code'] ) { + continue 2; + } + + if ( $this->tokens[ $prev ]['content'] !== $this->tokens[ $stackPtr ]['content'] ) { + continue 2; + } + + if ( ! empty( $bare_array_keys ) ) { + $found_keys = $this->get_array_access_keys( $prev ); + $found_keys = array_map( array( $this, 'strip_quotes' ), $found_keys ); + $diff = array_diff_assoc( $bare_array_keys, $found_keys ); + if ( ! empty( $diff ) ) { + continue 2; + } + } + + // Right variable, correct key. + return true; + } + } + + return false; + } + + /** + * Check whether a variable is being compared to another value. + * + * E.g., $var === 'foo', 1 <= $var, etc. + * + * Also recognizes `switch ( $var )`. + * + * @since 0.5.0 + * @since 2.1.0 Added the $include_coalesce parameter. + * + * @param int $stackPtr The index of this token in the stack. + * @param bool $include_coalesce Optional. Whether or not to regard the null + * coalesce operator - ?? - as a comparison operator. + * Defaults to true. + * Null coalesce is a special comparison operator in this + * sense as it doesn't compare a variable to whatever is + * on the other side of the comparison operator. + * + * @return bool Whether this is a comparison. + */ + protected function is_comparison( $stackPtr, $include_coalesce = true ) { + + $comparisonTokens = Tokens::$comparisonTokens; + if ( false === $include_coalesce ) { + unset( $comparisonTokens[ \T_COALESCE ] ); + } + + // We first check if this is a switch statement (switch ( $var )). + if ( isset( $this->tokens[ $stackPtr ]['nested_parenthesis'] ) ) { + $nested_parenthesis = $this->tokens[ $stackPtr ]['nested_parenthesis']; + $close_parenthesis = end( $nested_parenthesis ); + + if ( + isset( $this->tokens[ $close_parenthesis ]['parenthesis_owner'] ) + && \T_SWITCH === $this->tokens[ $this->tokens[ $close_parenthesis ]['parenthesis_owner'] ]['code'] + ) { + return true; + } + } + + // Find the previous non-empty token. We check before the var first because + // yoda conditions are usually expected. + $previous_token = $this->phpcsFile->findPrevious( + Tokens::$emptyTokens, + ( $stackPtr - 1 ), + null, + true + ); + + if ( isset( $comparisonTokens[ $this->tokens[ $previous_token ]['code'] ] ) ) { + return true; + } + + // Maybe the comparison operator is after this. + $next_token = $this->phpcsFile->findNext( + Tokens::$emptyTokens, + ( $stackPtr + 1 ), + null, + true + ); + + // This might be an opening square bracket in the case of arrays ($var['a']). + while ( false !== $next_token && \T_OPEN_SQUARE_BRACKET === $this->tokens[ $next_token ]['code'] ) { + + $next_token = $this->phpcsFile->findNext( + Tokens::$emptyTokens, + ( $this->tokens[ $next_token ]['bracket_closer'] + 1 ), + null, + true + ); + } + + if ( false !== $next_token && isset( $comparisonTokens[ $this->tokens[ $next_token ]['code'] ] ) ) { + return true; + } + + return false; + } + + /** + * Check if a token is inside of an array-value comparison function. + * + * @since 2.1.0 + * + * @param int $stackPtr The index of the token in the stack. + * + * @return bool Whether the token is (part of) a parameter to an + * array-value comparison function. + */ + protected function is_in_array_comparison( $stackPtr ) { + $function_ptr = $this->is_in_function_call( $stackPtr, $this->arrayCompareFunctions, true, true ); + if ( false === $function_ptr ) { + return false; + } + + $function_name = $this->tokens[ $function_ptr ]['content']; + if ( true === $this->arrayCompareFunctions[ $function_name ] ) { + return true; + } + + if ( $this->get_function_call_parameter_count( $function_ptr ) >= $this->arrayCompareFunctions[ $function_name ] ) { + return true; + } + + return false; + } + + /** + * Check what type of 'use' statement a token is part of. + * + * The T_USE token has multiple different uses: + * + * 1. In a closure: function () use ( $var ) {} + * 2. In a class, to import a trait: use Trait_Name + * 3. In a namespace, to import a class: use Some\Class; + * + * This function will check the token and return 'closure', 'trait', or 'class', + * based on which of these uses the use is being used for. + * + * @since 0.7.0 + * + * @param int $stackPtr The position of the token to check. + * + * @return string The type of use. + */ + protected function get_use_type( $stackPtr ) { + + // USE keywords inside closures. + $next = $this->phpcsFile->findNext( \T_WHITESPACE, ( $stackPtr + 1 ), null, true ); + + if ( \T_OPEN_PARENTHESIS === $this->tokens[ $next ]['code'] ) { + return 'closure'; + } + + // USE keywords for traits. + $valid_scopes = array( + 'T_CLASS' => true, + 'T_ANON_CLASS' => true, + 'T_TRAIT' => true, + ); + if ( false !== $this->valid_direct_scope( $stackPtr, $valid_scopes ) ) { + return 'trait'; + } + + // USE keywords for classes to import to a namespace. + return 'class'; + } + + /** + * Get the interpolated variable names from a string. + * + * Check if '$' is followed by a valid variable name, and that it is not preceded by an escape sequence. + * + * @since 0.9.0 + * + * @param string $string The contents of a T_DOUBLE_QUOTED_STRING or T_HEREDOC token. + * + * @return array Variable names (without '$' sigil). + */ + protected function get_interpolated_variables( $string ) { + $variables = array(); + if ( preg_match_all( '/(?P\\\\*)\$(?P\w+)/', $string, $match_sets, \PREG_SET_ORDER ) ) { + foreach ( $match_sets as $matches ) { + if ( ! isset( $matches['backslashes'] ) || ( \strlen( $matches['backslashes'] ) % 2 ) === 0 ) { + $variables[] = $matches['symbol']; + } + } + } + return $variables; + } + + /** + * Strip variables from an arbitrary double quoted/heredoc string. + * + * Intended for use with the contents of a T_DOUBLE_QUOTED_STRING or T_HEREDOC token. + * + * @since 0.14.0 + * + * @param string $string The raw string. + * + * @return string String without variables in it. + */ + public function strip_interpolated_variables( $string ) { + if ( strpos( $string, '$' ) === false ) { + return $string; + } + + return preg_replace( self::REGEX_COMPLEX_VARS, '', $string ); + } + + /** + * Checks if a function call has parameters. + * + * Expects to be passed the T_STRING stack pointer for the function call. + * If passed a T_STRING which is *not* a function call, the behaviour is unreliable. + * + * Extra feature: If passed an T_ARRAY or T_OPEN_SHORT_ARRAY stack pointer, it + * will detect whether the array has values or is empty. + * + * @link https://github.com/PHPCompatibility/PHPCompatibility/issues/120 + * @link https://github.com/PHPCompatibility/PHPCompatibility/issues/152 + * + * @since 0.11.0 + * + * @param int $stackPtr The position of the function call token. + * + * @return bool + */ + public function does_function_call_have_parameters( $stackPtr ) { + + // Check for the existence of the token. + if ( false === isset( $this->tokens[ $stackPtr ] ) ) { + return false; + } + + // Is this one of the tokens this function handles ? + if ( false === \in_array( $this->tokens[ $stackPtr ]['code'], array( \T_STRING, \T_ARRAY, \T_OPEN_SHORT_ARRAY ), true ) ) { + return false; + } + + $next_non_empty = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $stackPtr + 1 ), null, true, null, true ); + + // Deal with short array syntax. + if ( 'T_OPEN_SHORT_ARRAY' === $this->tokens[ $stackPtr ]['type'] ) { + if ( false === isset( $this->tokens[ $stackPtr ]['bracket_closer'] ) ) { + return false; + } + + if ( $next_non_empty === $this->tokens[ $stackPtr ]['bracket_closer'] ) { + // No parameters. + return false; + } else { + return true; + } + } + + // Deal with function calls & long arrays. + // Next non-empty token should be the open parenthesis. + if ( false === $next_non_empty && \T_OPEN_PARENTHESIS !== $this->tokens[ $next_non_empty ]['code'] ) { + return false; + } + + if ( false === isset( $this->tokens[ $next_non_empty ]['parenthesis_closer'] ) ) { + return false; + } + + $close_parenthesis = $this->tokens[ $next_non_empty ]['parenthesis_closer']; + $next_next_non_empty = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $next_non_empty + 1 ), ( $close_parenthesis + 1 ), true ); + + if ( $next_next_non_empty === $close_parenthesis ) { + // No parameters. + return false; + } + + return true; + } + + /** + * Count the number of parameters a function call has been passed. + * + * Expects to be passed the T_STRING stack pointer for the function call. + * If passed a T_STRING which is *not* a function call, the behaviour is unreliable. + * + * Extra feature: If passed an T_ARRAY or T_OPEN_SHORT_ARRAY stack pointer, + * it will return the number of values in the array. + * + * @link https://github.com/PHPCompatibility/PHPCompatibility/issues/111 + * @link https://github.com/PHPCompatibility/PHPCompatibility/issues/114 + * @link https://github.com/PHPCompatibility/PHPCompatibility/issues/151 + * + * @since 0.11.0 + * + * @param int $stackPtr The position of the function call token. + * + * @return int + */ + public function get_function_call_parameter_count( $stackPtr ) { + if ( false === $this->does_function_call_have_parameters( $stackPtr ) ) { + return 0; + } + + return \count( $this->get_function_call_parameters( $stackPtr ) ); + } + + /** + * Get information on all parameters passed to a function call. + * + * Expects to be passed the T_STRING stack pointer for the function call. + * If passed a T_STRING which is *not* a function call, the behaviour is unreliable. + * + * Extra feature: If passed an T_ARRAY or T_OPEN_SHORT_ARRAY stack pointer, + * it will tokenize the values / key/value pairs contained in the array call. + * + * @since 0.11.0 + * + * @param int $stackPtr The position of the function call token. + * + * @return array Multi-dimentional array with parameter details or + * empty array if no parameters are found. + * + * @type int $position 1-based index position of the parameter. { + * @type int $start Stack pointer for the start of the parameter. + * @type int $end Stack pointer for the end of parameter. + * @type int $raw Trimmed raw parameter content. + * } + */ + public function get_function_call_parameters( $stackPtr ) { + if ( false === $this->does_function_call_have_parameters( $stackPtr ) ) { + return array(); + } + + /* + * Ok, we know we have a T_STRING, T_ARRAY or T_OPEN_SHORT_ARRAY with parameters + * and valid open & close brackets/parenthesis. + */ + + // Mark the beginning and end tokens. + if ( 'T_OPEN_SHORT_ARRAY' === $this->tokens[ $stackPtr ]['type'] ) { + $opener = $stackPtr; + $closer = $this->tokens[ $stackPtr ]['bracket_closer']; + + $nestedParenthesisCount = 0; + } else { + $opener = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $stackPtr + 1 ), null, true, null, true ); + $closer = $this->tokens[ $opener ]['parenthesis_closer']; + + $nestedParenthesisCount = 1; + } + + // Which nesting level is the one we are interested in ? + if ( isset( $this->tokens[ $opener ]['nested_parenthesis'] ) ) { + $nestedParenthesisCount += \count( $this->tokens[ $opener ]['nested_parenthesis'] ); + } + + $parameters = array(); + $next_comma = $opener; + $param_start = ( $opener + 1 ); + $cnt = 1; + while ( $next_comma = $this->phpcsFile->findNext( array( \T_COMMA, $this->tokens[ $closer ]['code'], \T_OPEN_SHORT_ARRAY, \T_CLOSURE ), ( $next_comma + 1 ), ( $closer + 1 ) ) ) { + // Ignore anything within short array definition brackets. + if ( 'T_OPEN_SHORT_ARRAY' === $this->tokens[ $next_comma ]['type'] + && ( isset( $this->tokens[ $next_comma ]['bracket_opener'] ) + && $this->tokens[ $next_comma ]['bracket_opener'] === $next_comma ) + && isset( $this->tokens[ $next_comma ]['bracket_closer'] ) + ) { + // Skip forward to the end of the short array definition. + $next_comma = $this->tokens[ $next_comma ]['bracket_closer']; + continue; + } + + // Skip past closures passed as function parameters. + if ( 'T_CLOSURE' === $this->tokens[ $next_comma ]['type'] + && ( isset( $this->tokens[ $next_comma ]['scope_condition'] ) + && $this->tokens[ $next_comma ]['scope_condition'] === $next_comma ) + && isset( $this->tokens[ $next_comma ]['scope_closer'] ) + ) { + // Skip forward to the end of the closure declaration. + $next_comma = $this->tokens[ $next_comma ]['scope_closer']; + continue; + } + + // Ignore comma's at a lower nesting level. + if ( \T_COMMA === $this->tokens[ $next_comma ]['code'] + && isset( $this->tokens[ $next_comma ]['nested_parenthesis'] ) + && \count( $this->tokens[ $next_comma ]['nested_parenthesis'] ) !== $nestedParenthesisCount + ) { + continue; + } + + // Ignore closing parenthesis/bracket if not 'ours'. + if ( $this->tokens[ $next_comma ]['type'] === $this->tokens[ $closer ]['type'] && $next_comma !== $closer ) { + continue; + } + + // Ok, we've reached the end of the parameter. + $parameters[ $cnt ]['start'] = $param_start; + $parameters[ $cnt ]['end'] = ( $next_comma - 1 ); + $parameters[ $cnt ]['raw'] = trim( $this->phpcsFile->getTokensAsString( $param_start, ( $next_comma - $param_start ) ) ); + + /* + * Check if there are more tokens before the closing parenthesis. + * Prevents code like the following from setting a third parameter: + * functionCall( $param1, $param2, ); + */ + $has_next_param = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $next_comma + 1 ), $closer, true, null, true ); + if ( false === $has_next_param ) { + break; + } + + // Prepare for the next parameter. + $param_start = ( $next_comma + 1 ); + $cnt++; + } + + return $parameters; + } + + /** + * Get information on a specific parameter passed to a function call. + * + * Expects to be passed the T_STRING stack pointer for the function call. + * If passed a T_STRING which is *not* a function call, the behaviour is unreliable. + * + * Will return a array with the start token pointer, end token pointer and the raw value + * of the parameter at a specific offset. + * If the specified parameter is not found, will return false. + * + * @since 0.11.0 + * + * @param int $stackPtr The position of the function call token. + * @param int $param_offset The 1-based index position of the parameter to retrieve. + * + * @return array|false + */ + public function get_function_call_parameter( $stackPtr, $param_offset ) { + $parameters = $this->get_function_call_parameters( $stackPtr ); + + if ( false === isset( $parameters[ $param_offset ] ) ) { + return false; + } + + return $parameters[ $param_offset ]; + } + + /** + * Find the array opener & closer based on a T_ARRAY or T_OPEN_SHORT_ARRAY token. + * + * @since 0.12.0 + * + * @param int $stackPtr The stack pointer to the array token. + * + * @return array|bool Array with two keys `opener`, `closer` or false if + * either or these could not be determined. + */ + protected function find_array_open_close( $stackPtr ) { + /* + * Determine the array opener & closer. + */ + if ( \T_ARRAY === $this->tokens[ $stackPtr ]['code'] ) { + if ( isset( $this->tokens[ $stackPtr ]['parenthesis_opener'] ) ) { + $opener = $this->tokens[ $stackPtr ]['parenthesis_opener']; + + if ( isset( $this->tokens[ $opener ]['parenthesis_closer'] ) ) { + $closer = $this->tokens[ $opener ]['parenthesis_closer']; + } + } + } else { + // Short array syntax. + $opener = $stackPtr; + $closer = $this->tokens[ $stackPtr ]['bracket_closer']; + } + + if ( isset( $opener, $closer ) ) { + return array( + 'opener' => $opener, + 'closer' => $closer, + ); + } + + return false; + } + + /** + * Find the list opener & closer based on a T_LIST or T_OPEN_SHORT_ARRAY token. + * + * @since 2.2.0 + * + * @param int $stackPtr The stack pointer to the array token. + * + * @return array|bool Array with two keys `opener`, `closer` or false if + * not a (short) list token or if either or these + * could not be determined. + */ + protected function find_list_open_close( $stackPtr ) { + /* + * Determine the list opener & closer. + */ + if ( \T_LIST === $this->tokens[ $stackPtr ]['code'] ) { + // PHPCS 3.5.0. + if ( isset( $this->tokens[ $stackPtr ]['parenthesis_opener'] ) ) { + $opener = $this->tokens[ $stackPtr ]['parenthesis_opener']; + + } else { + // PHPCS < 3.5.0. + $next_non_empty = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $stackPtr + 1 ), null, true ); + if ( false !== $next_non_empty + && \T_OPEN_PARENTHESIS === $this->tokens[ $next_non_empty ]['code'] + ) { + $opener = $next_non_empty; + } + } + + if ( isset( $opener, $this->tokens[ $opener ]['parenthesis_closer'] ) ) { + $closer = $this->tokens[ $opener ]['parenthesis_closer']; + } + } + + if ( \T_OPEN_SHORT_ARRAY === $this->tokens[ $stackPtr ]['code'] + && $this->is_short_list( $stackPtr ) === true + ) { + $opener = $stackPtr; + $closer = $this->tokens[ $stackPtr ]['bracket_closer']; + } + + if ( isset( $opener, $closer ) ) { + return array( + 'opener' => $opener, + 'closer' => $closer, + ); + } + + return false; + } + + /** + * Determine the namespace name an arbitrary token lives in. + * + * @since 0.10.0 + * @since 0.12.0 Moved from the `AbstractClassRestrictionsSniff` to this class. + * + * @param int $stackPtr The token position for which to determine the namespace. + * + * @return string Namespace name or empty string if it couldn't be determined or no namespace applies. + */ + public function determine_namespace( $stackPtr ) { + + // Check for the existence of the token. + if ( ! isset( $this->tokens[ $stackPtr ] ) ) { + return ''; + } + + // Check for scoped namespace {}. + if ( ! empty( $this->tokens[ $stackPtr ]['conditions'] ) ) { + $namespacePtr = $this->phpcsFile->getCondition( $stackPtr, \T_NAMESPACE ); + if ( false !== $namespacePtr ) { + $namespace = $this->get_declared_namespace_name( $namespacePtr ); + if ( false !== $namespace ) { + return $namespace; + } + + // We are in a scoped namespace, but couldn't determine the name. + // Searching for a global namespace is futile. + return ''; + } + } + + /* + * Not in a scoped namespace, so let's see if we can find a non-scoped namespace instead. + * Keeping in mind that: + * - there can be multiple non-scoped namespaces in a file (bad practice, but it happens). + * - the namespace keyword can also be used as part of a function/method call and such. + * - that a non-named namespace resolves to the global namespace. + */ + $previousNSToken = $stackPtr; + $namespace = false; + do { + $previousNSToken = $this->phpcsFile->findPrevious( \T_NAMESPACE, ( $previousNSToken - 1 ) ); + + // Stop if we encounter a scoped namespace declaration as we already know we're not in one. + if ( ! empty( $this->tokens[ $previousNSToken ]['scope_condition'] ) + && $this->tokens[ $previousNSToken ]['scope_condition'] === $previousNSToken + ) { + break; + } + + $namespace = $this->get_declared_namespace_name( $previousNSToken ); + + } while ( false === $namespace && false !== $previousNSToken ); + + // If we still haven't got a namespace, return an empty string. + if ( false === $namespace ) { + return ''; + } + + return $namespace; + } + + /** + * Get the complete namespace name for a namespace declaration. + * + * For hierarchical namespaces, the name will be composed of several tokens, + * i.e. MyProject\Sub\Level which will be returned together as one string. + * + * @since 0.12.0 A lesser variant of this method previously existed in the + * `AbstractClassRestrictionsSniff` class. + * + * @param int|bool $stackPtr The position of a T_NAMESPACE token. + * + * @return string|false Namespace name or false if not a namespace declaration. + * Namespace name can be an empty string for global namespace declaration. + */ + public function get_declared_namespace_name( $stackPtr ) { + + // Check for the existence of the token. + if ( false === $stackPtr || ! isset( $this->tokens[ $stackPtr ] ) ) { + return false; + } + + if ( \T_NAMESPACE !== $this->tokens[ $stackPtr ]['code'] ) { + return false; + } + + $nextToken = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $stackPtr + 1 ), null, true, null, true ); + if ( \T_NS_SEPARATOR === $this->tokens[ $nextToken ]['code'] ) { + // Not a namespace declaration, but use of, i.e. `namespace\someFunction();`. + return false; + } + + if ( \T_OPEN_CURLY_BRACKET === $this->tokens[ $nextToken ]['code'] ) { + // Declaration for global namespace when using multiple namespaces in a file. + // I.e.: `namespace {}`. + return ''; + } + + // Ok, this should be a namespace declaration, so get all the parts together. + $acceptedTokens = array( + \T_STRING => true, + \T_NS_SEPARATOR => true, + ); + $validTokens = $acceptedTokens + Tokens::$emptyTokens; + + $namespaceName = ''; + while ( isset( $validTokens[ $this->tokens[ $nextToken ]['code'] ] ) ) { + if ( isset( $acceptedTokens[ $this->tokens[ $nextToken ]['code'] ] ) ) { + $namespaceName .= trim( $this->tokens[ $nextToken ]['content'] ); + } + ++$nextToken; + } + + return $namespaceName; + } + + /** + * Check whether a T_CONST token is a class constant declaration. + * + * @since 0.14.0 + * + * @param int $stackPtr The position in the stack of the T_CONST token to verify. + * + * @return bool + */ + public function is_class_constant( $stackPtr ) { + if ( ! isset( $this->tokens[ $stackPtr ] ) || \T_CONST !== $this->tokens[ $stackPtr ]['code'] ) { + return false; + } + + // Note: traits can not declare constants. + $valid_scopes = array( + 'T_CLASS' => true, + 'T_ANON_CLASS' => true, + 'T_INTERFACE' => true, + ); + + return is_int( $this->valid_direct_scope( $stackPtr, $valid_scopes ) ); + } + + /** + * Check whether a T_VARIABLE token is a class property declaration. + * + * @since 0.14.0 + * + * @param int $stackPtr The position in the stack of the T_VARIABLE token to verify. + * + * @return bool + */ + public function is_class_property( $stackPtr ) { + if ( ! isset( $this->tokens[ $stackPtr ] ) || \T_VARIABLE !== $this->tokens[ $stackPtr ]['code'] ) { + return false; + } + + // Note: interfaces can not declare properties. + $valid_scopes = array( + 'T_CLASS' => true, + 'T_ANON_CLASS' => true, + 'T_TRAIT' => true, + ); + + $scopePtr = $this->valid_direct_scope( $stackPtr, $valid_scopes ); + if ( false !== $scopePtr ) { + // Make sure it's not a method parameter. + if ( empty( $this->tokens[ $stackPtr ]['nested_parenthesis'] ) ) { + return true; + } else { + $parenthesis = array_keys( $this->tokens[ $stackPtr ]['nested_parenthesis'] ); + $deepest_open = array_pop( $parenthesis ); + if ( $deepest_open < $scopePtr + || isset( $this->tokens[ $deepest_open ]['parenthesis_owner'] ) === false + || \T_FUNCTION !== $this->tokens[ $this->tokens[ $deepest_open ]['parenthesis_owner'] ]['code'] + ) { + return true; + } + } + } + + return false; + } + + /** + * Check whether the direct wrapping scope of a token is within a limited set of + * acceptable tokens. + * + * Used to check, for instance, if a T_CONST is a class constant. + * + * @since 0.14.0 + * + * @param int $stackPtr The position in the stack of the token to verify. + * @param array $valid_scopes Array of token types. + * Keys should be the token types in string format + * to allow for newer token types. + * Value is irrelevant. + * + * @return int|bool StackPtr to the scope if valid, false otherwise. + */ + protected function valid_direct_scope( $stackPtr, array $valid_scopes ) { + if ( empty( $this->tokens[ $stackPtr ]['conditions'] ) ) { + return false; + } + + /* + * Check only the direct wrapping scope of the token. + */ + $conditions = array_keys( $this->tokens[ $stackPtr ]['conditions'] ); + $ptr = array_pop( $conditions ); + + if ( ! isset( $this->tokens[ $ptr ] ) ) { + return false; + } + + if ( isset( $valid_scopes[ $this->tokens[ $ptr ]['type'] ] ) ) { + return $ptr; + } + + return false; + } + + /** + * Checks whether this is a call to a $wpdb method that we want to sniff. + * + * If available in the child class, the $methodPtr, $i and $end properties are + * automatically set to correspond to the start and end of the method call. + * The $i property is also set if this is not a method call but rather the + * use of a $wpdb property. + * + * @since 0.8.0 + * @since 0.9.0 The return value is now always boolean. The $end and $i member + * vars are automatically updated. + * @since 0.14.0 Moved this method from the `PreparedSQL` sniff to the base WP sniff. + * + * {@internal This method should probably be refactored.}} + * + * @param int $stackPtr The index of the $wpdb variable. + * @param array $target_methods Array of methods. Key(s) should be method name. + * + * @return bool Whether this is a $wpdb method call. + */ + protected function is_wpdb_method_call( $stackPtr, $target_methods ) { + + // Check for wpdb. + if ( ( \T_VARIABLE === $this->tokens[ $stackPtr ]['code'] && '$wpdb' !== $this->tokens[ $stackPtr ]['content'] ) + || ( \T_STRING === $this->tokens[ $stackPtr ]['code'] && 'wpdb' !== $this->tokens[ $stackPtr ]['content'] ) + ) { + return false; + } + + // Check that this is a method call. + $is_object_call = $this->phpcsFile->findNext( + array( \T_OBJECT_OPERATOR, \T_DOUBLE_COLON ), + ( $stackPtr + 1 ), + null, + false, + null, + true + ); + if ( false === $is_object_call ) { + return false; + } + + $methodPtr = $this->phpcsFile->findNext( \T_WHITESPACE, ( $is_object_call + 1 ), null, true, null, true ); + if ( false === $methodPtr ) { + return false; + } + + if ( \T_STRING === $this->tokens[ $methodPtr ]['code'] && property_exists( $this, 'methodPtr' ) ) { + $this->methodPtr = $methodPtr; + } + + // Find the opening parenthesis. + $opening_paren = $this->phpcsFile->findNext( \T_WHITESPACE, ( $methodPtr + 1 ), null, true, null, true ); + + if ( false === $opening_paren ) { + return false; + } + + if ( property_exists( $this, 'i' ) ) { + $this->i = $opening_paren; + } + + if ( \T_OPEN_PARENTHESIS !== $this->tokens[ $opening_paren ]['code'] + || ! isset( $this->tokens[ $opening_paren ]['parenthesis_closer'] ) + ) { + return false; + } + + // Check that this is one of the methods that we are interested in. + if ( ! isset( $target_methods[ $this->tokens[ $methodPtr ]['content'] ] ) ) { + return false; + } + + // Find the end of the first parameter. + $end = $this->phpcsFile->findEndOfStatement( $opening_paren + 1 ); + + if ( \T_COMMA !== $this->tokens[ $end ]['code'] ) { + ++$end; + } + + if ( property_exists( $this, 'end' ) ) { + $this->end = $end; + } + + return true; + } + + /** + * Determine whether an arbitrary T_STRING token is the use of a global constant. + * + * @since 1.0.0 + * + * @param int $stackPtr The position of the function call token. + * + * @return bool + */ + public function is_use_of_global_constant( $stackPtr ) { + // Check for the existence of the token. + if ( ! isset( $this->tokens[ $stackPtr ] ) ) { + return false; + } + + // Is this one of the tokens this function handles ? + if ( \T_STRING !== $this->tokens[ $stackPtr ]['code'] ) { + return false; + } + + $next = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $stackPtr + 1 ), null, true ); + if ( false !== $next + && ( \T_OPEN_PARENTHESIS === $this->tokens[ $next ]['code'] + || \T_DOUBLE_COLON === $this->tokens[ $next ]['code'] ) + ) { + // Function call or declaration. + return false; + } + + // Array of tokens which if found preceding the $stackPtr indicate that a T_STRING is not a global constant. + $tokens_to_ignore = array( + 'T_NAMESPACE' => true, + 'T_USE' => true, + 'T_CLASS' => true, + 'T_TRAIT' => true, + 'T_INTERFACE' => true, + 'T_EXTENDS' => true, + 'T_IMPLEMENTS' => true, + 'T_NEW' => true, + 'T_FUNCTION' => true, + 'T_DOUBLE_COLON' => true, + 'T_OBJECT_OPERATOR' => true, + 'T_INSTANCEOF' => true, + 'T_INSTEADOF' => true, + 'T_GOTO' => true, + 'T_AS' => true, + 'T_PUBLIC' => true, + 'T_PROTECTED' => true, + 'T_PRIVATE' => true, + ); + + $prev = $this->phpcsFile->findPrevious( Tokens::$emptyTokens, ( $stackPtr - 1 ), null, true ); + if ( false !== $prev + && isset( $tokens_to_ignore[ $this->tokens[ $prev ]['type'] ] ) + ) { + // Not the use of a constant. + return false; + } + + if ( $this->is_token_namespaced( $stackPtr ) === true ) { + // Namespaced constant of the same name. + return false; + } + + if ( false !== $prev + && \T_CONST === $this->tokens[ $prev ]['code'] + && $this->is_class_constant( $prev ) + ) { + // Class constant declaration of the same name. + return false; + } + + /* + * Deal with a number of variations of use statements. + */ + for ( $i = $stackPtr; $i > 0; $i-- ) { + if ( $this->tokens[ $i ]['line'] !== $this->tokens[ $stackPtr ]['line'] ) { + break; + } + } + + $firstOnLine = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $i + 1 ), null, true ); + if ( false !== $firstOnLine && \T_USE === $this->tokens[ $firstOnLine ]['code'] ) { + $nextOnLine = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $firstOnLine + 1 ), null, true ); + if ( false !== $nextOnLine ) { + if ( \T_STRING === $this->tokens[ $nextOnLine ]['code'] + && 'const' === $this->tokens[ $nextOnLine ]['content'] + ) { + $hasNsSep = $this->phpcsFile->findNext( \T_NS_SEPARATOR, ( $nextOnLine + 1 ), $stackPtr ); + if ( false !== $hasNsSep ) { + // Namespaced const (group) use statement. + return false; + } + } else { + // Not a const use statement. + return false; + } + } + } + + return true; + } + + /** + * Determine if a variable is in the `as $key => $value` part of a foreach condition. + * + * @since 1.0.0 + * @since 1.1.0 Moved from the PrefixAllGlobals sniff to the Sniff base class. + * + * @param int $stackPtr Pointer to the variable. + * + * @return bool True if it is. False otherwise. + */ + protected function is_foreach_as( $stackPtr ) { + if ( ! isset( $this->tokens[ $stackPtr ]['nested_parenthesis'] ) ) { + return false; + } + + $nested_parenthesis = $this->tokens[ $stackPtr ]['nested_parenthesis']; + $close_parenthesis = end( $nested_parenthesis ); + $open_parenthesis = key( $nested_parenthesis ); + if ( ! isset( $this->tokens[ $close_parenthesis ]['parenthesis_owner'] ) ) { + return false; + } + + if ( \T_FOREACH !== $this->tokens[ $this->tokens[ $close_parenthesis ]['parenthesis_owner'] ]['code'] ) { + return false; + } + + $as_ptr = $this->phpcsFile->findNext( \T_AS, ( $open_parenthesis + 1 ), $close_parenthesis ); + if ( false === $as_ptr ) { + // Should never happen. + return false; + } + + return ( $stackPtr > $as_ptr ); + } + + /** + * Determine whether a T_OPEN/CLOSE_SHORT_ARRAY token is a short list() construct. + * + * @internal This function will be introduced in PHPCS upstream in version 3.5.0 + * and can be removed from WPCS once WPCS raises the minimum version. + * + * @since 2.2.0 + * + * @param int $stackPtr The position of the array bracket token. + * + * @return bool True if the token passed is the open/close bracket of a short list. + * False if the token is a short array bracket or not + * a T_OPEN/CLOSE_SHORT_ARRAY token. + */ + protected function is_short_list( $stackPtr ) { + // Is this one of the tokens this function handles ? + if ( \T_OPEN_SHORT_ARRAY !== $this->tokens[ $stackPtr ]['code'] + && \T_CLOSE_SHORT_ARRAY !== $this->tokens[ $stackPtr ]['code'] + ) { + return false; + } + + switch ( $this->tokens[ $stackPtr ]['code'] ) { + case \T_OPEN_SHORT_ARRAY: + $opener = $stackPtr; + $closer = $this->tokens[ $stackPtr ]['bracket_closer']; + break; + + case \T_CLOSE_SHORT_ARRAY: + $opener = $this->tokens[ $stackPtr ]['bracket_opener']; + $closer = $stackPtr; + break; + } + + $nextNonEmpty = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $closer + 1 ), null, true, null, true ); + if ( false !== $nextNonEmpty && \T_EQUAL === $this->tokens[ $nextNonEmpty ]['code'] ) { + return true; + } + + // Check for short list in foreach, i.e. `foreach($array as [$a, $b])`. + if ( $this->is_foreach_as( $stackPtr ) === true ) { + return true; + } + + // Maybe this is a short list syntax nested inside another short list syntax ? + $parentOpen = $opener; + do { + $parentOpen = $this->phpcsFile->findPrevious( + \T_OPEN_SHORT_ARRAY, + ( $parentOpen - 1 ), + null, + false, + null, + true + ); + + if ( false === $parentOpen ) { + return false; + } + } while ( $this->tokens[ $parentOpen ]['bracket_closer'] < $opener ); + + return $this->is_short_list( $parentOpen ); + } + + /** + * Get a list of the token pointers to the variables being assigned to in a list statement. + * + * @internal No need to take special measures for nested lists. Nested or not, + * each list part can only contain one variable being written to. + * + * @since 2.2.0 + * + * @param int $stackPtr The position of the T_LIST or T_OPEN_SHORT_ARRAY + * token in the stack. + * @param array $list_open_close Optional. Array containing the token pointers to + * the list opener and closer. + * + * @return array Array with the stack pointers to the variables or an empty + * array when not a (short) list. + */ + protected function get_list_variables( $stackPtr, $list_open_close = array() ) { + if ( \T_LIST !== $this->tokens[ $stackPtr ]['code'] + && \T_OPEN_SHORT_ARRAY !== $this->tokens[ $stackPtr ]['code'] + ) { + return array(); + } + + if ( empty( $list_open_close ) ) { + $list_open_close = $this->find_list_open_close( $stackPtr ); + if ( false === $list_open_close ) { + // Not a (short) list. + return array(); + } + } + + $var_pointers = array(); + $current = $list_open_close['opener']; + $closer = $list_open_close['closer']; + $last = false; + do { + ++$current; + $next_comma = $this->phpcsFile->findNext( \T_COMMA, $current, $closer ); + if ( false === $next_comma ) { + $next_comma = $closer; + $last = true; + } + + // Skip over the "key" part in keyed lists. + $arrow = $this->phpcsFile->findNext( \T_DOUBLE_ARROW, $current, $next_comma ); + if ( false !== $arrow ) { + $current = ( $arrow + 1 ); + } + + /* + * Each list item can only have one variable to which an assignment is being made. + * This can be an array with a (variable) index, but that doesn't matter, we're only + * concerned with the actual variable. + */ + $var = $this->phpcsFile->findNext( \T_VARIABLE, $current, $next_comma ); + if ( false !== $var ) { + // Not an empty list item. + $var_pointers[] = $var; + } + + $current = $next_comma; + + } while ( false === $last ); + + return $var_pointers; + } + + /** + * Check whether a function has been marked as deprecated via a @deprecated tag + * in the function docblock. + * + * {@internal This method is static to allow the ValidFunctionName class to use it.}} + * + * @since 2.2.0 + * + * @param \PHP_CodeSniffer\Files\File $phpcsFile The file being scanned. + * @param int $stackPtr The position of a T_FUNCTION + * token in the stack. + * + * @return bool + */ + public static function is_function_deprecated( File $phpcsFile, $stackPtr ) { + $tokens = $phpcsFile->getTokens(); + $find = Tokens::$methodPrefixes; + $find[] = \T_WHITESPACE; + + $comment_end = $phpcsFile->findPrevious( $find, ( $stackPtr - 1 ), null, true ); + if ( \T_DOC_COMMENT_CLOSE_TAG !== $tokens[ $comment_end ]['code'] ) { + // Function doesn't have a doc comment or is using the wrong type of comment. + return false; + } + + $comment_start = $tokens[ $comment_end ]['comment_opener']; + foreach ( $tokens[ $comment_start ]['comment_tags'] as $tag ) { + if ( '@deprecated' === $tokens[ $tag ]['content'] ) { + return true; + } + } + + return false; + } +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Arrays/ArrayDeclarationSpacingSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Arrays/ArrayDeclarationSpacingSniff.php new file mode 100644 index 00000000..5488bfd3 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Arrays/ArrayDeclarationSpacingSniff.php @@ -0,0 +1,468 @@ + \T_ARRAY, + \T_OPEN_SHORT_ARRAY => \T_OPEN_SHORT_ARRAY, + ); + + /** + * Returns an array of tokens this test wants to listen for. + * + * @since 0.12.0 + * + * @return array + */ + public function register() { + return $this->targets; + } + + /** + * Processes this test, when one of its tokens is encountered. + * + * @since 0.12.0 The actual checks contained in this method used to + * be in the `processSingleLineArray()` method. + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return void + */ + public function process_token( $stackPtr ) { + + if ( \T_OPEN_SHORT_ARRAY === $this->tokens[ $stackPtr ]['code'] + && $this->is_short_list( $stackPtr ) + ) { + // Short list, not short array. + return; + } + + /* + * Determine the array opener & closer. + */ + $array_open_close = $this->find_array_open_close( $stackPtr ); + if ( false === $array_open_close ) { + // Array open/close could not be determined. + return; + } + + $opener = $array_open_close['opener']; + $closer = $array_open_close['closer']; + unset( $array_open_close ); + + /* + * Long arrays only: Check for space between the array keyword and the open parenthesis. + */ + if ( \T_ARRAY === $this->tokens[ $stackPtr ]['code'] ) { + + if ( ( $stackPtr + 1 ) !== $opener ) { + $error = 'There must be no space between the "array" keyword and the opening parenthesis'; + $error_code = 'SpaceAfterKeyword'; + + $nextNonWhitespace = $this->phpcsFile->findNext( \T_WHITESPACE, ( $stackPtr + 1 ), ( $opener + 1 ), true ); + if ( $nextNonWhitespace !== $opener ) { + // Don't auto-fix: Something other than whitespace found between keyword and open parenthesis. + $this->phpcsFile->addError( $error, $stackPtr, $error_code ); + } else { + + $fix = $this->phpcsFile->addFixableError( $error, $stackPtr, $error_code ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->beginChangeset(); + for ( $i = ( $stackPtr + 1 ); $i < $opener; $i++ ) { + $this->phpcsFile->fixer->replaceToken( $i, '' ); + } + $this->phpcsFile->fixer->endChangeset(); + unset( $i ); + } + } + unset( $error, $error_code, $nextNonWhitespace, $fix ); + } + } + + /* + * Check for empty arrays. + */ + $nextNonWhitespace = $this->phpcsFile->findNext( \T_WHITESPACE, ( $opener + 1 ), ( $closer + 1 ), true ); + if ( $nextNonWhitespace === $closer ) { + + if ( ( $opener + 1 ) !== $closer ) { + $fix = $this->phpcsFile->addFixableError( + 'Empty array declaration must have no space between the parentheses', + $stackPtr, + 'SpaceInEmptyArray' + ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->beginChangeset(); + for ( $i = ( $opener + 1 ); $i < $closer; $i++ ) { + $this->phpcsFile->fixer->replaceToken( $i, '' ); + } + $this->phpcsFile->fixer->endChangeset(); + unset( $i ); + } + } + + // This array is empty, so the below checks aren't necessary. + return; + } + unset( $nextNonWhitespace ); + + // Pass off to either the single line or multi-line array analysis. + if ( $this->tokens[ $opener ]['line'] === $this->tokens[ $closer ]['line'] ) { + $this->process_single_line_array( $stackPtr, $opener, $closer ); + } else { + $this->process_multi_line_array( $stackPtr, $opener, $closer ); + } + } + + /** + * Process a single-line array. + * + * @since 0.13.0 The actual checks contained in this method used to + * be in the `process()` method. + * + * @param int $stackPtr The position of the current token in the stack. + * @param int $opener The position of the array opener. + * @param int $closer The position of the array closer. + * + * @return void + */ + protected function process_single_line_array( $stackPtr, $opener, $closer ) { + /* + * Check that associative arrays are always multi-line. + */ + $array_has_keys = $this->phpcsFile->findNext( \T_DOUBLE_ARROW, $opener, $closer ); + if ( false !== $array_has_keys ) { + + $array_items = $this->get_function_call_parameters( $stackPtr ); + + if ( ( false === $this->allow_single_item_single_line_associative_arrays + && ! empty( $array_items ) ) + || ( true === $this->allow_single_item_single_line_associative_arrays + && \count( $array_items ) > 1 ) + ) { + /* + * Make sure the double arrow is for *this* array, not for a nested one. + */ + $array_has_keys = false; // Reset before doing more detailed check. + foreach ( $array_items as $item ) { + for ( $ptr = $item['start']; $ptr <= $item['end']; $ptr++ ) { + if ( \T_DOUBLE_ARROW === $this->tokens[ $ptr ]['code'] ) { + $array_has_keys = true; + break 2; + } + + // Skip passed any nested arrays. + if ( isset( $this->targets[ $this->tokens[ $ptr ]['code'] ] ) ) { + $nested_array_open_close = $this->find_array_open_close( $ptr ); + if ( false === $nested_array_open_close ) { + // Nested array open/close could not be determined. + continue; + } + + $ptr = $nested_array_open_close['closer']; + } + } + } + + if ( true === $array_has_keys ) { + + $phrase = 'an'; + if ( true === $this->allow_single_item_single_line_associative_arrays ) { + $phrase = 'a multi-item'; + } + $fix = $this->phpcsFile->addFixableError( + 'When %s array uses associative keys, each value should start on a new line.', + $closer, + 'AssociativeArrayFound', + array( $phrase ) + ); + + if ( true === $fix ) { + + $this->phpcsFile->fixer->beginChangeset(); + + foreach ( $array_items as $item ) { + /* + * Add a line break before the first non-empty token in the array item. + * Prevents extraneous whitespace at the start of the line which could be + * interpreted as alignment whitespace. + */ + $first_non_empty = $this->phpcsFile->findNext( + Tokens::$emptyTokens, + $item['start'], + ( $item['end'] + 1 ), + true + ); + if ( false === $first_non_empty ) { + continue; + } + + if ( $item['start'] <= ( $first_non_empty - 1 ) + && \T_WHITESPACE === $this->tokens[ ( $first_non_empty - 1 ) ]['code'] + ) { + // Remove whitespace which would otherwise becoming trailing + // (as it gives problems with the fixed file). + $this->phpcsFile->fixer->replaceToken( ( $first_non_empty - 1 ), '' ); + } + + $this->phpcsFile->fixer->addNewlineBefore( $first_non_empty ); + } + + $this->phpcsFile->fixer->endChangeset(); + } + + // No need to check for spacing around opener/closer as this array should be multi-line. + return; + } + } + } + + /* + * Check that there is a single space after the array opener and before the array closer. + */ + if ( \T_WHITESPACE !== $this->tokens[ ( $opener + 1 ) ]['code'] ) { + + $fix = $this->phpcsFile->addFixableError( + 'Missing space after array opener.', + $opener, + 'NoSpaceAfterArrayOpener' + ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->addContent( $opener, ' ' ); + } + } elseif ( ' ' !== $this->tokens[ ( $opener + 1 ) ]['content'] ) { + + $fix = $this->phpcsFile->addFixableError( + 'Expected 1 space after array opener, found %s.', + $opener, + 'SpaceAfterArrayOpener', + array( \strlen( $this->tokens[ ( $opener + 1 ) ]['content'] ) ) + ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->replaceToken( ( $opener + 1 ), ' ' ); + } + } + + if ( \T_WHITESPACE !== $this->tokens[ ( $closer - 1 ) ]['code'] ) { + + $fix = $this->phpcsFile->addFixableError( + 'Missing space before array closer.', + $closer, + 'NoSpaceBeforeArrayCloser' + ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->addContentBefore( $closer, ' ' ); + } + } elseif ( ' ' !== $this->tokens[ ( $closer - 1 ) ]['content'] ) { + + $fix = $this->phpcsFile->addFixableError( + 'Expected 1 space before array closer, found %s.', + $closer, + 'SpaceBeforeArrayCloser', + array( \strlen( $this->tokens[ ( $closer - 1 ) ]['content'] ) ) + ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->replaceToken( ( $closer - 1 ), ' ' ); + } + } + } + + /** + * Process a multi-line array. + * + * @since 0.13.0 The actual checks contained in this method used to + * be in the `ArrayDeclaration` sniff. + * + * @param int $stackPtr The position of the current token in the stack. + * @param int $opener The position of the array opener. + * @param int $closer The position of the array closer. + * + * @return void + */ + protected function process_multi_line_array( $stackPtr, $opener, $closer ) { + /* + * Check that the closing bracket is on a new line. + */ + $last_content = $this->phpcsFile->findPrevious( \T_WHITESPACE, ( $closer - 1 ), $opener, true ); + if ( false !== $last_content + && $this->tokens[ $last_content ]['line'] === $this->tokens[ $closer ]['line'] + ) { + $fix = $this->phpcsFile->addFixableError( + 'Closing parenthesis of array declaration must be on a new line', + $closer, + 'CloseBraceNewLine' + ); + if ( true === $fix ) { + $this->phpcsFile->fixer->beginChangeset(); + + if ( $last_content < ( $closer - 1 ) + && \T_WHITESPACE === $this->tokens[ ( $closer - 1 ) ]['code'] + ) { + // Remove whitespace which would otherwise becoming trailing + // (as it gives problems with the fixed file). + $this->phpcsFile->fixer->replaceToken( ( $closer - 1 ), '' ); + } + + $this->phpcsFile->fixer->addNewlineBefore( $closer ); + $this->phpcsFile->fixer->endChangeset(); + } + } + + /* + * Check that each array item starts on a new line. + */ + $array_items = $this->get_function_call_parameters( $stackPtr ); + $end_of_last_item = $opener; + + foreach ( $array_items as $item ) { + $end_of_this_item = ( $item['end'] + 1 ); + + // Find the line on which the item starts. + $first_content = $this->phpcsFile->findNext( + array( \T_WHITESPACE, \T_DOC_COMMENT_WHITESPACE ), + $item['start'], + $end_of_this_item, + true + ); + + // Ignore comments after array items if the next real content starts on a new line. + if ( $this->tokens[ $first_content ]['line'] === $this->tokens[ $end_of_last_item ]['line'] + && ( \T_COMMENT === $this->tokens[ $first_content ]['code'] + || isset( Tokens::$phpcsCommentTokens[ $this->tokens[ $first_content ]['code'] ] ) ) + ) { + $end_of_comment = $first_content; + + // Find the end of (multi-line) /* */- style trailing comments. + if ( substr( ltrim( $this->tokens[ $end_of_comment ]['content'] ), 0, 2 ) === '/*' ) { + while ( ( \T_COMMENT === $this->tokens[ $end_of_comment ]['code'] + || isset( Tokens::$phpcsCommentTokens[ $this->tokens[ $end_of_comment ]['code'] ] ) ) + && substr( rtrim( $this->tokens[ $end_of_comment ]['content'] ), -2 ) !== '*/' + && ( $end_of_comment + 1 ) < $end_of_this_item + ) { + $end_of_comment++; + } + + if ( $this->tokens[ $end_of_comment ]['line'] !== $this->tokens[ $end_of_last_item ]['line'] ) { + // Multi-line trailing comment. + $end_of_last_item = $end_of_comment; + } + } + + $next = $this->phpcsFile->findNext( + array( \T_WHITESPACE, \T_DOC_COMMENT_WHITESPACE ), + ( $end_of_comment + 1 ), + $end_of_this_item, + true + ); + + if ( false === $next ) { + // Shouldn't happen, but just in case. + $end_of_last_item = $end_of_this_item; + continue; + } + + if ( $this->tokens[ $next ]['line'] !== $this->tokens[ $first_content ]['line'] ) { + $first_content = $next; + } + } + + if ( false === $first_content ) { + // Shouldn't happen, but just in case. + $end_of_last_item = $end_of_this_item; + continue; + } + + if ( $this->tokens[ $end_of_last_item ]['line'] === $this->tokens[ $first_content ]['line'] ) { + + $fix = $this->phpcsFile->addFixableError( + 'Each item in a multi-line array must be on a new line', + $first_content, + 'ArrayItemNoNewLine' + ); + + if ( true === $fix ) { + + $this->phpcsFile->fixer->beginChangeset(); + + if ( ( $end_of_last_item + 1 ) <= ( $first_content - 1 ) + && \T_WHITESPACE === $this->tokens[ ( $first_content - 1 ) ]['code'] + ) { + // Remove whitespace which would otherwise becoming trailing + // (as it gives problems with the fixed file). + $this->phpcsFile->fixer->replaceToken( ( $first_content - 1 ), '' ); + } + + $this->phpcsFile->fixer->addNewlineBefore( $first_content ); + $this->phpcsFile->fixer->endChangeset(); + } + } + + $end_of_last_item = $end_of_this_item; + } + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Arrays/ArrayIndentationSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Arrays/ArrayIndentationSniff.php new file mode 100644 index 00000000..c0b5dcf5 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Arrays/ArrayIndentationSniff.php @@ -0,0 +1,542 @@ +ignore_tokens = Tokens::$heredocTokens; + unset( $this->ignore_tokens[ \T_START_HEREDOC ], $this->ignore_tokens[ \T_START_NOWDOC ] ); + $this->ignore_tokens[ \T_INLINE_HTML ] = \T_INLINE_HTML; + + return array( + \T_ARRAY, + \T_OPEN_SHORT_ARRAY, + ); + } + + /** + * Processes this test, when one of its tokens is encountered. + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + public function process_token( $stackPtr ) { + if ( ! isset( $this->tab_width ) ) { + $this->tab_width = PHPCSHelper::get_tab_width( $this->phpcsFile ); + } + + if ( \T_OPEN_SHORT_ARRAY === $this->tokens[ $stackPtr ]['code'] + && $this->is_short_list( $stackPtr ) + ) { + // Short list, not short array. + return; + } + + /* + * Determine the array opener & closer. + */ + $array_open_close = $this->find_array_open_close( $stackPtr ); + if ( false === $array_open_close ) { + // Array open/close could not be determined. + return; + } + + $opener = $array_open_close['opener']; + $closer = $array_open_close['closer']; + + if ( $this->tokens[ $opener ]['line'] === $this->tokens[ $closer ]['line'] ) { + // Not interested in single line arrays. + return; + } + + /* + * Check the closing bracket is lined up with the start of the content on the line + * containing the array opener. + */ + $opener_line_spaces = $this->get_indentation_size( $opener ); + $closer_line_spaces = ( $this->tokens[ $closer ]['column'] - 1 ); + + if ( $closer_line_spaces !== $opener_line_spaces ) { + $error = 'Array closer not aligned correctly; expected %s space(s) but found %s'; + $error_code = 'CloseBraceNotAligned'; + + /* + * Report & fix the issue if the close brace is on its own line with + * nothing or only indentation whitespace before it. + */ + if ( 0 === $closer_line_spaces + || ( \T_WHITESPACE === $this->tokens[ ( $closer - 1 ) ]['code'] + && 1 === $this->tokens[ ( $closer - 1 ) ]['column'] ) + ) { + $this->add_array_alignment_error( + $closer, + $error, + $error_code, + $opener_line_spaces, + $closer_line_spaces, + $this->get_indentation_string( $opener_line_spaces ) + ); + } else { + /* + * Otherwise, only report the error, don't try and fix it (yet). + * + * It will get corrected in a future loop of the fixer once the closer + * has been moved to its own line by the `ArrayDeclarationSpacing` sniff. + */ + $this->phpcsFile->addError( + $error, + $closer, + $error_code, + array( $opener_line_spaces, $closer_line_spaces ) + ); + } + + unset( $error, $error_code ); + } + + /* + * Verify & correct the array item indentation. + */ + $array_items = $this->get_function_call_parameters( $stackPtr ); + if ( empty( $array_items ) ) { + // Strange, no array items found. + return; + } + + $expected_spaces = ( $opener_line_spaces + $this->tab_width ); + $expected_indent = $this->get_indentation_string( $expected_spaces ); + $end_of_previous_item = $opener; + + foreach ( $array_items as $item ) { + $end_of_this_item = ( $item['end'] + 1 ); + + // Find the line on which the item starts. + $first_content = $this->phpcsFile->findNext( + array( \T_WHITESPACE, \T_DOC_COMMENT_WHITESPACE ), + $item['start'], + $end_of_this_item, + true + ); + + // Deal with trailing comments. + if ( false !== $first_content + && \T_COMMENT === $this->tokens[ $first_content ]['code'] + && $this->tokens[ $first_content ]['line'] === $this->tokens[ $end_of_previous_item ]['line'] + ) { + $first_content = $this->phpcsFile->findNext( + array( \T_WHITESPACE, \T_DOC_COMMENT_WHITESPACE, \T_COMMENT ), + ( $first_content + 1 ), + $end_of_this_item, + true + ); + } + + if ( false === $first_content ) { + $end_of_previous_item = $end_of_this_item; + continue; + } + + // Bow out from reporting and fixing mixed multi-line/single-line arrays. + // That is handled by the ArrayDeclarationSpacingSniff. + if ( $this->tokens[ $first_content ]['line'] === $this->tokens[ $end_of_previous_item ]['line'] + || ( 1 !== $this->tokens[ $first_content ]['column'] + && \T_WHITESPACE !== $this->tokens[ ( $first_content - 1 ) ]['code'] ) + ) { + return $closer; + } + + $found_spaces = ( $this->tokens[ $first_content ]['column'] - 1 ); + + if ( $found_spaces !== $expected_spaces ) { + $this->add_array_alignment_error( + $first_content, + 'Array item not aligned correctly; expected %s spaces but found %s', + 'ItemNotAligned', + $expected_spaces, + $found_spaces, + $expected_indent + ); + } + + // No need for further checking if this is a one-line array item. + if ( $this->tokens[ $first_content ]['line'] === $this->tokens[ $item['end'] ]['line'] ) { + $end_of_previous_item = $end_of_this_item; + continue; + } + + /* + * Multi-line array items. + * + * Verify & if needed, correct the indentation of subsequent lines. + * Subsequent lines may be indented more or less than the mimimum expected indent, + * but the "first line after" should be indented - at least - as much as the very first line + * of the array item. + * Indentation correction for subsequent lines will be based on that diff. + */ + + // Find first token on second line of the array item. + // If the second line is a heredoc/nowdoc, continue on until we find a line with a different token. + // Same for the second line of a multi-line text string. + for ( $ptr = ( $first_content + 1 ); $ptr <= $item['end']; $ptr++ ) { + if ( $this->tokens[ $first_content ]['line'] !== $this->tokens[ $ptr ]['line'] + && 1 === $this->tokens[ $ptr ]['column'] + && false === $this->ignore_token( $ptr ) + ) { + break; + } + } + + $first_content_on_line2 = $this->phpcsFile->findNext( + array( \T_WHITESPACE, \T_DOC_COMMENT_WHITESPACE ), + $ptr, + $end_of_this_item, + true + ); + + if ( false === $first_content_on_line2 ) { + /* + * Apparently there were only tokens in the ignore list on subsequent lines. + * + * In that case, the comma after the array item might be on a line by itself, + * so check its placement. + */ + if ( $this->tokens[ $item['end'] ]['line'] !== $this->tokens[ $end_of_this_item ]['line'] + && \T_COMMA === $this->tokens[ $end_of_this_item ]['code'] + && ( $this->tokens[ $end_of_this_item ]['column'] - 1 ) !== $expected_spaces + ) { + $this->add_array_alignment_error( + $end_of_this_item, + 'Comma after multi-line array item not aligned correctly; expected %s spaces, but found %s', + 'MultiLineArrayItemCommaNotAligned', + $expected_spaces, + ( $this->tokens[ $end_of_this_item ]['column'] - 1 ), + $expected_indent + ); + } + + $end_of_previous_item = $end_of_this_item; + continue; + } + + $found_spaces_on_line2 = $this->get_indentation_size( $first_content_on_line2 ); + $expected_spaces_on_line2 = $expected_spaces; + + if ( $found_spaces < $found_spaces_on_line2 ) { + $expected_spaces_on_line2 += ( $found_spaces_on_line2 - $found_spaces ); + } + + if ( $found_spaces_on_line2 !== $expected_spaces_on_line2 ) { + + $fix = $this->phpcsFile->addFixableError( + 'Multi-line array item not aligned correctly; expected %s spaces, but found %s', + $first_content_on_line2, + 'MultiLineArrayItemNotAligned', + array( + $expected_spaces_on_line2, + $found_spaces_on_line2, + ) + ); + + if ( true === $fix ) { + $expected_indent_on_line2 = $this->get_indentation_string( $expected_spaces_on_line2 ); + + $this->phpcsFile->fixer->beginChangeset(); + + // Fix second line for the array item. + if ( 1 === $this->tokens[ $first_content_on_line2 ]['column'] + && \T_COMMENT === $this->tokens[ $first_content_on_line2 ]['code'] + ) { + $actual_comment = ltrim( $this->tokens[ $first_content_on_line2 ]['content'] ); + $replacement = $expected_indent_on_line2 . $actual_comment; + + $this->phpcsFile->fixer->replaceToken( $first_content_on_line2, $replacement ); + + } else { + $this->fix_alignment_error( $first_content_on_line2, $expected_indent_on_line2 ); + } + + // Fix subsequent lines. + for ( $i = ( $first_content_on_line2 + 1 ); $i <= $item['end']; $i++ ) { + // We're only interested in the first token on each line. + if ( 1 !== $this->tokens[ $i ]['column'] ) { + if ( $this->tokens[ $i ]['line'] === $this->tokens[ $item['end'] ]['line'] ) { + // We might as well quit if we're past the first token on the last line. + break; + } + continue; + } + + $first_content_on_line = $this->phpcsFile->findNext( + array( \T_WHITESPACE, \T_DOC_COMMENT_WHITESPACE ), + $i, + $end_of_this_item, + true + ); + + if ( false === $first_content_on_line ) { + break; + } + + // Ignore lines with heredoc and nowdoc tokens and subsequent lines in multi-line strings. + if ( true === $this->ignore_token( $first_content_on_line ) ) { + $i = $first_content_on_line; + continue; + } + + $found_spaces_on_line = $this->get_indentation_size( $first_content_on_line ); + $expected_spaces_on_line = ( $expected_spaces_on_line2 + ( $found_spaces_on_line - $found_spaces_on_line2 ) ); + $expected_spaces_on_line = max( $expected_spaces_on_line, 0 ); // Can't be below 0. + $expected_indent_on_line = $this->get_indentation_string( $expected_spaces_on_line ); + + if ( $found_spaces_on_line !== $expected_spaces_on_line ) { + if ( 1 === $this->tokens[ $first_content_on_line ]['column'] + && \T_COMMENT === $this->tokens[ $first_content_on_line ]['code'] + ) { + $actual_comment = ltrim( $this->tokens[ $first_content_on_line ]['content'] ); + $replacement = $expected_indent_on_line . $actual_comment; + + $this->phpcsFile->fixer->replaceToken( $first_content_on_line, $replacement ); + } else { + $this->fix_alignment_error( $first_content_on_line, $expected_indent_on_line ); + } + } + + // Move past any potential empty lines between the previous non-empty line and this one. + // No need to do the fixes twice. + $i = $first_content_on_line; + } + + /* + * Check the placement of the comma after the array item as it might be on a line by itself. + */ + if ( $this->tokens[ $item['end'] ]['line'] !== $this->tokens[ $end_of_this_item ]['line'] + && \T_COMMA === $this->tokens[ $end_of_this_item ]['code'] + && ( $this->tokens[ $end_of_this_item ]['column'] - 1 ) !== $expected_spaces + ) { + $this->add_array_alignment_error( + $end_of_this_item, + 'Comma after array item not aligned correctly; expected %s spaces, but found %s', + 'MultiLineArrayItemCommaNotAligned', + $expected_spaces, + ( $this->tokens[ $end_of_this_item ]['column'] - 1 ), + $expected_indent + ); + } + + $this->phpcsFile->fixer->endChangeset(); + } + } + + $end_of_previous_item = $end_of_this_item; + } + } + + /** + * Should the token be ignored ? + * + * This method is only intended to be used with the first token on a line + * for subsequent lines in an multi-line array item. + * + * @param int $ptr Stack pointer to the first token on a line. + * + * @return bool + */ + protected function ignore_token( $ptr ) { + $token_code = $this->tokens[ $ptr ]['code']; + + if ( isset( $this->ignore_tokens[ $token_code ] ) ) { + return true; + } + + /* + * If it's a subsequent line of a multi-line sting, it will not start with a quote + * character, nor just *be* a quote character. + */ + if ( \T_CONSTANT_ENCAPSED_STRING === $token_code + || \T_DOUBLE_QUOTED_STRING === $token_code + ) { + // Deal with closing quote of a multi-line string being on its own line. + if ( "'" === $this->tokens[ $ptr ]['content'] + || '"' === $this->tokens[ $ptr ]['content'] + ) { + return true; + } + + // Deal with subsequent lines of a multi-line string where the token is broken up per line. + if ( "'" !== $this->tokens[ $ptr ]['content'][0] + && '"' !== $this->tokens[ $ptr ]['content'][0] + ) { + return true; + } + } + + return false; + } + + /** + * Determine the line indentation whitespace. + * + * @param int $ptr Stack pointer to an arbitrary token on a line. + * + * @return int Nr of spaces found. Where necessary, tabs are translated to spaces. + */ + protected function get_indentation_size( $ptr ) { + + // Find the first token on the line. + for ( ; $ptr >= 0; $ptr-- ) { + if ( 1 === $this->tokens[ $ptr ]['column'] ) { + break; + } + } + + $whitespace = ''; + + if ( \T_WHITESPACE === $this->tokens[ $ptr ]['code'] + || \T_DOC_COMMENT_WHITESPACE === $this->tokens[ $ptr ]['code'] + ) { + return $this->tokens[ $ptr ]['length']; + } + + /* + * Special case for multi-line, non-docblock comments. + * Only applicable for subsequent lines in an array item. + * + * First/Single line is tokenized as T_WHITESPACE + T_COMMENT + * Subsequent lines are tokenized as T_COMMENT including the indentation whitespace. + */ + if ( \T_COMMENT === $this->tokens[ $ptr ]['code'] ) { + $content = $this->tokens[ $ptr ]['content']; + $actual_comment = ltrim( $content ); + $whitespace = str_replace( $actual_comment, '', $content ); + } + + return \strlen( $whitespace ); + } + + /** + * Create an indentation string. + * + * @param int $nr Number of spaces the indentation should be. + * + * @return string + */ + protected function get_indentation_string( $nr ) { + if ( 0 >= $nr ) { + return ''; + } + + // Space-based indentation. + if ( false === $this->tabIndent ) { + return str_repeat( ' ', $nr ); + } + + // Tab-based indentation. + $num_tabs = (int) floor( $nr / $this->tab_width ); + $remaining = ( $nr % $this->tab_width ); + $tab_indent = str_repeat( "\t", $num_tabs ); + $tab_indent .= str_repeat( ' ', $remaining ); + + return $tab_indent; + } + + /** + * Throw an error and fix incorrect array alignment. + * + * @param int $ptr Stack pointer to the first content on the line. + * @param string $error Error message. + * @param string $error_code Error code. + * @param int $expected Expected nr of spaces (tabs translated to space value). + * @param int $found Found nr of spaces (tabs translated to space value). + * @param string $new_indent Whitespace indent replacement content. + */ + protected function add_array_alignment_error( $ptr, $error, $error_code, $expected, $found, $new_indent ) { + + $fix = $this->phpcsFile->addFixableError( $error, $ptr, $error_code, array( $expected, $found ) ); + if ( true === $fix ) { + $this->fix_alignment_error( $ptr, $new_indent ); + } + } + + /** + * Fix incorrect array alignment. + * + * @param int $ptr Stack pointer to the first content on the line. + * @param string $new_indent Whitespace indent replacement content. + */ + protected function fix_alignment_error( $ptr, $new_indent ) { + if ( 1 === $this->tokens[ $ptr ]['column'] ) { + $this->phpcsFile->fixer->addContentBefore( $ptr, $new_indent ); + } else { + $this->phpcsFile->fixer->replaceToken( ( $ptr - 1 ), $new_indent ); + } + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Arrays/ArrayKeySpacingRestrictionsSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Arrays/ArrayKeySpacingRestrictionsSniff.php new file mode 100644 index 00000000..6b3203cd --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Arrays/ArrayKeySpacingRestrictionsSniff.php @@ -0,0 +1,192 @@ +tokens[ $stackPtr ]; + if ( ! isset( $token['bracket_closer'] ) ) { + $this->phpcsFile->addWarning( 'Missing bracket closer.', $stackPtr, 'MissingBracketCloser' ); + return; + } + + $need_spaces = $this->phpcsFile->findNext( + array( \T_CONSTANT_ENCAPSED_STRING, \T_LNUMBER, \T_WHITESPACE, \T_MINUS ), + ( $stackPtr + 1 ), + $token['bracket_closer'], + true + ); + + $spaced1 = ( \T_WHITESPACE === $this->tokens[ ( $stackPtr + 1 ) ]['code'] ); + $spaced2 = ( \T_WHITESPACE === $this->tokens[ ( $token['bracket_closer'] - 1 ) ]['code'] ); + + // It should have spaces unless if it only has strings or numbers as the key. + if ( false !== $need_spaces + && ( false === $spaced1 || false === $spaced2 ) + ) { + $error = 'Array keys must be surrounded by spaces unless they contain a string or an integer.'; + $fix = $this->phpcsFile->addFixableError( $error, $stackPtr, 'NoSpacesAroundArrayKeys' ); + if ( true === $fix ) { + if ( ! $spaced1 ) { + $this->phpcsFile->fixer->addContentBefore( ( $stackPtr + 1 ), ' ' ); + } + if ( ! $spaced2 ) { + $this->phpcsFile->fixer->addContentBefore( $token['bracket_closer'], ' ' ); + } + } + } elseif ( false === $need_spaces && ( $spaced1 || $spaced2 ) ) { + $error = 'Array keys must NOT be surrounded by spaces if they only contain a string or an integer.'; + $fix = $this->phpcsFile->addFixableError( $error, $stackPtr, 'SpacesAroundArrayKeys' ); + if ( true === $fix ) { + if ( $spaced1 ) { + $this->phpcsFile->fixer->beginChangeset(); + $this->phpcsFile->fixer->replaceToken( ( $stackPtr + 1 ), '' ); + + for ( $i = ( $stackPtr + 2 ); $i < $token['bracket_closer']; $i++ ) { + if ( \T_WHITESPACE !== $this->tokens[ $i ]['code'] ) { + break; + } + + $this->phpcsFile->fixer->replaceToken( $i, '' ); + } + + $this->phpcsFile->fixer->endChangeset(); + } + if ( $spaced2 ) { + $this->phpcsFile->fixer->beginChangeset(); + $this->phpcsFile->fixer->replaceToken( ( $token['bracket_closer'] - 1 ), '' ); + + for ( $i = ( $token['bracket_closer'] - 2 ); $i > $stackPtr; $i-- ) { + if ( \T_WHITESPACE !== $this->tokens[ $i ]['code'] ) { + break; + } + + $this->phpcsFile->fixer->replaceToken( $i, '' ); + } + + $this->phpcsFile->fixer->endChangeset(); + } + } + } + + // If spaces are needed, check that there is only one space. + if ( false !== $need_spaces && ( $spaced1 || $spaced2 ) ) { + if ( $spaced1 ) { + $ptr = ( $stackPtr + 1 ); + $length = 0; + if ( $this->tokens[ $ptr ]['line'] !== $this->tokens[ ( $ptr + 1 ) ]['line'] ) { + $length = 'newline'; + } else { + $length = $this->tokens[ $ptr ]['length']; + } + + if ( 1 !== $length ) { + $error = 'There should be exactly one space before the array key. Found: %s'; + $data = array( $length ); + $fix = $this->phpcsFile->addFixableError( + $error, + $ptr, + 'TooMuchSpaceBeforeKey', + $data + ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->beginChangeset(); + $this->phpcsFile->fixer->replaceToken( $ptr, ' ' ); + + for ( $i = ( $ptr + 1 ); $i < $token['bracket_closer']; $i++ ) { + if ( \T_WHITESPACE !== $this->tokens[ $i ]['code'] ) { + break; + } + + $this->phpcsFile->fixer->replaceToken( $i, '' ); + } + + $this->phpcsFile->fixer->endChangeset(); + } + } + } + + if ( $spaced2 ) { + $prev_non_empty = $this->phpcsFile->findPrevious( Tokens::$emptyTokens, ( $token['bracket_closer'] - 1 ), null, true ); + $ptr = ( $prev_non_empty + 1 ); + $length = 0; + if ( $this->tokens[ $ptr ]['line'] !== $this->tokens[ $token['bracket_closer'] ]['line'] ) { + $length = 'newline'; + } else { + $length = $this->tokens[ $ptr ]['length']; + } + + if ( 1 !== $length ) { + $error = 'There should be exactly one space after the array key. Found: %s'; + $data = array( $length ); + $fix = $this->phpcsFile->addFixableError( + $error, + $ptr, + 'TooMuchSpaceAfterKey', + $data + ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->beginChangeset(); + $this->phpcsFile->fixer->replaceToken( $ptr, ' ' ); + + for ( $i = ( $ptr + 1 ); $i < $token['bracket_closer']; $i++ ) { + if ( \T_WHITESPACE !== $this->tokens[ $i ]['code'] ) { + break; + } + + $this->phpcsFile->fixer->replaceToken( $i, '' ); + } + + $this->phpcsFile->fixer->endChangeset(); + } + } + } + } + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Arrays/CommaAfterArrayItemSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Arrays/CommaAfterArrayItemSniff.php new file mode 100644 index 00000000..902bc670 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Arrays/CommaAfterArrayItemSniff.php @@ -0,0 +1,313 @@ +tokens[ $stackPtr ]['code'] + && $this->is_short_list( $stackPtr ) + ) { + // Short list, not short array. + return; + } + + /* + * Determine the array opener & closer. + */ + $array_open_close = $this->find_array_open_close( $stackPtr ); + if ( false === $array_open_close ) { + // Array open/close could not be determined. + return; + } + + $opener = $array_open_close['opener']; + $closer = $array_open_close['closer']; + unset( $array_open_close ); + + // This array is empty, so the below checks aren't necessary. + if ( ( $opener + 1 ) === $closer ) { + return; + } + + $single_line = true; + if ( $this->tokens[ $opener ]['line'] !== $this->tokens[ $closer ]['line'] ) { + $single_line = false; + } + + $array_items = $this->get_function_call_parameters( $stackPtr ); + if ( empty( $array_items ) ) { + // Strange, no array items found. + return; + } + + $array_item_count = \count( $array_items ); + + // Note: $item_index is 1-based and the array items are split on the commas! + foreach ( $array_items as $item_index => $item ) { + $maybe_comma = ( $item['end'] + 1 ); + $is_comma = false; + if ( isset( $this->tokens[ $maybe_comma ] ) && \T_COMMA === $this->tokens[ $maybe_comma ]['code'] ) { + $is_comma = true; + } + + /* + * Check if this is a comma at the end of the last item in a single line array. + */ + if ( true === $single_line && $item_index === $array_item_count ) { + + $this->phpcsFile->recordMetric( + $stackPtr, + 'Single line array - comma after last item', + ( true === $is_comma ? 'yes' : 'no' ) + ); + + if ( true === $is_comma ) { + $fix = $this->phpcsFile->addFixableError( + 'Comma not allowed after last value in single-line array declaration', + $maybe_comma, + 'CommaAfterLast' + ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->replaceToken( $maybe_comma, '' ); + } + } + + /* + * No need to do the spacing checks for the last item in a single line array. + * This is handled by another sniff checking the spacing before the array closer. + */ + continue; + } + + $last_content = $this->phpcsFile->findPrevious( + Tokens::$emptyTokens, + $item['end'], + $item['start'], + true + ); + + if ( false === $last_content ) { + // Shouldn't be able to happen, but just in case, ignore this array item. + continue; + } + + /** + * Make sure every item in a multi-line array has a comma at the end. + * + * Should in reality only be triggered by the last item in a multi-line array + * as otherwise we'd have a parse error already. + */ + if ( false === $is_comma && false === $single_line ) { + + $fix = $this->phpcsFile->addFixableError( + 'Each array item in a multi-line array declaration must end in a comma', + $last_content, + 'NoComma' + ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->addContent( $last_content, ',' ); + } + } + + if ( false === $single_line && $item_index === $array_item_count ) { + $this->phpcsFile->recordMetric( + $stackPtr, + 'Multi-line array - comma after last item', + ( true === $is_comma ? 'yes' : 'no' ) + ); + } + + if ( false === $is_comma ) { + // Can't check spacing around the comma if there is no comma. + continue; + } + + /* + * Check for whitespace at the end of the array item. + */ + if ( $last_content !== $item['end'] + // Ignore whitespace at the end of a multi-line item if it is the end of a heredoc/nowdoc. + && ( true === $single_line + || ! isset( Tokens::$heredocTokens[ $this->tokens[ $last_content ]['code'] ] ) ) + ) { + $newlines = 0; + $spaces = 0; + for ( $i = $item['end']; $i > $last_content; $i-- ) { + + if ( \T_WHITESPACE === $this->tokens[ $i ]['code'] ) { + if ( $this->tokens[ $i ]['content'] === $this->phpcsFile->eolChar ) { + $newlines++; + } else { + $spaces += $this->tokens[ $i ]['length']; + } + } elseif ( \T_COMMENT === $this->tokens[ $i ]['code'] + || isset( Tokens::$phpcsCommentTokens[ $this->tokens[ $i ]['code'] ] ) + ) { + break; + } + } + + $space_phrases = array(); + if ( $spaces > 0 ) { + $space_phrases[] = $spaces . ' spaces'; + } + if ( $newlines > 0 ) { + $space_phrases[] = $newlines . ' newlines'; + } + unset( $newlines, $spaces ); + + $fix = $this->phpcsFile->addFixableError( + 'Expected 0 spaces between "%s" and comma; %s found', + $maybe_comma, + 'SpaceBeforeComma', + array( + $this->tokens[ $last_content ]['content'], + implode( ' and ', $space_phrases ), + ) + ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->beginChangeset(); + for ( $i = $item['end']; $i > $last_content; $i-- ) { + + if ( \T_WHITESPACE === $this->tokens[ $i ]['code'] ) { + $this->phpcsFile->fixer->replaceToken( $i, '' ); + + } elseif ( \T_COMMENT === $this->tokens[ $i ]['code'] + || isset( Tokens::$phpcsCommentTokens[ $this->tokens[ $i ]['code'] ] ) + ) { + // We need to move the comma to before the comment. + $this->phpcsFile->fixer->addContent( $last_content, ',' ); + $this->phpcsFile->fixer->replaceToken( $maybe_comma, '' ); + + /* + * No need to worry about removing too much whitespace in + * combination with a `//` comment as in that case, the newline + * is part of the comment, so we're good. + */ + + break; + } + } + $this->phpcsFile->fixer->endChangeset(); + } + } + + if ( ! isset( $this->tokens[ ( $maybe_comma + 1 ) ] ) ) { + // Shouldn't be able to happen, but just in case. + continue; + } + + /* + * Check whitespace after the comma. + */ + $next_token = $this->tokens[ ( $maybe_comma + 1 ) ]; + + if ( \T_WHITESPACE === $next_token['code'] ) { + + if ( false === $single_line && $this->phpcsFile->eolChar === $next_token['content'] ) { + continue; + } + + $next_non_whitespace = $this->phpcsFile->findNext( + \T_WHITESPACE, + ( $maybe_comma + 1 ), + $closer, + true + ); + + if ( false === $next_non_whitespace + || ( false === $single_line + && $this->tokens[ $next_non_whitespace ]['line'] === $this->tokens[ $maybe_comma ]['line'] + && ( \T_COMMENT === $this->tokens[ $next_non_whitespace ]['code'] + || isset( Tokens::$phpcsCommentTokens[ $this->tokens[ $next_non_whitespace ]['code'] ] ) ) ) + ) { + continue; + } + + $space_length = $next_token['length']; + if ( 1 === $space_length ) { + continue; + } + + $fix = $this->phpcsFile->addFixableError( + 'Expected 1 space between comma and "%s"; %s found', + $maybe_comma, + 'SpaceAfterComma', + array( + $this->tokens[ $next_non_whitespace ]['content'], + $space_length, + ) + ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->replaceToken( ( $maybe_comma + 1 ), ' ' ); + } + } else { + // This is either a comment or a mixed single/multi-line array. + // Just add a space and let other sniffs sort out the array layout. + $fix = $this->phpcsFile->addFixableError( + 'Expected 1 space between comma and "%s"; 0 found', + $maybe_comma, + 'NoSpaceAfterComma', + array( $next_token['content'] ) + ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->addContent( $maybe_comma, ' ' ); + } + } + } + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Arrays/MultipleStatementAlignmentSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Arrays/MultipleStatementAlignmentSniff.php new file mode 100644 index 00000000..dc68e4f9 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Arrays/MultipleStatementAlignmentSniff.php @@ -0,0 +1,617 @@ += 60, align at column 60. + * - for the outliers, i.e. the array indexes where the end position + * goes past column 60, it will not align the arrow, the sniff will + * just make sure there is only one space between the end of the + * array index and the double arrow. + * + * The column value is regarded as a hard value, i.e. includes indentation, + * so setting it very low is not a good idea. + * + * @since 0.14.0 + * + * @var int + */ + public $maxColumn = 1000; + + /** + * Whether or not to align the arrow operator for multi-line array items. + * + * Whether or not an item is regarded as multi-line is based on the **value** + * of the item, not the key. + * + * Valid values are: + * - 'always': Default. Align all arrays items regardless of single/multi-line. + * - 'never': Never align array items which span multiple lines. + * This will enforce one space between the array index and the + * double arrow operator for multi-line array items, independently + * of the alignment of the rest of the array items. + * Multi-line items where the arrow is already aligned with the + * "expected" alignment, however, will be left alone. + * - operator : Only align the operator for multi-line arrays items if the + * + number percentage of multi-line items passes the comparison. + * - As it is a percentage, the number has to be between 0 and 100. + * - Supported operators: <, <=, >, >=, ==, =, !=, <> + * - The percentage is calculated against all array items + * (with and without assignment operator). + * - The (new) expected alignment will be calculated based only + * on the items being aligned. + * - Multi-line items where the arrow is already aligned with the + * (new) "expected" alignment, however, will be left alone. + * Examples: + * * Setting this to `!=100` or `<100` means that alignment will + * be enforced, unless *all* array items are multi-line. + * This is probably the most commonly desired situation. + * * Setting this to `=100` means that alignment will only + * be enforced, if *all* array items are multi-line. + * * Setting this to `<50` means that the majority of array items + * need to be single line before alignment is enforced for + * multi-line items in the array. + * * Setting this to `=0` is useless as in that case there are + * no multi-line items in the array anyway. + * + * This setting will respect the `ignoreNewlines` and `maxColumnn` settings. + * + * @since 0.14.0 + * + * @var string|int + */ + public $alignMultilineItems = 'always'; + + /** + * Storage for parsed $alignMultilineItems operator part. + * + * @since 0.14.0 + * + * @var string + */ + private $operator; + + /** + * Storage for parsed $alignMultilineItems numeric part. + * + * Stored as a string as the comparison will be done string based. + * + * @since 0.14.0 + * + * @var string + */ + private $number; + + /** + * Returns an array of tokens this test wants to listen for. + * + * @since 0.14.0 + * + * @return array + */ + public function register() { + return array( + \T_ARRAY, + \T_OPEN_SHORT_ARRAY, + ); + } + + /** + * Processes this test, when one of its tokens is encountered. + * + * @since 0.14.0 + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + public function process_token( $stackPtr ) { + + if ( \T_OPEN_SHORT_ARRAY === $this->tokens[ $stackPtr ]['code'] + && $this->is_short_list( $stackPtr ) + ) { + // Short list, not short array. + return; + } + + /* + * Determine the array opener & closer. + */ + $array_open_close = $this->find_array_open_close( $stackPtr ); + if ( false === $array_open_close ) { + // Array open/close could not be determined. + return; + } + + $opener = $array_open_close['opener']; + $closer = $array_open_close['closer']; + + $array_items = $this->get_function_call_parameters( $stackPtr ); + if ( empty( $array_items ) ) { + return; + } + + // Pass off to either the single line or multi-line array analysis. + if ( $this->tokens[ $opener ]['line'] === $this->tokens[ $closer ]['line'] ) { + return $this->process_single_line_array( $stackPtr, $array_items, $opener, $closer ); + } else { + return $this->process_multi_line_array( $stackPtr, $array_items, $opener, $closer ); + } + } + + /** + * Process a single-line array. + * + * While the WP standard does not allow single line multi-item associative arrays, + * this sniff should function independently of that. + * + * The `WordPress.WhiteSpace.OperatorSpacing` sniff already covers checking that + * there is a space between the array key and the double arrow, but doesn't + * enforce it to be exactly one space for single line arrays. + * That is what this method covers. + * + * @since 0.14.0 + * + * @param int $stackPtr The position of the current token in the stack. + * @param array $items Info array containing information on each array item. + * @param int $opener The position of the array opener. + * @param int $closer The position of the array closer. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + protected function process_single_line_array( $stackPtr, $items, $opener, $closer ) { + /* + * For single line arrays, we don't care about what level the arrow is from. + * Just find and fix them all. + */ + $next_arrow = $this->phpcsFile->findNext( + \T_DOUBLE_ARROW, + ( $opener + 1 ), + $closer + ); + + while ( false !== $next_arrow ) { + if ( \T_WHITESPACE === $this->tokens[ ( $next_arrow - 1 ) ]['code'] ) { + $space_length = $this->tokens[ ( $next_arrow - 1 ) ]['length']; + if ( 1 !== $space_length ) { + $error = 'Expected 1 space between "%s" and double arrow; %s found'; + $data = array( + $this->tokens[ ( $next_arrow - 2 ) ]['content'], + $space_length, + ); + + $fix = $this->phpcsFile->addFixableWarning( $error, $next_arrow, 'SpaceBeforeDoubleArrow', $data ); + if ( true === $fix ) { + $this->phpcsFile->fixer->replaceToken( ( $next_arrow - 1 ), ' ' ); + } + } + } + + // Find the position of the next double arrow. + $next_arrow = $this->phpcsFile->findNext( + \T_DOUBLE_ARROW, + ( $next_arrow + 1 ), + $closer + ); + } + + // Ignore any child-arrays as the double arrows in these will already have been handled. + return ( $closer + 1 ); + } + + /** + * Process a multi-line array. + * + * @since 0.14.0 + * + * @param int $stackPtr The position of the current token in the stack. + * @param array $items Info array containing information on each array item. + * @param int $opener The position of the array opener. + * @param int $closer The position of the array closer. + * + * @return void + */ + protected function process_multi_line_array( $stackPtr, $items, $opener, $closer ) { + + $this->maxColumn = (int) $this->maxColumn; + $this->validate_align_multiline_items(); + + /* + * Determine what the spacing before the arrow should be. + * + * Will unset any array items without double arrow and with new line whitespace + * if newlines are to be ignored, so the second foreach loop only has to deal + * with items which need attention. + * + * This sniff does not take incorrect indentation of array keys into account. + * That's for the `WordPress.Arrays.ArrayIndentation` sniff to fix. + * If that would affect the alignment, a second (or third) loop of the fixer + * will correct it (again) after the indentation has been fixed. + */ + $index_end_cols = array(); // Keep track of the end column position of index keys. + $double_arrow_cols = array(); // Keep track of arrow column position and count. + $multi_line_count = 0; + $total_items = \count( $items ); + + foreach ( $items as $key => $item ) { + if ( strpos( $item['raw'], '=>' ) === false ) { + // Ignore items without assignment operators. + unset( $items[ $key ] ); + continue; + } + + // Find the position of the first double arrow. + $double_arrow = $this->phpcsFile->findNext( + \T_DOUBLE_ARROW, + $item['start'], + ( $item['end'] + 1 ) + ); + + if ( false === $double_arrow ) { + // Shouldn't happen, just in case. + unset( $items[ $key ] ); + continue; + } + + // Make sure the arrow is for this item and not for a nested array value assignment. + $has_array_opener = $this->phpcsFile->findNext( + $this->register(), + $item['start'], + $double_arrow + ); + + if ( false !== $has_array_opener ) { + // Double arrow is for a nested array. + unset( $items[ $key ] ); + continue; + } + + // Find the end of the array key. + $last_index_token = $this->phpcsFile->findPrevious( + \T_WHITESPACE, + ( $double_arrow - 1 ), + $item['start'], + true + ); + + if ( false === $last_index_token ) { + // Shouldn't happen, but just in case. + unset( $items[ $key ] ); + continue; + } + + if ( true === $this->ignoreNewlines + && $this->tokens[ $last_index_token ]['line'] !== $this->tokens[ $double_arrow ]['line'] + ) { + // Ignore this item as it has a new line between the item key and the double arrow. + unset( $items[ $key ] ); + continue; + } + + $index_end_position = ( $this->tokens[ $last_index_token ]['column'] + ( $this->tokens[ $last_index_token ]['length'] - 1 ) ); + $items[ $key ]['operatorPtr'] = $double_arrow; + $items[ $key ]['last_index_token'] = $last_index_token; + $items[ $key ]['last_index_col'] = $index_end_position; + + if ( $this->tokens[ $last_index_token ]['line'] === $this->tokens[ $item['end'] ]['line'] ) { + $items[ $key ]['single_line'] = true; + } else { + $items[ $key ]['single_line'] = false; + $multi_line_count++; + } + + if ( ( $index_end_position + 2 ) <= $this->maxColumn ) { + $index_end_cols[] = $index_end_position; + } + + if ( ! isset( $double_arrow_cols[ $this->tokens[ $double_arrow ]['column'] ] ) ) { + $double_arrow_cols[ $this->tokens[ $double_arrow ]['column'] ] = 1; + } else { + $double_arrow_cols[ $this->tokens[ $double_arrow ]['column'] ]++; + } + } + unset( $key, $item, $double_arrow, $has_array_opener, $last_index_token ); + + if ( empty( $items ) || empty( $index_end_cols ) ) { + // No actionable array items found. + return; + } + + /* + * Determine whether the operators for multi-line items should be aligned. + */ + if ( 'always' === $this->alignMultilineItems ) { + $alignMultilineItems = true; + } elseif ( 'never' === $this->alignMultilineItems ) { + $alignMultilineItems = false; + } else { + $percentage = (string) round( ( $multi_line_count / $total_items ) * 100, 0 ); + + // Bit hacky, but this is the only comparison function in PHP which allows to + // pass the comparison operator. And hey, it works ;-). + $alignMultilineItems = version_compare( $percentage, $this->number, $this->operator ); + } + + /* + * If necessary, rebuild the $index_end_cols and $double_arrow_cols arrays + * excluding multi-line items. + */ + if ( false === $alignMultilineItems ) { + $select_index_end_cols = array(); + $double_arrow_cols = array(); + + foreach ( $items as $item ) { + if ( false === $item['single_line'] ) { + continue; + } + + if ( ( $item['last_index_col'] + 2 ) <= $this->maxColumn ) { + $select_index_end_cols[] = $item['last_index_col']; + } + + if ( ! isset( $double_arrow_cols[ $this->tokens[ $item['operatorPtr'] ]['column'] ] ) ) { + $double_arrow_cols[ $this->tokens[ $item['operatorPtr'] ]['column'] ] = 1; + } else { + $double_arrow_cols[ $this->tokens[ $item['operatorPtr'] ]['column'] ]++; + } + } + } + + /* + * Determine the expected position of the double arrows. + */ + if ( ! empty( $select_index_end_cols ) ) { + $max_index_width = max( $select_index_end_cols ); + } else { + $max_index_width = max( $index_end_cols ); + } + + $expected_col = ( $max_index_width + 2 ); + + if ( false === $this->exact && ! empty( $double_arrow_cols ) ) { + /* + * If the alignment does not have to be exact, see if a majority + * group of the arrows is already at an acceptable position. + */ + arsort( $double_arrow_cols, \SORT_NUMERIC ); + reset( $double_arrow_cols ); + $count = current( $double_arrow_cols ); + + if ( $count > 1 || ( 1 === $count && \count( $items ) === 1 ) ) { + // Allow for several groups of arrows having the same $count. + $filtered_double_arrow_cols = array_keys( $double_arrow_cols, $count, true ); + + foreach ( $filtered_double_arrow_cols as $col ) { + if ( $col > $expected_col && $col <= $this->maxColumn ) { + $expected_col = $col; + break; + } + } + } + } + unset( $max_index_width, $count, $filtered_double_arrow_cols, $col ); + + /* + * Verify and correct the spacing around the double arrows. + */ + foreach ( $items as $item ) { + if ( $this->tokens[ $item['operatorPtr'] ]['column'] === $expected_col + && $this->tokens[ $item['operatorPtr'] ]['line'] === $this->tokens[ $item['last_index_token'] ]['line'] + ) { + // Already correctly aligned. + continue; + } + + if ( \T_WHITESPACE !== $this->tokens[ ( $item['operatorPtr'] - 1 ) ]['code'] ) { + $before = 0; + } else { + if ( $this->tokens[ $item['last_index_token'] ]['line'] !== $this->tokens[ $item['operatorPtr'] ]['line'] ) { + $before = 'newline'; + } else { + $before = $this->tokens[ ( $item['operatorPtr'] - 1 ) ]['length']; + } + } + + /* + * Deal with index sizes larger than maxColumn and with multi-line + * array items which should not be aligned. + */ + if ( ( $item['last_index_col'] + 2 ) > $this->maxColumn + || ( false === $alignMultilineItems && false === $item['single_line'] ) + ) { + + if ( ( $item['last_index_col'] + 2 ) === $this->tokens[ $item['operatorPtr'] ]['column'] + && $this->tokens[ $item['operatorPtr'] ]['line'] === $this->tokens[ $item['last_index_token'] ]['line'] + ) { + // MaxColumn/Multi-line item exception, already correctly aligned. + continue; + } + + $prefix = 'LongIndex'; + if ( false === $alignMultilineItems && false === $item['single_line'] ) { + $prefix = 'MultilineItem'; + } + + $error_code = $prefix . 'SpaceBeforeDoubleArrow'; + if ( 0 === $before ) { + $error_code = $prefix . 'NoSpaceBeforeDoubleArrow'; + } + + $fix = $this->phpcsFile->addFixableWarning( + 'Expected 1 space between "%s" and double arrow; %s found.', + $item['operatorPtr'], + $error_code, + array( + $this->tokens[ $item['last_index_token'] ]['content'], + $before, + ) + ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->beginChangeset(); + + // Remove whitespace tokens between the end of the index and the arrow, if any. + for ( $i = ( $item['last_index_token'] + 1 ); $i < $item['operatorPtr']; $i++ ) { + $this->phpcsFile->fixer->replaceToken( $i, '' ); + } + + // Add the correct whitespace. + $this->phpcsFile->fixer->addContent( $item['last_index_token'], ' ' ); + + $this->phpcsFile->fixer->endChangeset(); + } + continue; + } + + /* + * Deal with the space before double arrows in all other cases. + */ + $expected_whitespace = $expected_col - ( $this->tokens[ $item['last_index_token'] ]['column'] + $this->tokens[ $item['last_index_token'] ]['length'] ); + + $fix = $this->phpcsFile->addFixableWarning( + 'Array double arrow not aligned correctly; expected %s space(s) between "%s" and double arrow, but found %s.', + $item['operatorPtr'], + 'DoubleArrowNotAligned', + array( + $expected_whitespace, + $this->tokens[ $item['last_index_token'] ]['content'], + $before, + ) + ); + + if ( true === $fix ) { + if ( 0 === $before || 'newline' === $before ) { + $this->phpcsFile->fixer->beginChangeset(); + + // Remove whitespace tokens between the end of the index and the arrow, if any. + for ( $i = ( $item['last_index_token'] + 1 ); $i < $item['operatorPtr']; $i++ ) { + $this->phpcsFile->fixer->replaceToken( $i, '' ); + } + + // Add the correct whitespace. + $this->phpcsFile->fixer->addContent( + $item['last_index_token'], + str_repeat( ' ', $expected_whitespace ) + ); + + $this->phpcsFile->fixer->endChangeset(); + } elseif ( $expected_whitespace > $before ) { + // Add to the existing whitespace to prevent replacing tabs with spaces. + // That's the concern of another sniff. + $this->phpcsFile->fixer->addContent( + ( $item['operatorPtr'] - 1 ), + str_repeat( ' ', ( $expected_whitespace - $before ) ) + ); + } else { + // Too much whitespace found. + $this->phpcsFile->fixer->replaceToken( + ( $item['operatorPtr'] - 1 ), + str_repeat( ' ', $expected_whitespace ) + ); + } + } + } + } + + /** + * Validate that a valid value has been received for the alignMultilineItems property. + * + * This message may be thrown more than once if the property is being changed inline in a file. + * + * @since 0.14.0 + */ + protected function validate_align_multiline_items() { + $alignMultilineItems = $this->alignMultilineItems; + + if ( 'always' === $alignMultilineItems || 'never' === $alignMultilineItems ) { + return; + } else { + // Correct for a potentially added % sign. + $alignMultilineItems = rtrim( $alignMultilineItems, '%' ); + + if ( preg_match( '`^([=<>!]{1,2})(100|[0-9]{1,2})$`', $alignMultilineItems, $matches ) > 0 ) { + $operator = $matches[1]; + $number = (int) $matches[2]; + + if ( \in_array( $operator, array( '<', '<=', '>', '>=', '==', '=', '!=', '<>' ), true ) === true + && ( $number >= 0 && $number <= 100 ) + ) { + $this->alignMultilineItems = $alignMultilineItems; + $this->number = (string) $number; + $this->operator = $operator; + return; + } + } + } + + $this->phpcsFile->addError( + 'Invalid property value passed: "%s". The value for the "alignMultilineItems" property for the "WordPress.Arrays.MultipleStatementAlignment" sniff should be either "always", "never" or an comparison operator + a number between 0 and 100.', + 0, + 'InvalidPropertyPassed', + array( $this->alignMultilineItems ) + ); + + // Reset to the default if an invalid value was received. + $this->alignMultilineItems = 'always'; + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Classes/ClassInstantiationSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Classes/ClassInstantiationSniff.php new file mode 100644 index 00000000..3572fbee --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Classes/ClassInstantiationSniff.php @@ -0,0 +1,204 @@ +classname_tokens = Tokens::$emptyTokens; + $this->classname_tokens[ \T_NS_SEPARATOR ] = \T_NS_SEPARATOR; + $this->classname_tokens[ \T_STRING ] = \T_STRING; + $this->classname_tokens[ \T_SELF ] = \T_SELF; + $this->classname_tokens[ \T_STATIC ] = \T_STATIC; + $this->classname_tokens[ \T_PARENT ] = \T_PARENT; + $this->classname_tokens[ \T_ANON_CLASS ] = \T_ANON_CLASS; + + // Classname in a variable. + $this->classname_tokens[ \T_VARIABLE ] = \T_VARIABLE; + $this->classname_tokens[ \T_DOUBLE_COLON ] = \T_DOUBLE_COLON; + $this->classname_tokens[ \T_OBJECT_OPERATOR ] = \T_OBJECT_OPERATOR; + $this->classname_tokens[ \T_OPEN_SQUARE_BRACKET ] = \T_OPEN_SQUARE_BRACKET; + $this->classname_tokens[ \T_CLOSE_SQUARE_BRACKET ] = \T_CLOSE_SQUARE_BRACKET; + $this->classname_tokens[ \T_CONSTANT_ENCAPSED_STRING ] = \T_CONSTANT_ENCAPSED_STRING; + $this->classname_tokens[ \T_LNUMBER ] = \T_LNUMBER; + + return array( + \T_NEW, + \T_STRING, // JS. + ); + } + + /** + * Processes this test, when one of its tokens is encountered. + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return void + */ + public function process_token( $stackPtr ) { + // Make sure we have the right token, JS vs PHP. + if ( ( 'PHP' === $this->phpcsFile->tokenizerType && \T_NEW !== $this->tokens[ $stackPtr ]['code'] ) + || ( 'JS' === $this->phpcsFile->tokenizerType + && ( \T_STRING !== $this->tokens[ $stackPtr ]['code'] + || 'new' !== strtolower( $this->tokens[ $stackPtr ]['content'] ) ) ) + ) { + return; + } + + /* + * Check for new by reference used in PHP files. + */ + if ( 'PHP' === $this->phpcsFile->tokenizerType ) { + $prev_non_empty = $this->phpcsFile->findPrevious( + Tokens::$emptyTokens, + ( $stackPtr - 1 ), + null, + true + ); + + if ( false !== $prev_non_empty && 'T_BITWISE_AND' === $this->tokens[ $prev_non_empty ]['type'] ) { + $this->phpcsFile->recordMetric( $stackPtr, 'Assigning new by reference', 'yes' ); + + $this->phpcsFile->addError( + 'Assigning the return value of new by reference is no longer supported by PHP.', + $stackPtr, + 'NewByReferenceFound' + ); + } else { + $this->phpcsFile->recordMetric( $stackPtr, 'Assigning new by reference', 'no' ); + } + } + + /* + * Check for parenthesis & correct placement thereof. + */ + $next_non_empty_after_class_name = $this->phpcsFile->findNext( + $this->classname_tokens, + ( $stackPtr + 1 ), + null, + true, + null, + true + ); + + if ( false === $next_non_empty_after_class_name ) { + // Live coding. + return; + } + + // Walk back to the last part of the class name. + $has_comment = false; + for ( $classname_ptr = ( $next_non_empty_after_class_name - 1 ); $classname_ptr >= $stackPtr; $classname_ptr-- ) { + if ( ! isset( Tokens::$emptyTokens[ $this->tokens[ $classname_ptr ]['code'] ] ) ) { + // Prevent a false positive on variable variables, disregard them for now. + if ( $stackPtr === $classname_ptr ) { + return; + } + + break; + } + + if ( \T_WHITESPACE !== $this->tokens[ $classname_ptr ]['code'] ) { + $has_comment = true; + } + } + + if ( \T_OPEN_PARENTHESIS !== $this->tokens[ $next_non_empty_after_class_name ]['code'] ) { + $this->phpcsFile->recordMetric( $stackPtr, 'Object instantiation with parenthesis', 'no' ); + + $fix = $this->phpcsFile->addFixableError( + 'Parenthesis should always be used when instantiating a new object.', + $classname_ptr, + 'MissingParenthesis' + ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->addContent( $classname_ptr, '()' ); + } + } else { + $this->phpcsFile->recordMetric( $stackPtr, 'Object instantiation with parenthesis', 'yes' ); + + if ( ( $next_non_empty_after_class_name - 1 ) !== $classname_ptr ) { + $this->phpcsFile->recordMetric( + $stackPtr, + 'Space between classname and parenthesis', + ( $next_non_empty_after_class_name - $classname_ptr ) + ); + + $error = 'There must be no spaces between the class name and the open parenthesis when instantiating a new object.'; + $error_code = 'SpaceBeforeParenthesis'; + + if ( false === $has_comment ) { + $fix = $this->phpcsFile->addFixableError( $error, $next_non_empty_after_class_name, $error_code ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->beginChangeset(); + for ( $i = ( $next_non_empty_after_class_name - 1 ); $i > $classname_ptr; $i-- ) { + $this->phpcsFile->fixer->replaceToken( $i, '' ); + } + $this->phpcsFile->fixer->endChangeset(); + } + } else { + $this->phpcsFile->addError( $error, $next_non_empty_after_class_name, $error_code ); + } + } else { + $this->phpcsFile->recordMetric( $stackPtr, 'Space between classname and parenthesis', 0 ); + } + } + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/CodeAnalysis/AssignmentInConditionSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/CodeAnalysis/AssignmentInConditionSniff.php new file mode 100644 index 00000000..bf5879b8 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/CodeAnalysis/AssignmentInConditionSniff.php @@ -0,0 +1,235 @@ +assignment_tokens = Tokens::$assignmentTokens; + unset( $this->assignment_tokens[ \T_DOUBLE_ARROW ] ); + + $starters = Tokens::$booleanOperators; + $starters[ \T_SEMICOLON ] = \T_SEMICOLON; + $starters[ \T_OPEN_PARENTHESIS ] = \T_OPEN_PARENTHESIS; + $starters[ \T_INLINE_ELSE ] = \T_INLINE_ELSE; + + $this->condition_start_tokens = $starters; + + return array( + \T_IF, + \T_ELSEIF, + \T_FOR, + \T_SWITCH, + \T_CASE, + \T_WHILE, + \T_INLINE_THEN, + ); + } + + /** + * Processes this test, when one of its tokens is encountered. + * + * @since 0.14.0 + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return void + */ + public function process_token( $stackPtr ) { + + $token = $this->tokens[ $stackPtr ]; + + // Find the condition opener/closer. + if ( \T_FOR === $token['code'] ) { + if ( isset( $token['parenthesis_opener'], $token['parenthesis_closer'] ) === false ) { + return; + } + + $semicolon = $this->phpcsFile->findNext( \T_SEMICOLON, ( $token['parenthesis_opener'] + 1 ), $token['parenthesis_closer'] ); + if ( false === $semicolon ) { + return; + } + + $opener = $semicolon; + $semicolon = $this->phpcsFile->findNext( \T_SEMICOLON, ( $opener + 1 ), $token['parenthesis_closer'] ); + if ( false === $semicolon ) { + return; + } + + $closer = $semicolon; + unset( $semicolon ); + + } elseif ( \T_CASE === $token['code'] ) { + if ( isset( $token['scope_opener'] ) === false ) { + return; + } + + $opener = $stackPtr; + $closer = $token['scope_opener']; + + } elseif ( \T_INLINE_THEN === $token['code'] ) { + // Check if the condition for the ternary is bracketed. + $prev = $this->phpcsFile->findPrevious( Tokens::$emptyTokens, ( $stackPtr - 1 ), null, true ); + if ( false === $prev ) { + // Shouldn't happen, but in that case we don't have anything to examine anyway. + return; + } + + if ( \T_CLOSE_PARENTHESIS === $this->tokens[ $prev ]['code'] ) { + if ( ! isset( $this->tokens[ $prev ]['parenthesis_opener'] ) ) { + return; + } + + $opener = $this->tokens[ $prev ]['parenthesis_opener']; + $closer = $prev; + } elseif ( isset( $token['nested_parenthesis'] ) ) { + $closer = end( $token['nested_parenthesis'] ); + $opener = key( $token['nested_parenthesis'] ); + + $next_statement_closer = $this->phpcsFile->findEndOfStatement( $stackPtr, array( \T_COLON, \T_CLOSE_PARENTHESIS, \T_CLOSE_SQUARE_BRACKET ) ); + if ( false !== $next_statement_closer && $next_statement_closer < $closer ) { + // Parentheses are unrelated to the ternary. + return; + } + + $prev_statement_closer = $this->phpcsFile->findStartOfStatement( $stackPtr, array( \T_COLON, \T_OPEN_PARENTHESIS, \T_OPEN_SQUARE_BRACKET ) ); + if ( false !== $prev_statement_closer && $opener < $prev_statement_closer ) { + // Parentheses are unrelated to the ternary. + return; + } + + if ( $closer > $stackPtr ) { + $closer = $stackPtr; + } + } else { + // No parenthesis found, can't determine where the conditional part of the ternary starts. + return; + } + } else { + if ( isset( $token['parenthesis_opener'], $token['parenthesis_closer'] ) === false ) { + return; + } + + $opener = $token['parenthesis_opener']; + $closer = $token['parenthesis_closer']; + } + + $startPos = $opener; + + do { + $hasAssignment = $this->phpcsFile->findNext( $this->assignment_tokens, ( $startPos + 1 ), $closer ); + if ( false === $hasAssignment ) { + return; + } + + // Examine whether the left side is a variable. + $hasVariable = false; + $conditionStart = $startPos; + $altConditionStart = $this->phpcsFile->findPrevious( + $this->condition_start_tokens, + ( $hasAssignment - 1 ), + $startPos + ); + if ( false !== $altConditionStart ) { + $conditionStart = $altConditionStart; + } + + for ( $i = $hasAssignment; $i > $conditionStart; $i-- ) { + if ( isset( Tokens::$emptyTokens[ $this->tokens[ $i ]['code'] ] ) ) { + continue; + } + + // If this is a variable or array, we've seen all we need to see. + if ( \T_VARIABLE === $this->tokens[ $i ]['code'] + || \T_CLOSE_SQUARE_BRACKET === $this->tokens[ $i ]['code'] + ) { + $hasVariable = true; + break; + } + + // If this is a function call or something, we are OK. + if ( \T_CLOSE_PARENTHESIS === $this->tokens[ $i ]['code'] ) { + break; + } + } + + if ( true === $hasVariable ) { + $errorCode = 'Found'; + if ( \T_WHILE === $token['code'] ) { + $errorCode = 'FoundInWhileCondition'; + } elseif ( \T_INLINE_THEN === $token['code'] ) { + $errorCode = 'FoundInTernaryCondition'; + } + + $this->phpcsFile->addWarning( + 'Variable assignment found within a condition. Did you mean to do a comparison?', + $hasAssignment, + $errorCode + ); + } else { + $this->phpcsFile->addWarning( + 'Assignment found within a condition. Did you mean to do a comparison?', + $hasAssignment, + 'NonVariableAssignmentFound' + ); + } + + $startPos = $hasAssignment; + + } while ( $startPos < $closer ); + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/CodeAnalysis/EmptyStatementSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/CodeAnalysis/EmptyStatementSniff.php new file mode 100644 index 00000000..21e22014 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/CodeAnalysis/EmptyStatementSniff.php @@ -0,0 +1,161 @@ +tokens[ $stackPtr ]['type'] ) { + /* + * Detect `something();;`. + */ + case 'T_SEMICOLON': + $prevNonEmpty = $this->phpcsFile->findPrevious( + Tokens::$emptyTokens, + ( $stackPtr - 1 ), + null, + true + ); + + if ( false === $prevNonEmpty + || ( \T_SEMICOLON !== $this->tokens[ $prevNonEmpty ]['code'] + && \T_OPEN_TAG !== $this->tokens[ $prevNonEmpty ]['code'] + && \T_OPEN_TAG_WITH_ECHO !== $this->tokens[ $prevNonEmpty ]['code'] ) + ) { + return; + } + + if ( isset( $this->tokens[ $stackPtr ]['nested_parenthesis'] ) ) { + $nested = $this->tokens[ $stackPtr ]['nested_parenthesis']; + $last_closer = array_pop( $nested ); + if ( isset( $this->tokens[ $last_closer ]['parenthesis_owner'] ) + && \T_FOR === $this->tokens[ $this->tokens[ $last_closer ]['parenthesis_owner'] ]['code'] + ) { + // Empty for() condition. + return; + } + } + + $fix = $this->phpcsFile->addFixableWarning( + 'Empty PHP statement detected: superfluous semi-colon.', + $stackPtr, + 'SemicolonWithoutCodeDetected' + ); + if ( true === $fix ) { + $this->phpcsFile->fixer->beginChangeset(); + + if ( \T_OPEN_TAG === $this->tokens[ $prevNonEmpty ]['code'] + || \T_OPEN_TAG_WITH_ECHO === $this->tokens[ $prevNonEmpty ]['code'] + ) { + /* + * Check for superfluous whitespace after the semi-colon which will be + * removed as the `tokens[ ( $stackPtr + 1 ) ]['code'] ) { + $replacement = str_replace( ' ', '', $this->tokens[ ( $stackPtr + 1 ) ]['content'] ); + $this->phpcsFile->fixer->replaceToken( ( $stackPtr + 1 ), $replacement ); + } + } + + for ( $i = $stackPtr; $i > $prevNonEmpty; $i-- ) { + if ( \T_SEMICOLON !== $this->tokens[ $i ]['code'] + && \T_WHITESPACE !== $this->tokens[ $i ]['code'] + ) { + break; + } + $this->phpcsFile->fixer->replaceToken( $i, '' ); + } + + $this->phpcsFile->fixer->endChangeset(); + } + break; + + /* + * Detect ``. + */ + case 'T_CLOSE_TAG': + $prevNonEmpty = $this->phpcsFile->findPrevious( + \T_WHITESPACE, + ( $stackPtr - 1 ), + null, + true + ); + + if ( false === $prevNonEmpty + || ( \T_OPEN_TAG !== $this->tokens[ $prevNonEmpty ]['code'] + && \T_OPEN_TAG_WITH_ECHO !== $this->tokens[ $prevNonEmpty ]['code'] ) + ) { + return; + } + + $fix = $this->phpcsFile->addFixableWarning( + 'Empty PHP open/close tag combination detected.', + $prevNonEmpty, + 'EmptyPHPOpenCloseTagsDetected' + ); + if ( true === $fix ) { + $this->phpcsFile->fixer->beginChangeset(); + for ( $i = $prevNonEmpty; $i <= $stackPtr; $i++ ) { + $this->phpcsFile->fixer->replaceToken( $i, '' ); + } + $this->phpcsFile->fixer->endChangeset(); + } + break; + + default: + /* Deliberately left empty. */ + break; + } + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/CodeAnalysis/EscapedNotTranslatedSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/CodeAnalysis/EscapedNotTranslatedSniff.php new file mode 100644 index 00000000..5a7af877 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/CodeAnalysis/EscapedNotTranslatedSniff.php @@ -0,0 +1,90 @@ + => + */ + protected $target_functions = array( + 'esc_html' => 'esc_html__', + 'esc_attr' => 'esc_attr__', + ); + + /** + * Process the parameters of a matched function. + * + * @since 2.2.0 + * + * @param int $stackPtr The position of the current token in the stack. + * @param string $group_name The name of the group which was matched. + * @param string $matched_content The token content (function name) which was matched. + * @param array $parameters Array with information about the parameters. + * + * @return void + */ + public function process_parameters( $stackPtr, $group_name, $matched_content, $parameters ) { + if ( \count( $parameters ) === 1 ) { + return; + } + + /* + * We already know that there will be a valid open+close parenthesis, otherwise the sniff + * would have bowed out long before. + */ + $opener = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $stackPtr + 1 ), null, true ); + $closer = $this->tokens[ $opener ]['parenthesis_closer']; + + $data = array( + $matched_content, + $this->target_functions[ $matched_content ], + $this->phpcsFile->getTokensAsString( $stackPtr, ( $closer - $stackPtr + 1 ) ), + ); + + $this->phpcsFile->addWarning( + '%s() expects only one parameter. Did you mean to use %s() ? Found: %s', + $stackPtr, + 'Found', + $data + ); + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/DB/DirectDatabaseQuerySniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/DB/DirectDatabaseQuerySniff.php new file mode 100644 index 00000000..583e9d9c --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/DB/DirectDatabaseQuerySniff.php @@ -0,0 +1,265 @@ + array(), + 'cacheset' => array(), + 'cachedelete' => array(), + ); + + /** + * The lists of $wpdb methods. + * + * @since 0.6.0 + * @since 0.11.0 Changed from static to non-static. + * + * @var array[] + */ + protected $methods = array( + 'cachable' => array( + 'delete' => true, + 'get_var' => true, + 'get_col' => true, + 'get_row' => true, + 'get_results' => true, + 'query' => true, + 'replace' => true, + 'update' => true, + ), + 'noncachable' => array( + 'insert' => true, + ), + ); + + /** + * Returns an array of tokens this test wants to listen for. + * + * @return array + */ + public function register() { + return array( + \T_VARIABLE, + ); + } + + /** + * Processes this test, when one of its tokens is encountered. + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + public function process_token( $stackPtr ) { + + // Check for $wpdb variable. + if ( '$wpdb' !== $this->tokens[ $stackPtr ]['content'] ) { + return; + } + + $is_object_call = $this->phpcsFile->findNext( \T_OBJECT_OPERATOR, ( $stackPtr + 1 ), null, false, null, true ); + if ( false === $is_object_call ) { + return; // This is not a call to the wpdb object. + } + + $methodPtr = $this->phpcsFile->findNext( array( \T_WHITESPACE ), ( $is_object_call + 1 ), null, true, null, true ); + $method = $this->tokens[ $methodPtr ]['content']; + + $this->mergeFunctionLists(); + + if ( ! isset( $this->methods['all'][ $method ] ) ) { + return; + } + + $endOfStatement = $this->phpcsFile->findNext( \T_SEMICOLON, ( $stackPtr + 1 ), null, false, null, true ); + $endOfLineComment = ''; + for ( $i = ( $endOfStatement + 1 ); $i < $this->phpcsFile->numTokens; $i++ ) { + + if ( $this->tokens[ $i ]['line'] !== $this->tokens[ $endOfStatement ]['line'] ) { + break; + } + + if ( \T_COMMENT === $this->tokens[ $i ]['code'] ) { + $endOfLineComment .= $this->tokens[ $i ]['content']; + } + } + + $whitelisted_db_call = false; + if ( preg_match( '/db call\W*(?:ok|pass|clear|whitelist)/i', $endOfLineComment ) ) { + $whitelisted_db_call = true; + } + + // Check for Database Schema Changes. + for ( $_pos = ( $stackPtr + 1 ); $_pos < $endOfStatement; $_pos++ ) { + $_pos = $this->phpcsFile->findNext( Tokens::$textStringTokens, $_pos, $endOfStatement, false, null, true ); + if ( false === $_pos ) { + break; + } + + if ( preg_match( '#\b(?:ALTER|CREATE|DROP)\b#i', $this->tokens[ $_pos ]['content'] ) > 0 ) { + $this->phpcsFile->addWarning( 'Attempting a database schema change is discouraged.', $_pos, 'SchemaChange' ); + } + } + + // Flag instance if not whitelisted. + if ( ! $whitelisted_db_call ) { + $this->phpcsFile->addWarning( 'Usage of a direct database call is discouraged.', $stackPtr, 'DirectQuery' ); + } + + if ( ! isset( $this->methods['cachable'][ $method ] ) ) { + return $endOfStatement; + } + + $whitelisted_cache = false; + $cached = false; + $wp_cache_get = false; + if ( preg_match( '/cache\s+(?:ok|pass|clear|whitelist)/i', $endOfLineComment ) ) { + $whitelisted_cache = true; + } + if ( ! $whitelisted_cache && ! empty( $this->tokens[ $stackPtr ]['conditions'] ) ) { + $scope_function = $this->phpcsFile->getCondition( $stackPtr, \T_FUNCTION ); + + if ( false === $scope_function ) { + $scope_function = $this->phpcsFile->getCondition( $stackPtr, \T_CLOSURE ); + } + + if ( false !== $scope_function ) { + $scopeStart = $this->tokens[ $scope_function ]['scope_opener']; + $scopeEnd = $this->tokens[ $scope_function ]['scope_closer']; + + for ( $i = ( $scopeStart + 1 ); $i < $scopeEnd; $i++ ) { + if ( \T_STRING === $this->tokens[ $i ]['code'] ) { + + if ( isset( $this->cacheDeleteFunctions[ $this->tokens[ $i ]['content'] ] ) ) { + + if ( \in_array( $method, array( 'query', 'update', 'replace', 'delete' ), true ) ) { + $cached = true; + break; + } + } elseif ( isset( $this->cacheGetFunctions[ $this->tokens[ $i ]['content'] ] ) ) { + + $wp_cache_get = true; + + } elseif ( isset( $this->cacheSetFunctions[ $this->tokens[ $i ]['content'] ] ) ) { + + if ( $wp_cache_get ) { + $cached = true; + break; + } + } + } + } + } + } + + if ( ! $cached && ! $whitelisted_cache ) { + $message = 'Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().'; + $this->phpcsFile->addWarning( $message, $stackPtr, 'NoCaching' ); + } + + return $endOfStatement; + } + + /** + * Merge custom functions provided via a custom ruleset with the defaults, if we haven't already. + * + * @since 0.11.0 Split out from the `process()` method. + * + * @return void + */ + protected function mergeFunctionLists() { + if ( ! isset( $this->methods['all'] ) ) { + $this->methods['all'] = array_merge( $this->methods['cachable'], $this->methods['noncachable'] ); + } + + if ( $this->customCacheGetFunctions !== $this->addedCustomFunctions['cacheget'] ) { + $this->cacheGetFunctions = $this->merge_custom_array( + $this->customCacheGetFunctions, + $this->cacheGetFunctions + ); + + $this->addedCustomFunctions['cacheget'] = $this->customCacheGetFunctions; + } + + if ( $this->customCacheSetFunctions !== $this->addedCustomFunctions['cacheset'] ) { + $this->cacheSetFunctions = $this->merge_custom_array( + $this->customCacheSetFunctions, + $this->cacheSetFunctions + ); + + $this->addedCustomFunctions['cacheset'] = $this->customCacheSetFunctions; + } + + if ( $this->customCacheDeleteFunctions !== $this->addedCustomFunctions['cachedelete'] ) { + $this->cacheDeleteFunctions = $this->merge_custom_array( + $this->customCacheDeleteFunctions, + $this->cacheDeleteFunctions + ); + + $this->addedCustomFunctions['cachedelete'] = $this->customCacheDeleteFunctions; + } + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/DB/PreparedSQLPlaceholdersSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/DB/PreparedSQLPlaceholdersSniff.php new file mode 100644 index 00000000..8f184c6b --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/DB/PreparedSQLPlaceholdersSniff.php @@ -0,0 +1,661 @@ +prepare method. + * + * Check the following issues: + * - The only placeholders supported are: %d, %f (%F) and %s and their variations. + * - Literal % signs need to be properly escaped as `%%`. + * - Simple placeholders (%d, %f, %F, %s) should be left unquoted in the query string. + * - Complex placeholders - numbered and formatted variants - will not be quoted + * automagically by $wpdb->prepare(), so if used for values, should be quoted in + * the query string. + * - Either an array of replacements should be passed matching the number of + * placeholders found or individual parameters for each placeholder should + * be passed. + * - Wildcards for LIKE compare values should be passed in via a replacement parameter. + * + * The sniff allows for a specific pattern with a variable number of placeholders + * created using code along the lines of: + * `sprintf( 'query .... IN (%s) ...', implode( ',', array_fill( 0, count( $something ), '%s' ) ) )`. + * + * A "PreparedSQLPlaceholders replacement count" whitelist comment is supported + * specifically to silence the `ReplacementsWrongNumber` and `UnfinishedPrepare` + * error codes. The other error codes are not affected by it. + * + * @link https://developer.wordpress.org/reference/classes/wpdb/prepare/ + * @link https://core.trac.wordpress.org/changeset/41496 + * @link https://core.trac.wordpress.org/changeset/41471 + * + * @package WPCS\WordPressCodingStandards + * + * @since 0.14.0 + */ +class PreparedSQLPlaceholdersSniff extends Sniff { + + /** + * These regexes copied from http://php.net/manual/en/function.sprintf.php#93552 + * and adjusted for limitations in `$wpdb->prepare()`. + * + * Near duplicate of the one used in the WP.I18n sniff, but with fewer types allowed. + * + * Note: The regex delimiters and modifiers are not included to allow this regex to be + * concatenated together with other regex partials. + * + * @since 0.14.0 + * + * @var string + */ + const PREPARE_PLACEHOLDER_REGEX = '(?: + (? true, + ); + + /** + * Storage for the stack pointer to the method call token. + * + * @since 0.14.0 + * + * @var int + */ + protected $methodPtr; + + /** + * Simple regex snippet to recognize and remember quotes. + * + * @since 0.14.0 + * + * @var string + */ + private $regex_quote = '["\']'; + + /** + * Returns an array of tokens this test wants to listen for. + * + * @since 0.14.0 + * + * @return array + */ + public function register() { + return array( + \T_VARIABLE, + \T_STRING, + ); + } + + /** + * Processes this test, when one of its tokens is encountered. + * + * @since 0.14.0 + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return void + */ + public function process_token( $stackPtr ) { + + if ( ! $this->is_wpdb_method_call( $stackPtr, $this->target_methods ) ) { + return; + } + + $parameters = $this->get_function_call_parameters( $this->methodPtr ); + if ( empty( $parameters ) ) { + return; + } + + $query = $parameters[1]; + $text_string_tokens_found = false; + $variable_found = false; + $sql_wildcard_found = false; + $total_placeholders = 0; + $total_parameters = \count( $parameters ); + $valid_in_clauses = array( + 'uses_in' => 0, + 'implode_fill' => 0, + 'adjustment_count' => 0, + ); + + for ( $i = $query['start']; $i <= $query['end']; $i++ ) { + // Skip over groups of tokens if they are part of an inline function call. + if ( isset( $skip_from, $skip_to ) && $i >= $skip_from && $i < $skip_to ) { + $i = $skip_to; + continue; + } + + if ( ! isset( Tokens::$textStringTokens[ $this->tokens[ $i ]['code'] ] ) ) { + if ( \T_VARIABLE === $this->tokens[ $i ]['code'] ) { + if ( '$wpdb' !== $this->tokens[ $i ]['content'] ) { + $variable_found = true; + } + continue; + } + + // Detect a specific pattern for variable replacements in combination with `IN`. + if ( \T_STRING === $this->tokens[ $i ]['code'] ) { + + if ( 'sprintf' === strtolower( $this->tokens[ $i ]['content'] ) ) { + $sprintf_parameters = $this->get_function_call_parameters( $i ); + + if ( ! empty( $sprintf_parameters ) ) { + $skip_from = ( $sprintf_parameters[1]['end'] + 1 ); + $last_param = end( $sprintf_parameters ); + $skip_to = ( $last_param['end'] + 1 ); + + $valid_in_clauses['implode_fill'] += $this->analyse_sprintf( $sprintf_parameters ); + $valid_in_clauses['adjustment_count'] += ( \count( $sprintf_parameters ) - 1 ); + } + unset( $sprintf_parameters, $last_param ); + + } elseif ( 'implode' === strtolower( $this->tokens[ $i ]['content'] ) ) { + $prev = $this->phpcsFile->findPrevious( + Tokens::$textStringTokens, + ( $i - 1 ), + $query['start'] + ); + + $prev_content = $this->strip_quotes( $this->tokens[ $prev ]['content'] ); + $regex_quote = $this->get_regex_quote_snippet( $prev_content, $this->tokens[ $prev ]['content'] ); + + // Only examine the implode if preceded by an ` IN (`. + if ( preg_match( '`\s+IN\s*\(\s*(' . $regex_quote . ')?$`i', $prev_content, $match ) > 0 ) { + + if ( isset( $match[1] ) && $regex_quote !== $this->regex_quote ) { + $this->phpcsFile->addError( + 'Dynamic placeholder generation should not have surrounding quotes.', + $i, + 'QuotedDynamicPlaceholderGeneration' + ); + } + + if ( $this->analyse_implode( $i ) === true ) { + ++$valid_in_clauses['uses_in']; + ++$valid_in_clauses['implode_fill']; + + $next = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $i + 1 ), null, true ); + if ( \T_OPEN_PARENTHESIS === $this->tokens[ $next ]['code'] + && isset( $this->tokens[ $next ]['parenthesis_closer'] ) + ) { + $skip_from = ( $i + 1 ); + $skip_to = ( $this->tokens[ $next ]['parenthesis_closer'] + 1 ); + } + } + } + unset( $prev, $next, $prev_content, $regex_quote, $match ); + } + } + + continue; + } + + $text_string_tokens_found = true; + $content = $this->tokens[ $i ]['content']; + + $regex_quote = $this->regex_quote; + if ( isset( Tokens::$stringTokens[ $this->tokens[ $i ]['code'] ] ) ) { + $content = $this->strip_quotes( $content ); + $regex_quote = $this->get_regex_quote_snippet( $content, $this->tokens[ $i ]['content'] ); + } + + if ( \T_DOUBLE_QUOTED_STRING === $this->tokens[ $i ]['code'] + || \T_HEREDOC === $this->tokens[ $i ]['code'] + ) { + // Only interested in actual query text, so strip out variables. + $stripped_content = $this->strip_interpolated_variables( $content ); + if ( $stripped_content !== $content ) { + $interpolated_vars = $this->get_interpolated_variables( $content ); + $vars_without_wpdb = array_diff( $interpolated_vars, array( 'wpdb' ) ); + $content = $stripped_content; + + if ( ! empty( $vars_without_wpdb ) ) { + $variable_found = true; + } + } + unset( $stripped_content, $interpolated_vars, $vars_without_wpdb ); + } + + $placeholders = preg_match_all( '`' . self::PREPARE_PLACEHOLDER_REGEX . '`x', $content, $matches ); + if ( $placeholders > 0 ) { + $total_placeholders += $placeholders; + } + + /* + * Analyse the query for incorrect LIKE queries. + * + * - `LIKE %s` is the only correct one. + * - `LIKE '%s'` or `LIKE "%s"` will not be reported here, but in the quote check. + * - Any other `LIKE` statement should be reported, either for using `LIKE` without + * SQL wildcards or for not passing the SQL wildcards via the replacement. + */ + $regex = '`\s+LIKE\s*(?:(' . $regex_quote . ')(?!%s(?:\1|$))(?P.*?)(?:\1|$)|(?:concat\((?![^\)]*%s[^\)]*\))(?P[^\)]*))\))`i'; + if ( preg_match_all( $regex, $content, $matches ) > 0 ) { + $walk = array(); + if ( ! empty( $matches['content'] ) ) { + $matches['content'] = array_filter( $matches['content'] ); + if ( ! empty( $matches['content'] ) ) { + $walk[] = 'content'; + } + } + if ( ! empty( $matches['concat'] ) ) { + $matches['concat'] = array_filter( $matches['concat'] ); + if ( ! empty( $matches['concat'] ) ) { + $walk[] = 'concat'; + } + } + + if ( ! empty( $walk ) ) { + foreach ( $walk as $match_key ) { + foreach ( $matches[ $match_key ] as $index => $match ) { + $data = array( $matches[0][ $index ] ); + + // Both a `%` as well as a `_` are wildcards in SQL. + if ( strpos( $match, '%' ) === false && strpos( $match, '_' ) === false ) { + $this->phpcsFile->addWarning( + 'Unless you are using SQL wildcards, using LIKE is inefficient. Use a straight compare instead. Found: %s.', + $i, + 'LikeWithoutWildcards', + $data + ); + } else { + $sql_wildcard_found = true; + + if ( strpos( $match, '%s' ) === false ) { + $this->phpcsFile->addError( + 'SQL wildcards for a LIKE query should be passed in through a replacement parameter. Found: %s.', + $i, + 'LikeWildcardsInQuery', + $data + ); + } else { + $this->phpcsFile->addError( + 'SQL wildcards for a LIKE query should be passed in through a replacement parameter and the variable part of the replacement should be escaped using "esc_like()". Found: %s.', + $i, + 'LikeWildcardsInQueryWithPlaceholder', + $data + ); + } + } + + /* + * Don't throw `UnescapedLiteral`, `UnsupportedPlaceholder` or `QuotedPlaceholder` + * for this part of the SQL query. + */ + $content = preg_replace( '`' . preg_quote( $match, '`' ) . '`', '', $content, 1 ); + } + } + } + unset( $matches, $index, $match, $data ); + } + + if ( strpos( $content, '%' ) === false ) { + continue; + } + + /* + * Analyse the query for unsupported placeholders. + */ + if ( preg_match_all( self::UNSUPPORTED_PLACEHOLDER_REGEX, $content, $matches ) > 0 ) { + if ( ! empty( $matches[0] ) ) { + foreach ( $matches[0] as $match ) { + if ( '%' === $match ) { + $this->phpcsFile->addError( + 'Found unescaped literal "%%" character.', + $i, + 'UnescapedLiteral', + array( $match ) + ); + } else { + $this->phpcsFile->addError( + 'Unsupported placeholder used in $wpdb->prepare(). Found: "%s".', + $i, + 'UnsupportedPlaceholder', + array( $match ) + ); + } + } + } + unset( $match, $matches ); + } + + /* + * Analyse the query for quoted placeholders. + */ + $regex = '`(' . $regex_quote . ')%[dfFs]\1`'; + if ( preg_match_all( $regex, $content, $matches ) > 0 ) { + if ( ! empty( $matches[0] ) ) { + foreach ( $matches[0] as $match ) { + $this->phpcsFile->addError( + 'Simple placeholders should not be quoted in the query string in $wpdb->prepare(). Found: %s.', + $i, + 'QuotedSimplePlaceholder', + array( $match ) + ); + } + } + unset( $match, $matches ); + } + + /* + * Analyse the query for unquoted complex placeholders. + */ + $regex = '`(? 0 ) { + if ( ! empty( $matches[0] ) ) { + foreach ( $matches[0] as $match ) { + if ( preg_match( '`%[dfFs]`', $match ) !== 1 ) { + $this->phpcsFile->addWarning( + 'Complex placeholders used for values in the query string in $wpdb->prepare() will NOT be quoted automagically. Found: %s.', + $i, + 'UnquotedComplexPlaceholder', + array( $match ) + ); + } + } + } + unset( $match, $matches ); + } + + /* + * Check for an ` IN (%s)` clause. + */ + $found_in = preg_match_all( '`\s+IN\s*\(\s*%s\s*\)`i', $content, $matches ); + if ( $found_in > 0 ) { + $valid_in_clauses['uses_in'] += $found_in; + } + unset( $found_in ); + } + + if ( false === $text_string_tokens_found ) { + // Query string passed in as a variable or function call, nothing to examine. + return; + } + + $count_diff_whitelisted = $this->has_whitelist_comment( + 'PreparedSQLPlaceholders replacement count', + $stackPtr + ); + + if ( 0 === $total_placeholders ) { + if ( 1 === $total_parameters ) { + if ( false === $variable_found && false === $sql_wildcard_found ) { + /* + * Only throw this warning if the PreparedSQL sniff won't throw one about + * variables being found. + * Also don't throw it if we just advised to use a replacement variable to pass a + * string containing an SQL wildcard. + */ + $this->phpcsFile->addWarning( + 'It is not necessary to prepare a query which doesn\'t use variable replacement.', + $i, + 'UnnecessaryPrepare' + ); + } + } elseif ( false === $count_diff_whitelisted && 0 === $valid_in_clauses['uses_in'] ) { + $this->phpcsFile->addWarning( + 'Replacement variables found, but no valid placeholders found in the query.', + $i, + 'UnfinishedPrepare' + ); + } + + return; + } + + if ( 1 === $total_parameters ) { + $this->phpcsFile->addError( + 'Placeholders found in the query passed to $wpdb->prepare(), but no replacements found. Expected %d replacement(s) parameters.', + $stackPtr, + 'MissingReplacements', + array( $total_placeholders ) + ); + return; + } + + if ( true === $count_diff_whitelisted ) { + return; + } + + $replacements = $parameters; + array_shift( $replacements ); // Remove the query. + + // The parameters may have been passed as an array in parameter 2. + if ( isset( $parameters[2] ) && 2 === $total_parameters ) { + $next = $this->phpcsFile->findNext( + Tokens::$emptyTokens, + $parameters[2]['start'], + ( $parameters[2]['end'] + 1 ), + true + ); + + if ( false !== $next + && ( \T_ARRAY === $this->tokens[ $next ]['code'] + || \T_OPEN_SHORT_ARRAY === $this->tokens[ $next ]['code'] ) + ) { + $replacements = $this->get_function_call_parameters( $next ); + } + } + + $total_replacements = \count( $replacements ); + $total_placeholders -= $valid_in_clauses['adjustment_count']; + + // Bow out when `IN` clauses have been used which appear to be correct. + if ( $valid_in_clauses['uses_in'] > 0 + && $valid_in_clauses['uses_in'] === $valid_in_clauses['implode_fill'] + && 1 === $total_replacements + ) { + return; + } + + /* + * Verify that the correct amount of replacements have been passed. + */ + if ( $total_replacements !== $total_placeholders ) { + $this->phpcsFile->addWarning( + 'Incorrect number of replacements passed to $wpdb->prepare(). Found %d replacement parameters, expected %d.', + $stackPtr, + 'ReplacementsWrongNumber', + array( $total_replacements, $total_placeholders ) + ); + } + } + + /** + * Retrieve a regex snippet to recognize and remember quotes based on the quote style + * used in the original string (if any). + * + * This allows for recognizing `"` and `\'` in single quoted strings, + * recognizing `'` and `\"` in double quotes strings and `'` and `"`when the quote + * style is unknown or it is a non-quoted string (heredoc/nowdoc and such). + * + * @since 0.14.0 + * + * @param string $stripped_content Text string content without surrounding quotes. + * @param string $original_content Original content for the same text string. + * + * @return string + */ + protected function get_regex_quote_snippet( $stripped_content, $original_content ) { + $regex_quote = $this->regex_quote; + + if ( $original_content !== $stripped_content ) { + $quote_style = $original_content[0]; + + if ( '"' === $quote_style ) { + $regex_quote = '\\\\"|\''; + } elseif ( "'" === $quote_style ) { + $regex_quote = '"|\\\\\''; + } + } + + return $regex_quote; + } + + /** + * Analyse a sprintf() query wrapper to see if it contains a specific code pattern + * to deal correctly with `IN` queries. + * + * The pattern we are searching for is: + * `sprintf( 'query ....', implode( ',', array_fill( 0, count( $something ), '%s' ) ) )` + * + * @since 0.14.0 + * + * @param array $sprintf_params Parameters details for the sprintf call. + * + * @return int The number of times the pattern was found in the replacements. + */ + protected function analyse_sprintf( $sprintf_params ) { + $found = 0; + + unset( $sprintf_params[1] ); + + foreach ( $sprintf_params as $sprintf_param ) { + if ( strpos( strtolower( $sprintf_param['raw'] ), 'implode' ) === false ) { + continue; + } + + $implode = $this->phpcsFile->findNext( + Tokens::$emptyTokens, + $sprintf_param['start'], + $sprintf_param['end'], + true + ); + if ( \T_STRING === $this->tokens[ $implode ]['code'] + && 'implode' === strtolower( $this->tokens[ $implode ]['content'] ) + ) { + if ( $this->analyse_implode( $implode ) === true ) { + ++$found; + } + } + } + + return $found; + } + + /** + * Analyse an implode() function call to see if it contains a specific code pattern + * to dynamically create placeholders. + * + * The pattern we are searching for is: + * `implode( ',', array_fill( 0, count( $something ), '%s' ) )` + * + * This pattern presumes unquoted placeholders! + * + * @since 0.14.0 + * + * @param int $implode_token The stackPtr to the implode function call. + * + * @return bool True if the pattern is found, false otherwise. + */ + protected function analyse_implode( $implode_token ) { + $implode_params = $this->get_function_call_parameters( $implode_token ); + + if ( empty( $implode_params ) || \count( $implode_params ) !== 2 ) { + return false; + } + + if ( preg_match( '`^(["\']), ?\1$`', $implode_params[1]['raw'] ) !== 1 ) { + return false; + } + + if ( strpos( strtolower( $implode_params[2]['raw'] ), 'array_fill' ) === false ) { + return false; + } + + $array_fill = $this->phpcsFile->findNext( + Tokens::$emptyTokens, + $implode_params[2]['start'], + $implode_params[2]['end'], + true + ); + + if ( \T_STRING !== $this->tokens[ $array_fill ]['code'] + || 'array_fill' !== strtolower( $this->tokens[ $array_fill ]['content'] ) + ) { + return false; + } + + $array_fill_params = $this->get_function_call_parameters( $array_fill ); + + if ( empty( $array_fill_params ) || \count( $array_fill_params ) !== 3 ) { + return false; + } + + return (bool) preg_match( '`^(["\'])%[dfFs]\1$`', $array_fill_params[3]['raw'] ); + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/DB/PreparedSQLSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/DB/PreparedSQLSniff.php new file mode 100644 index 00000000..1fe2ad96 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/DB/PreparedSQLSniff.php @@ -0,0 +1,210 @@ + true, + 'get_col' => true, + 'get_row' => true, + 'get_results' => true, + 'prepare' => true, + 'query' => true, + ); + + /** + * Tokens that we don't flag when they are found in a $wpdb method call. + * + * @since 0.9.0 + * + * @var array + */ + protected $ignored_tokens = array( + \T_OBJECT_OPERATOR => true, + \T_OPEN_PARENTHESIS => true, + \T_CLOSE_PARENTHESIS => true, + \T_STRING_CONCAT => true, + \T_CONSTANT_ENCAPSED_STRING => true, + \T_OPEN_SQUARE_BRACKET => true, + \T_CLOSE_SQUARE_BRACKET => true, + \T_COMMA => true, + \T_LNUMBER => true, + \T_START_HEREDOC => true, + \T_END_HEREDOC => true, + \T_START_NOWDOC => true, + \T_NOWDOC => true, + \T_END_NOWDOC => true, + \T_INT_CAST => true, + \T_DOUBLE_CAST => true, + \T_BOOL_CAST => true, + \T_NS_SEPARATOR => true, + ); + + /** + * A loop pointer. + * + * It is a property so that we can access it in all of our methods. + * + * @since 0.9.0 + * + * @var int + */ + protected $i; + + /** + * The loop end marker. + * + * It is a property so that we can access it in all of our methods. + * + * @since 0.9.0 + * + * @var int + */ + protected $end; + + /** + * Returns an array of tokens this test wants to listen for. + * + * @since 0.8.0 + * + * @return array + */ + public function register() { + + $this->ignored_tokens += Tokens::$emptyTokens; + + return array( + \T_VARIABLE, + \T_STRING, + ); + } + + /** + * Processes this test, when one of its tokens is encountered. + * + * @since 0.8.0 + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + public function process_token( $stackPtr ) { + + if ( ! $this->is_wpdb_method_call( $stackPtr, $this->methods ) ) { + return; + } + + if ( $this->has_whitelist_comment( 'unprepared SQL', $stackPtr ) ) { + return; + } + + for ( $this->i; $this->i < $this->end; $this->i++ ) { + + if ( isset( $this->ignored_tokens[ $this->tokens[ $this->i ]['code'] ] ) ) { + continue; + } + + if ( \T_DOUBLE_QUOTED_STRING === $this->tokens[ $this->i ]['code'] + || \T_HEREDOC === $this->tokens[ $this->i ]['code'] + ) { + + $bad_variables = array_filter( + $this->get_interpolated_variables( $this->tokens[ $this->i ]['content'] ), + function ( $symbol ) { + return ( 'wpdb' !== $symbol ); + } + ); + + foreach ( $bad_variables as $bad_variable ) { + $this->phpcsFile->addError( + 'Use placeholders and $wpdb->prepare(); found interpolated variable $%s at %s', + $this->i, + 'InterpolatedNotPrepared', + array( + $bad_variable, + $this->tokens[ $this->i ]['content'], + ) + ); + } + continue; + } + + if ( \T_VARIABLE === $this->tokens[ $this->i ]['code'] ) { + if ( '$wpdb' === $this->tokens[ $this->i ]['content'] ) { + $this->is_wpdb_method_call( $this->i, $this->methods ); + continue; + } + + if ( $this->is_safe_casted( $this->i ) ) { + continue; + } + } + + if ( \T_STRING === $this->tokens[ $this->i ]['code'] ) { + + if ( + isset( $this->SQLEscapingFunctions[ $this->tokens[ $this->i ]['content'] ] ) + || isset( $this->SQLAutoEscapedFunctions[ $this->tokens[ $this->i ]['content'] ] ) + ) { + + // Find the opening parenthesis. + $opening_paren = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $this->i + 1 ), null, true, null, true ); + + if ( false !== $opening_paren + && \T_OPEN_PARENTHESIS === $this->tokens[ $opening_paren ]['code'] + && isset( $this->tokens[ $opening_paren ]['parenthesis_closer'] ) + ) { + // Skip past the end of the function. + $this->i = $this->tokens[ $opening_paren ]['parenthesis_closer']; + continue; + } + } elseif ( isset( $this->formattingFunctions[ $this->tokens[ $this->i ]['content'] ] ) ) { + continue; + } + } + + $this->phpcsFile->addError( + 'Use placeholders and $wpdb->prepare(); found %s', + $this->i, + 'NotPrepared', + array( $this->tokens[ $this->i ]['content'] ) + ); + } + + return $this->end; + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/DB/RestrictedClassesSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/DB/RestrictedClassesSniff.php new file mode 100644 index 00000000..5ae13ee5 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/DB/RestrictedClassesSniff.php @@ -0,0 +1,60 @@ + array( + * 'lambda' => array( + * 'type' => 'error' | 'warning', + * 'message' => 'Avoid direct calls to the database.', + * 'classes' => array( 'PDO', '\Namespace\Classname' ), + * ) + * ) + * + * @return array + */ + public function getGroups() { + return array( + + 'mysql' => array( + 'type' => 'error', + 'message' => 'Accessing the database directly should be avoided. Please use the $wpdb object and associated functions instead. Found: %s.', + 'classes' => array( + 'mysqli', + 'PDO', + 'PDOStatement', + ), + ), + + ); + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/DB/RestrictedFunctionsSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/DB/RestrictedFunctionsSniff.php new file mode 100644 index 00000000..dbab49fe --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/DB/RestrictedFunctionsSniff.php @@ -0,0 +1,66 @@ + array( + * 'lambda' => array( + * 'type' => 'error' | 'warning', + * 'message' => 'Use anonymous functions instead please!', + * 'functions' => array( 'file_get_contents', 'create_function' ), + * ) + * ) + * + * @return array + */ + public function getGroups() { + return array( + + 'mysql' => array( + 'type' => 'error', + 'message' => 'Accessing the database directly should be avoided. Please use the $wpdb object and associated functions instead. Found: %s.', + 'functions' => array( + 'mysql_*', + 'mysqli_*', + 'mysqlnd_ms_*', + 'mysqlnd_qc_*', + 'mysqlnd_uh_*', + 'mysqlnd_memcache_*', + 'maxdb_*', + ), + 'whitelist' => array( + 'mysql_to_rfc3339' => true, + ), + ), + ); + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/DB/SlowDBQuerySniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/DB/SlowDBQuerySniff.php new file mode 100644 index 00000000..4feebdcb --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/DB/SlowDBQuerySniff.php @@ -0,0 +1,86 @@ + array( + 'type' => 'warning', + 'message' => 'Detected usage of %s, possible slow query.', + 'keys' => array( + 'tax_query', + 'meta_query', + 'meta_key', + 'meta_value', + ), + ), + ); + } + + /** + * Processes this test, when one of its tokens is encountered. + * + * @since 0.10.0 + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + public function process_token( $stackPtr ) { + + if ( $this->has_whitelist_comment( 'slow query', $stackPtr ) ) { + return; + } elseif ( $this->has_whitelist_comment( 'tax_query', $stackPtr ) ) { + return; + } + + return parent::process_token( $stackPtr ); + } + + /** + * Callback to process each confirmed key, to check value. + * This must be extended to add the logic to check assignment value. + * + * @param string $key Array index / key. + * @param mixed $val Assigned value. + * @param int $line Token line. + * @param array $group Group definition. + * @return mixed FALSE if no match, TRUE if matches, STRING if matches + * with custom error message passed to ->process(). + */ + public function callback( $key, $val, $line, $group ) { + return true; + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/DateTime/CurrentTimeTimestampSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/DateTime/CurrentTimeTimestampSniff.php new file mode 100644 index 00000000..180ae240 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/DateTime/CurrentTimeTimestampSniff.php @@ -0,0 +1,174 @@ + => + */ + protected $target_functions = array( + 'current_time' => true, + ); + + /** + * Process the parameters of a matched function. + * + * @since 2.2.0 + * + * @param int $stackPtr The position of the current token in the stack. + * @param string $group_name The name of the group which was matched. + * @param string $matched_content The token content (function name) which was matched. + * @param array $parameters Array with information about the parameters. + * + * @return void + */ + public function process_parameters( $stackPtr, $group_name, $matched_content, $parameters ) { + /* + * We already know there will be valid open & close parentheses as otherwise the parameter + * retrieval function call would have returned an empty array, so no additional checks needed. + */ + $open_parens = $this->phpcsFile->findNext( \T_OPEN_PARENTHESIS, $stackPtr ); + $close_parens = $this->tokens[ $open_parens ]['parenthesis_closer']; + + /* + * Check whether the first parameter is a timestamp format. + */ + for ( $i = $parameters[1]['start']; $i <= $parameters[1]['end']; $i++ ) { + if ( isset( Tokens::$emptyTokens[ $this->tokens[ $i ]['code'] ] ) ) { + continue; + } + + if ( isset( Tokens::$textStringTokens[ $this->tokens[ $i ]['code'] ] ) ) { + $content_first = trim( $this->strip_quotes( $this->tokens[ $i ]['content'] ) ); + if ( 'U' !== $content_first && 'timestamp' !== $content_first ) { + // Most likely valid use of current_time(). + return; + } + + continue; + } + + if ( isset( Tokens::$heredocTokens[ $this->tokens[ $i ]['code'] ] ) ) { + continue; + } + + /* + * If we're still here, we've encountered an unexpected token, like a variable or + * function call. Bow out as we can't determine the runtime value. + */ + return; + } + + $gmt_true = false; + + /* + * Check whether the second parameter, $gmt, is a set to `true` or `1`. + */ + if ( isset( $parameters[2] ) ) { + $content_second = ''; + if ( 'true' === $parameters[2]['raw'] || '1' === $parameters[2]['raw'] ) { + $content_second = $parameters[2]['raw']; + $gmt_true = true; + } else { + // Do a more extensive parameter check. + for ( $i = $parameters[2]['start']; $i <= $parameters[2]['end']; $i++ ) { + if ( isset( Tokens::$emptyTokens[ $this->tokens[ $i ]['code'] ] ) ) { + continue; + } + + $content_second .= $this->tokens[ $i ]['content']; + } + + if ( 'true' === $content_second || '1' === $content_second ) { + $gmt_true = true; + } + } + } + + /* + * Non-UTC timestamp requested. + */ + if ( false === $gmt_true ) { + $this->phpcsFile->addWarning( + 'Calling current_time() with a $type of "timestamp" or "U" is strongly discouraged as it will not return a Unix (UTC) timestamp. Please consider using a non-timestamp format or otherwise refactoring this code.', + $stackPtr, + 'Requested' + ); + + return; + } + + /* + * UTC timestamp requested. Should use time() instead. + */ + $has_comment = $this->phpcsFile->findNext( Tokens::$commentTokens, ( $stackPtr + 1 ), ( $close_parens + 1 ) ); + $error = 'Don\'t use current_time() for retrieving a Unix (UTC) timestamp. Use time() instead. Found: %s'; + $error_code = 'RequestedUTC'; + + $code_snippet = "current_time( '" . $content_first . "'"; + if ( isset( $content_second ) ) { + $code_snippet .= ', ' . $content_second; + } + $code_snippet .= ' )'; + + if ( false !== $has_comment ) { + // If there are comments, we don't auto-fix as it would remove those comments. + $this->phpcsFile->addError( $error, $stackPtr, $error_code, array( $code_snippet ) ); + + return; + } + + $fix = $this->phpcsFile->addFixableError( $error, $stackPtr, $error_code, array( $code_snippet ) ); + if ( true === $fix ) { + $this->phpcsFile->fixer->beginChangeset(); + + for ( $i = ( $stackPtr + 1 ); $i < $close_parens; $i++ ) { + $this->phpcsFile->fixer->replaceToken( $i, '' ); + } + + $this->phpcsFile->fixer->replaceToken( $stackPtr, 'time(' ); + $this->phpcsFile->fixer->endChangeset(); + } + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/DateTime/RestrictedFunctionsSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/DateTime/RestrictedFunctionsSniff.php new file mode 100644 index 00000000..0da07019 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/DateTime/RestrictedFunctionsSniff.php @@ -0,0 +1,62 @@ + array( + 'type' => 'error', + 'message' => 'Using %s() and similar isn\'t allowed, instead use WP internal timezone support.', + 'functions' => array( + 'date_default_timezone_set', + ), + ), + + /* + * Use gmdate(), not date(). + * Don't rely on the current PHP time zone as it might have been changed by third party code. + * + * @link https://make.wordpress.org/core/2019/09/23/date-time-improvements-wp-5-3/ + * @link https://core.trac.wordpress.org/ticket/46438 + * @link https://github.com/WordPress/WordPress-Coding-Standards/issues/1713 + */ + 'date' => array( + 'type' => 'error', + 'message' => '%s() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.', + 'functions' => array( + 'date', + ), + ), + ); + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Files/FileNameSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Files/FileNameSniff.php new file mode 100644 index 00000000..598bc39b --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Files/FileNameSniff.php @@ -0,0 +1,248 @@ + true, + 'class.wp-scripts.php' => true, + 'class.wp-styles.php' => true, + ); + + /** + * Unit test version of the historical exceptions in WP core. + * + * @since 0.11.0 + * + * @var array + */ + private $unittest_class_exceptions = array( + 'class.wp-dependencies.inc' => true, + 'class.wp-scripts.inc' => true, + 'class.wp-styles.inc' => true, + ); + + /** + * Returns an array of tokens this test wants to listen for. + * + * @return array + */ + public function register() { + if ( \defined( '\PHP_CODESNIFFER_IN_TESTS' ) ) { + $this->class_exceptions = array_merge( $this->class_exceptions, $this->unittest_class_exceptions ); + } + + return array( + \T_OPEN_TAG, + \T_OPEN_TAG_WITH_ECHO, + ); + } + + /** + * Processes this test, when one of its tokens is encountered. + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + public function process_token( $stackPtr ) { + + // Usage of `strip_quotes` is to ensure `stdin_path` passed by IDEs does not include quotes. + $file = $this->strip_quotes( $this->phpcsFile->getFileName() ); + if ( 'STDIN' === $file ) { + return; + } + + // Respect phpcs:disable comments as long as they are not accompanied by an enable (PHPCS 3.2+). + if ( \defined( '\T_PHPCS_DISABLE' ) && \defined( '\T_PHPCS_ENABLE' ) ) { + $i = -1; + while ( $i = $this->phpcsFile->findNext( \T_PHPCS_DISABLE, ( $i + 1 ) ) ) { + if ( empty( $this->tokens[ $i ]['sniffCodes'] ) + || isset( $this->tokens[ $i ]['sniffCodes']['WordPress'] ) + || isset( $this->tokens[ $i ]['sniffCodes']['WordPress.Files'] ) + || isset( $this->tokens[ $i ]['sniffCodes']['WordPress.Files.FileName'] ) + ) { + do { + $i = $this->phpcsFile->findNext( \T_PHPCS_ENABLE, ( $i + 1 ) ); + } while ( false !== $i + && ! empty( $this->tokens[ $i ]['sniffCodes'] ) + && ! isset( $this->tokens[ $i ]['sniffCodes']['WordPress'] ) + && ! isset( $this->tokens[ $i ]['sniffCodes']['WordPress.Files'] ) + && ! isset( $this->tokens[ $i ]['sniffCodes']['WordPress.Files.FileName'] ) ); + + if ( false === $i ) { + // The entire (rest of the) file is disabled. + return; + } + } + } + } + + $fileName = basename( $file ); + $expected = strtolower( str_replace( '_', '-', $fileName ) ); + + /* + * Generic check for lowercase hyphenated file names. + */ + if ( $fileName !== $expected && ( false === $this->is_theme || 1 !== preg_match( self::THEME_EXCEPTIONS_REGEX, $fileName ) ) ) { + $this->phpcsFile->addError( + 'Filenames should be all lowercase with hyphens as word separators. Expected %s, but found %s.', + 0, + 'NotHyphenatedLowercase', + array( $expected, $fileName ) + ); + } + unset( $expected ); + + /* + * Check files containing a class for the "class-" prefix and that the rest of + * the file name reflects the class name. + */ + if ( true === $this->strict_class_file_names ) { + $has_class = $this->phpcsFile->findNext( \T_CLASS, $stackPtr ); + if ( false !== $has_class && false === $this->is_test_class( $has_class ) ) { + $class_name = $this->phpcsFile->getDeclarationName( $has_class ); + $expected = 'class-' . strtolower( str_replace( '_', '-', $class_name ) ); + + if ( substr( $fileName, 0, -4 ) !== $expected && ! isset( $this->class_exceptions[ $fileName ] ) ) { + $this->phpcsFile->addError( + 'Class file names should be based on the class name with "class-" prepended. Expected %s, but found %s.', + 0, + 'InvalidClassFileName', + array( + $expected . '.php', + $fileName, + ) + ); + } + unset( $expected ); + } + } + + /* + * Check non-class files in "wp-includes" with a "@subpackage Template" tag for a "-template" suffix. + */ + if ( false !== strpos( $file, \DIRECTORY_SEPARATOR . 'wp-includes' . \DIRECTORY_SEPARATOR ) ) { + $subpackage_tag = $this->phpcsFile->findNext( \T_DOC_COMMENT_TAG, $stackPtr, null, false, '@subpackage' ); + if ( false !== $subpackage_tag ) { + $subpackage = $this->phpcsFile->findNext( \T_DOC_COMMENT_STRING, $subpackage_tag ); + if ( false !== $subpackage ) { + $fileName_end = substr( $fileName, -13 ); + $has_class = $this->phpcsFile->findNext( \T_CLASS, $stackPtr ); + + if ( ( 'Template' === trim( $this->tokens[ $subpackage ]['content'] ) + && $this->tokens[ $subpackage_tag ]['line'] === $this->tokens[ $subpackage ]['line'] ) + && ( ( ! \defined( '\PHP_CODESNIFFER_IN_TESTS' ) && '-template.php' !== $fileName_end ) + || ( \defined( '\PHP_CODESNIFFER_IN_TESTS' ) && '-template.inc' !== $fileName_end ) ) + && false === $has_class + ) { + $this->phpcsFile->addError( + 'Files containing template tags should have "-template" appended to the end of the file name. Expected %s, but found %s.', + 0, + 'InvalidTemplateTagFileName', + array( + substr( $fileName, 0, -4 ) . '-template.php', + $fileName, + ) + ); + } + } + } + } + + // Only run this sniff once per file, no need to run it again. + return ( $this->phpcsFile->numTokens + 1 ); + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/NamingConventions/PrefixAllGlobalsSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/NamingConventions/PrefixAllGlobalsSniff.php new file mode 100644 index 00000000..8374faf6 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/NamingConventions/PrefixAllGlobalsSniff.php @@ -0,0 +1,1046 @@ + true, + 'wp' => true, + '_' => true, + 'php' => true, // See #1728, the 'php' prefix is reserved by PHP itself. + ); + + /** + * Target prefixes after validation. + * + * All prefixes are lowercased for case-insensitive compare. + * + * @since 0.12.0 + * + * @var string[] + */ + private $validated_prefixes = array(); + + /** + * Target namespace prefixes after validation with regex indicator. + * + * All prefixes are lowercased for case-insensitive compare. + * If the prefix doesn't already contain a namespace separator, but does contain + * non-word characters, these will have been replaced with regex syntax to allow + * for namespace separators and the `is_regex` indicator will have been set to `true`. + * + * @since 1.2.0 + * + * @var array + */ + private $validated_namespace_prefixes = array(); + + /** + * Cache of previously set prefixes. + * + * Prevents having to do the same prefix validation over and over again. + * + * @since 0.12.0 + * + * @var string[] + */ + private $previous_prefixes = array(); + + /** + * A list of all PHP superglobals with the exception of $GLOBALS which is handled separately. + * + * @since 0.12.0 + * + * @var array + */ + protected $superglobals = array( + '_COOKIE' => true, + '_ENV' => true, + '_GET' => true, + '_FILES' => true, + '_POST' => true, + '_REQUEST' => true, + '_SERVER' => true, + '_SESSION' => true, + ); + + /** + * A list of core hooks that are allowed to be called by plugins and themes. + * + * @since 0.14.0 + * + * @var array + */ + protected $whitelisted_core_hooks = array( + 'widget_title' => true, + 'add_meta_boxes' => true, + ); + + /** + * A list of core constants that are allowed to be defined by plugins and themes. + * + * @since 1.0.0 + * + * Source: {@link https://core.trac.wordpress.org/browser/trunk/src/wp-includes/default-constants.php#L0} + * The constants are listed in the order they are found in the source file + * to make life easier for future updates. + * Only overrulable constants are listed, i.e. those defined within core within + * a `if ( ! defined() ) {}` wrapper. + * + * @var array + */ + protected $whitelisted_core_constants = array( + 'WP_MEMORY_LIMIT' => true, + 'WP_MAX_MEMORY_LIMIT' => true, + 'WP_CONTENT_DIR' => true, + 'WP_DEBUG' => true, + 'WP_DEBUG_DISPLAY' => true, + 'WP_DEBUG_LOG' => true, + 'WP_CACHE' => true, + 'SCRIPT_DEBUG' => true, + 'MEDIA_TRASH' => true, + 'SHORTINIT' => true, + 'WP_CONTENT_URL' => true, + 'WP_PLUGIN_DIR' => true, + 'WP_PLUGIN_URL' => true, + 'PLUGINDIR' => true, + 'WPMU_PLUGIN_DIR' => true, + 'WPMU_PLUGIN_URL' => true, + 'MUPLUGINDIR' => true, + 'COOKIEHASH' => true, + 'USER_COOKIE' => true, + 'PASS_COOKIE' => true, + 'AUTH_COOKIE' => true, + 'SECURE_AUTH_COOKIE' => true, + 'LOGGED_IN_COOKIE' => true, + 'TEST_COOKIE' => true, + 'COOKIEPATH' => true, + 'SITECOOKIEPATH' => true, + 'ADMIN_COOKIE_PATH' => true, + 'PLUGINS_COOKIE_PATH' => true, + 'COOKIE_DOMAIN' => true, + 'RECOVERY_MODE_COOKIE' => true, + 'FORCE_SSL_ADMIN' => true, + 'FORCE_SSL_LOGIN' => true, + 'AUTOSAVE_INTERVAL' => true, + 'EMPTY_TRASH_DAYS' => true, + 'WP_POST_REVISIONS' => true, + 'WP_CRON_LOCK_TIMEOUT' => true, + 'WP_DEFAULT_THEME' => true, + ); + + /** + * List of all PHP native functions. + * + * Using this list rather than a call to `function_exists()` prevents + * false negatives from user-defined functions when those would be + * autoloaded via a Composer autoload files directives. + * + * @var array + */ + private $built_in_functions; + + + /** + * Returns an array of tokens this test wants to listen for. + * + * @since 0.12.0 + * + * @return array + */ + public function register() { + // Get a list of all PHP native functions. + $all_functions = get_defined_functions(); + $this->built_in_functions = array_flip( $all_functions['internal'] ); + + // Set the sniff targets. + $targets = array( + \T_NAMESPACE => \T_NAMESPACE, + \T_FUNCTION => \T_FUNCTION, + \T_CONST => \T_CONST, + \T_VARIABLE => \T_VARIABLE, + \T_DOLLAR => \T_DOLLAR, // Variable variables. + \T_LIST => \T_LIST, + \T_OPEN_SHORT_ARRAY => \T_OPEN_SHORT_ARRAY, + ); + $targets += Tokens::$ooScopeTokens; // T_ANON_CLASS is only used for skipping over test classes. + + // Add function call target for hook names and constants defined using define(). + $parent = parent::register(); + if ( ! empty( $parent ) ) { + $targets[] = \T_STRING; + } + + return $targets; + } + + /** + * Groups of functions to restrict. + * + * @since 0.12.0 + * + * @return array + */ + public function getGroups() { + $this->target_functions = $this->hookInvokeFunctions; + unset( + $this->target_functions['do_action_deprecated'], + $this->target_functions['apply_filters_deprecated'] + ); + + $this->target_functions['define'] = true; + + return parent::getGroups(); + } + + /** + * Processes this test, when one of its tokens is encountered. + * + * @since 0.12.0 + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + public function process_token( $stackPtr ) { + /* + * Allow for whitelisting. + * + * Generally speaking a theme/plugin should *only* execute their own hooks, but there may be a + * good reason to execute a core hook. + * + * Similarly, newer PHP or WP functions or constants may need to be emulated for continued support + * of older PHP and WP versions. + */ + if ( $this->has_whitelist_comment( 'prefix', $stackPtr ) ) { + return; + } + + // Allow overruling the prefixes set in a ruleset via the command line. + $cl_prefixes = trim( PHPCSHelper::get_config_data( 'prefixes' ) ); + if ( ! empty( $cl_prefixes ) ) { + $this->prefixes = array_filter( array_map( 'trim', explode( ',', $cl_prefixes ) ) ); + } + + $this->prefixes = $this->merge_custom_array( $this->prefixes, array(), false ); + if ( empty( $this->prefixes ) ) { + // No prefixes passed, nothing to do. + return; + } + + $this->validate_prefixes(); + if ( empty( $this->validated_prefixes ) ) { + // No _valid_ prefixes passed, nothing to do. + return; + } + + // Ignore test classes. + if ( isset( Tokens::$ooScopeTokens[ $this->tokens[ $stackPtr ]['code'] ] ) + && true === $this->is_test_class( $stackPtr ) + ) { + if ( $this->tokens[ $stackPtr ]['scope_condition'] === $stackPtr && isset( $this->tokens[ $stackPtr ]['scope_closer'] ) ) { + // Skip forward to end of test class. + return $this->tokens[ $stackPtr ]['scope_closer']; + } + return; + } + + if ( \T_ANON_CLASS === $this->tokens[ $stackPtr ]['code'] ) { + // Token was only registered to allow skipping over test classes. + return; + } + + if ( \T_STRING === $this->tokens[ $stackPtr ]['code'] ) { + // Disallow excluding function groups for this sniff. + $this->exclude = array(); + + return parent::process_token( $stackPtr ); + + } elseif ( \T_DOLLAR === $this->tokens[ $stackPtr ]['code'] ) { + + return $this->process_variable_variable( $stackPtr ); + + } elseif ( \T_VARIABLE === $this->tokens[ $stackPtr ]['code'] ) { + + return $this->process_variable_assignment( $stackPtr ); + + } elseif ( \T_LIST === $this->tokens[ $stackPtr ]['code'] + || \T_OPEN_SHORT_ARRAY === $this->tokens[ $stackPtr ]['code'] + ) { + return $this->process_list_assignment( $stackPtr ); + + } elseif ( \T_NAMESPACE === $this->tokens[ $stackPtr ]['code'] ) { + $namespace_name = $this->get_declared_namespace_name( $stackPtr ); + + if ( false === $namespace_name || '' === $namespace_name || '\\' === $namespace_name ) { + return; + } + + foreach ( $this->validated_namespace_prefixes as $key => $prefix_info ) { + if ( false === $prefix_info['is_regex'] ) { + if ( stripos( $namespace_name, $prefix_info['prefix'] ) === 0 ) { + $this->phpcsFile->recordMetric( $stackPtr, 'Prefix all globals: allowed prefixes', $key ); + return; + } + } else { + // Ok, so this prefix should be used as a regex. + $regex = '`^' . $prefix_info['prefix'] . '`i'; + if ( preg_match( $regex, $namespace_name ) > 0 ) { + $this->phpcsFile->recordMetric( $stackPtr, 'Prefix all globals: allowed prefixes', $key ); + return; + } + } + } + + // Still here ? In that case, we have a non-prefixed namespace name. + $recorded = $this->phpcsFile->addError( + self::ERROR_MSG, + $stackPtr, + 'NonPrefixedNamespaceFound', + array( + 'Namespaces declared', + $namespace_name, + ) + ); + + if ( true === $recorded ) { + $this->record_potential_prefix_metric( $stackPtr, $namespace_name ); + } + + return; + + } else { + + // Namespaced methods, classes and constants do not need to be prefixed. + $namespace = $this->determine_namespace( $stackPtr ); + if ( '' !== $namespace && '\\' !== $namespace ) { + return; + } + + $item_name = ''; + $error_text = 'Unknown syntax used'; + $error_code = 'NonPrefixedSyntaxFound'; + + switch ( $this->tokens[ $stackPtr ]['type'] ) { + case 'T_FUNCTION': + // Methods in a class do not need to be prefixed. + if ( $this->phpcsFile->hasCondition( $stackPtr, Tokens::$ooScopeTokens ) === true ) { + return; + } + + if ( $this->is_function_deprecated( $this->phpcsFile, $stackPtr ) === true ) { + /* + * Deprecated functions don't have to comply with the naming conventions, + * otherwise functions deprecated in favour of a function with a compliant + * name would still trigger an error. + */ + return; + } + + $item_name = $this->phpcsFile->getDeclarationName( $stackPtr ); + if ( isset( $this->built_in_functions[ $item_name ] ) ) { + // Backfill for PHP native function. + return; + } + + $error_text = 'Functions declared in the global namespace'; + $error_code = 'NonPrefixedFunctionFound'; + break; + + case 'T_CLASS': + case 'T_INTERFACE': + case 'T_TRAIT': + $item_name = $this->phpcsFile->getDeclarationName( $stackPtr ); + $error_text = 'Classes declared'; + $error_code = 'NonPrefixedClassFound'; + + switch ( $this->tokens[ $stackPtr ]['type'] ) { + case 'T_CLASS': + if ( class_exists( '\\' . $item_name, false ) ) { + // Backfill for PHP native class. + return; + } + break; + + case 'T_INTERFACE': + if ( interface_exists( '\\' . $item_name, false ) ) { + // Backfill for PHP native interface. + return; + } + + $error_text = 'Interfaces declared'; + $error_code = 'NonPrefixedInterfaceFound'; + break; + + case 'T_TRAIT': + // phpcs:ignore PHPCompatibility.FunctionUse.NewFunctions.trait_existsFound + if ( function_exists( '\trait_exists' ) && trait_exists( '\\' . $item_name, false ) ) { + // Backfill for PHP native trait. + return; + } + + $error_text = 'Traits declared'; + $error_code = 'NonPrefixedTraitFound'; + break; + + default: + // Left empty on purpose. + break; + } + + break; + + case 'T_CONST': + // Constants in a class do not need to be prefixed. + if ( true === $this->is_class_constant( $stackPtr ) ) { + return; + } + + $constant_name_ptr = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $stackPtr + 1 ), null, true, null, true ); + if ( false === $constant_name_ptr ) { + // Live coding. + return; + } + + $item_name = $this->tokens[ $constant_name_ptr ]['content']; + if ( \defined( '\\' . $item_name ) ) { + // Backfill for PHP native constant. + return; + } + + if ( isset( $this->whitelisted_core_constants[ $item_name ] ) ) { + // Defining a WP Core constant intended for overruling. + return; + } + + $error_text = 'Global constants defined'; + $error_code = 'NonPrefixedConstantFound'; + break; + + default: + // Left empty on purpose. + break; + + } + + if ( empty( $item_name ) || $this->is_prefixed( $stackPtr, $item_name ) === true ) { + return; + } + + $recorded = $this->phpcsFile->addError( + self::ERROR_MSG, + $stackPtr, + $error_code, + array( + $error_text, + $item_name, + ) + ); + + if ( true === $recorded ) { + $this->record_potential_prefix_metric( $stackPtr, $item_name ); + } + } + } + + /** + * Handle variable variables defined in the global namespace. + * + * @since 0.12.0 + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + protected function process_variable_variable( $stackPtr ) { + static $indicators = array( + \T_OPEN_CURLY_BRACKET => true, + \T_VARIABLE => true, + ); + + // Is this a variable variable ? + // Not concerned with nested ones as those will be recognized on their own token. + $next_non_empty = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $stackPtr + 1 ), null, true, null, true ); + if ( false === $next_non_empty || ! isset( $indicators[ $this->tokens[ $next_non_empty ]['code'] ] ) ) { + return; + } + + if ( \T_OPEN_CURLY_BRACKET === $this->tokens[ $next_non_empty ]['code'] + && isset( $this->tokens[ $next_non_empty ]['bracket_closer'] ) + ) { + // Skip over the variable part. + $next_non_empty = $this->tokens[ $next_non_empty ]['bracket_closer']; + } + + $maybe_assignment = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $next_non_empty + 1 ), null, true, null, true ); + + while ( false !== $maybe_assignment + && \T_OPEN_SQUARE_BRACKET === $this->tokens[ $maybe_assignment ]['code'] + && isset( $this->tokens[ $maybe_assignment ]['bracket_closer'] ) + ) { + $maybe_assignment = $this->phpcsFile->findNext( + Tokens::$emptyTokens, + ( $this->tokens[ $maybe_assignment ]['bracket_closer'] + 1 ), + null, + true, + null, + true + ); + } + + if ( false === $maybe_assignment ) { + return; + } + + if ( ! isset( Tokens::$assignmentTokens[ $this->tokens[ $maybe_assignment ]['code'] ] ) ) { + // Not an assignment. + return; + } + + $error = self::ERROR_MSG; + + /* + * Local variable variables in a function do not need to be prefixed. + * But a variable variable could evaluate to the name of an imported global + * variable. + * Not concerned with imported variable variables (global.. ) as that has been + * forbidden since PHP 7.0. Presuming cross-version code and if not, that + * is for the PHPCompatibility standard to detect. + */ + if ( $this->phpcsFile->hasCondition( $stackPtr, array( \T_FUNCTION, \T_CLOSURE ) ) === true ) { + $condition = $this->phpcsFile->getCondition( $stackPtr, \T_FUNCTION ); + if ( false === $condition ) { + $condition = $this->phpcsFile->getCondition( $stackPtr, \T_CLOSURE ); + } + + $has_global = $this->phpcsFile->findPrevious( \T_GLOBAL, ( $stackPtr - 1 ), $this->tokens[ $condition ]['scope_opener'] ); + if ( false === $has_global ) { + // No variable import happening. + return; + } + + $error = 'Variable variable which could potentially override an imported global variable detected. ' . $error; + } + + $variable_name = $this->phpcsFile->getTokensAsString( $stackPtr, ( ( $next_non_empty - $stackPtr ) + 1 ) ); + + // Still here ? In that case, the variable name should be prefixed. + $recorded = $this->phpcsFile->addWarning( + $error, + $stackPtr, + 'NonPrefixedVariableFound', + array( + 'Global variables defined', + $variable_name, + ) + ); + + if ( true === $recorded ) { + $this->record_potential_prefix_metric( $stackPtr, $variable_name ); + } + + // Skip over the variable part of the variable. + return ( $next_non_empty + 1 ); + } + + /** + * Check that defined global variables are prefixed. + * + * @since 0.12.0 + * @since 2.2.0 Added $in_list parameter. + * + * @param int $stackPtr The position of the current token in the stack. + * @param bool $in_list Whether or not this is a variable in a list assignment. + * Defaults to false. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + protected function process_variable_assignment( $stackPtr, $in_list = false ) { + /* + * We're only concerned with variables which are being defined. + * `is_assigment()` will not recognize property assignments, which is good in this case. + * However it will also not recognize $b in `foreach( $a as $b )` as an assignment, so + * we need a separate check for that. + */ + if ( false === $in_list + && false === $this->is_assignment( $stackPtr ) + && false === $this->is_foreach_as( $stackPtr ) + ) { + return; + } + + $is_error = true; + $variable_name = substr( $this->tokens[ $stackPtr ]['content'], 1 ); // Strip the dollar sign. + + // Bow out early if we know for certain no prefix is needed. + if ( $this->variable_prefixed_or_whitelisted( $stackPtr, $variable_name ) === true ) { + return; + } + + if ( 'GLOBALS' === $variable_name ) { + $array_open = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $stackPtr + 1 ), null, true, null, true ); + if ( false === $array_open || \T_OPEN_SQUARE_BRACKET !== $this->tokens[ $array_open ]['code'] ) { + // Live coding or something very silly. + return; + } + + $array_key = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $array_open + 1 ), null, true, null, true ); + if ( false === $array_key ) { + // No key found, nothing to do. + return; + } + + $stackPtr = $array_key; + $variable_name = $this->strip_quotes( $this->tokens[ $array_key ]['content'] ); + + // Check whether a prefix is needed. + if ( isset( Tokens::$stringTokens[ $this->tokens[ $array_key ]['code'] ] ) + && $this->variable_prefixed_or_whitelisted( $stackPtr, $variable_name ) === true + ) { + return; + } + + if ( \T_DOUBLE_QUOTED_STRING === $this->tokens[ $array_key ]['code'] ) { + // If the array key is a double quoted string, try again with only + // the part before the first variable (if any). + $exploded = explode( '$', $variable_name ); + $first = rtrim( $exploded[0], '{' ); + if ( '' !== $first ) { + if ( $this->variable_prefixed_or_whitelisted( $array_key, $first ) === true ) { + return; + } + } else { + // If the first part was dynamic, throw a warning. + $is_error = false; + } + } elseif ( ! isset( Tokens::$stringTokens[ $this->tokens[ $array_key ]['code'] ] ) ) { + // Dynamic array key, throw a warning. + $is_error = false; + } + } else { + // Function parameters do not need to be prefixed. + if ( false === $in_list && isset( $this->tokens[ $stackPtr ]['nested_parenthesis'] ) ) { + foreach ( $this->tokens[ $stackPtr ]['nested_parenthesis'] as $opener => $closer ) { + if ( isset( $this->tokens[ $opener ]['parenthesis_owner'] ) + && ( \T_FUNCTION === $this->tokens[ $this->tokens[ $opener ]['parenthesis_owner'] ]['code'] + || \T_CLOSURE === $this->tokens[ $this->tokens[ $opener ]['parenthesis_owner'] ]['code'] ) + ) { + return; + } + } + unset( $opener, $closer ); + } + + // Properties in a class do not need to be prefixed. + if ( false === $in_list && true === $this->is_class_property( $stackPtr ) ) { + return; + } + + // Local variables in a function do not need to be prefixed unless they are being imported. + if ( $this->phpcsFile->hasCondition( $stackPtr, array( \T_FUNCTION, \T_CLOSURE ) ) === true ) { + $condition = $this->phpcsFile->getCondition( $stackPtr, \T_FUNCTION ); + if ( false === $condition ) { + $condition = $this->phpcsFile->getCondition( $stackPtr, \T_CLOSURE ); + } + + $has_global = $this->phpcsFile->findPrevious( \T_GLOBAL, ( $stackPtr - 1 ), $this->tokens[ $condition ]['scope_opener'] ); + if ( false === $has_global ) { + // No variable import happening. + return; + } + + // Ok, this may be an imported global variable. + $end_of_statement = $this->phpcsFile->findNext( \T_SEMICOLON, ( $has_global + 1 ) ); + if ( false === $end_of_statement ) { + // No semi-colon - live coding. + return; + } + + for ( $ptr = ( $has_global + 1 ); $ptr <= $end_of_statement; $ptr++ ) { + // Move the stack pointer to the next variable. + $ptr = $this->phpcsFile->findNext( \T_VARIABLE, $ptr, $end_of_statement, false, null, true ); + + if ( false === $ptr ) { + // Reached the end of the global statement without finding the variable, + // so this must be a local variable. + return; + } + + if ( substr( $this->tokens[ $ptr ]['content'], 1 ) === $variable_name ) { + break; + } + } + + unset( $condition, $has_global, $end_of_statement, $ptr, $imported ); + + } + } + + // Still here ? In that case, the variable name should be prefixed. + $recorded = $this->addMessage( + self::ERROR_MSG, + $stackPtr, + $is_error, + 'NonPrefixedVariableFound', + array( + 'Global variables defined', + '$' . $variable_name, + ) + ); + + if ( true === $recorded ) { + $this->record_potential_prefix_metric( $stackPtr, $variable_name ); + } + } + + /** + * Check that global variables declared via a list construct are prefixed. + * + * @internal No need to take special measures for nested lists. Nested or not, + * each list part can only contain one variable being written to. + * + * @since 2.2.0 + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + protected function process_list_assignment( $stackPtr ) { + $list_open_close = $this->find_list_open_close( $stackPtr ); + if ( false === $list_open_close ) { + // Short array, not short list. + return; + } + + $var_pointers = $this->get_list_variables( $stackPtr, $list_open_close ); + foreach ( $var_pointers as $ptr ) { + $this->process_variable_assignment( $ptr, true ); + } + + // No need to re-examine these variables. + return $list_open_close['closer']; + } + + /** + * Process the parameters of a matched function. + * + * @since 0.12.0 + * + * @param int $stackPtr The position of the current token in the stack. + * @param string $group_name The name of the group which was matched. + * @param string $matched_content The token content (function name) which was matched. + * @param array $parameters Array with information about the parameters. + * + * @return void + */ + public function process_parameters( $stackPtr, $group_name, $matched_content, $parameters ) { + + // No matter whether it is a constant definition or a hook call, both use the first parameter. + if ( ! isset( $parameters[1] ) ) { + return; + } + + $is_error = true; + $raw_content = $this->strip_quotes( $parameters[1]['raw'] ); + + if ( ( 'define' !== $matched_content + && isset( $this->whitelisted_core_hooks[ $raw_content ] ) ) + || ( 'define' === $matched_content + && isset( $this->whitelisted_core_constants[ $raw_content ] ) ) + ) { + return; + } + + if ( $this->is_prefixed( $parameters[1]['start'], $raw_content ) === true ) { + return; + } else { + // This may be a dynamic hook/constant name. + $first_non_empty = $this->phpcsFile->findNext( + Tokens::$emptyTokens, + $parameters[1]['start'], + ( $parameters[1]['end'] + 1 ), + true + ); + + if ( false === $first_non_empty ) { + return; + } + + $first_non_empty_content = $this->strip_quotes( $this->tokens[ $first_non_empty ]['content'] ); + + // Try again with just the first token if it's a text string. + if ( isset( Tokens::$stringTokens[ $this->tokens[ $first_non_empty ]['code'] ] ) + && $this->is_prefixed( $parameters[1]['start'], $first_non_empty_content ) === true + ) { + return; + } + + if ( \T_DOUBLE_QUOTED_STRING === $this->tokens[ $first_non_empty ]['code'] ) { + // If the first part of the parameter is a double quoted string, try again with only + // the part before the first variable (if any). + $exploded = explode( '$', $first_non_empty_content ); + $first = rtrim( $exploded[0], '{' ); + if ( '' !== $first ) { + if ( $this->is_prefixed( $parameters[1]['start'], $first ) === true ) { + return; + } + } else { + // Start of hook/constant name is dynamic, throw a warning. + $is_error = false; + } + } elseif ( ! isset( Tokens::$stringTokens[ $this->tokens[ $first_non_empty ]['code'] ] ) ) { + // Dynamic hook/constant name, throw a warning. + $is_error = false; + } + } + + if ( 'define' === $matched_content ) { + if ( \defined( '\\' . $raw_content ) ) { + // Backfill for PHP native constant. + return; + } + + if ( strpos( $raw_content, '\\' ) !== false ) { + // Namespaced or unreachable constant. + return; + } + + $data = array( 'Global constants defined' ); + $error_code = 'NonPrefixedConstantFound'; + if ( false === $is_error ) { + $error_code = 'VariableConstantNameFound'; + } + } else { + $data = array( 'Hook names invoked' ); + $error_code = 'NonPrefixedHooknameFound'; + if ( false === $is_error ) { + $error_code = 'DynamicHooknameFound'; + } + } + + $data[] = $raw_content; + + $recorded = $this->addMessage( self::ERROR_MSG, $first_non_empty, $is_error, $error_code, $data ); + + if ( true === $recorded ) { + $this->record_potential_prefix_metric( $stackPtr, $raw_content ); + } + } + + /** + * Check if a function/class/constant/variable name is prefixed with one of the expected prefixes. + * + * @since 0.12.0 + * @since 0.14.0 Allows for other non-word characters as well as underscores to better support hook names. + * @since 1.0.0 Does not require a word seperator anymore after a prefix. + * This allows for improved code style independent checking, + * i.e. allows for camelCase naming and the likes. + * @since 1.0.1 - Added $stackPtr parameter. + * - The function now also records metrics about the prefixes encountered. + * + * @param int $stackPtr The position of the token to record the metric against. + * @param string $name Name to check for a prefix. + * + * @return bool True when the name is one of the prefixes or starts with an allowed prefix. + * False otherwise. + */ + private function is_prefixed( $stackPtr, $name ) { + foreach ( $this->validated_prefixes as $prefix ) { + if ( stripos( $name, $prefix ) === 0 ) { + $this->phpcsFile->recordMetric( $stackPtr, 'Prefix all globals: allowed prefixes', $prefix ); + return true; + } + } + + return false; + } + + /** + * Check if a variable name might need a prefix. + * + * Prefix is not needed for: + * - superglobals, + * - WP native globals, + * - variables which are already prefixed. + * + * @since 0.12.0 + * @since 1.0.1 Added $stackPtr parameter. + * + * @param int $stackPtr The position of the token to record the metric against. + * @param string $name Variable name without the dollar sign. + * + * @return bool True if the variable name is whitelisted or already prefixed. + * False otherwise. + */ + private function variable_prefixed_or_whitelisted( $stackPtr, $name ) { + // Ignore superglobals and WP global variables. + if ( isset( $this->superglobals[ $name ] ) || isset( $this->wp_globals[ $name ] ) ) { + return true; + } + + return $this->is_prefixed( $stackPtr, $name ); + } + + /** + * Validate an array of prefixes as passed through a custom property or via the command line. + * + * Checks that the prefix: + * - is not one of the blacklisted ones. + * - complies with the PHP rules for valid function, class, variable, constant names. + * + * @since 0.12.0 + */ + private function validate_prefixes() { + if ( $this->previous_prefixes === $this->prefixes ) { + return; + } + + // Set the cache *before* validation so as to not break the above compare. + $this->previous_prefixes = $this->prefixes; + + // Validate the passed prefix(es). + $prefixes = array(); + $ns_prefixes = array(); + foreach ( $this->prefixes as $key => $prefix ) { + $prefixLC = strtolower( $prefix ); + + if ( isset( $this->prefix_blacklist[ $prefixLC ] ) ) { + $this->phpcsFile->addError( + 'The "%s" prefix is not allowed.', + 0, + 'ForbiddenPrefixPassed', + array( $prefix ) + ); + continue; + } + + $prefix_length = strlen( $prefix ); + if ( function_exists( 'iconv_strlen' ) ) { + $prefix_length = iconv_strlen( $prefix, $this->phpcsFile->config->encoding ); + } + + if ( $prefix_length < self::MIN_PREFIX_LENGTH ) { + $this->phpcsFile->addError( + 'The "%s" prefix is too short. Short prefixes are not unique enough and may cause name collisions with other code.', + 0, + 'ShortPrefixPassed', + array( $prefix ) + ); + continue; + } + + // Validate the prefix against characters allowed for function, class, constant names etc. + if ( preg_match( '`^[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff\\\\]*$`', $prefix ) !== 1 ) { + $this->phpcsFile->addWarning( + 'The "%s" prefix is not a valid namespace/function/class/variable/constant prefix in PHP.', + 0, + 'InvalidPrefixPassed', + array( $prefix ) + ); + } + + // Lowercase the prefix to allow for direct compare. + $prefixes[ $key ] = $prefixLC; + + /* + * Replace non-word characters in the prefix with a regex snippet, but only if the + * string doesn't already contain namespace separators. + */ + $is_regex = false; + if ( strpos( $prefix, '\\' ) === false && preg_match( '`[_\W]`', $prefix ) > 0 ) { + $prefix = preg_replace( '`([_\W])`', '[\\\\\\\\$1]', $prefixLC ); + $is_regex = true; + } + + $ns_prefixes[ $prefixLC ] = array( + 'prefix' => $prefix, + 'is_regex' => $is_regex, + ); + } + + // Set the validated prefixes caches. + $this->validated_prefixes = $prefixes; + $this->validated_namespace_prefixes = $ns_prefixes; + } + + /** + * Record the "potential prefix" metric. + * + * @since 1.0.1 + * + * @param int $stackPtr The position of the token to record the metric against. + * @param string $construct_name Name of the global construct to try and distill a potential prefix from. + * + * @return void + */ + private function record_potential_prefix_metric( $stackPtr, $construct_name ) { + if ( preg_match( '`^([A-Z]*[a-z0-9]*+)`', ltrim( $construct_name, '\$_' ), $matches ) > 0 + && isset( $matches[1] ) && '' !== $matches[1] + ) { + $this->phpcsFile->recordMetric( $stackPtr, 'Prefix all globals: potential prefixes - start of non-prefixed construct', strtolower( $matches[1] ) ); + } + } +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/NamingConventions/ValidFunctionNameSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/NamingConventions/ValidFunctionNameSniff.php new file mode 100644 index 00000000..d8826ce1 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/NamingConventions/ValidFunctionNameSniff.php @@ -0,0 +1,187 @@ +getDeclarationName( $stackPtr ); + + if ( ! isset( $functionName ) ) { + // Ignore closures. + return; + } + + if ( '' === ltrim( $functionName, '_' ) ) { + // Ignore special functions, like __(). + return; + } + + $functionNameLc = strtolower( $functionName ); + + // Is this a magic function ? I.e., it is prefixed with "__" ? + // Outside class scope this basically just means __autoload(). + if ( 0 === strpos( $functionName, '__' ) ) { + $magicPart = substr( $functionNameLc, 2 ); + if ( isset( $this->magicFunctions[ $magicPart ] ) ) { + return; + } + + $error = 'Function name "%s" is invalid; only PHP magic methods should be prefixed with a double underscore'; + $errorData = array( $functionName ); + $phpcsFile->addError( $error, $stackPtr, 'FunctionDoubleUnderscore', $errorData ); + } + + if ( $functionNameLc !== $functionName ) { + $error = 'Function name "%s" is not in snake case format, try "%s"'; + $errorData = array( + $functionName, + Sniff::get_snake_case_name_suggestion( $functionName ), + ); + $phpcsFile->addError( $error, $stackPtr, 'FunctionNameInvalid', $errorData ); + } + } + + /** + * Processes the tokens within the scope. + * + * @param \PHP_CodeSniffer\Files\File $phpcsFile The file being processed. + * @param int $stackPtr The position where this token was + * found. + * @param int $currScope The position of the current scope. + * + * @return void + */ + protected function processTokenWithinScope( File $phpcsFile, $stackPtr, $currScope ) { + + $tokens = $phpcsFile->getTokens(); + + // Determine if this is a function which needs to be examined. + $conditions = $tokens[ $stackPtr ]['conditions']; + end( $conditions ); + $deepestScope = key( $conditions ); + if ( $deepestScope !== $currScope ) { + return; + } + + if ( Sniff::is_function_deprecated( $phpcsFile, $stackPtr ) === true ) { + /* + * Deprecated functions don't have to comply with the naming conventions, + * otherwise functions deprecated in favour of a function with a compliant + * name would still trigger an error. + */ + return; + } + + $methodName = $phpcsFile->getDeclarationName( $stackPtr ); + + if ( ! isset( $methodName ) ) { + // Ignore closures. + return; + } + + $className = $phpcsFile->getDeclarationName( $currScope ); + if ( isset( $className ) === false ) { + $className = '[Anonymous Class]'; + } + + $methodNameLc = strtolower( $methodName ); + $classNameLc = strtolower( $className ); + + // Ignore special functions. + if ( '' === ltrim( $methodName, '_' ) ) { + return; + } + + // PHP4 constructors are allowed to break our rules. + if ( $methodNameLc === $classNameLc ) { + return; + } + + // PHP4 destructors are allowed to break our rules. + if ( '_' . $classNameLc === $methodNameLc ) { + return; + } + + $extended = $phpcsFile->findExtendedClassName( $currScope ); + $interfaces = $phpcsFile->findImplementedInterfaceNames( $currScope ); + + // If this is a child class or interface implementation, it may have to use camelCase or double underscores. + if ( ! empty( $extended ) || ! empty( $interfaces ) ) { + return; + } + + // Is this a magic method ? I.e. is it prefixed with "__" ? + if ( 0 === strpos( $methodName, '__' ) ) { + $magicPart = substr( $methodNameLc, 2 ); + if ( isset( $this->magicMethods[ $magicPart ] ) ) { + return; + } + + $error = 'Method name "%s" is invalid; only PHP magic methods should be prefixed with a double underscore'; + $errorData = array( $className . '::' . $methodName ); + $phpcsFile->addError( $error, $stackPtr, 'MethodDoubleUnderscore', $errorData ); + } + + // Check for all lowercase. + if ( $methodNameLc !== $methodName ) { + $error = 'Method name "%s" in class %s is not in snake case format, try "%s"'; + $errorData = array( + $methodName, + $className, + Sniff::get_snake_case_name_suggestion( $methodName ), + ); + $phpcsFile->addError( $error, $stackPtr, 'MethodNameInvalid', $errorData ); + } + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/NamingConventions/ValidHookNameSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/NamingConventions/ValidHookNameSniff.php new file mode 100644 index 00000000..da62331d --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/NamingConventions/ValidHookNameSniff.php @@ -0,0 +1,289 @@ + + * + * + * + * + * + * Provide several extra delimiters as one string: + * + * + * + * + * + * + * @var string + */ + public $additionalWordDelimiters = ''; + + /** + * Regular expression to test for correct punctuation of a hook name. + * + * The placeholder will be replaced by potentially provided additional + * word delimiters in the `prepare_regex()` method. + * + * @var string + */ + protected $punctuation_regex = '`[^\w%s]`'; + + /** + * Groups of functions to restrict. + * + * @since 0.11.0 + * + * @return array + */ + public function getGroups() { + $this->target_functions = $this->hookInvokeFunctions; + + // No need to examine the names of deprecated hooks. + unset( + $this->target_functions['do_action_deprecated'], + $this->target_functions['apply_filters_deprecated'] + ); + + return parent::getGroups(); + } + + /** + * Process the parameters of a matched function. + * + * @since 0.11.0 + * + * @param int $stackPtr The position of the current token in the stack. + * @param string $group_name The name of the group which was matched. + * @param string $matched_content The token content (function name) which was matched. + * @param array $parameters Array with information about the parameters. + * + * @return void + */ + public function process_parameters( $stackPtr, $group_name, $matched_content, $parameters ) { + + $regex = $this->prepare_regex(); + + $case_errors = 0; + $underscores = 0; + $content = array(); + $expected = array(); + + for ( $i = $parameters[1]['start']; $i <= $parameters[1]['end']; $i++ ) { + // Skip past comment tokens. + if ( isset( Tokens::$commentTokens[ $this->tokens[ $i ]['code'] ] ) !== false ) { + continue; + } + + $content[ $i ] = $this->tokens[ $i ]['content']; + $expected[ $i ] = $this->tokens[ $i ]['content']; + + // Skip past potential variable array access: $var['Key']. + if ( \T_VARIABLE === $this->tokens[ $i ]['code'] ) { + do { + $open_bracket = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $i + 1 ), null, true ); + if ( false === $open_bracket + || \T_OPEN_SQUARE_BRACKET !== $this->tokens[ $open_bracket ]['code'] + || ! isset( $this->tokens[ $open_bracket ]['bracket_closer'] ) + ) { + continue 2; + } + + $i = $this->tokens[ $open_bracket ]['bracket_closer']; + + } while ( isset( $this->tokens[ $i ] ) && $i <= $parameters[1]['end'] ); + + continue; + } + + // Skip past non-string tokens. + if ( isset( Tokens::$stringTokens[ $this->tokens[ $i ]['code'] ] ) === false ) { + continue; + } + + $string = $this->strip_quotes( $this->tokens[ $i ]['content'] ); + + /* + * Here be dragons - a double quoted string can contain extrapolated variables + * which don't have to comply with these rules. + */ + if ( \T_DOUBLE_QUOTED_STRING === $this->tokens[ $i ]['code'] ) { + $transform = $this->transform_complex_string( $string, $regex ); + $case_transform = $this->transform_complex_string( $string, $regex, 'case' ); + $punct_transform = $this->transform_complex_string( $string, $regex, 'punctuation' ); + } else { + $transform = $this->transform( $string, $regex ); + $case_transform = $this->transform( $string, $regex, 'case' ); + $punct_transform = $this->transform( $string, $regex, 'punctuation' ); + } + + if ( $string === $transform ) { + continue; + } + + if ( \T_DOUBLE_QUOTED_STRING === $this->tokens[ $i ]['code'] ) { + $expected[ $i ] = '"' . $transform . '"'; + } else { + $expected[ $i ] = '\'' . $transform . '\''; + } + + if ( $string !== $case_transform ) { + $case_errors++; + } + if ( $string !== $punct_transform ) { + $underscores++; + } + } + + $first_non_empty = $this->phpcsFile->findNext( + Tokens::$emptyTokens, + $parameters[1]['start'], + ( $parameters[1]['end'] + 1 ), + true + ); + + $data = array( + trim( implode( '', $expected ) ), + trim( implode( '', $content ) ), + ); + + if ( $case_errors > 0 ) { + $error = 'Hook names should be lowercase. Expected: %s, but found: %s.'; + $this->phpcsFile->addError( $error, $first_non_empty, 'NotLowercase', $data ); + } + if ( $underscores > 0 ) { + $error = 'Words in hook names should be separated using underscores. Expected: %s, but found: %s.'; + $this->phpcsFile->addWarning( $error, $first_non_empty, 'UseUnderscores', $data ); + } + } + + /** + * Prepare the punctuation regular expression. + * + * Merges the existing regular expression with potentially provided extra word delimiters to allow. + * This is done 'late' and for each found token as otherwise inline `phpcs:set` directives + * would be ignored. + * + * @return string + */ + protected function prepare_regex() { + $extra = ''; + if ( '' !== $this->additionalWordDelimiters && \is_string( $this->additionalWordDelimiters ) ) { + $extra = preg_quote( $this->additionalWordDelimiters, '`' ); + } + + return sprintf( $this->punctuation_regex, $extra ); + } + + /** + * Transform an arbitrary string to lowercase and replace punctuation and spaces with underscores. + * + * @param string $string The target string. + * @param string $regex The punctuation regular expression to use. + * @param string $transform_type Whether to a partial or complete transform. + * Valid values are: 'full', 'case', 'punctuation'. + * @return string + */ + protected function transform( $string, $regex, $transform_type = 'full' ) { + + switch ( $transform_type ) { + case 'case': + return strtolower( $string ); + + case 'punctuation': + return preg_replace( $regex, '_', $string ); + + case 'full': + default: + return preg_replace( $regex, '_', strtolower( $string ) ); + } + } + + /** + * Transform a complex string which may contain variable extrapolation. + * + * @param string $string The target string. + * @param string $regex The punctuation regular expression to use. + * @param string $transform_type Whether to a partial or complete transform. + * Valid values are: 'full', 'case', 'punctuation'. + * @return string + */ + protected function transform_complex_string( $string, $regex, $transform_type = 'full' ) { + $output = preg_split( '`([\{\}\$\[\] ])`', $string, -1, \PREG_SPLIT_DELIM_CAPTURE ); + + $is_variable = false; + $has_braces = false; + $braces = 0; + + foreach ( $output as $i => $part ) { + if ( \in_array( $part, array( '$', '{' ), true ) ) { + $is_variable = true; + if ( '{' === $part ) { + $has_braces = true; + $braces++; + } + continue; + } + + if ( true === $is_variable ) { + if ( '[' === $part ) { + $has_braces = true; + $braces++; + } + if ( \in_array( $part, array( '}', ']' ), true ) ) { + $braces--; + } + if ( false === $has_braces && ' ' === $part ) { + $is_variable = false; + $output[ $i ] = $this->transform( $part, $regex, $transform_type ); + } + + if ( ( true === $has_braces && 0 === $braces ) && false === \in_array( $output[ ( $i + 1 ) ], array( '{', '[' ), true ) ) { + $has_braces = false; + $is_variable = false; + } + continue; + } + + $output[ $i ] = $this->transform( $part, $regex, $transform_type ); + } + + return implode( '', $output ); + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/NamingConventions/ValidPostTypeSlugSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/NamingConventions/ValidPostTypeSlugSniff.php new file mode 100644 index 00000000..caedae8b --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/NamingConventions/ValidPostTypeSlugSniff.php @@ -0,0 +1,208 @@ + true, + ); + + /** + * Array of reserved post type names which can not be used by themes and plugins. + * + * @since 2.2.0 + * + * @var array + */ + protected $reserved_names = array( + 'post' => true, + 'page' => true, + 'attachment' => true, + 'revision' => true, + 'nav_menu_item' => true, + 'custom_css' => true, + 'customize_changeset' => true, + 'oembed_cache' => true, + 'user_request' => true, + 'wp_block' => true, + 'action' => true, + 'author' => true, + 'order' => true, + 'theme' => true, + ); + + /** + * All valid tokens for in the first parameter of register_post_type(). + * + * Set in `register()`. + * + * @since 2.2.0 + * + * @var string + */ + private $valid_tokens = array(); + + /** + * Returns an array of tokens this test wants to listen for. + * + * @since 2.2.0 + * + * @return array + */ + public function register() { + $this->valid_tokens = Tokens::$textStringTokens + Tokens::$heredocTokens + Tokens::$emptyTokens; + return parent::register(); + } + + /** + * Process the parameter of a matched function. + * + * Errors on invalid post type names when reserved keywords are used, + * the post type is too long, or contains invalid characters. + * + * @since 2.2.0 + * + * @param int $stackPtr The position of the current token in the stack. + * @param array $group_name The name of the group which was matched. + * @param string $matched_content The token content (function name) which was matched. + * @param array $parameters Array with information about the parameters. + * + * @return void + */ + public function process_parameters( $stackPtr, $group_name, $matched_content, $parameters ) { + + $string_pos = $this->phpcsFile->findNext( Tokens::$textStringTokens, $parameters[1]['start'], ( $parameters[1]['end'] + 1 ) ); + $has_invalid_tokens = $this->phpcsFile->findNext( $this->valid_tokens, $parameters[1]['start'], ( $parameters[1]['end'] + 1 ), true ); + if ( false !== $has_invalid_tokens || false === $string_pos ) { + // Check for non string based slug parameter (we cannot determine if this is valid). + $this->phpcsFile->addWarning( + 'The post type slug is not a string literal. It is not possible to automatically determine the validity of this slug. Found: %s.', + $stackPtr, + 'NotStringLiteral', + array( + $parameters[1]['raw'], + ), + 3 + ); + return; + } + + $post_type = $this->strip_quotes( $this->tokens[ $string_pos ]['content'] ); + + if ( strlen( $post_type ) === 0 ) { + // Error for using empty slug. + $this->phpcsFile->addError( + 'register_post_type() called without a post type slug. The slug must be a non-empty string.', + $parameters[1]['start'], + 'Empty' + ); + return; + } + + $data = array( + $this->tokens[ $string_pos ]['content'], + ); + + // Warn for dynamic parts in the slug parameter. + if ( 'T_DOUBLE_QUOTED_STRING' === $this->tokens[ $string_pos ]['type'] || ( 'T_HEREDOC' === $this->tokens[ $string_pos ]['type'] && strpos( $this->tokens[ $string_pos ]['content'], '$' ) !== false ) ) { + $this->phpcsFile->addWarning( + 'The post type slug may, or may not, get too long with dynamic contents and could contain invalid characters. Found: %s.', + $string_pos, + 'PartiallyDynamic', + $data + ); + $post_type = $this->strip_interpolated_variables( $post_type ); + } + + if ( preg_match( self::POST_TYPE_CHARACTER_WHITELIST, $post_type ) === 0 ) { + // Error for invalid characters. + $this->phpcsFile->addError( + 'register_post_type() called with invalid post type %s. Post type contains invalid characters. Only lowercase alphanumeric characters, dashes, and underscores are allowed.', + $string_pos, + 'InvalidCharacters', + $data + ); + } + + if ( isset( $this->reserved_names[ $post_type ] ) ) { + // Error for using reserved slug names. + $this->phpcsFile->addError( + 'register_post_type() called with reserved post type %s. Reserved post types should not be used as they interfere with the functioning of WordPress itself.', + $string_pos, + 'Reserved', + $data + ); + } elseif ( stripos( $post_type, 'wp_' ) === 0 ) { + // Error for using reserved slug prefix. + $this->phpcsFile->addError( + 'The post type passed to register_post_type() uses a prefix reserved for WordPress itself. Found: %s.', + $string_pos, + 'ReservedPrefix', + $data + ); + } + + // Error for slugs that are too long. + if ( strlen( $post_type ) > self::POST_TYPE_MAX_LENGTH ) { + $this->phpcsFile->addError( + 'A post type slug must not exceed %d characters. Found: %s (%d characters).', + $string_pos, + 'TooLong', + array( + self::POST_TYPE_MAX_LENGTH, + $this->tokens[ $string_pos ]['content'], + strlen( $post_type ), + ) + ); + } + } +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/NamingConventions/ValidVariableNameSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/NamingConventions/ValidVariableNameSniff.php new file mode 100644 index 00000000..34314ff1 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/NamingConventions/ValidVariableNameSniff.php @@ -0,0 +1,299 @@ + true, + 'GETID3_ERRORARRAY' => true, + 'is_IE' => true, + 'is_IIS' => true, + 'is_macIE' => true, + 'is_NS4' => true, + 'is_winIE' => true, + 'PHP_SELF' => true, + 'post_ID' => true, + 'tag_ID' => true, + 'user_ID' => true, + ); + + /** + * List of member variables that can have mixed case. + * + * @since 0.9.0 + * @since 0.11.0 Changed from public to protected. + * + * @var array + */ + protected $whitelisted_mixed_case_member_var_names = array( + 'ID' => true, + 'comment_ID' => true, + 'comment_post_ID' => true, + 'post_ID' => true, + 'comment_author_IP' => true, + 'cat_ID' => true, + ); + + /** + * Custom list of properties which can have mixed case. + * + * @since 0.11.0 + * + * @var string|string[] + */ + public $customPropertiesWhitelist = array(); + + /** + * Cache of previously added custom functions. + * + * Prevents having to do the same merges over and over again. + * + * @since 0.10.0 + * @since 0.11.0 - Name changed from $addedCustomVariables. + * - Changed the format from simple bool to array. + * + * @var array + */ + protected $addedCustomProperties = array( + 'properties' => null, + ); + + /** + * Processes this test, when one of its tokens is encountered. + * + * @param \PHP_CodeSniffer\Files\File $phpcs_file The file being scanned. + * @param int $stack_ptr The position of the current token in the + * stack passed in $tokens. + * + * @return void + */ + protected function processVariable( File $phpcs_file, $stack_ptr ) { + + $tokens = $phpcs_file->getTokens(); + $var_name = ltrim( $tokens[ $stack_ptr ]['content'], '$' ); + + // If it's a php reserved var, then its ok. + if ( isset( $this->phpReservedVars[ $var_name ] ) ) { + return; + } + + // Merge any custom variables with the defaults. + $this->mergeWhiteList(); + + // Likewise if it is a mixed-case var used by WordPress core. + if ( isset( $this->wordpress_mixed_case_vars[ $var_name ] ) ) { + return; + } + + $obj_operator = $phpcs_file->findNext( Tokens::$emptyTokens, ( $stack_ptr + 1 ), null, true ); + if ( \T_OBJECT_OPERATOR === $tokens[ $obj_operator ]['code'] ) { + // Check to see if we are using a variable from an object. + $var = $phpcs_file->findNext( Tokens::$emptyTokens, ( $obj_operator + 1 ), null, true ); + if ( \T_STRING === $tokens[ $var ]['code'] ) { + $bracket = $phpcs_file->findNext( Tokens::$emptyTokens, ( $var + 1 ), null, true ); + if ( \T_OPEN_PARENTHESIS !== $tokens[ $bracket ]['code'] ) { + $obj_var_name = $tokens[ $var ]['content']; + + // There is no way for us to know if the var is public or + // private, so we have to ignore a leading underscore if there is + // one and just check the main part of the variable name. + $original_var_name = $obj_var_name; + if ( '_' === substr( $obj_var_name, 0, 1 ) ) { + $obj_var_name = substr( $obj_var_name, 1 ); + } + + if ( ! isset( $this->whitelisted_mixed_case_member_var_names[ $obj_var_name ] ) && self::isSnakeCase( $obj_var_name ) === false ) { + $error = 'Object property "$%s" is not in valid snake_case format, try "$%s"'; + $data = array( + $original_var_name, + Sniff::get_snake_case_name_suggestion( $original_var_name ), + ); + $phpcs_file->addError( $error, $var, 'UsedPropertyNotSnakeCase', $data ); + } + } + } + } + + $in_class = false; + $obj_operator = $phpcs_file->findPrevious( Tokens::$emptyTokens, ( $stack_ptr - 1 ), null, true ); + if ( \T_DOUBLE_COLON === $tokens[ $obj_operator ]['code'] || \T_OBJECT_OPERATOR === $tokens[ $obj_operator ]['code'] ) { + // The variable lives within a class, and is referenced like + // this: MyClass::$_variable or $class->variable. + $in_class = true; + } + + // There is no way for us to know if the var is public or private, + // so we have to ignore a leading underscore if there is one and just + // check the main part of the variable name. + $original_var_name = $var_name; + if ( '_' === substr( $var_name, 0, 1 ) && true === $in_class ) { + $var_name = substr( $var_name, 1 ); + } + + if ( self::isSnakeCase( $var_name ) === false ) { + if ( $in_class && ! isset( $this->whitelisted_mixed_case_member_var_names[ $var_name ] ) ) { + $error = 'Object property "$%s" is not in valid snake_case format, try "$%s"'; + $error_name = 'UsedPropertyNotSnakeCase'; + } elseif ( ! $in_class ) { + $error = 'Variable "$%s" is not in valid snake_case format, try "$%s"'; + $error_name = 'VariableNotSnakeCase'; + } + + if ( isset( $error, $error_name ) ) { + $data = array( + $original_var_name, + Sniff::get_snake_case_name_suggestion( $original_var_name ), + ); + $phpcs_file->addError( $error, $stack_ptr, $error_name, $data ); + } + } + } + + /** + * Processes class member variables. + * + * @param \PHP_CodeSniffer\Files\File $phpcs_file The file being scanned. + * @param int $stack_ptr The position of the current token in the + * stack passed in $tokens. + * + * @return void + */ + protected function processMemberVar( File $phpcs_file, $stack_ptr ) { + + $tokens = $phpcs_file->getTokens(); + + $var_name = ltrim( $tokens[ $stack_ptr ]['content'], '$' ); + $member_props = $phpcs_file->getMemberProperties( $stack_ptr ); + if ( empty( $member_props ) ) { + // Couldn't get any info about this variable, which + // generally means it is invalid or possibly has a parse + // error. Any errors will be reported by the core, so + // we can ignore it. + return; + } + + // Merge any custom variables with the defaults. + $this->mergeWhiteList(); + + if ( ! isset( $this->whitelisted_mixed_case_member_var_names[ $var_name ] ) && false === self::isSnakeCase( $var_name ) ) { + $error = 'Member variable "$%s" is not in valid snake_case format, try "$%s"'; + $data = array( + $var_name, + Sniff::get_snake_case_name_suggestion( $var_name ), + ); + $phpcs_file->addError( $error, $stack_ptr, 'PropertyNotSnakeCase', $data ); + } + } + + /** + * Processes the variable found within a double quoted string. + * + * @param \PHP_CodeSniffer\Files\File $phpcs_file The file being scanned. + * @param int $stack_ptr The position of the double quoted + * string. + * + * @return void + */ + protected function processVariableInString( File $phpcs_file, $stack_ptr ) { + + $tokens = $phpcs_file->getTokens(); + + if ( preg_match_all( '|[^\\\]\${?([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)|', $tokens[ $stack_ptr ]['content'], $matches ) > 0 ) { + + // Merge any custom variables with the defaults. + $this->mergeWhiteList(); + + foreach ( $matches[1] as $var_name ) { + // If it's a php reserved var, then its ok. + if ( isset( $this->phpReservedVars[ $var_name ] ) ) { + continue; + } + + // Likewise if it is a mixed-case var used by WordPress core. + if ( isset( $this->wordpress_mixed_case_vars[ $var_name ] ) ) { + return; + } + + if ( false === self::isSnakeCase( $var_name ) ) { + $error = 'Variable "$%s" is not in valid snake_case format, try "$%s"'; + $data = array( + $var_name, + Sniff::get_snake_case_name_suggestion( $var_name ), + ); + $phpcs_file->addError( $error, $stack_ptr, 'InterpolatedVariableNotSnakeCase', $data ); + } + } + } + } + + /** + * Return whether the variable is in snake_case. + * + * @param string $var_name Variable name. + * @return bool + */ + public static function isSnakeCase( $var_name ) { + return (bool) preg_match( '/^[a-z0-9_]+$/', $var_name ); + } + + /** + * Merge a custom whitelist provided via a custom ruleset with the predefined whitelist, + * if we haven't already. + * + * @since 0.10.0 + * @since 2.0.0 Removed unused $phpcs_file parameter. + * + * @return void + */ + protected function mergeWhiteList() { + if ( $this->customPropertiesWhitelist !== $this->addedCustomProperties['properties'] ) { + // Fix property potentially passed as comma-delimited string. + $customProperties = Sniff::merge_custom_array( $this->customPropertiesWhitelist, array(), false ); + + $this->whitelisted_mixed_case_member_var_names = Sniff::merge_custom_array( + $customProperties, + $this->whitelisted_mixed_case_member_var_names + ); + + $this->addedCustomProperties['properties'] = $this->customPropertiesWhitelist; + } + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/DevelopmentFunctionsSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/DevelopmentFunctionsSniff.php new file mode 100644 index 00000000..59e914dc --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/DevelopmentFunctionsSniff.php @@ -0,0 +1,66 @@ + array( + * 'lambda' => array( + * 'type' => 'error' | 'warning', + * 'message' => 'Use anonymous functions instead please!', + * 'functions' => array( 'file_get_contents', 'create_function' ), + * ) + * ) + * + * @return array + */ + public function getGroups() { + return array( + 'error_log' => array( + 'type' => 'warning', + 'message' => '%s() found. Debug code should not normally be used in production.', + 'functions' => array( + 'error_log', + 'var_dump', + 'var_export', + 'print_r', + 'trigger_error', + 'set_error_handler', + 'debug_backtrace', + 'debug_print_backtrace', + 'wp_debug_backtrace_summary', + ), + ), + + 'prevent_path_disclosure' => array( + 'type' => 'warning', + 'message' => '%s() can lead to full path disclosure.', + 'functions' => array( + 'error_reporting', + 'phpinfo', + ), + ), + ); + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/DisallowShortTernarySniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/DisallowShortTernarySniff.php new file mode 100644 index 00000000..6c734b8c --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/DisallowShortTernarySniff.php @@ -0,0 +1,65 @@ +phpcsFile->findNext( Tokens::$emptyTokens, ( $stackPtr + 1 ), null, true ); + if ( false === $nextNonEmpty ) { + // Live coding or parse error. + return; + } + + if ( \T_INLINE_ELSE !== $this->tokens[ $nextNonEmpty ]['code'] ) { + return; + } + + $this->phpcsFile->addError( + 'Using short ternaries is not allowed', + $stackPtr, + 'Found' + ); + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/DiscouragedPHPFunctionsSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/DiscouragedPHPFunctionsSniff.php new file mode 100644 index 00000000..39f87c09 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/DiscouragedPHPFunctionsSniff.php @@ -0,0 +1,103 @@ + array( + * 'lambda' => array( + * 'type' => 'error' | 'warning', + * 'message' => 'Use anonymous functions instead please!', + * 'functions' => array( 'file_get_contents', 'create_function' ), + * ) + * ) + * + * @return array + */ + public function getGroups() { + return array( + 'serialize' => array( + 'type' => 'warning', + 'message' => '%s() found. Serialized data has known vulnerability problems with Object Injection. JSON is generally a better approach for serializing data. See https://www.owasp.org/index.php/PHP_Object_Injection', + 'functions' => array( + 'serialize', + 'unserialize', + ), + ), + + 'urlencode' => array( + 'type' => 'warning', + 'message' => '%s() should only be used when dealing with legacy applications rawurlencode() should now be used instead. See http://php.net/manual/en/function.rawurlencode.php and http://www.faqs.org/rfcs/rfc3986.html', + 'functions' => array( + 'urlencode', + ), + ), + + 'runtime_configuration' => array( + 'type' => 'warning', + 'message' => '%s() found. Changing configuration values at runtime is strongly discouraged.', + 'functions' => array( + 'error_reporting', + 'ini_restore', + 'apache_setenv', + 'putenv', + 'set_include_path', + 'restore_include_path', + // This alias was DEPRECATED in PHP 5.3.0, and REMOVED as of PHP 7.0.0. + 'magic_quotes_runtime', + // Warning This function was DEPRECATED in PHP 5.3.0, and REMOVED as of PHP 7.0.0. + 'set_magic_quotes_runtime', + // Warning This function was removed from most SAPIs in PHP 5.3.0, and was removed from PHP-FPM in PHP 7.0.0. + 'dl', + ), + ), + + 'system_calls' => array( + 'type' => 'warning', + 'message' => '%s() found. PHP system calls are often disabled by server admins.', + 'functions' => array( + 'exec', + 'passthru', + 'proc_open', + 'shell_exec', + 'system', + 'popen', + ), + ), + + 'obfuscation' => array( + 'type' => 'warning', + 'message' => '%s() can be used to obfuscate code which is strongly discouraged. Please verify that the function is used for benign reasons.', + 'functions' => array( + 'base64_decode', + 'base64_encode', + 'convert_uudecode', + 'convert_uuencode', + 'str_rot13', + ), + ), + ); + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/DontExtractSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/DontExtractSniff.php new file mode 100644 index 00000000..af2233bb --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/DontExtractSniff.php @@ -0,0 +1,55 @@ + array( + * 'lambda' => array( + * 'type' => 'error' | 'warning', + * 'message' => 'Use anonymous functions instead please!', + * 'functions' => array( 'file_get_contents', 'create_function' ), + * ) + * ) + * + * @return array + */ + public function getGroups() { + return array( + + 'extract' => array( + 'type' => 'error', + 'message' => '%s() usage is highly discouraged, due to the complexity and unintended issues it might cause.', + 'functions' => array( + 'extract', + ), + ), + + ); + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/IniSetSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/IniSetSniff.php new file mode 100644 index 00000000..178386d1 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/IniSetSniff.php @@ -0,0 +1,177 @@ + true, + 'ini_alter' => true, + ); + + /** + * Array of PHP configuration options that are allowed to be manipulated. + * + * @since 2.1.0 + * + * @var array Multidimensional array with parameter details. + * $whitelisted_options = array( + * (string) option name. = array( + * (string[]) 'valid_values' = array() + * ) + * ); + */ + protected $whitelisted_options = array( + 'auto_detect_line_endings' => array(), + 'highlight.bg' => array(), + 'highlight.comment' => array(), + 'highlight.default' => array(), + 'highlight.html' => array(), + 'highlight.keyword' => array(), + 'highlight.string' => array(), + 'short_open_tag' => array( + 'valid_values' => array( 'true', '1', 'on' ), + ), + ); + + /** + * Array of PHP configuration options that are not allowed to be manipulated. + * + * @since 2.1.0 + * + * @var array Multidimensional array with parameter details. + * $blacklisted_options = array( + * (string) option name. = array( + * (string[]) 'invalid_values' = array() + * (string) 'message' + * ) + * ); + */ + protected $blacklisted_options = array( + 'bcmath.scale' => array( + 'message' => 'Use `bcscale()` instead.', + ), + 'display_errors' => array( + 'message' => 'Use `WP_DEBUG_DISPLAY` instead.', + ), + 'error_reporting' => array( + 'message' => 'Use `WP_DEBUG` instead.', + ), + 'filter.default' => array( + 'message' => 'Changing the option value can break other plugins. Use the filter flag constants when calling the Filter functions instead.', + ), + 'filter.default_flags' => array( + 'message' => 'Changing the option value can break other plugins. Use the filter flag constants when calling the Filter functions instead.', + ), + 'iconv.input_encoding' => array( + 'message' => 'PHP < 5.6 only - use `iconv_set_encoding()` instead.', + ), + 'iconv.internal_encoding' => array( + 'message' => 'PHP < 5.6 only - use `iconv_set_encoding()` instead.', + ), + 'iconv.output_encoding' => array( + 'message' => 'PHP < 5.6 only - use `iconv_set_encoding()` instead.', + ), + 'ignore_user_abort' => array( + 'message' => 'Use `ignore_user_abort()` instead.', + ), + 'log_errors' => array( + 'message' => 'Use `WP_DEBUG_LOG` instead.', + ), + 'max_execution_time' => array( + 'message' => 'Use `set_time_limit()` instead.', + ), + 'memory_limit' => array( + 'message' => 'Use `wp_raise_memory_limit()` or hook into the filters in that function.', + ), + 'short_open_tag' => array( + 'invalid_values' => array( 'false', '0', 'off' ), + 'message' => 'Turning off short_open_tag is prohibited as it can break other plugins.', + ), + ); + + /** + * Process the parameter of a matched function. + * + * Errors if an option is found in the blacklist. Warns as + * 'risky' when the option is not found in the whitelist. + * + * @since 2.1.0 + * + * @param int $stackPtr The position of the current token in the stack. + * @param string $group_name The name of the group which was matched. + * @param string $matched_content The token content (function name) which was matched. + * @param array $parameters Array with information about the parameters. + * + * @return void + */ + public function process_parameters( $stackPtr, $group_name, $matched_content, $parameters ) { + $option_name = $this->strip_quotes( $parameters[1]['raw'] ); + $option_value = $this->strip_quotes( $parameters[2]['raw'] ); + if ( isset( $this->whitelisted_options[ $option_name ] ) ) { + $whitelisted_option = $this->whitelisted_options[ $option_name ]; + if ( ! isset( $whitelisted_option['valid_values'] ) || in_array( strtolower( $option_value ), $whitelisted_option['valid_values'], true ) ) { + return; + } + } + + if ( isset( $this->blacklisted_options[ $option_name ] ) ) { + $blacklisted_option = $this->blacklisted_options[ $option_name ]; + if ( ! isset( $blacklisted_option['invalid_values'] ) || in_array( strtolower( $option_value ), $blacklisted_option['invalid_values'], true ) ) { + $this->phpcsFile->addError( + '%s(%s, %s) found. %s', + $stackPtr, + $this->string_to_errorcode( $option_name . '_Blacklisted' ), + array( + $matched_content, + $parameters[1]['raw'], + $parameters[2]['raw'], + $blacklisted_option['message'], + ) + ); + return; + } + } + + $this->phpcsFile->addWarning( + '%s(%s, %s) found. Changing configuration values at runtime is strongly discouraged.', + $stackPtr, + 'Risky', + array( + $matched_content, + $parameters[1]['raw'], + $parameters[2]['raw'], + ) + ); + } +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/NoSilencedErrorsSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/NoSilencedErrorsSniff.php new file mode 100644 index 00000000..ee3b3b3a --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/NoSilencedErrorsSniff.php @@ -0,0 +1,239 @@ + => + */ + protected $function_whitelist = array( + // Directory extension. + 'chdir' => true, + 'opendir' => true, + 'scandir' => true, + + // File extension. + 'file_exists' => true, + 'file_get_contents' => true, + 'file' => true, + 'fileatime' => true, + 'filectime' => true, + 'filegroup' => true, + 'fileinode' => true, + 'filemtime' => true, + 'fileowner' => true, + 'fileperms' => true, + 'filesize' => true, + 'filetype' => true, + 'fopen' => true, + 'is_dir' => true, + 'is_executable' => true, + 'is_file' => true, + 'is_link' => true, + 'is_readable' => true, + 'is_writable' => true, + 'is_writeable' => true, + 'lstat' => true, + 'mkdir' => true, + 'move_uploaded_file' => true, + 'readfile' => true, + 'readlink' => true, + 'rename' => true, + 'rmdir' => true, + 'stat' => true, + 'unlink' => true, + + // FTP extension. + 'ftp_chdir' => true, + 'ftp_login' => true, + 'ftp_rename' => true, + + // Stream extension. + 'stream_select' => true, + 'stream_set_chunk_size' => true, + + // Zlib extension. + 'deflate_add' => true, + 'deflate_init' => true, + 'inflate_add' => true, + 'inflate_init' => true, + 'readgzfile' => true, + + // Miscellaneous other functions. + 'imagecreatefromstring' => true, + 'parse_url' => true, // Pre-PHP 5.3.3 an E_WARNING was thrown when URL parsing failed. + 'unserialize' => true, + ); + + /** + * Tokens which are regarded as empty for the purpose of determining + * the name of the called function. + * + * This property is set from within the register() method. + * + * @since 1.1.0 + * + * @var array + */ + private $empty_tokens = array(); + + /** + * Returns an array of tokens this test wants to listen for. + * + * @since 1.1.0 + * + * @return array + */ + public function register() { + $this->empty_tokens = Tokens::$emptyTokens; + $this->empty_tokens[ \T_NS_SEPARATOR ] = \T_NS_SEPARATOR; + $this->empty_tokens[ \T_BITWISE_AND ] = \T_BITWISE_AND; + + return array( + \T_ASPERAND, + ); + } + + /** + * Processes this test, when one of its tokens is encountered. + * + * @since 1.1.0 + * + * @param int $stackPtr The position of the current token in the stack. + */ + public function process_token( $stackPtr ) { + // Handle the user-defined custom function whitelist. + $this->custom_whitelist = $this->merge_custom_array( $this->custom_whitelist, array(), false ); + $this->custom_whitelist = array_map( 'strtolower', $this->custom_whitelist ); + + /* + * Check if the error silencing is done for one of the whitelisted functions. + * + * @internal The function call name determination is done even when there is no whitelist active + * to allow the metrics to be more informative. + */ + $next_non_empty = $this->phpcsFile->findNext( $this->empty_tokens, ( $stackPtr + 1 ), null, true, null, true ); + if ( false !== $next_non_empty && \T_STRING === $this->tokens[ $next_non_empty ]['code'] ) { + $has_parenthesis = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $next_non_empty + 1 ), null, true, null, true ); + if ( false !== $has_parenthesis && \T_OPEN_PARENTHESIS === $this->tokens[ $has_parenthesis ]['code'] ) { + $function_name = strtolower( $this->tokens[ $next_non_empty ]['content'] ); + if ( ( true === $this->use_default_whitelist + && isset( $this->function_whitelist[ $function_name ] ) === true ) + || ( ! empty( $this->custom_whitelist ) + && in_array( $function_name, $this->custom_whitelist, true ) === true ) + ) { + $this->phpcsFile->recordMetric( $stackPtr, 'Error silencing', 'whitelisted function call: ' . $function_name ); + return; + } + } + } + + $this->context_length = (int) $this->context_length; + $context_length = $this->context_length; + if ( $this->context_length <= 0 ) { + $context_length = 2; + } + + // Prepare the "Found" string to display. + $end_of_statement = $this->phpcsFile->findEndOfStatement( $stackPtr, \T_COMMA ); + if ( ( $end_of_statement - $stackPtr ) < $context_length ) { + $context_length = ( $end_of_statement - $stackPtr ); + } + $found = $this->phpcsFile->getTokensAsString( $stackPtr, $context_length ); + $found = str_replace( array( "\t", "\n", "\r" ), ' ', $found ) . '...'; + + $error_msg = 'Silencing errors is strongly discouraged. Use proper error checking instead.'; + $data = array(); + if ( $this->context_length > 0 ) { + $error_msg .= ' Found: %s'; + $data[] = $found; + } + + $this->phpcsFile->addWarning( + $error_msg, + $stackPtr, + 'Discouraged', + $data + ); + + if ( isset( $function_name ) ) { + $this->phpcsFile->recordMetric( $stackPtr, 'Error silencing', '@' . $function_name ); + } else { + $this->phpcsFile->recordMetric( $stackPtr, 'Error silencing', $found ); + } + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/POSIXFunctionsSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/POSIXFunctionsSniff.php new file mode 100644 index 00000000..9fb1cdcb --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/POSIXFunctionsSniff.php @@ -0,0 +1,76 @@ + array( + * 'lambda' => array( + * 'type' => 'error' | 'warning', + * 'message' => 'Use anonymous functions instead please!', + * 'functions' => array( 'file_get_contents', 'create_function' ), + * ) + * ) + * + * @return array + */ + public function getGroups() { + return array( + 'ereg' => array( + 'type' => 'error', + 'message' => '%s() has been deprecated since PHP 5.3 and removed in PHP 7.0, please use preg_match() instead.', + 'functions' => array( + 'ereg', + 'eregi', + 'sql_regcase', + ), + ), + + 'ereg_replace' => array( + 'type' => 'error', + 'message' => '%s() has been deprecated since PHP 5.3 and removed in PHP 7.0, please use preg_replace() instead.', + 'functions' => array( + 'ereg_replace', + 'eregi_replace', + ), + ), + + 'split' => array( + 'type' => 'error', + 'message' => '%s() has been deprecated since PHP 5.3 and removed in PHP 7.0, please use explode(), str_split() or preg_split() instead.', + 'functions' => array( + 'split', + 'spliti', + ), + ), + + ); + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/PregQuoteDelimiterSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/PregQuoteDelimiterSniff.php new file mode 100644 index 00000000..a67e1173 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/PregQuoteDelimiterSniff.php @@ -0,0 +1,69 @@ + => + */ + protected $target_functions = array( + 'preg_quote' => true, + ); + + /** + * Process the parameters of a matched function. + * + * @since 1.0.0 + * + * @param int $stackPtr The position of the current token in the stack. + * @param string $group_name The name of the group which was matched. + * @param string $matched_content The token content (function name) which was matched. + * @param array $parameters Array with information about the parameters. + * + * @return void + */ + public function process_parameters( $stackPtr, $group_name, $matched_content, $parameters ) { + if ( \count( $parameters ) > 1 ) { + return; + } + + $this->phpcsFile->addWarning( + 'Passing the $delimiter as the second parameter to preg_quote() is strongly recommended.', + $stackPtr, + 'Missing' + ); + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/RestrictedPHPFunctionsSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/RestrictedPHPFunctionsSniff.php new file mode 100644 index 00000000..280c94d9 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/RestrictedPHPFunctionsSniff.php @@ -0,0 +1,48 @@ + array( + * 'lambda' => array( + * 'type' => 'error' | 'warning', + * 'message' => 'Use anonymous functions instead please!', + * 'functions' => array( 'file_get_contents', 'create_function' ), + * ) + * ) + * + * @return array + */ + public function getGroups() { + return array( + 'create_function' => array( + 'type' => 'error', + 'message' => '%s() is deprecated as of PHP 7.2, please use full fledged functions or anonymous functions instead.', + 'functions' => array( + 'create_function', + ), + ), + ); + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/StrictComparisonsSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/StrictComparisonsSniff.php new file mode 100644 index 00000000..85fe0554 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/StrictComparisonsSniff.php @@ -0,0 +1,56 @@ +has_whitelist_comment( 'loose comparison', $stackPtr ) ) { + $error = 'Found: ' . $this->tokens[ $stackPtr ]['content'] . '. Use strict comparisons (=== or !==).'; + $this->phpcsFile->addWarning( $error, $stackPtr, 'LooseComparison' ); + } + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/StrictInArraySniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/StrictInArraySniff.php new file mode 100644 index 00000000..4973e9bb --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/StrictInArraySniff.php @@ -0,0 +1,105 @@ + => + */ + protected $target_functions = array( + 'in_array' => true, + 'array_search' => true, + 'array_keys' => false, + ); + + /** + * Process the parameters of a matched function. + * + * @since 0.11.0 + * + * @param int $stackPtr The position of the current token in the stack. + * @param string $group_name The name of the group which was matched. + * @param string $matched_content The token content (function name) which was matched. + * @param array $parameters Array with information about the parameters. + * + * @return void + */ + public function process_parameters( $stackPtr, $group_name, $matched_content, $parameters ) { + // Check if the strict check is actually needed. + if ( false === $this->target_functions[ $matched_content ] ) { + if ( \count( $parameters ) === 1 ) { + return; + } + } + + // We're only interested in the third parameter. + if ( false === isset( $parameters[3] ) || 'true' !== strtolower( $parameters[3]['raw'] ) ) { + $errorcode = 'MissingTrueStrict'; + + /* + * Use a different error code when `false` is found to allow for excluding + * the warning as this will be a conscious choice made by the dev. + */ + if ( isset( $parameters[3] ) && 'false' === strtolower( $parameters[3]['raw'] ) ) { + $errorcode = 'FoundNonStrictFalse'; + } + + $this->phpcsFile->addWarning( + 'Not using strict comparison for %s; supply true for third argument.', + ( isset( $parameters[3]['start'] ) ? $parameters[3]['start'] : $parameters[1]['start'] ), + $errorcode, + array( $matched_content ) + ); + return; + } + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/TypeCastsSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/TypeCastsSniff.php new file mode 100644 index 00000000..7aded55f --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/TypeCastsSniff.php @@ -0,0 +1,99 @@ +tokens[ $stackPtr ]['code']; + $typecast = str_replace( ' ', '', $this->tokens[ $stackPtr ]['content'] ); + $typecast_lc = strtolower( $typecast ); + + switch ( $token_code ) { + case \T_DOUBLE_CAST: + if ( '(float)' !== $typecast_lc ) { + $fix = $this->phpcsFile->addFixableError( + 'Normalized type keywords must be used; expected "(float)" but found "%s"', + $stackPtr, + 'DoubleRealFound', + array( $typecast ) + ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->replaceToken( $stackPtr, '(float)' ); + } + } + break; + + case \T_UNSET_CAST: + $this->phpcsFile->addWarning( + 'Using the "(unset)" cast is strongly discouraged. Use the "unset()" language construct or assign "null" as the value to the variable instead.', + $stackPtr, + 'UnsetFound' + ); + break; + + case \T_STRING_CAST: + case \T_BINARY_CAST: + if ( \T_STRING_CAST === $token_code && '(binary)' !== $typecast_lc ) { + break; + } + + $this->phpcsFile->addWarning( + 'Using binary casting is strongly discouraged. Found: "%s"', + $stackPtr, + 'BinaryFound', + array( $typecast ) + ); + break; + } + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/YodaConditionsSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/YodaConditionsSniff.php new file mode 100644 index 00000000..9f3f3d10 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/PHP/YodaConditionsSniff.php @@ -0,0 +1,125 @@ +condition_start_tokens = $starters; + + return array( + \T_IS_EQUAL, + \T_IS_NOT_EQUAL, + \T_IS_IDENTICAL, + \T_IS_NOT_IDENTICAL, + ); + } + + /** + * Processes this test, when one of its tokens is encountered. + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return void + */ + public function process_token( $stackPtr ) { + + $start = $this->phpcsFile->findPrevious( $this->condition_start_tokens, $stackPtr, null, false, null, true ); + + $needs_yoda = false; + + // Note: going backwards! + for ( $i = $stackPtr; $i > $start; $i-- ) { + + // Ignore whitespace. + if ( isset( Tokens::$emptyTokens[ $this->tokens[ $i ]['code'] ] ) ) { + continue; + } + + // If this is a variable or array, we've seen all we need to see. + if ( \T_VARIABLE === $this->tokens[ $i ]['code'] + || \T_CLOSE_SQUARE_BRACKET === $this->tokens[ $i ]['code'] + ) { + $needs_yoda = true; + break; + } + + // If this is a function call or something, we are OK. + if ( \T_CLOSE_PARENTHESIS === $this->tokens[ $i ]['code'] ) { + return; + } + } + + if ( ! $needs_yoda ) { + return; + } + + // Check if this is a var to var comparison, e.g.: if ( $var1 == $var2 ). + $next_non_empty = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $stackPtr + 1 ), null, true ); + + if ( isset( Tokens::$castTokens[ $this->tokens[ $next_non_empty ]['code'] ] ) ) { + $next_non_empty = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $next_non_empty + 1 ), null, true ); + } + + if ( \in_array( $this->tokens[ $next_non_empty ]['code'], array( \T_SELF, \T_PARENT, \T_STATIC ), true ) ) { + $next_non_empty = $this->phpcsFile->findNext( + ( Tokens::$emptyTokens + array( \T_DOUBLE_COLON => \T_DOUBLE_COLON ) ), + ( $next_non_empty + 1 ), + null, + true + ); + } + + if ( \T_VARIABLE === $this->tokens[ $next_non_empty ]['code'] ) { + return; + } + + $this->phpcsFile->addError( 'Use Yoda Condition checks, you must.', $stackPtr, 'NotYoda' ); + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Security/EscapeOutputSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Security/EscapeOutputSniff.php new file mode 100644 index 00000000..48a4766b --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Security/EscapeOutputSniff.php @@ -0,0 +1,505 @@ + 'esc_html_e() or esc_attr_e()', + '_ex' => 'echo esc_html_x() or echo esc_attr_x()', + ); + + /** + * Cache of previously added custom functions. + * + * Prevents having to do the same merges over and over again. + * + * @since 0.4.0 + * @since 0.11.0 - Changed from public static to protected non-static. + * - Changed the format from simple bool to array. + * + * @var array + */ + protected $addedCustomFunctions = array( + 'escape' => array(), + 'autoescape' => array(), + 'sanitize' => array(), + 'print' => array(), + ); + + /** + * List of names of the tokens representing PHP magic constants. + * + * @since 0.10.0 + * + * @var array + */ + private $magic_constant_tokens = array( + 'T_CLASS_C' => true, // __CLASS__ + 'T_DIR' => true, // __DIR__ + 'T_FILE' => true, // __FILE__ + 'T_FUNC_C' => true, // __FUNCTION__ + 'T_LINE' => true, // __LINE__ + 'T_METHOD_C' => true, // __METHOD__ + 'T_NS_C' => true, // __NAMESPACE__ + 'T_TRAIT_C' => true, // __TRAIT__ + ); + + /** + * List of names of the native PHP constants which can be considered safe. + * + * @since 1.0.0 + * + * @var array + */ + private $safe_php_constants = array( + 'PHP_EOL' => true, // String. + 'PHP_VERSION' => true, // Integer. + 'PHP_MAJOR_VERSION' => true, // Integer. + 'PHP_MINOR_VERSION' => true, // Integer. + 'PHP_RELEASE_VERSION' => true, // Integer. + 'PHP_VERSION_ID' => true, // Integer. + 'PHP_EXTRA_VERSION' => true, // String. + 'PHP_DEBUG' => true, // Integer. + ); + + /** + * List of tokens which can be considered as safe when directly part of the output. + * + * @since 0.12.0 + * + * @var array + */ + private $safe_components = array( + 'T_CONSTANT_ENCAPSED_STRING' => true, + 'T_LNUMBER' => true, + 'T_MINUS' => true, + 'T_PLUS' => true, + 'T_MULTIPLY' => true, + 'T_DIVIDE' => true, + 'T_MODULUS' => true, + 'T_TRUE' => true, + 'T_FALSE' => true, + 'T_NULL' => true, + 'T_DNUMBER' => true, + 'T_START_NOWDOC' => true, + 'T_NOWDOC' => true, + 'T_END_NOWDOC' => true, + ); + + /** + * Returns an array of tokens this test wants to listen for. + * + * @return array + */ + public function register() { + + return array( + \T_ECHO, + \T_PRINT, + \T_EXIT, + \T_STRING, + \T_OPEN_TAG_WITH_ECHO, + ); + } + + /** + * Processes this test, when one of its tokens is encountered. + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + public function process_token( $stackPtr ) { + + $this->mergeFunctionLists(); + + $function = $this->tokens[ $stackPtr ]['content']; + + // Find the opening parenthesis (if present; T_ECHO might not have it). + $open_paren = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $stackPtr + 1 ), null, true ); + + // If function, not T_ECHO nor T_PRINT. + if ( \T_STRING === $this->tokens[ $stackPtr ]['code'] ) { + // Skip if it is a function but is not one of the printing functions. + if ( ! isset( $this->printingFunctions[ $this->tokens[ $stackPtr ]['content'] ] ) ) { + return; + } + + if ( isset( $this->tokens[ $open_paren ]['parenthesis_closer'] ) ) { + $end_of_statement = $this->tokens[ $open_paren ]['parenthesis_closer']; + } + + // These functions only need to have the first argument escaped. + if ( \in_array( $function, array( 'trigger_error', 'user_error' ), true ) ) { + $first_param = $this->get_function_call_parameter( $stackPtr, 1 ); + $end_of_statement = ( $first_param['end'] + 1 ); + unset( $first_param ); + } + + /* + * If the first param to `_deprecated_file()` follows the typical `basename( __FILE__ )` + * pattern, it doesn't need to be escaped. + */ + if ( '_deprecated_file' === $function ) { + $first_param = $this->get_function_call_parameter( $stackPtr, 1 ); + + // Quick check. This disregards comments. + if ( preg_match( '`^basename\s*\(\s*__FILE__\s*\)$`', $first_param['raw'] ) === 1 ) { + $stackPtr = ( $first_param['end'] + 2 ); + } + unset( $first_param ); + } + } + + // Checking for the ignore comment, ex: //xss ok. + if ( $this->has_whitelist_comment( 'xss', $stackPtr ) ) { + return; + } + + if ( isset( $this->unsafePrintingFunctions[ $function ] ) ) { + $error = $this->phpcsFile->addError( + "All output should be run through an escaping function (like %s), found '%s'.", + $stackPtr, + 'UnsafePrintingFunction', + array( $this->unsafePrintingFunctions[ $function ], $function ) + ); + + // If the error was reported, don't bother checking the function's arguments. + if ( $error ) { + return isset( $end_of_statement ) ? $end_of_statement : null; + } + } + + $ternary = false; + + // This is already determined if this is a function and not T_ECHO. + if ( ! isset( $end_of_statement ) ) { + + $end_of_statement = $this->phpcsFile->findNext( array( \T_SEMICOLON, \T_CLOSE_TAG ), $stackPtr ); + $last_token = $this->phpcsFile->findPrevious( Tokens::$emptyTokens, ( $end_of_statement - 1 ), null, true ); + + // Check for the ternary operator. We only need to do this here if this + // echo is lacking parenthesis. Otherwise it will be handled below. + if ( \T_OPEN_PARENTHESIS !== $this->tokens[ $open_paren ]['code'] || \T_CLOSE_PARENTHESIS !== $this->tokens[ $last_token ]['code'] ) { + + $ternary = $this->phpcsFile->findNext( \T_INLINE_THEN, $stackPtr, $end_of_statement ); + + // If there is a ternary skip over the part before the ?. However, if + // the ternary is within parentheses, it will be handled in the loop. + if ( false !== $ternary && empty( $this->tokens[ $ternary ]['nested_parenthesis'] ) ) { + $stackPtr = $ternary; + } + } + } + + // Ignore the function itself. + $stackPtr++; + + $in_cast = false; + + // Looping through echo'd components. + $watch = true; + for ( $i = $stackPtr; $i < $end_of_statement; $i++ ) { + + // Ignore whitespaces and comments. + if ( isset( Tokens::$emptyTokens[ $this->tokens[ $i ]['code'] ] ) ) { + continue; + } + + // Ignore namespace separators. + if ( \T_NS_SEPARATOR === $this->tokens[ $i ]['code'] ) { + continue; + } + + if ( \T_OPEN_PARENTHESIS === $this->tokens[ $i ]['code'] ) { + + if ( ! isset( $this->tokens[ $i ]['parenthesis_closer'] ) ) { + // Live coding or parse error. + break; + } + + if ( $in_cast ) { + + // Skip to the end of a function call if it has been casted to a safe value. + $i = $this->tokens[ $i ]['parenthesis_closer']; + $in_cast = false; + + } else { + + // Skip over the condition part of a ternary (i.e., to after the ?). + $ternary = $this->phpcsFile->findNext( \T_INLINE_THEN, $i, $this->tokens[ $i ]['parenthesis_closer'] ); + + if ( false !== $ternary ) { + + $next_paren = $this->phpcsFile->findNext( \T_OPEN_PARENTHESIS, ( $i + 1 ), $this->tokens[ $i ]['parenthesis_closer'] ); + + // We only do it if the ternary isn't within a subset of parentheses. + if ( false === $next_paren || ( isset( $this->tokens[ $next_paren ]['parenthesis_closer'] ) && $ternary > $this->tokens[ $next_paren ]['parenthesis_closer'] ) ) { + $i = $ternary; + } + } + } + + continue; + } + + // Handle arrays for those functions that accept them. + if ( \T_ARRAY === $this->tokens[ $i ]['code'] ) { + $i++; // Skip the opening parenthesis. + continue; + } + + if ( \T_OPEN_SHORT_ARRAY === $this->tokens[ $i ]['code'] + || \T_CLOSE_SHORT_ARRAY === $this->tokens[ $i ]['code'] + ) { + continue; + } + + if ( \in_array( $this->tokens[ $i ]['code'], array( \T_DOUBLE_ARROW, \T_CLOSE_PARENTHESIS ), true ) ) { + continue; + } + + // Handle magic constants for debug functions. + if ( isset( $this->magic_constant_tokens[ $this->tokens[ $i ]['type'] ] ) ) { + continue; + } + + // Handle safe PHP native constants. + if ( \T_STRING === $this->tokens[ $i ]['code'] + && isset( $this->safe_php_constants[ $this->tokens[ $i ]['content'] ] ) + && $this->is_use_of_global_constant( $i ) + ) { + continue; + } + + // Wake up on concatenation characters, another part to check. + if ( \T_STRING_CONCAT === $this->tokens[ $i ]['code'] ) { + $watch = true; + continue; + } + + // Wake up after a ternary else (:). + if ( false !== $ternary && \T_INLINE_ELSE === $this->tokens[ $i ]['code'] ) { + $watch = true; + continue; + } + + // Wake up for commas. + if ( \T_COMMA === $this->tokens[ $i ]['code'] ) { + $in_cast = false; + $watch = true; + continue; + } + + if ( false === $watch ) { + continue; + } + + // Allow T_CONSTANT_ENCAPSED_STRING eg: echo 'Some String'; + // Also T_LNUMBER, e.g.: echo 45; exit -1; and booleans. + if ( isset( $this->safe_components[ $this->tokens[ $i ]['type'] ] ) ) { + continue; + } + + $watch = false; + + // Allow int/double/bool casted variables. + if ( isset( $this->safe_casts[ $this->tokens[ $i ]['code'] ] ) ) { + $in_cast = true; + continue; + } + + // Now check that next token is a function call. + if ( \T_STRING === $this->tokens[ $i ]['code'] ) { + + $ptr = $i; + $functionName = $this->tokens[ $i ]['content']; + $function_opener = $this->phpcsFile->findNext( \T_OPEN_PARENTHESIS, ( $i + 1 ), null, false, null, true ); + $is_formatting_function = isset( $this->formattingFunctions[ $functionName ] ); + + if ( false !== $function_opener ) { + + if ( isset( $this->arrayWalkingFunctions[ $functionName ] ) ) { + + // Get the callback parameter. + $callback = $this->get_function_call_parameter( + $ptr, + $this->arrayWalkingFunctions[ $functionName ] + ); + + if ( ! empty( $callback ) ) { + /* + * If this is a function callback (not a method callback array) and we're able + * to resolve the function name, do so. + */ + $mapped_function = $this->phpcsFile->findNext( + Tokens::$emptyTokens, + $callback['start'], + ( $callback['end'] + 1 ), + true + ); + + if ( false !== $mapped_function + && \T_CONSTANT_ENCAPSED_STRING === $this->tokens[ $mapped_function ]['code'] + ) { + $functionName = $this->strip_quotes( $this->tokens[ $mapped_function ]['content'] ); + $ptr = $mapped_function; + } + } + } + + // Skip pointer to after the function. + // If this is a formatting function we just skip over the opening + // parenthesis. Otherwise we skip all the way to the closing. + if ( $is_formatting_function ) { + $i = ( $function_opener + 1 ); + $watch = true; + } else { + if ( isset( $this->tokens[ $function_opener ]['parenthesis_closer'] ) ) { + $i = $this->tokens[ $function_opener ]['parenthesis_closer']; + } else { + // Live coding or parse error. + break; + } + } + } + + // If this is a safe function, we don't flag it. + if ( + $is_formatting_function + || isset( $this->autoEscapedFunctions[ $functionName ] ) + || isset( $this->escapingFunctions[ $functionName ] ) + ) { + continue; + } + + $content = $functionName; + + } else { + $content = $this->tokens[ $i ]['content']; + $ptr = $i; + } + + // Make the error message a little more informative for array access variables. + if ( \T_VARIABLE === $this->tokens[ $ptr ]['code'] ) { + $array_keys = $this->get_array_access_keys( $ptr ); + + if ( ! empty( $array_keys ) ) { + $content .= '[' . implode( '][', $array_keys ) . ']'; + } + } + + $this->phpcsFile->addError( + "All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '%s'.", + $ptr, + 'OutputNotEscaped', + array( $content ) + ); + } + + return $end_of_statement; + } + + /** + * Merge custom functions provided via a custom ruleset with the defaults, if we haven't already. + * + * @since 0.11.0 Split out from the `process()` method. + * + * @return void + */ + protected function mergeFunctionLists() { + if ( $this->customEscapingFunctions !== $this->addedCustomFunctions['escape'] ) { + $customEscapeFunctions = $this->merge_custom_array( $this->customEscapingFunctions, array(), false ); + + $this->escapingFunctions = $this->merge_custom_array( + $customEscapeFunctions, + $this->escapingFunctions + ); + + $this->addedCustomFunctions['escape'] = $this->customEscapingFunctions; + } + + if ( $this->customAutoEscapedFunctions !== $this->addedCustomFunctions['autoescape'] ) { + $this->autoEscapedFunctions = $this->merge_custom_array( + $this->customAutoEscapedFunctions, + $this->autoEscapedFunctions + ); + + $this->addedCustomFunctions['autoescape'] = $this->customAutoEscapedFunctions; + } + + if ( $this->customPrintingFunctions !== $this->addedCustomFunctions['print'] ) { + + $this->printingFunctions = $this->merge_custom_array( + $this->customPrintingFunctions, + $this->printingFunctions + ); + + $this->addedCustomFunctions['print'] = $this->customPrintingFunctions; + } + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Security/NonceVerificationSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Security/NonceVerificationSniff.php new file mode 100644 index 00000000..15f4a604 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Security/NonceVerificationSniff.php @@ -0,0 +1,178 @@ + true, + '$_FILE' => true, + '$_GET' => false, + '$_REQUEST' => false, + ); + + /** + * Custom list of functions which verify nonces. + * + * @since 0.5.0 + * + * @var string|string[] + */ + public $customNonceVerificationFunctions = array(); + + /** + * Custom list of functions that sanitize the values passed to them. + * + * @since 0.11.0 + * + * @var string|string[] + */ + public $customSanitizingFunctions = array(); + + /** + * Custom sanitizing functions that implicitly unslash the values passed to them. + * + * @since 0.11.0 + * + * @var string|string[] + */ + public $customUnslashingSanitizingFunctions = array(); + + /** + * Cache of previously added custom functions. + * + * Prevents having to do the same merges over and over again. + * + * @since 0.5.0 + * @since 0.11.0 - Changed from public static to protected non-static. + * - Changed the format from simple bool to array. + * + * @var array + */ + protected $addedCustomFunctions = array( + 'nonce' => array(), + 'sanitize' => array(), + 'unslashsanitize' => array(), + ); + + /** + * Returns an array of tokens this test wants to listen for. + * + * @return array + */ + public function register() { + + return array( + \T_VARIABLE, + ); + } + + /** + * Processes this test, when one of its tokens is encountered. + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return void + */ + public function process_token( $stackPtr ) { + + $instance = $this->tokens[ $stackPtr ]; + + if ( ! isset( $this->superglobals[ $instance['content'] ] ) ) { + return; + } + + if ( $this->has_whitelist_comment( 'CSRF', $stackPtr ) ) { + return; + } + + if ( $this->is_assignment( $stackPtr ) ) { + return; + } + + $this->mergeFunctionLists(); + + if ( $this->has_nonce_check( $stackPtr ) ) { + return; + } + + $error_code = 'Missing'; + if ( false === $this->superglobals[ $instance['content'] ] ) { + $error_code = 'Recommended'; + } + + // If we're still here, no nonce-verification function was found. + $this->addMessage( + 'Processing form data without nonce verification.', + $stackPtr, + $this->superglobals[ $instance['content'] ], + $error_code + ); + } + + /** + * Merge custom functions provided via a custom ruleset with the defaults, if we haven't already. + * + * @since 0.11.0 Split out from the `process()` method. + * + * @return void + */ + protected function mergeFunctionLists() { + if ( $this->customNonceVerificationFunctions !== $this->addedCustomFunctions['nonce'] ) { + $this->nonceVerificationFunctions = $this->merge_custom_array( + $this->customNonceVerificationFunctions, + $this->nonceVerificationFunctions + ); + + $this->addedCustomFunctions['nonce'] = $this->customNonceVerificationFunctions; + } + + if ( $this->customSanitizingFunctions !== $this->addedCustomFunctions['sanitize'] ) { + $this->sanitizingFunctions = $this->merge_custom_array( + $this->customSanitizingFunctions, + $this->sanitizingFunctions + ); + + $this->addedCustomFunctions['sanitize'] = $this->customSanitizingFunctions; + } + + if ( $this->customUnslashingSanitizingFunctions !== $this->addedCustomFunctions['unslashsanitize'] ) { + $this->unslashingSanitizingFunctions = $this->merge_custom_array( + $this->customUnslashingSanitizingFunctions, + $this->unslashingSanitizingFunctions + ); + + $this->addedCustomFunctions['unslashsanitize'] = $this->customUnslashingSanitizingFunctions; + } + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Security/PluginMenuSlugSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Security/PluginMenuSlugSniff.php new file mode 100644 index 00000000..08d8d58e --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Security/PluginMenuSlugSniff.php @@ -0,0 +1,89 @@ + => + */ + protected $target_functions = array( + 'add_menu_page' => array( 4 ), + 'add_object_page' => array( 4 ), + 'add_utility_page' => array( 4 ), + 'add_submenu_page' => array( 1, 5 ), + 'add_dashboard_page' => array( 4 ), + 'add_posts_page' => array( 4 ), + 'add_media_page' => array( 4 ), + 'add_links_page' => array( 4 ), + 'add_pages_page' => array( 4 ), + 'add_comments_page' => array( 4 ), + 'add_theme_page' => array( 4 ), + 'add_plugins_page' => array( 4 ), + 'add_users_page' => array( 4 ), + 'add_management_page' => array( 4 ), + 'add_options_page' => array( 4 ), + ); + + /** + * Process the parameters of a matched function. + * + * @since 0.11.0 + * + * @param int $stackPtr The position of the current token in the stack. + * @param string $group_name The name of the group which was matched. + * @param string $matched_content The token content (function name) which was matched. + * @param array $parameters Array with information about the parameters. + * + * @return void + */ + public function process_parameters( $stackPtr, $group_name, $matched_content, $parameters ) { + foreach ( $this->target_functions[ $matched_content ] as $position ) { + if ( isset( $parameters[ $position ] ) ) { + $file_constant = $this->phpcsFile->findNext( \T_FILE, $parameters[ $position ]['start'], ( $parameters[ $position ]['end'] + 1 ) ); + + if ( false !== $file_constant ) { + $this->phpcsFile->addWarning( 'Using __FILE__ for menu slugs risks exposing filesystem structure.', $stackPtr, 'Using__FILE__' ); + } + } + } + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Security/SafeRedirectSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Security/SafeRedirectSniff.php new file mode 100644 index 00000000..2f6aa6a6 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Security/SafeRedirectSniff.php @@ -0,0 +1,48 @@ + array( + * 'lambda' => array( + * 'type' => 'error' | 'warning', + * 'message' => 'Use anonymous functions instead please!', + * 'functions' => array( 'file_get_contents', 'create_function' ), + * ) + * ) + * + * @return array + */ + public function getGroups() { + return array( + 'wp_redirect' => array( + 'type' => 'warning', + 'message' => '%s() found. Using wp_safe_redirect(), along with the allowed_redirect_hosts filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.', + 'functions' => array( + 'wp_redirect', + ), + ), + ); + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Security/ValidatedSanitizedInputSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Security/ValidatedSanitizedInputSniff.php new file mode 100644 index 00000000..a545c580 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Security/ValidatedSanitizedInputSniff.php @@ -0,0 +1,233 @@ + array(), + 'unslashsanitize' => array(), + ); + + /** + * Returns an array of tokens this test wants to listen for. + * + * @return array + */ + public function register() { + return array( + \T_VARIABLE, + \T_DOUBLE_QUOTED_STRING, + \T_HEREDOC, + ); + } + + /** + * Processes this test, when one of its tokens is encountered. + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return void + */ + public function process_token( $stackPtr ) { + + $superglobals = $this->input_superglobals; + + // Handling string interpolation. + if ( \T_DOUBLE_QUOTED_STRING === $this->tokens[ $stackPtr ]['code'] + || \T_HEREDOC === $this->tokens[ $stackPtr ]['code'] + ) { + $interpolated_variables = array_map( + function ( $symbol ) { + return '$' . $symbol; + }, + $this->get_interpolated_variables( $this->tokens[ $stackPtr ]['content'] ) + ); + foreach ( array_intersect( $interpolated_variables, $superglobals ) as $bad_variable ) { + $this->phpcsFile->addError( 'Detected usage of a non-sanitized, non-validated input variable %s: %s', $stackPtr, 'InputNotValidatedNotSanitized', array( $bad_variable, $this->tokens[ $stackPtr ]['content'] ) ); + } + + return; + } + + // Check if this is a superglobal. + if ( ! \in_array( $this->tokens[ $stackPtr ]['content'], $superglobals, true ) ) { + return; + } + + // If we're overriding a superglobal with an assignment, no need to test. + if ( $this->is_assignment( $stackPtr ) ) { + return; + } + + // This superglobal is being validated. + if ( $this->is_in_isset_or_empty( $stackPtr ) ) { + return; + } + + $array_keys = $this->get_array_access_keys( $stackPtr ); + + if ( empty( $array_keys ) ) { + return; + } + + $error_data = array( $this->tokens[ $stackPtr ]['content'] . '[' . implode( '][', $array_keys ) . ']' ); + + /* + * Check for validation first. + */ + $validated = false; + + for ( $i = ( $stackPtr + 1 ); $i < $this->phpcsFile->numTokens; $i++ ) { + if ( isset( Tokens::$emptyTokens[ $this->tokens[ $i ]['code'] ] ) ) { + continue; + } + + if ( \T_OPEN_SQUARE_BRACKET === $this->tokens[ $i ]['code'] + && isset( $this->tokens[ $i ]['bracket_closer'] ) + ) { + // Skip over array keys. + $i = $this->tokens[ $i ]['bracket_closer']; + continue; + } + + if ( \T_COALESCE === $this->tokens[ $i ]['code'] ) { + $validated = true; + } + + // Anything else means this is not a validation coalesce. + break; + } + + if ( false === $validated ) { + $validated = $this->is_validated( $stackPtr, $array_keys, $this->check_validation_in_scope_only ); + } + + if ( false === $validated ) { + $this->phpcsFile->addError( + 'Detected usage of a possibly undefined superglobal array index: %s. Use isset() or empty() to check the index exists before using it', + $stackPtr, + 'InputNotValidated', + $error_data + ); + } + + if ( $this->has_whitelist_comment( 'sanitization', $stackPtr ) ) { + return; + } + + // If this variable is being tested with one of the `is_..()` functions, sanitization isn't needed. + if ( $this->is_in_type_test( $stackPtr ) ) { + return; + } + + // If this is a comparison ('a' == $_POST['foo']), sanitization isn't needed. + if ( $this->is_comparison( $stackPtr, false ) ) { + return; + } + + // If this is a comparison using the array comparison functions, sanitization isn't needed. + if ( $this->is_in_array_comparison( $stackPtr ) ) { + return; + } + + $this->mergeFunctionLists(); + + // Now look for sanitizing functions. + if ( ! $this->is_sanitized( $stackPtr, true ) ) { + $this->phpcsFile->addError( + 'Detected usage of a non-sanitized input variable: %s', + $stackPtr, + 'InputNotSanitized', + $error_data + ); + } + } + + /** + * Merge custom functions provided via a custom ruleset with the defaults, if we haven't already. + * + * @since 0.11.0 Split out from the `process()` method. + * + * @return void + */ + protected function mergeFunctionLists() { + if ( $this->customSanitizingFunctions !== $this->addedCustomFunctions['sanitize'] ) { + $this->sanitizingFunctions = $this->merge_custom_array( + $this->customSanitizingFunctions, + $this->sanitizingFunctions + ); + + $this->addedCustomFunctions['sanitize'] = $this->customSanitizingFunctions; + } + + if ( $this->customUnslashingSanitizingFunctions !== $this->addedCustomFunctions['unslashsanitize'] ) { + $this->unslashingSanitizingFunctions = $this->merge_custom_array( + $this->customUnslashingSanitizingFunctions, + $this->unslashingSanitizingFunctions + ); + + $this->addedCustomFunctions['unslashsanitize'] = $this->customUnslashingSanitizingFunctions; + } + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Utils/I18nTextDomainFixerSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Utils/I18nTextDomainFixerSniff.php new file mode 100644 index 00000000..e7090b48 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Utils/I18nTextDomainFixerSniff.php @@ -0,0 +1,731 @@ + => + */ + protected $target_functions = array( + 'load_textdomain' => 1, + 'load_plugin_textdomain' => 1, + 'load_muplugin_textdomain' => 1, + 'load_theme_textdomain' => 1, + 'load_child_theme_textdomain' => 1, + 'unload_textdomain' => 1, + + '__' => 2, + '_e' => 2, + '_x' => 3, + '_ex' => 3, + '_n' => 4, + '_nx' => 5, + '_n_noop' => 3, + '_nx_noop' => 4, + 'translate_nooped_plural' => 3, + '_c' => 2, // Deprecated. + '_nc' => 4, // Deprecated. + '__ngettext' => 4, // Deprecated. + '__ngettext_noop' => 3, // Deprecated. + 'translate_with_context' => 2, // Deprecated. + + 'esc_html__' => 2, + 'esc_html_e' => 2, + 'esc_html_x' => 3, + 'esc_attr__' => 2, + 'esc_attr_e' => 2, + 'esc_attr_x' => 3, + + 'is_textdomain_loaded' => 1, + 'get_translations_for_domain' => 1, + + // Shouldn't be used by plugins/themes. + 'translate' => 2, + 'translate_with_gettext_context' => 3, + + // WP private functions. Shouldn't be used by plugins/themes. + '_load_textdomain_just_in_time' => 1, + '_get_path_to_translation_from_lang_dir' => 1, + '_get_path_to_translation' => 1, + ); + + /** + * Whether a valid new text domain was found. + * + * @since 1.2.0 + * + * @var bool + */ + private $is_valid = false; + + /** + * The new text domain as validated. + * + * @since 1.2.0 + * + * @var string + */ + private $validated_textdomain = ''; + + /** + * Whether the plugin/theme header has been seen and fixed yet. + * + * @since 1.2.0 + * + * @var bool + */ + private $header_found = false; + + /** + * Possible headers for a theme. + * + * @link https://developer.wordpress.org/themes/basics/main-stylesheet-style-css/ + * + * @since 1.2.0 + * + * @var array Array key is the header name, the value indicated whether it is a + * required (true) or optional (false) header. + */ + private $theme_headers = array( + 'Theme Name' => true, + 'Theme URI' => false, + 'Author' => true, + 'Author URI' => false, + 'Description' => true, + 'Version' => true, + 'License' => true, + 'License URI' => true, + 'Tags' => false, + 'Text Domain' => true, + 'Domain Path' => false, + ); + + /** + * Possible headers for a plugin. + * + * @link https://developer.wordpress.org/plugins/the-basics/header-requirements/ + * + * @since 1.2.0 + * + * @var array Array key is the header name, the value indicated whether it is a + * required (true) or optional (false) header. + */ + private $plugin_headers = array( + 'Plugin Name' => true, + 'Plugin URI' => false, + 'Description' => false, + 'Version' => false, + 'Author' => false, + 'Author URI' => false, + 'License' => false, + 'License URI' => false, + 'Text Domain' => false, + 'Domain Path' => false, + 'Network' => false, + ); + + /** + * Regex template to match theme/plugin headers. + * + * @since 1.2.0 + * + * @var string + */ + private $header_regex_template = '`^(?:\s*(?:(?:\*|//)\s*)?)?(%s)\s*:\s*([^\r\n]+)`'; + + /** + * Regex to match theme headers. + * + * Set from within the register() method. + * + * @since 1.2.0 + * + * @var string + */ + private $theme_header_regex; + + /** + * Regex to match plugin headers. + * + * Set from within the register() method. + * + * @since 1.2.0 + * + * @var string + */ + private $plugin_header_regex; + + /** + * The --tab-width CLI value that is being used. + * + * @since 1.2.0 + * + * @var integer + */ + private $tab_width = null; + + /** + * Returns an array of tokens this test wants to listen for. + * + * @since 1.2.0 + * + * @return array + */ + public function register() { + $headers = array_map( + 'preg_quote', + array_keys( $this->theme_headers ), + array_fill( 0, \count( $this->theme_headers ), '`' ) + ); + $this->theme_header_regex = sprintf( $this->header_regex_template, implode( '|', $headers ) ); + + $headers = array_map( + 'preg_quote', + array_keys( $this->plugin_headers ), + array_fill( 0, \count( $this->plugin_headers ), '`' ) + ); + $this->plugin_header_regex = sprintf( $this->header_regex_template, implode( '|', $headers ) ); + + $targets = parent::register(); + + $targets[] = \T_DOC_COMMENT_OPEN_TAG; + $targets[] = \T_COMMENT; + + return $targets; + } + + /** + * Processes this test, when one of its tokens is encountered. + * + * @since 1.2.0 + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + public function process_token( $stackPtr ) { + // Check if the old/new properties are correctly set. If not, bow out. + if ( ! is_string( $this->new_text_domain ) + || '' === $this->new_text_domain + ) { + return ( $this->phpcsFile->numTokens + 1 ); + } + + if ( isset( $this->old_text_domain ) ) { + $this->old_text_domain = $this->merge_custom_array( $this->old_text_domain, array(), false ); + + if ( ! is_array( $this->old_text_domain ) + || array() === $this->old_text_domain + ) { + return ( $this->phpcsFile->numTokens + 1 ); + } + } + + // Only validate and throw warning about the text domain once. + if ( $this->new_text_domain !== $this->validated_textdomain ) { + $this->is_valid = false; + $this->validated_textdomain = $this->new_text_domain; + $this->header_found = false; + + if ( 'default' === $this->new_text_domain ) { + $this->phpcsFile->addWarning( + 'The "default" text domain is reserved for WordPress core use and should not be used by plugins or themes', + 0, + 'ReservedNewDomain', + array( $this->new_text_domain ) + ); + + return ( $this->phpcsFile->numTokens + 1 ); + } + + if ( preg_match( '`^[a-z0-9-]+$`', $this->new_text_domain ) !== 1 ) { + $this->phpcsFile->addWarning( + 'The text domain should be a simple lowercase text string with words separated by dashes. "%s" appears invalid', + 0, + 'InvalidNewDomain', + array( $this->new_text_domain ) + ); + + return ( $this->phpcsFile->numTokens + 1 ); + } + + // If the text domain passed both validations, it should be considered valid. + $this->is_valid = true; + + } elseif ( false === $this->is_valid ) { + return ( $this->phpcsFile->numTokens + 1 ); + } + + if ( isset( $this->tab_width ) === false ) { + if ( isset( $this->phpcsFile->config->tabWidth ) === false + || 0 === $this->phpcsFile->config->tabWidth + ) { + // We have no idea how wide tabs are, so assume 4 spaces for fixing. + $this->tab_width = 4; + } else { + $this->tab_width = $this->phpcsFile->config->tabWidth; + } + } + + if ( \T_DOC_COMMENT_OPEN_TAG === $this->tokens[ $stackPtr ]['code'] + || \T_COMMENT === $this->tokens[ $stackPtr ]['code'] + ) { + // Examine for plugin/theme file header. + return $this->process_comments( $stackPtr ); + + } elseif ( 'CSS' !== $this->phpcsFile->tokenizerType ) { + // Examine a T_STRING token in a PHP file as a function call. + return parent::process_token( $stackPtr ); + } + } + + + /** + * Process the parameters of a matched function. + * + * @since 1.2.0 + * + * @param int $stackPtr The position of the current token in the stack. + * @param string $group_name The name of the group which was matched. + * @param string $matched_content The token content (function name) which was matched. + * @param array $parameters Array with information about the parameters. + * + * @return void + */ + public function process_parameters( $stackPtr, $group_name, $matched_content, $parameters ) { + $target_param = $this->target_functions[ $matched_content ]; + + if ( isset( $parameters[ $target_param ] ) === false && 1 !== $target_param ) { + $error_msg = 'Missing $domain arg'; + $error_code = 'MissingArgDomain'; + + if ( isset( $parameters[ ( $target_param - 1 ) ] ) ) { + $fix = $this->phpcsFile->addFixableError( $error_msg, $stackPtr, $error_code ); + + if ( true === $fix ) { + $start_previous = $parameters[ ( $target_param - 1 ) ]['start']; + $end_previous = $parameters[ ( $target_param - 1 ) ]['end']; + if ( \T_WHITESPACE === $this->tokens[ $start_previous ]['code'] + && $this->tokens[ $start_previous ]['content'] === $this->phpcsFile->eolChar + ) { + // Replicate the new line + indentation of the previous item. + $replacement = ','; + for ( $i = $start_previous; $i <= $end_previous; $i++ ) { + if ( \T_WHITESPACE !== $this->tokens[ $i ]['code'] ) { + break; + } + + if ( isset( $this->tokens[ $i ]['orig_content'] ) ) { + $replacement .= $this->tokens[ $i ]['orig_content']; + } else { + $replacement .= $this->tokens[ $i ]['content']; + } + } + + $replacement .= "'{$this->new_text_domain}'"; + } else { + $replacement = ", '{$this->new_text_domain}'"; + } + + if ( \T_WHITESPACE === $this->tokens[ $end_previous ]['code'] ) { + $this->phpcsFile->fixer->addContentBefore( $end_previous, $replacement ); + } else { + $this->phpcsFile->fixer->addContent( $end_previous, $replacement ); + } + } + } else { + $error_msg .= ' and preceding argument(s)'; + $error_code = 'MissingArgs'; + + // Expected preceeding param also missing, just throw the warning. + $this->phpcsFile->addWarning( $error_msg, $stackPtr, $error_code ); + } + + return; + } + + // Target parameter found. Let's examine it. + $domain_param_start = $parameters[ $target_param ]['start']; + $domain_param_end = $parameters[ $target_param ]['end']; + $domain_token = null; + + for ( $i = $domain_param_start; $i <= $domain_param_end; $i++ ) { + if ( isset( Tokens::$emptyTokens[ $this->tokens[ $i ]['code'] ] ) ) { + continue; + } + + if ( \T_CONSTANT_ENCAPSED_STRING !== $this->tokens[ $i ]['code'] ) { + // Unexpected token found, not our concern. This is handled by the I18n sniff. + return; + } + + if ( isset( $domain_token ) ) { + // More than one T_CONSTANT_ENCAPSED_STRING found, not our concern. This is handled by the I18n sniff. + return; + } + + $domain_token = $i; + } + + // If we're still here, this means only one T_CONSTANT_ENCAPSED_STRING was found. + $old_domain = $this->strip_quotes( $this->tokens[ $domain_token ]['content'] ); + + if ( ! \in_array( $old_domain, $this->old_text_domain, true ) ) { + // Not a text domain targetted for replacement, ignore. + return; + } + + $fix = $this->phpcsFile->addFixableError( + 'Mismatched text domain. Expected \'%s\' but found \'%s\'', + $domain_token, + 'TextDomainMismatch', + array( $this->new_text_domain, $old_domain ) + ); + + if ( true === $fix ) { + $replacement = str_replace( $old_domain, $this->new_text_domain, $this->tokens[ $domain_token ]['content'] ); + $this->phpcsFile->fixer->replaceToken( $domain_token, $replacement ); + } + } + + /** + * Process the function if no parameters were found. + * + * @since 1.2.0 + * + * @param int $stackPtr The position of the current token in the stack. + * @param string $group_name The name of the group which was matched. + * @param string $matched_content The token content (function name) which was matched. + * + * @return void + */ + public function process_no_parameters( $stackPtr, $group_name, $matched_content ) { + + $target_param = $this->target_functions[ $matched_content ]; + + if ( 1 !== $target_param ) { + // Only process the no param case as fixable if the text domain is expected to be the first parameter. + $this->phpcsFile->addWarning( 'Missing $domain arg and preceding argument(s)', $stackPtr, 'MissingArgs' ); + return; + } + + $opener = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $stackPtr + 1 ), null, true ); + if ( \T_OPEN_PARENTHESIS !== $this->tokens[ $opener ]['code'] + || isset( $this->tokens[ $opener ]['parenthesis_closer'] ) === false + ) { + // Parse error or live coding. + return; + } + + $fix = $this->phpcsFile->addFixableError( 'Missing $domain arg', $stackPtr, 'MissingArgDomain' ); + if ( true === $fix ) { + $closer = $this->tokens[ $opener ]['parenthesis_closer']; + $replacement = " '{$this->new_text_domain}' "; + + if ( $this->tokens[ $opener ]['line'] !== $this->tokens[ $closer ]['line'] ) { + $replacement = trim( $replacement ); + $addBefore = ( $closer - 1 ); + if ( \T_WHITESPACE === $this->tokens[ ( $closer - 1 ) ]['code'] + && $this->tokens[ $closer - 1 ]['line'] === $this->tokens[ $closer ]['line'] + ) { + if ( isset( $this->tokens[ ( $closer - 1 ) ]['orig_content'] ) ) { + $replacement = $this->tokens[ ( $closer - 1 ) ]['orig_content'] + . "\t" + . $replacement; + } else { + $replacement = $this->tokens[ ( $closer - 1 ) ]['content'] + . str_repeat( ' ', $this->tab_width ) + . $replacement; + } + + --$addBefore; + } else { + // We don't know whether the code uses tabs or spaces, so presume WPCS, i.e. tabs. + $replacement = "\t" . $replacement; + } + + $replacement = $this->phpcsFile->eolChar . $replacement; + + $this->phpcsFile->fixer->addContentBefore( $addBefore, $replacement ); + + } elseif ( \T_WHITESPACE === $this->tokens[ ( $closer - 1 ) ]['code'] ) { + $this->phpcsFile->fixer->replaceToken( ( $closer - 1 ), $replacement ); + } else { + $this->phpcsFile->fixer->addContentBefore( $closer, $replacement ); + } + } + } + + + /** + * Process comments to find the plugin/theme headers. + * + * @since 1.2.0 + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + public function process_comments( $stackPtr ) { + if ( true === $this->header_found && ! defined( 'PHP_CODESNIFFER_IN_TESTS' ) ) { + return; + } + + $regex = $this->plugin_header_regex; + $headers = $this->plugin_headers; + $type = 'plugin'; + $skip_to = $stackPtr; + + $file = $this->strip_quotes( $this->phpcsFile->getFileName() ); + if ( 'STDIN' === $file ) { + return; + } + + $file_name = basename( $file ); + if ( 'CSS' === $this->phpcsFile->tokenizerType ) { + if ( 'style.css' !== $file_name && ! defined( 'PHP_CODESNIFFER_IN_TESTS' ) ) { + // CSS files only need to be examined for the file header. + return ( $this->phpcsFile->numTokens + 1 ); + } + + $regex = $this->theme_header_regex; + $headers = $this->theme_headers; + $type = 'theme'; + } + + $comment_details = array( + 'required_header_found' => false, + 'headers_found' => 0, + 'text_domain_ptr' => false, + 'text_domain_found' => '', + 'last_header_ptr' => false, + 'last_header_matches' => array(), + ); + + if ( \T_COMMENT === $this->tokens[ $stackPtr ]['code'] ) { + $block_comment = false; + if ( substr( $this->tokens[ $stackPtr ]['content'], 0, 2 ) === '/*' ) { + $block_comment = true; + } + + $current = $stackPtr; + do { + if ( false === $comment_details['text_domain_ptr'] + || false === $comment_details['required_header_found'] + || $comment_details['headers_found'] < 3 + ) { + $comment_details = $this->examine_comment_line( $current, $regex, $headers, $comment_details ); + } + + if ( true === $block_comment && substr( $this->tokens[ $current ]['content'], -2 ) === '*/' ) { + ++$current; + break; + } + + ++$current; + } while ( isset( $this->tokens[ $current ] ) && \T_COMMENT === $this->tokens[ $current ]['code'] ); + + $skip_to = $current; + + } else { + if ( ! isset( $this->tokens[ $stackPtr ]['comment_closer'] ) ) { + return; + } + + $closer = $this->tokens[ $stackPtr ]['comment_closer']; + $current = $stackPtr; + + while ( ( $current = $this->phpcsFile->findNext( \T_DOC_COMMENT_STRING, ( $current + 1 ), $closer ) ) !== false ) { + $comment_details = $this->examine_comment_line( $current, $regex, $headers, $comment_details ); + + if ( false !== $comment_details['text_domain_ptr'] + && true === $comment_details['required_header_found'] + && $comment_details['headers_found'] >= 3 + ) { + // No need to look at the rest of the docblock. + break; + } + } + + $skip_to = $closer; + } + + // So, was this the plugin/theme header ? + if ( true === $comment_details['required_header_found'] + && $comment_details['headers_found'] >= 3 + ) { + $this->header_found = true; + + $text_domain_ptr = $comment_details['text_domain_ptr']; + $text_domain_found = $comment_details['text_domain_found']; + + if ( false !== $text_domain_ptr ) { + if ( $this->new_text_domain !== $text_domain_found + && ( \in_array( $text_domain_found, $this->old_text_domain, true ) ) + ) { + $fix = $this->phpcsFile->addFixableError( + 'Mismatched text domain in %s header. Expected \'%s\' but found \'%s\'', + $text_domain_ptr, + 'TextDomainHeaderMismatch', + array( + $type, + $this->new_text_domain, + $text_domain_found, + ) + ); + + if ( true === $fix ) { + if ( isset( $this->tokens[ $text_domain_ptr ]['orig_content'] ) ) { + $replacement = $this->tokens[ $text_domain_ptr ]['orig_content']; + } else { + $replacement = $this->tokens[ $text_domain_ptr ]['content']; + } + + $replacement = str_replace( $text_domain_found, $this->new_text_domain, $replacement ); + + $this->phpcsFile->fixer->replaceToken( $text_domain_ptr, $replacement ); + } + } + } else { + $last_header_ptr = $comment_details['last_header_ptr']; + $last_header_matches = $comment_details['last_header_matches']; + + $fix = $this->phpcsFile->addFixableError( + 'Missing "Text Domain" in %s header', + $last_header_ptr, + 'MissingTextDomainHeader', + array( $type ) + ); + + if ( true === $fix ) { + if ( isset( $this->tokens[ $last_header_ptr ]['orig_content'] ) ) { + $replacement = $this->tokens[ $last_header_ptr ]['orig_content']; + } else { + $replacement = $this->tokens[ $last_header_ptr ]['content']; + } + + $replacement = str_replace( $last_header_matches[1], 'Text Domain', $replacement ); + $replacement = str_replace( $last_header_matches[2], $this->new_text_domain, $replacement ); + + if ( \T_DOC_COMMENT_OPEN_TAG === $this->tokens[ $stackPtr ]['code'] ) { + for ( $i = ( $last_header_ptr - 1 ); ; $i-- ) { + if ( $this->tokens[ $i ]['line'] !== $this->tokens[ $last_header_ptr ]['line'] ) { + ++$i; + break; + } + } + + $replacement = $this->phpcsFile->eolChar + . $this->phpcsFile->getTokensAsString( $i, ( $last_header_ptr - $i ), true ) + . $replacement; + } + + $this->phpcsFile->fixer->addContent( $comment_details['last_header_ptr'], $replacement ); + } + } + } + + return $skip_to; + } + + /** + * Examine an individual token in a larger comment for plugin/theme headers. + * + * @since 1.2.0 + * + * @param int $stackPtr The position of the current token in the stack. + * @param string $regex The regex to use to examine the comment line. + * @param array $headers Valid headers for a plugin or theme. + * @param array $comment_details The information collected so far. + * + * @return array Adjusted $comment_details array + */ + protected function examine_comment_line( $stackPtr, $regex, $headers, $comment_details ) { + if ( preg_match( $regex, $this->tokens[ $stackPtr ]['content'], $matches ) === 1 ) { + ++$comment_details['headers_found']; + + if ( true === $headers[ $matches[1] ] ) { + $comment_details['required_header_found'] = true; + } + + if ( 'Text Domain' === $matches[1] ) { + $comment_details['text_domain_ptr'] = $stackPtr; + $comment_details['text_domain_found'] = trim( $matches[2] ); + } + + $comment_details['last_header_ptr'] = $stackPtr; + $comment_details['last_header_matches'] = $matches; + } + + return $comment_details; + } +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/AlternativeFunctionsSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/AlternativeFunctionsSniff.php new file mode 100644 index 00000000..fc6e8fbb --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/AlternativeFunctionsSniff.php @@ -0,0 +1,316 @@ + true, + 'php://output' => true, + 'php://stdin' => true, + 'php://stdout' => true, + 'php://stderr' => true, + ); + + /** + * Local input streams which should not be flagged for the file system function checks if + * the $filename starts with them. + * + * @link http://php.net/manual/en/wrappers.php.php + * + * @var array + */ + protected $allowed_local_stream_partials = array( + 'php://temp/', + 'php://fd/', + ); + + /** + * Local input stream constants which should not be flagged for the file system function checks. + * + * @link http://php.net/manual/en/wrappers.php.php + * + * @var array + */ + protected $allowed_local_stream_constants = array( + 'STDIN' => true, + 'STDOUT' => true, + 'STDERR' => true, + ); + + /** + * Groups of functions to restrict. + * + * Example: groups => array( + * 'lambda' => array( + * 'type' => 'error' | 'warning', + * 'message' => 'Use anonymous functions instead please!', + * 'since' => '4.9.0', //=> the WP version in which the alternative became available. + * 'functions' => array( 'file_get_contents', 'create_function' ), + * ) + * ) + * + * @return array + */ + public function getGroups() { + return array( + 'curl' => array( + 'type' => 'warning', + 'message' => 'Using cURL functions is highly discouraged. Use wp_remote_get() instead.', + 'since' => '2.7.0', + 'functions' => array( + 'curl_*', + ), + 'whitelist' => array( + 'curl_version' => true, + ), + ), + + 'parse_url' => array( + 'type' => 'warning', + 'message' => '%s() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.', + 'since' => '4.4.0', + 'functions' => array( + 'parse_url', + ), + ), + + 'json_encode' => array( + 'type' => 'warning', + 'message' => '%s() is discouraged. Use wp_json_encode() instead.', + 'since' => '4.1.0', + 'functions' => array( + 'json_encode', + ), + ), + + 'file_get_contents' => array( + 'type' => 'warning', + 'message' => '%s() is discouraged. Use wp_remote_get() for remote URLs instead.', + 'since' => '2.7.0', + 'functions' => array( + 'file_get_contents', + ), + ), + + 'file_system_read' => array( + 'type' => 'warning', + 'message' => 'File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: %s()', + 'since' => '2.5.0', + 'functions' => array( + 'readfile', + 'fclose', + 'fopen', + 'fread', + 'fwrite', + 'file_put_contents', + 'fsockopen', + 'pfsockopen', + ), + ), + + 'strip_tags' => array( + 'type' => 'warning', + 'message' => '%s() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.', + 'since' => '2.9.0', + 'functions' => array( + 'strip_tags', + ), + ), + + 'rand_seeding' => array( + 'type' => 'warning', + 'message' => '%s() is discouraged. Rand seeding is not necessary when using the wp_rand() function (as you should).', + 'since' => '2.6.2', + 'functions' => array( + 'srand', + 'mt_srand', + ), + ), + + 'rand' => array( + 'type' => 'warning', + 'message' => '%s() is discouraged. Use the far less predictable wp_rand() instead.', + 'since' => '2.6.2', + 'functions' => array( + 'rand', + 'mt_rand', + ), + ), + ); + } + + /** + * Process a matched token. + * + * @param int $stackPtr The position of the current token in the stack. + * @param string $group_name The name of the group which was matched. + * @param string $matched_content The token content (function name) which was matched. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + public function process_matched_token( $stackPtr, $group_name, $matched_content ) { + + $this->get_wp_version_from_cl(); + + /* + * Deal with exceptions. + */ + switch ( $matched_content ) { + case 'strip_tags': + /* + * The function `wp_strip_all_tags()` is only a valid alternative when + * only the first parameter is passed to `strip_tags()`. + */ + if ( $this->get_function_call_parameter_count( $stackPtr ) !== 1 ) { + return; + } + + break; + + case 'wp_parse_url': + /* + * Before WP 4.7.0, the function `wp_parse_url()` was only a valid alternative + * if no second param was passed to `parse_url()`. + * + * @see https://developer.wordpress.org/reference/functions/wp_parse_url/#changelog + */ + if ( $this->get_function_call_parameter_count( $stackPtr ) !== 1 + && version_compare( $this->minimum_supported_version, '4.7.0', '<' ) + ) { + return; + } + + break; + + case 'file_get_contents': + /* + * Using `wp_remote_get()` will only work for remote URLs. + * See if we can determine is this function call is for a local file and if so, bow out. + */ + $params = $this->get_function_call_parameters( $stackPtr ); + + if ( isset( $params[2] ) && 'true' === $params[2]['raw'] ) { + // Setting `$use_include_path` to `true` is only relevant for local files. + return; + } + + if ( isset( $params[1] ) === false ) { + // If the file to get is not set, this is a non-issue anyway. + return; + } + + if ( strpos( $params[1]['raw'], 'http:' ) !== false + || strpos( $params[1]['raw'], 'https:' ) !== false + ) { + // Definitely a URL, throw notice. + break; + } + + if ( preg_match( '`\b(?:ABSPATH|WP_(?:CONTENT|PLUGIN)_DIR|WPMU_PLUGIN_DIR|TEMPLATEPATH|STYLESHEETPATH|(?:MU)?PLUGINDIR)\b`', $params[1]['raw'] ) === 1 ) { + // Using any of the constants matched in this regex is an indicator of a local file. + return; + } + + if ( preg_match( '`(?:get_home_path|plugin_dir_path|get_(?:stylesheet|template)_directory|wp_upload_dir)\s*\(`i', $params[1]['raw'] ) === 1 ) { + // Using any of the functions matched in the regex is an indicator of a local file. + return; + } + + if ( $this->is_local_data_stream( $params[1]['raw'] ) === true ) { + // Local data stream. + return; + } + + unset( $params ); + + break; + + case 'readfile': + case 'fopen': + case 'file_put_contents': + /* + * Allow for handling raw data streams from the request body. + */ + $first_param = $this->get_function_call_parameter( $stackPtr, 1 ); + + if ( false === $first_param ) { + // If the file to work with is not set, local data streams don't come into play. + break; + } + + if ( $this->is_local_data_stream( $first_param['raw'] ) === true ) { + // Local data stream. + return; + } + + unset( $first_param ); + + break; + } + + if ( ! isset( $this->groups[ $group_name ]['since'] ) ) { + return parent::process_matched_token( $stackPtr, $group_name, $matched_content ); + } + + // Verify if the alternative is available in the minimum supported WP version. + if ( version_compare( $this->groups[ $group_name ]['since'], $this->minimum_supported_version, '<=' ) ) { + return parent::process_matched_token( $stackPtr, $group_name, $matched_content ); + } + } + + /** + * Determine based on the "raw" parameter value, whether a file parameter points to + * a local data stream. + * + * @param string $raw_param_value Raw parameter value. + * + * @return bool True if this is a local data stream. False otherwise. + */ + protected function is_local_data_stream( $raw_param_value ) { + + $raw_stripped = $this->strip_quotes( $raw_param_value ); + if ( isset( $this->allowed_local_streams[ $raw_stripped ] ) + || isset( $this->allowed_local_stream_constants[ $raw_param_value ] ) + ) { + return true; + } + + foreach ( $this->allowed_local_stream_partials as $partial ) { + if ( strpos( $raw_stripped, $partial ) === 0 ) { + return true; + } + } + + return false; + } +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/CapitalPDangitSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/CapitalPDangitSniff.php new file mode 100644 index 00000000..bf98233f --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/CapitalPDangitSniff.php @@ -0,0 +1,292 @@ +\'"()]*?\.(?:php|js|css|png|j[e]?pg|gif|pot))#i'; + + /** + * Regex to match a large number or spelling variations of WordPress in class names. + * + * @var string + */ + const WP_CLASSNAME_REGEX = '`(?:^|_)(Word[_]*Pres+)(?:_|$)`i'; + + /** + * String tokens we want to listen for. + * + * @var array + */ + private $text_string_tokens = array( + \T_CONSTANT_ENCAPSED_STRING => \T_CONSTANT_ENCAPSED_STRING, + \T_DOUBLE_QUOTED_STRING => \T_DOUBLE_QUOTED_STRING, + \T_HEREDOC => \T_HEREDOC, + \T_NOWDOC => \T_NOWDOC, + \T_INLINE_HTML => \T_INLINE_HTML, + ); + + /** + * Comment tokens we want to listen for as they contain text strings. + * + * @var array + */ + private $comment_text_tokens = array( + \T_DOC_COMMENT => \T_DOC_COMMENT, + \T_DOC_COMMENT_STRING => \T_DOC_COMMENT_STRING, + \T_COMMENT => \T_COMMENT, + ); + + /** + * Combined text string and comment tokens array. + * + * This property is set in the register() method and used for lookups. + * + * @var array + */ + private $text_and_comment_tokens = array(); + + /** + * Returns an array of tokens this test wants to listen for. + * + * @since 0.12.0 + * + * @return array + */ + public function register() { + // Union the arrays - keeps the array keys. + $this->text_and_comment_tokens = ( $this->text_string_tokens + $this->comment_text_tokens ); + + $targets = ( $this->text_and_comment_tokens + Tokens::$ooScopeTokens ); + + // Also sniff for array tokens to make skipping anything within those more efficient. + $targets[ \T_ARRAY ] = \T_ARRAY; + $targets[ \T_OPEN_SHORT_ARRAY ] = \T_OPEN_SHORT_ARRAY; + + return $targets; + } + + /** + * Processes this test, when one of its tokens is encountered. + * + * @since 0.12.0 + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + public function process_token( $stackPtr ) { + + if ( $this->has_whitelist_comment( 'spelling', $stackPtr ) ) { + return; + } + + /* + * Ignore tokens within an array definition as this is a false positive in 80% of all cases. + * + * The return values skip to the end of the array. + * This prevents the sniff "hanging" on very long configuration arrays. + */ + if ( \T_OPEN_SHORT_ARRAY === $this->tokens[ $stackPtr ]['code'] && isset( $this->tokens[ $stackPtr ]['bracket_closer'] ) ) { + return $this->tokens[ $stackPtr ]['bracket_closer']; + } elseif ( \T_ARRAY === $this->tokens[ $stackPtr ]['code'] && isset( $this->tokens[ $stackPtr ]['parenthesis_closer'] ) ) { + return $this->tokens[ $stackPtr ]['parenthesis_closer']; + } + + /* + * Deal with misspellings in class/interface/trait names. + * These are not auto-fixable, but need the attention of a developer. + */ + if ( isset( Tokens::$ooScopeTokens[ $this->tokens[ $stackPtr ]['code'] ] ) ) { + $classname = $this->phpcsFile->getDeclarationName( $stackPtr ); + if ( empty( $classname ) ) { + return; + } + + if ( preg_match_all( self::WP_CLASSNAME_REGEX, $classname, $matches, \PREG_PATTERN_ORDER ) > 0 ) { + $mispelled = $this->retrieve_misspellings( $matches[1] ); + + if ( ! empty( $mispelled ) ) { + $this->phpcsFile->addWarning( + 'Please spell "WordPress" correctly. Found: "%s" as part of the class/interface/trait name.', + $stackPtr, + 'MisspelledClassName', + array( implode( ', ', $mispelled ) ) + ); + } + } + + return; + } + + /* + * Deal with misspellings in text strings and documentation. + */ + + // Ignore content of docblock @link tags. + if ( \T_DOC_COMMENT_STRING === $this->tokens[ $stackPtr ]['code'] + || \T_DOC_COMMENT === $this->tokens[ $stackPtr ]['code'] + ) { + + $comment_start = $this->phpcsFile->findPrevious( \T_DOC_COMMENT_OPEN_TAG, ( $stackPtr - 1 ) ); + if ( false !== $comment_start ) { + $comment_tag = $this->phpcsFile->findPrevious( \T_DOC_COMMENT_TAG, ( $stackPtr - 1 ), $comment_start ); + if ( false !== $comment_tag && '@link' === $this->tokens[ $comment_tag ]['content'] ) { + // @link tag, so ignore. + return; + } + } + } + + // Ignore any text strings which are array keys `$var['key']` as this is a false positive in 80% of all cases. + if ( \T_CONSTANT_ENCAPSED_STRING === $this->tokens[ $stackPtr ]['code'] ) { + $prevToken = $this->phpcsFile->findPrevious( Tokens::$emptyTokens, ( $stackPtr - 1 ), null, true, null, true ); + if ( false !== $prevToken && \T_OPEN_SQUARE_BRACKET === $this->tokens[ $prevToken ]['code'] ) { + $nextToken = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $stackPtr + 1 ), null, true, null, true ); + if ( false !== $nextToken && \T_CLOSE_SQUARE_BRACKET === $this->tokens[ $nextToken ]['code'] ) { + return; + } + } + } + + // Ignore constant declarations via define(). + if ( $this->is_in_function_call( $stackPtr, array( 'define' => true ), true, true ) ) { + return; + } + + // Ignore constant declarations using the const keyword. + $stop_points = array( + \T_CONST, + \T_SEMICOLON, + \T_OPEN_TAG, + \T_CLOSE_TAG, + \T_OPEN_CURLY_BRACKET, + ); + $maybe_const = $this->phpcsFile->findPrevious( $stop_points, ( $stackPtr - 1 ) ); + if ( false !== $maybe_const && \T_CONST === $this->tokens[ $maybe_const ]['code'] ) { + return; + } + + $content = $this->tokens[ $stackPtr ]['content']; + + if ( preg_match_all( self::WP_REGEX, $content, $matches, ( \PREG_PATTERN_ORDER | \PREG_OFFSET_CAPTURE ) ) > 0 ) { + /* + * Prevent some typical false positives. + */ + if ( isset( $this->text_and_comment_tokens[ $this->tokens[ $stackPtr ]['code'] ] ) ) { + $offset = 0; + foreach ( $matches[1] as $key => $match_data ) { + $next_offset = ( $match_data[1] + \strlen( $match_data[0] ) ); + + // Prevent matches on part of a URL. + if ( preg_match( '`http[s]?://[^\s<>\'"()]*' . preg_quote( $match_data[0], '`' ) . '`', $content, $discard, 0, $offset ) === 1 ) { + unset( $matches[1][ $key ] ); + } elseif ( preg_match( '`[a-z]+=(["\'])' . preg_quote( $match_data[0], '`' ) . '\1`', $content, $discard, 0, $offset ) === 1 ) { + // Prevent matches on html attributes like: `value="wordpress"`. + unset( $matches[1][ $key ] ); + } elseif ( preg_match( '`\\\\\'' . preg_quote( $match_data[0], '`' ) . '\\\\\'`', $content, $discard, 0, $offset ) === 1 ) { + // Prevent matches on xpath queries and such: `\'wordpress\'`. + unset( $matches[1][ $key ] ); + } elseif ( preg_match( '`(?:\?|&|&)[a-z0-9_]+=' . preg_quote( $match_data[0], '`' ) . '(?:&|$)`', $content, $discard, 0, $offset ) === 1 ) { + // Prevent matches on url query strings: `?something=wordpress`. + unset( $matches[1][ $key ] ); + } + + $offset = $next_offset; + } + + if ( empty( $matches[1] ) ) { + return; + } + } + + $mispelled = $this->retrieve_misspellings( $matches[1] ); + + if ( empty( $mispelled ) ) { + return; + } + + $fix = $this->phpcsFile->addFixableWarning( + 'Please spell "WordPress" correctly. Found %s misspelling(s): %s', + $stackPtr, + 'Misspelled', + array( + \count( $mispelled ), + implode( ', ', $mispelled ), + ) + ); + + if ( true === $fix ) { + // Apply fixes based on offset to ensure we don't replace false positives. + $replacement = $content; + foreach ( $matches[1] as $match ) { + $replacement = substr_replace( $replacement, 'WordPress', $match[1], \strlen( $match[0] ) ); + } + + $this->phpcsFile->fixer->replaceToken( $stackPtr, $replacement ); + } + } + } + + /** + * Retrieve a list of misspellings based on an array of matched variations on the target word. + * + * @param array $match_stack Array of matched variations of the target word. + * @return array Array containing only the misspelled variants. + */ + protected function retrieve_misspellings( $match_stack ) { + $mispelled = array(); + foreach ( $match_stack as $match ) { + // Deal with multi-dimensional arrays when capturing offset. + if ( \is_array( $match ) ) { + $match = $match[0]; + } + + if ( 'WordPress' !== $match ) { + $mispelled[] = $match; + } + } + + return $mispelled; + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/CronIntervalSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/CronIntervalSniff.php new file mode 100644 index 00000000..7cfdddd9 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/CronIntervalSniff.php @@ -0,0 +1,235 @@ + 60, + 'HOUR_IN_SECONDS' => 3600, + 'DAY_IN_SECONDS' => 86400, + 'WEEK_IN_SECONDS' => 604800, + 'MONTH_IN_SECONDS' => 2592000, + 'YEAR_IN_SECONDS' => 31536000, + ); + + /** + * Function within which the hook should be found. + * + * @var array + */ + protected $valid_functions = array( + 'add_filter' => true, + ); + + /** + * Returns an array of tokens this test wants to listen for. + * + * @return array + */ + public function register() { + return array( + \T_CONSTANT_ENCAPSED_STRING, + \T_DOUBLE_QUOTED_STRING, + ); + } + + /** + * Processes this test, when one of its tokens is encountered. + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return void + */ + public function process_token( $stackPtr ) { + $token = $this->tokens[ $stackPtr ]; + + if ( 'cron_schedules' !== $this->strip_quotes( $token['content'] ) ) { + return; + } + + // If within add_filter. + $functionPtr = $this->is_in_function_call( $stackPtr, $this->valid_functions ); + if ( false === $functionPtr ) { + return; + } + + $callback = $this->get_function_call_parameter( $functionPtr, 2 ); + if ( false === $callback ) { + return; + } + + if ( $stackPtr >= $callback['start'] ) { + // "cron_schedules" found in the second parameter, not the first. + return; + } + + // Detect callback function name. + $callbackArrayPtr = $this->phpcsFile->findNext( Tokens::$emptyTokens, $callback['start'], ( $callback['end'] + 1 ), true ); + + // If callback is array, get second element. + if ( false !== $callbackArrayPtr + && ( \T_ARRAY === $this->tokens[ $callbackArrayPtr ]['code'] + || \T_OPEN_SHORT_ARRAY === $this->tokens[ $callbackArrayPtr ]['code'] ) + ) { + $callback = $this->get_function_call_parameter( $callbackArrayPtr, 2 ); + + if ( false === $callback ) { + $this->confused( $stackPtr ); + return; + } + } + + unset( $functionPtr ); + + // Search for the function in tokens. + $callbackFunctionPtr = $this->phpcsFile->findNext( array( \T_CONSTANT_ENCAPSED_STRING, \T_DOUBLE_QUOTED_STRING, \T_CLOSURE ), $callback['start'], ( $callback['end'] + 1 ) ); + + if ( false === $callbackFunctionPtr ) { + $this->confused( $stackPtr ); + return; + } + + if ( \T_CLOSURE === $this->tokens[ $callbackFunctionPtr ]['code'] ) { + $functionPtr = $callbackFunctionPtr; + } else { + $functionName = $this->strip_quotes( $this->tokens[ $callbackFunctionPtr ]['content'] ); + + for ( $ptr = 0; $ptr < $this->phpcsFile->numTokens; $ptr++ ) { + if ( \T_FUNCTION === $this->tokens[ $ptr ]['code'] ) { + $foundName = $this->phpcsFile->getDeclarationName( $ptr ); + if ( $foundName === $functionName ) { + $functionPtr = $ptr; + break; + } elseif ( isset( $this->tokens[ $ptr ]['scope_closer'] ) ) { + // Skip to the end of the function definition. + $ptr = $this->tokens[ $ptr ]['scope_closer']; + } + } + } + } + + if ( ! isset( $functionPtr ) ) { + $this->confused( $stackPtr ); + return; + } + + if ( ! isset( $this->tokens[ $functionPtr ]['scope_opener'], $this->tokens[ $functionPtr ]['scope_closer'] ) ) { + return; + } + + $opening = $this->tokens[ $functionPtr ]['scope_opener']; + $closing = $this->tokens[ $functionPtr ]['scope_closer']; + for ( $i = $opening; $i <= $closing; $i++ ) { + + if ( \in_array( $this->tokens[ $i ]['code'], array( \T_CONSTANT_ENCAPSED_STRING, \T_DOUBLE_QUOTED_STRING ), true ) ) { + if ( 'interval' === $this->strip_quotes( $this->tokens[ $i ]['content'] ) ) { + $operator = $this->phpcsFile->findNext( \T_DOUBLE_ARROW, $i, null, false, null, true ); + if ( false === $operator ) { + $this->confused( $stackPtr ); + return; + } + + $valueStart = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $operator + 1 ), null, true, null, true ); + $valueEnd = $this->phpcsFile->findNext( array( \T_COMMA, \T_CLOSE_PARENTHESIS ), ( $valueStart + 1 ) ); + $value = ''; + for ( $j = $valueStart; $j < $valueEnd; $j++ ) { + if ( isset( Tokens::$emptyTokens[ $this->tokens[ $j ]['code'] ] ) ) { + continue; + } + $value .= $this->tokens[ $j ]['content']; + } + + if ( is_numeric( $value ) ) { + $interval = $value; + break; + } + + // Deal correctly with WP time constants. + $value = str_replace( array_keys( $this->wp_time_constants ), array_values( $this->wp_time_constants ), $value ); + + // If all digits and operators, eval! + if ( preg_match( '#^[\s\d+*/-]+$#', $value ) > 0 ) { + $interval = eval( "return ( $value );" ); // phpcs:ignore Squiz.PHP.Eval -- No harm here. + break; + } + + $this->confused( $stackPtr ); + return; + } + } + } + + $this->min_interval = (int) $this->min_interval; + + if ( isset( $interval ) && $interval < $this->min_interval ) { + $minutes = round( ( $this->min_interval / 60 ), 1 ); + $this->phpcsFile->addWarning( + 'Scheduling crons at %s sec ( less than %s minutes ) is discouraged.', + $stackPtr, + 'CronSchedulesInterval', + array( + $interval, + $minutes, + ) + ); + return; + } + } + + /** + * Add warning about unclear cron schedule change. + * + * @param int $stackPtr The position of the current token in the stack. + */ + public function confused( $stackPtr ) { + $this->phpcsFile->addWarning( + 'Detected changing of cron_schedules, but could not detect the interval value.', + $stackPtr, + 'ChangeDetected' + ); + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/DeprecatedClassesSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/DeprecatedClassesSniff.php new file mode 100644 index 00000000..9d1f95bf --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/DeprecatedClassesSniff.php @@ -0,0 +1,120 @@ + value + * in a custom ruleset. + * + * @uses \WordPressCS\WordPress\Sniff::$minimum_supported_version + */ +class DeprecatedClassesSniff extends AbstractClassRestrictionsSniff { + + /** + * List of deprecated classes with alternative when available. + * + * To be updated after every major release. + * + * Version numbers should be fully qualified. + * + * @var array + */ + private $deprecated_classes = array( + + // WP 3.1.0. + 'WP_User_Search' => array( + 'alt' => 'WP_User_Query', + 'version' => '3.1.0', + ), + + // WP 4.9.0. + 'Customize_New_Menu_Section' => array( + 'version' => '4.9.0', + ), + 'WP_Customize_New_Menu_Control' => array( + 'version' => '4.9.0', + ), + + // WP 5.3.0. + 'Services_JSON' => array( + 'alt' => 'The PHP native JSON extension', + 'version' => '5.3.0', + ), + ); + + + /** + * Groups of classes to restrict. + * + * @return array + */ + public function getGroups() { + // Make sure all array keys are lowercase. + $this->deprecated_classes = array_change_key_case( $this->deprecated_classes, CASE_LOWER ); + + return array( + 'deprecated_classes' => array( + 'classes' => array_keys( $this->deprecated_classes ), + ), + ); + } + + /** + * Process a matched token. + * + * @param int $stackPtr The position of the current token in the stack. + * @param string $group_name The name of the group which was matched. Will + * always be 'deprecated_classes'. + * @param string $matched_content The token content (class name) which was matched. + * + * @return void + */ + public function process_matched_token( $stackPtr, $group_name, $matched_content ) { + + $this->get_wp_version_from_cl(); + + $class_name = ltrim( strtolower( $matched_content ), '\\' ); + + $message = 'The %s class has been deprecated since WordPress version %s.'; + $data = array( + ltrim( $matched_content, '\\' ), + $this->deprecated_classes[ $class_name ]['version'], + ); + + if ( ! empty( $this->deprecated_classes[ $class_name ]['alt'] ) ) { + $message .= ' Use %s instead.'; + $data[] = $this->deprecated_classes[ $class_name ]['alt']; + } + + $this->addMessage( + $message, + $stackPtr, + ( version_compare( $this->deprecated_classes[ $class_name ]['version'], $this->minimum_supported_version, '<' ) ), + $this->string_to_errorcode( $class_name . 'Found' ), + $data + ); + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/DeprecatedFunctionsSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/DeprecatedFunctionsSniff.php new file mode 100644 index 00000000..df7a4b55 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/DeprecatedFunctionsSniff.php @@ -0,0 +1,1422 @@ + value + * in a custom ruleset. + * + * @uses \WordPressCS\WordPress\Sniff::$minimum_supported_version + */ +class DeprecatedFunctionsSniff extends AbstractFunctionRestrictionsSniff { + + /** + * List of deprecated functions with alternative when available. + * + * To be updated after every major release. + * Last updated for WordPress 4.8. + * + * Version numbers should be fully qualified. + * Replacement functions should have parentheses. + * + * To retrieve a function list for comparison, the following tool is available: + * https://github.com/JDGrimes/wp-deprecated-code-scanner + * + * @var array + */ + private $deprecated_functions = array( + + // WP 0.71. + 'the_category_head' => array( + 'alt' => 'get_the_category_by_ID()', + 'version' => '0.71', + ), + 'the_category_ID' => array( + 'alt' => 'get_the_category()', + 'version' => '0.71', + ), + + // WP 1.2.0. + 'permalink_link' => array( + 'alt' => 'the_permalink()', + 'version' => '1.2.0', + ), + + // WP 1.5.0. + 'start_wp' => array( + // Verified correct alternative. + 'alt' => 'the Loop', + 'version' => '1.5.0', + ), + + // WP 1.5.1. + 'get_postdata' => array( + 'alt' => 'get_post()', + 'version' => '1.5.1', + ), + + // WP 2.0.0. + 'create_user' => array( + 'alt' => 'wp_create_user()', + 'version' => '2.0.0', + ), + 'next_post' => array( + 'alt' => 'next_post_link()', + 'version' => '2.0.0', + ), + 'previous_post' => array( + 'alt' => 'previous_post_link()', + 'version' => '2.0.0', + ), + 'user_can_create_draft' => array( + 'alt' => 'current_user_can()', + 'version' => '2.0.0', + ), + 'user_can_create_post' => array( + 'alt' => 'current_user_can()', + 'version' => '2.0.0', + ), + 'user_can_delete_post' => array( + 'alt' => 'current_user_can()', + 'version' => '2.0.0', + ), + 'user_can_delete_post_comments' => array( + 'alt' => 'current_user_can()', + 'version' => '2.0.0', + ), + 'user_can_edit_post' => array( + 'alt' => 'current_user_can()', + 'version' => '2.0.0', + ), + 'user_can_edit_post_comments' => array( + 'alt' => 'current_user_can()', + 'version' => '2.0.0', + ), + 'user_can_edit_post_date' => array( + 'alt' => 'current_user_can()', + 'version' => '2.0.0', + ), + 'user_can_edit_user' => array( + 'alt' => 'current_user_can()', + 'version' => '2.0.0', + ), + 'user_can_set_post_date' => array( + 'alt' => 'current_user_can()', + 'version' => '2.0.0', + ), + + // WP 2.1.0. + 'dropdown_cats' => array( + 'alt' => 'wp_dropdown_categories()', + 'version' => '2.1.0', + ), + 'get_archives' => array( + 'alt' => 'wp_get_archives()', + 'version' => '2.1.0', + ), + 'get_author_link' => array( + 'alt' => 'get_author_posts_url()', + 'version' => '2.1.0', + ), + 'get_autotoggle' => array( + 'alt' => '', + 'version' => '2.1.0', + ), + 'get_link' => array( + 'alt' => 'get_bookmark()', + 'version' => '2.1.0', + ), + 'get_linkcatname' => array( + 'alt' => 'get_category()', + 'version' => '2.1.0', + ), + 'get_linkobjects' => array( + 'alt' => 'get_bookmarks()', + 'version' => '2.1.0', + ), + 'get_linkobjectsbyname' => array( + 'alt' => 'get_bookmarks()', + 'version' => '2.1.0', + ), + 'get_linkrating' => array( + 'alt' => 'sanitize_bookmark_field()', + 'version' => '2.1.0', + ), + 'get_links' => array( + 'alt' => 'get_bookmarks()', + 'version' => '2.1.0', + ), + 'get_links_list' => array( + 'alt' => 'wp_list_bookmarks()', + 'version' => '2.1.0', + ), + 'get_links_withrating' => array( + 'alt' => 'get_bookmarks()', + 'version' => '2.1.0', + ), + 'get_linksbyname' => array( + 'alt' => 'get_bookmarks()', + 'version' => '2.1.0', + ), + 'get_linksbyname_withrating' => array( + 'alt' => 'get_bookmarks()', + 'version' => '2.1.0', + ), + 'get_settings' => array( + 'alt' => 'get_option()', + 'version' => '2.1.0', + ), + 'link_pages' => array( + 'alt' => 'wp_link_pages()', + 'version' => '2.1.0', + ), + 'links_popup_script' => array( + 'alt' => '', + 'version' => '2.1.0', + ), + 'list_authors' => array( + 'alt' => 'wp_list_authors()', + 'version' => '2.1.0', + ), + 'list_cats' => array( + 'alt' => 'wp_list_categories()', + 'version' => '2.1.0', + ), + 'tinymce_include' => array( + 'alt' => 'wp_editor()', + 'version' => '2.1.0', + ), + 'wp_get_links' => array( + 'alt' => 'wp_list_bookmarks()', + 'version' => '2.1.0', + ), + 'wp_get_linksbyname' => array( + 'alt' => 'wp_list_bookmarks()', + 'version' => '2.1.0', + ), + 'wp_get_post_cats' => array( + 'alt' => 'wp_get_post_categories()', + 'version' => '2.1.0', + ), + 'wp_list_cats' => array( + 'alt' => 'wp_list_categories()', + 'version' => '2.1.0', + ), + 'wp_set_post_cats' => array( + 'alt' => 'wp_set_post_categories()', + 'version' => '2.1.0', + ), + + // WP 2.2.0. + 'comments_rss' => array( + 'alt' => 'get_post_comments_feed_link()', + 'version' => '2.2.0', + ), + + // WP 2.3.0. + 'permalink_single_rss' => array( + 'alt' => 'the_permalink_rss()', + 'version' => '2.3.0', + ), + + // WP 2.5.0. + 'comments_rss_link' => array( + 'alt' => 'post_comments_feed_link()', + 'version' => '2.5.0', + ), + 'documentation_link' => array( + 'alt' => '', + 'version' => '2.5.0', + ), + 'get_attachment_icon' => array( + 'alt' => 'wp_get_attachment_image()', + 'version' => '2.5.0', + ), + 'get_attachment_icon_src' => array( + 'alt' => 'wp_get_attachment_image_src()', + 'version' => '2.5.0', + ), + 'get_attachment_innerHTML' => array( + 'alt' => 'wp_get_attachment_image()', + 'version' => '2.5.0', + ), + 'get_author_rss_link' => array( + 'alt' => 'get_author_feed_link()', + 'version' => '2.5.0', + ), + 'get_category_rss_link' => array( + 'alt' => 'get_category_feed_link()', + 'version' => '2.5.0', + ), + 'get_the_attachment_link' => array( + 'alt' => 'wp_get_attachment_link()', + 'version' => '2.5.0', + ), + 'gzip_compression' => array( + 'alt' => '', + 'version' => '2.5.0', + ), + 'wp_clearcookie' => array( + 'alt' => 'wp_clear_auth_cookie()', + 'version' => '2.5.0', + ), + 'wp_get_cookie_login' => array( + 'alt' => '', + 'version' => '2.5.0', + ), + 'wp_login' => array( + 'alt' => 'wp_signon()', + 'version' => '2.5.0', + ), + 'wp_setcookie' => array( + 'alt' => 'wp_set_auth_cookie()', + 'version' => '2.5.0', + ), + + // WP 2.6.0. + 'dropdown_categories' => array( + 'alt' => 'wp_category_checklist()', + 'version' => '2.6.0', + ), + 'dropdown_link_categories' => array( + 'alt' => 'wp_link_category_checklist()', + 'version' => '2.6.0', + ), + + // WP 2.7.0. + 'get_commentdata' => array( + 'alt' => 'get_comment()', + 'version' => '2.7.0', + ), + // This is a method i.e. WP_Filesystem_Base::find_base_dir() See #731. + 'find_base_dir' => array( + 'alt' => 'WP_Filesystem::abspath()', + 'version' => '2.7.0', + ), + // This is a method i.e. WP_Filesystem_Base::get_base_dir() See #731. + 'get_base_dir' => array( + 'alt' => 'WP_Filesystem::abspath()', + 'version' => '2.7.0', + ), + + // WP 2.8.0. + '__ngettext' => array( + 'alt' => '_n()', + 'version' => '2.8.0', + ), + '__ngettext_noop' => array( + 'alt' => '_n_noop()', + 'version' => '2.8.0', + ), + 'attribute_escape' => array( + 'alt' => 'esc_attr()', + 'version' => '2.8.0', + ), + 'get_author_name' => array( + 'alt' => 'get_the_author_meta(\'display_name\')', + 'version' => '2.8.0', + ), + 'get_category_children' => array( + 'alt' => 'get_term_children()', + 'version' => '2.8.0', + ), + 'get_catname' => array( + 'alt' => 'get_cat_name()', + 'version' => '2.8.0', + ), + 'get_the_author_aim' => array( + 'alt' => 'get_the_author_meta(\'aim\')', + 'version' => '2.8.0', + ), + 'get_the_author_description' => array( + 'alt' => 'get_the_author_meta(\'description\')', + 'version' => '2.8.0', + ), + 'get_the_author_email' => array( + 'alt' => 'get_the_author_meta(\'email\')', + 'version' => '2.8.0', + ), + 'get_the_author_firstname' => array( + 'alt' => 'get_the_author_meta(\'first_name\')', + 'version' => '2.8.0', + ), + 'get_the_author_icq' => array( + 'alt' => 'get_the_author_meta(\'icq\')', + 'version' => '2.8.0', + ), + 'get_the_author_ID' => array( + 'alt' => 'get_the_author_meta(\'ID\')', + 'version' => '2.8.0', + ), + 'get_the_author_lastname' => array( + 'alt' => 'get_the_author_meta(\'last_name\')', + 'version' => '2.8.0', + ), + 'get_the_author_login' => array( + 'alt' => 'get_the_author_meta(\'login\')', + 'version' => '2.8.0', + ), + 'get_the_author_msn' => array( + 'alt' => 'get_the_author_meta(\'msn\')', + 'version' => '2.8.0', + ), + 'get_the_author_nickname' => array( + 'alt' => 'get_the_author_meta(\'nickname\')', + 'version' => '2.8.0', + ), + 'get_the_author_url' => array( + 'alt' => 'get_the_author_meta(\'url\')', + 'version' => '2.8.0', + ), + 'get_the_author_yim' => array( + 'alt' => 'get_the_author_meta(\'yim\')', + 'version' => '2.8.0', + ), + 'js_escape' => array( + 'alt' => 'esc_js()', + 'version' => '2.8.0', + ), + 'register_sidebar_widget' => array( + 'alt' => 'wp_register_sidebar_widget()', + 'version' => '2.8.0', + ), + 'register_widget_control' => array( + 'alt' => 'wp_register_widget_control()', + 'version' => '2.8.0', + ), + 'sanitize_url' => array( + 'alt' => 'esc_url_raw()', + 'version' => '2.8.0', + ), + 'the_author_aim' => array( + 'alt' => 'the_author_meta(\'aim\')', + 'version' => '2.8.0', + ), + 'the_author_description' => array( + 'alt' => 'the_author_meta(\'description\')', + 'version' => '2.8.0', + ), + 'the_author_email' => array( + 'alt' => 'the_author_meta(\'email\')', + 'version' => '2.8.0', + ), + 'the_author_firstname' => array( + 'alt' => 'the_author_meta(\'first_name\')', + 'version' => '2.8.0', + ), + 'the_author_icq' => array( + 'alt' => 'the_author_meta(\'icq\')', + 'version' => '2.8.0', + ), + 'the_author_ID' => array( + 'alt' => 'the_author_meta(\'ID\')', + 'version' => '2.8.0', + ), + 'the_author_lastname' => array( + 'alt' => 'the_author_meta(\'last_name\')', + 'version' => '2.8.0', + ), + 'the_author_login' => array( + 'alt' => 'the_author_meta(\'login\')', + 'version' => '2.8.0', + ), + 'the_author_msn' => array( + 'alt' => 'the_author_meta(\'msn\')', + 'version' => '2.8.0', + ), + 'the_author_nickname' => array( + 'alt' => 'the_author_meta(\'nickname\')', + 'version' => '2.8.0', + ), + 'the_author_url' => array( + 'alt' => 'the_author_meta(\'url\')', + 'version' => '2.8.0', + ), + 'the_author_yim' => array( + 'alt' => 'the_author_meta(\'yim\')', + 'version' => '2.8.0', + ), + 'unregister_sidebar_widget' => array( + 'alt' => 'wp_unregister_sidebar_widget()', + 'version' => '2.8.0', + ), + 'unregister_widget_control' => array( + 'alt' => 'wp_unregister_widget_control()', + 'version' => '2.8.0', + ), + 'wp_specialchars' => array( + 'alt' => 'esc_html()', + 'version' => '2.8.0', + ), + + // WP 2.9.0. + '_c' => array( + 'alt' => '_x()', + 'version' => '2.9.0', + ), + '_nc' => array( + 'alt' => '_nx()', + 'version' => '2.9.0', + ), + 'get_real_file_to_edit' => array( + 'alt' => '', + 'version' => '2.9.0', + ), + 'make_url_footnote' => array( + 'alt' => '', + 'version' => '2.9.0', + ), + 'the_content_rss' => array( + 'alt' => 'the_content_feed()', + 'version' => '2.9.0', + ), + 'translate_with_context' => array( + 'alt' => '_x()', + 'version' => '2.9.0', + ), + + // WP 3.0.0. + 'activate_sitewide_plugin' => array( + 'alt' => 'activate_plugin()', + 'version' => '3.0.0', + ), + 'add_option_update_handler' => array( + 'alt' => 'register_setting()', + 'version' => '3.0.0', + ), + 'automatic_feed_links' => array( + 'alt' => 'add_theme_support( \'automatic-feed-links\' )', + 'version' => '3.0.0', + ), + 'clean_url' => array( + 'alt' => 'esc_url()', + 'version' => '3.0.0', + ), + 'clear_global_post_cache' => array( + 'alt' => 'clean_post_cache()', + 'version' => '3.0.0', + ), + 'codepress_footer_js' => array( + 'alt' => '', + 'version' => '3.0.0', + ), + 'codepress_get_lang' => array( + 'alt' => '', + 'version' => '3.0.0', + ), + 'deactivate_sitewide_plugin' => array( + 'alt' => 'deactivate_plugin()', + 'version' => '3.0.0', + ), + 'delete_usermeta' => array( + 'alt' => 'delete_user_meta()', + 'version' => '3.0.0', + ), + // Verified; see https://core.trac.wordpress.org/ticket/41121, patch 3. + 'funky_javascript_callback' => array( + 'alt' => '', + 'version' => '3.0.0', + ), + 'funky_javascript_fix' => array( + 'alt' => '', + 'version' => '3.0.0', + ), + 'generate_random_password' => array( + 'alt' => 'wp_generate_password()', + 'version' => '3.0.0', + ), + 'get_alloptions' => array( + 'alt' => 'wp_load_alloptions()', + 'version' => '3.0.0', + ), + 'get_blog_list' => array( + 'alt' => 'wp_get_sites()', + 'version' => '3.0.0', + ), + 'get_most_active_blogs' => array( + 'alt' => '', + 'version' => '3.0.0', + ), + 'get_profile' => array( + 'alt' => 'get_the_author_meta()', + 'version' => '3.0.0', + ), + 'get_user_details' => array( + 'alt' => 'get_user_by()', + 'version' => '3.0.0', + ), + 'get_usermeta' => array( + 'alt' => 'get_user_meta()', + 'version' => '3.0.0', + ), + 'get_usernumposts' => array( + 'alt' => 'count_user_posts()', + 'version' => '3.0.0', + ), + 'graceful_fail' => array( + 'alt' => 'wp_die()', + 'version' => '3.0.0', + ), + // Verified version & alternative. + 'install_blog_defaults' => array( + 'alt' => 'wp_install_defaults', + 'version' => '3.0.0', + ), + 'is_main_blog' => array( + 'alt' => 'is_main_site()', + 'version' => '3.0.0', + ), + 'is_site_admin' => array( + 'alt' => 'is_super_admin()', + 'version' => '3.0.0', + ), + 'is_taxonomy' => array( + 'alt' => 'taxonomy_exists()', + 'version' => '3.0.0', + ), + 'is_term' => array( + 'alt' => 'term_exists()', + 'version' => '3.0.0', + ), + 'is_wpmu_sitewide_plugin' => array( + 'alt' => 'is_network_only_plugin()', + 'version' => '3.0.0', + ), + 'mu_options' => array( + 'alt' => '', + 'version' => '3.0.0', + ), + 'remove_option_update_handler' => array( + 'alt' => 'unregister_setting()', + 'version' => '3.0.0', + ), + 'set_current_user' => array( + 'alt' => 'wp_set_current_user()', + 'version' => '3.0.0', + ), + 'update_usermeta' => array( + 'alt' => 'update_user_meta()', + 'version' => '3.0.0', + ), + 'use_codepress' => array( + 'alt' => '', + 'version' => '3.0.0', + ), + 'validate_email' => array( + 'alt' => 'is_email()', + 'version' => '3.0.0', + ), + 'wp_dropdown_cats' => array( + 'alt' => 'wp_dropdown_categories()', + 'version' => '3.0.0', + ), + 'wp_shrink_dimensions' => array( + 'alt' => 'wp_constrain_dimensions()', + 'version' => '3.0.0', + ), + 'wpmu_checkAvailableSpace' => array( + 'alt' => 'is_upload_space_available()', + 'version' => '3.0.0', + ), + 'wpmu_menu' => array( + 'alt' => '', + 'version' => '3.0.0', + ), + + // WP 3.1.0. + 'get_author_user_ids' => array( + 'alt' => 'get_users()', + 'version' => '3.1.0', + ), + 'get_dashboard_blog' => array( + 'alt' => 'get_site()', + 'version' => '3.1.0', + ), + 'get_editable_authors' => array( + 'alt' => 'get_users()', + 'version' => '3.1.0', + ), + 'get_editable_user_ids' => array( + 'alt' => 'get_users()', + 'version' => '3.1.0', + ), + 'get_nonauthor_user_ids' => array( + 'alt' => 'get_users()', + 'version' => '3.1.0', + ), + 'get_others_drafts' => array( + 'alt' => '', + 'version' => '3.1.0', + ), + 'get_others_pending' => array( + 'alt' => '', + 'version' => '3.1.0', + ), + 'get_others_unpublished_posts' => array( + 'alt' => '', + 'version' => '3.1.0', + ), + 'get_users_of_blog' => array( + 'alt' => 'get_users()', + 'version' => '3.1.0', + ), + 'install_themes_feature_list' => array( + 'alt' => 'get_theme_feature_list()', + 'version' => '3.1.0', + ), + 'is_plugin_page' => array( + // Verified correct alternative. + 'alt' => 'global $plugin_page and/or get_plugin_page_hookname() hooks', + 'version' => '3.1.0', + ), + 'update_category_cache' => array( + 'alt' => '', + 'version' => '3.1.0', + ), + + // WP 3.2.0. + 'favorite_actions' => array( + 'alt' => 'WP_Admin_Bar', + 'version' => '3.2.0', + ), + 'wp_dashboard_quick_press_output' => array( + 'alt' => 'wp_dashboard_quick_press()', + 'version' => '3.2.0', + ), + 'wp_timezone_supported' => array( + 'alt' => '', + 'version' => '3.2.0', + ), + + // WP 3.3.0. + 'add_contextual_help' => array( + 'alt' => 'get_current_screen()->add_help_tab()', + 'version' => '3.3.0', + ), + 'get_boundary_post_rel_link' => array( + 'alt' => '', + 'version' => '3.3.0', + ), + 'get_index_rel_link' => array( + 'alt' => '', + 'version' => '3.3.0', + ), + 'get_parent_post_rel_link' => array( + 'alt' => '', + 'version' => '3.3.0', + ), + 'get_user_by_email' => array( + 'alt' => 'get_user_by(\'email\')', + 'version' => '3.3.0', + ), + 'get_user_metavalues' => array( + 'alt' => '', + 'version' => '3.3.0', + ), + 'get_userdatabylogin' => array( + 'alt' => 'get_user_by(\'login\')', + 'version' => '3.3.0', + ), + 'index_rel_link' => array( + 'alt' => '', + 'version' => '3.3.0', + ), + 'is_blog_user' => array( + 'alt' => 'is_user_member_of_blog()', + 'version' => '3.3.0', + ), + 'media_upload_audio' => array( + 'alt' => 'wp_media_upload_handler()', + 'version' => '3.3.0', + ), + 'media_upload_file' => array( + 'alt' => 'wp_media_upload_handler()', + 'version' => '3.3.0', + ), + 'media_upload_image' => array( + 'alt' => 'wp_media_upload_handler()', + 'version' => '3.3.0', + ), + 'media_upload_video' => array( + 'alt' => 'wp_media_upload_handler()', + 'version' => '3.3.0', + ), + 'parent_post_rel_link' => array( + 'alt' => '', + 'version' => '3.3.0', + ), + 'sanitize_user_object' => array( + 'alt' => '', + 'version' => '3.3.0', + ), + 'screen_layout' => array( + 'alt' => '$current_screen->render_screen_layout()', + 'version' => '3.3.0', + ), + // Verified; see https://core.trac.wordpress.org/ticket/41121, patch 3. + 'screen_meta' => array( + 'alt' => '$current_screen->render_screen_meta()', + 'version' => '3.3.0', + ), + 'screen_options' => array( + 'alt' => '$current_screen->render_per_page_options()', + 'version' => '3.3.0', + ), + 'start_post_rel_link' => array( + 'alt' => '', + 'version' => '3.3.0', + ), + 'the_editor' => array( + 'alt' => 'wp_editor()', + 'version' => '3.3.0', + ), + 'type_url_form_audio' => array( + 'alt' => 'wp_media_insert_url_form(\'audio\')', + 'version' => '3.3.0', + ), + 'type_url_form_file' => array( + 'alt' => 'wp_media_insert_url_form(\'file\')', + 'version' => '3.3.0', + ), + 'type_url_form_image' => array( + 'alt' => 'wp_media_insert_url_form(\'image\')', + 'version' => '3.3.0', + ), + 'type_url_form_video' => array( + 'alt' => 'wp_media_insert_url_form(\'video\')', + 'version' => '3.3.0', + ), + 'wp_admin_bar_dashboard_view_site_menu' => array( + 'alt' => '', + 'version' => '3.3.0', + ), + 'wp_preload_dialogs' => array( + 'alt' => 'wp_editor()', + 'version' => '3.3.0', + ), + 'wp_print_editor_js' => array( + 'alt' => 'wp_editor()', + 'version' => '3.3.0', + ), + 'wp_quicktags' => array( + 'alt' => 'wp_editor()', + 'version' => '3.3.0', + ), + 'wp_tiny_mce' => array( + 'alt' => 'wp_editor()', + 'version' => '3.3.0', + ), + 'wpmu_admin_do_redirect' => array( + 'alt' => 'wp_redirect()', + 'version' => '3.3.0', + ), + 'wpmu_admin_redirect_add_updated_param' => array( + 'alt' => 'add_query_arg()', + 'version' => '3.3.0', + ), + + // WP 3.4.0. + 'add_custom_background' => array( + 'alt' => 'add_theme_support( \'custom-background\', $args )', + 'version' => '3.4.0', + ), + 'add_custom_image_header' => array( + 'alt' => 'add_theme_support( \'custom-header\', $args )', + 'version' => '3.4.0', + ), + 'clean_page_cache' => array( + 'alt' => 'clean_post_cache()', + 'version' => '3.4.0', + ), + 'clean_pre' => array( + 'alt' => '', + 'version' => '3.4.0', + ), + 'current_theme_info' => array( + 'alt' => 'wp_get_theme()', + 'version' => '3.4.0', + ), + 'debug_fclose' => array( + 'alt' => 'error_log()', + 'version' => '3.4.0', + ), + 'debug_fopen' => array( + 'alt' => 'error_log()', + 'version' => '3.4.0', + ), + 'debug_fwrite' => array( + 'alt' => 'error_log()', + 'version' => '3.4.0', + ), + 'display_theme' => array( + 'alt' => '', + 'version' => '3.4.0', + ), + 'get_allowed_themes' => array( + 'alt' => 'wp_get_themes( array( \'allowed\' => true ) )', + 'version' => '3.4.0', + ), + 'get_broken_themes' => array( + 'alt' => 'wp_get_themes( array( \'errors\' => true )', + 'version' => '3.4.0', + ), + 'get_current_theme' => array( + 'alt' => 'wp_get_theme()', + 'version' => '3.4.0', + ), + 'get_site_allowed_themes' => array( + 'alt' => 'WP_Theme::get_allowed_on_network()', + 'version' => '3.4.0', + ), + 'get_theme' => array( + 'alt' => 'wp_get_theme( $stylesheet )', + 'version' => '3.4.0', + ), + 'get_theme_data' => array( + 'alt' => 'wp_get_theme()', + 'version' => '3.4.0', + ), + 'get_themes' => array( + 'alt' => 'wp_get_themes()', + 'version' => '3.4.0', + ), + 'logIO' => array( + 'alt' => 'error_log()', + 'version' => '3.4.0', + ), + 'remove_custom_background' => array( + 'alt' => 'remove_theme_support( \'custom-background\' )', + 'version' => '3.4.0', + ), + 'remove_custom_image_header' => array( + 'alt' => 'remove_theme_support( \'custom-header\' )', + 'version' => '3.4.0', + ), + 'update_page_cache' => array( + 'alt' => 'update_post_cache()', + 'version' => '3.4.0', + ), + 'wpmu_get_blog_allowedthemes' => array( + 'alt' => 'WP_Theme::get_allowed_on_site()', + 'version' => '3.4.0', + ), + + // WP 3.4.1. + 'wp_explain_nonce' => array( + 'alt' => 'wp_nonce_ays()', + 'version' => '3.4.1', + ), + + // WP 3.5.0. + '_flip_image_resource' => array( + 'alt' => 'WP_Image_Editor::flip()', + 'version' => '3.5.0', + ), + '_get_post_ancestors' => array( + 'alt' => '', + 'version' => '3.5.0', + ), + '_insert_into_post_button' => array( + 'alt' => '', + 'version' => '3.5.0', + ), + '_media_button' => array( + 'alt' => '', + 'version' => '3.5.0', + ), + '_rotate_image_resource' => array( + 'alt' => 'WP_Image_Editor::rotate()', + 'version' => '3.5.0', + ), + // Verified; see https://core.trac.wordpress.org/ticket/41121, patch 3. + '_save_post_hook' => array( + 'alt' => '', + 'version' => '3.5.0', + ), + 'gd_edit_image_support' => array( + 'alt' => 'wp_image_editor_supports()', + 'version' => '3.5.0', + ), + 'get_default_page_to_edit' => array( + 'alt' => 'get_default_post_to_edit( \'page\' )', + 'version' => '3.5.0', + ), + 'get_post_to_edit' => array( + 'alt' => 'get_post()', + 'version' => '3.5.0', + ), + 'get_udims' => array( + 'alt' => 'wp_constrain_dimensions()', + 'version' => '3.5.0', + ), + 'image_resize' => array( + 'alt' => 'wp_get_image_editor()', + 'version' => '3.5.0', + ), + 'sticky_class' => array( + 'alt' => 'post_class()', + 'version' => '3.5.0', + ), + 'user_pass_ok' => array( + 'alt' => 'wp_authenticate()', + 'version' => '3.5.0', + ), + 'wp_cache_reset' => array( + 'alt' => 'WP_Object_Cache::reset()', + 'version' => '3.5.0', + ), + 'wp_create_thumbnail' => array( + 'alt' => 'image_resize()', + 'version' => '3.5.0', + ), + 'wp_get_single_post' => array( + 'alt' => 'get_post()', + 'version' => '3.5.0', + ), + 'wp_load_image' => array( + 'alt' => 'wp_get_image_editor()', + 'version' => '3.5.0', + ), + + // WP 3.6.0. + 'get_user_id_from_string' => array( + 'alt' => 'get_user_by()', + 'version' => '3.6.0', + ), + 'wp_convert_bytes_to_hr' => array( + 'alt' => 'size_format()', + 'version' => '3.6.0', + ), + 'wp_nav_menu_locations_meta_box' => array( + 'alt' => '', + 'version' => '3.6.0', + ), + + // WP 3.7.0. + '_search_terms_tidy' => array( + 'alt' => '', + 'version' => '3.7.0', + ), + 'get_blogaddress_by_domain' => array( + 'alt' => '', + 'version' => '3.7.0', + ), + 'the_attachment_links' => array( + 'alt' => '', + 'version' => '3.7.0', + ), + 'wp_update_core' => array( + 'alt' => 'new Core_Upgrader();', + 'version' => '3.7.0', + ), + 'wp_update_plugin' => array( + 'alt' => 'new Plugin_Upgrader();', + 'version' => '3.7.0', + ), + 'wp_update_theme' => array( + 'alt' => 'new Theme_Upgrader();', + 'version' => '3.7.0', + ), + + // WP 3.8.0. + 'get_screen_icon' => array( + 'alt' => '', + 'version' => '3.8.0', + ), + 'screen_icon' => array( + 'alt' => '', + 'version' => '3.8.0', + ), + // Verified; see https://core.trac.wordpress.org/ticket/41121, patch 3. + 'wp_dashboard_incoming_links' => array( + 'alt' => '', + 'version' => '3.8.0', + ), + // Verified; see https://core.trac.wordpress.org/ticket/41121, patch 3. + 'wp_dashboard_incoming_links_control' => array( + 'alt' => '', + 'version' => '3.8.0', + ), + // Verified; see https://core.trac.wordpress.org/ticket/41121, patch 3. + 'wp_dashboard_incoming_links_output' => array( + 'alt' => '', + 'version' => '3.8.0', + ), + // Verified; see https://core.trac.wordpress.org/ticket/41121, patch 3. + 'wp_dashboard_plugins' => array( + 'alt' => '', + 'version' => '3.8.0', + ), + // Verified; see https://core.trac.wordpress.org/ticket/41121, patch 3. + 'wp_dashboard_primary_control' => array( + 'alt' => '', + 'version' => '3.8.0', + ), + // Verified; see https://core.trac.wordpress.org/ticket/41121, patch 3. + 'wp_dashboard_recent_comments_control' => array( + 'alt' => '', + 'version' => '3.8.0', + ), + // Verified; see https://core.trac.wordpress.org/ticket/41121, patch 3. + 'wp_dashboard_secondary' => array( + 'alt' => '', + 'version' => '3.8.0', + ), + // Verified; see https://core.trac.wordpress.org/ticket/41121, patch 3. + 'wp_dashboard_secondary_control' => array( + 'alt' => '', + 'version' => '3.8.0', + ), + // Verified; see https://core.trac.wordpress.org/ticket/41121, patch 3. + 'wp_dashboard_secondary_output' => array( + 'alt' => '', + 'version' => '3.8.0', + ), + + // WP 3.9.0. + '_relocate_children' => array( + 'alt' => '', + 'version' => '3.9.0', + ), + // Verified; see https://core.trac.wordpress.org/ticket/41121, patch 3. + 'default_topic_count_text' => array( + 'alt' => '', + 'version' => '3.9.0', + ), + 'format_to_post' => array( + 'alt' => '', + 'version' => '3.9.0', + ), + 'get_current_site_name' => array( + 'alt' => 'get_current_site()', + 'version' => '3.9.0', + ), + 'rich_edit_exists' => array( + 'alt' => '', + 'version' => '3.9.0', + ), + 'wpmu_current_site' => array( + 'alt' => '', + 'version' => '3.9.0', + ), + + // WP 4.0.0. + 'get_all_category_ids' => array( + 'alt' => 'get_terms()', + 'version' => '4.0.0', + ), + 'like_escape' => array( + 'alt' => 'wpdb::esc_like()', + 'version' => '4.0.0', + ), + 'url_is_accessable_via_ssl' => array( + 'alt' => '', + 'version' => '4.0.0', + ), + + // WP 4.1.0. + // This is a method from the WP_Customize_Image_Control class. See #731. + 'add_tab' => array( + 'alt' => '', + 'version' => '4.1.0', + ), + // This is a method from the WP_Customize_Image_Control class. See #731. + 'prepare_control' => array( + 'alt' => '', + 'version' => '4.1.0', + ), + // This is a method from the WP_Customize_Image_Control class. See #731. + 'print_tab_image' => array( + 'alt' => '', + 'version' => '4.1.0', + ), + // This is a method from the WP_Customize_Image_Control class. See #731. + 'remove_tab' => array( + 'alt' => '', + 'version' => '4.1.0', + ), + + // WP 4.2.0. + // This is a method from the WP_Customize_Widgets class. See #731. + 'prepreview_added_sidebars_widgets' => array( + 'alt' => 'the \'customize_dynamic_setting_args\' filter', + 'version' => '4.2.0', + ), + // This is a method from the WP_Customize_Widgets class. See #731. + 'prepreview_added_widget_instance' => array( + 'alt' => 'the \'customize_dynamic_setting_args\' filter', + 'version' => '4.2.0', + ), + // This is a method from the WP_Customize_Widgets class. See #731. + 'remove_prepreview_filters' => array( + 'alt' => 'the \'customize_dynamic_setting_args\' filter', + 'version' => '4.2.0', + ), + // This is a method from the WP_Customize_Widgets class. See #731. + 'setup_widget_addition_previews' => array( + 'alt' => 'the \'customize_dynamic_setting_args\' filter', + 'version' => '4.2.0', + ), + + // WP 4.3.0. + '_preview_theme_stylesheet_filter' => array( + 'alt' => '', + 'version' => '4.3.0', + ), + '_preview_theme_template_filter' => array( + 'alt' => '', + 'version' => '4.3.0', + ), + 'preview_theme' => array( + 'alt' => '', + 'version' => '4.3.0', + ), + 'preview_theme_ob_filter' => array( + 'alt' => '', + 'version' => '4.3.0', + ), + 'preview_theme_ob_filter_callback' => array( + 'alt' => '', + 'version' => '4.3.0', + ), + // Verified; see https://core.trac.wordpress.org/ticket/41121, patch 3. + 'wp_ajax_wp_fullscreen_save_post' => array( + 'alt' => '', + 'version' => '4.3.0', + ), + 'wp_htmledit_pre' => array( + 'alt' => 'format_for_editor()', + 'version' => '4.3.0', + ), + 'wp_richedit_pre' => array( + 'alt' => 'format_for_editor()', + 'version' => '4.3.0', + ), + + // WP 4.4.0. + 'create_empty_blog' => array( + 'alt' => '', + 'version' => '4.4.0', + ), + 'force_ssl_login' => array( + 'alt' => 'force_ssl_admin()', + 'version' => '4.4.0', + ), + 'get_admin_users_for_domain' => array( + 'alt' => '', + 'version' => '4.4.0', + ), + 'post_permalink' => array( + 'alt' => 'get_permalink()', + 'version' => '4.4.0', + ), + 'wp_get_http' => array( + 'alt' => 'the WP_Http class', + 'version' => '4.4.0', + ), + // This is a method i.e. WP_Widget_Recent_Comments::flush_widget_cache() See #731. + 'flush_widget_cache' => array( + 'alt' => '', + 'version' => '4.4.0', + ), + + // WP 4.5.0. + 'add_object_page' => array( + 'alt' => 'add_menu_page()', + 'version' => '4.5.0', + ), + 'add_utility_page' => array( + 'alt' => 'add_menu_page()', + 'version' => '4.5.0', + ), + 'comments_popup_script' => array( + 'alt' => '', + 'version' => '4.5.0', + ), + 'get_comments_popup_template' => array( + 'alt' => '', + 'version' => '4.5.0', + ), + 'get_currentuserinfo' => array( + 'alt' => 'wp_get_current_user()', + 'version' => '4.5.0', + ), + 'is_comments_popup' => array( + 'alt' => '', + 'version' => '4.5.0', + ), + 'popuplinks' => array( + 'alt' => '', + 'version' => '4.5.0', + ), + + // WP 4.6.0. + 'post_form_autocomplete_off' => array( + 'alt' => '', + 'version' => '4.6.0', + ), + 'wp_embed_handler_googlevideo' => array( + 'alt' => '', + 'version' => '4.6.0', + ), + 'wp_get_sites' => array( + 'alt' => 'get_sites()', + 'version' => '4.6.0', + ), + + // WP 4.7.0. + '_sort_nav_menu_items' => array( + 'alt' => 'wp_list_sort()', + 'version' => '4.7.0', + ), + '_usort_terms_by_ID' => array( + 'alt' => 'wp_list_sort()', + 'version' => '4.7.0', + ), + '_usort_terms_by_name' => array( + 'alt' => 'wp_list_sort()', + 'version' => '4.7.0', + ), + 'get_paged_template' => array( + 'alt' => '', + 'version' => '4.7.0', + ), + 'wp_get_network' => array( + 'alt' => 'get_network()', + 'version' => '4.7.0', + ), + 'wp_kses_js_entities' => array( + 'alt' => '', + 'version' => '4.7.0', + ), + + // WP 4.8.0. + 'wp_dashboard_plugins_output' => array( + 'alt' => '', + 'version' => '4.8.0', + ), + + // WP 4.9.0. + 'get_shortcut_link' => array( + 'alt' => '', + 'version' => '4.9.0', + ), + 'is_user_option_local' => array( + 'alt' => '', + 'version' => '4.9.0', + ), + 'wp_ajax_press_this_add_category' => array( + 'alt' => '', + 'version' => '4.9.0', + ), + 'wp_ajax_press_this_save_post' => array( + 'alt' => '', + 'version' => '4.9.0', + ), + + // WP 5.1.0. + 'insert_blog' => array( + 'alt' => 'wp_insert_site()', + 'version' => '5.1.0', + ), + 'install_blog' => array( + 'alt' => '', + 'version' => '5.1.0', + ), + + // WP 5.3.0. + '_wp_json_prepare_data' => array( + 'alt' => '', + 'version' => '5.3.0', + ), + '_wp_privacy_requests_screen_options' => array( + 'alt' => '', + 'version' => '5.3.0', + ), + 'update_user_status' => array( + 'alt' => 'wp_update_user()', + 'version' => '5.3.0', + ), + + // WP 5.4.0. + 'wp_get_user_request_data' => array( + 'alt' => 'wp_get_user_request()', + 'version' => '5.4.0', + ), + ); + + /** + * Groups of functions to restrict. + * + * @return array + */ + public function getGroups() { + // Make sure all array keys are lowercase. + $this->deprecated_functions = array_change_key_case( $this->deprecated_functions, CASE_LOWER ); + + return array( + 'deprecated_functions' => array( + 'functions' => array_keys( $this->deprecated_functions ), + ), + ); + } + + /** + * Process a matched token. + * + * @param int $stackPtr The position of the current token in the stack. + * @param string $group_name The name of the group which was matched. Will + * always be 'deprecated_functions'. + * @param string $matched_content The token content (function name) which was matched. + * + * @return void + */ + public function process_matched_token( $stackPtr, $group_name, $matched_content ) { + + $this->get_wp_version_from_cl(); + + $function_name = strtolower( $matched_content ); + + $message = '%s() has been deprecated since WordPress version %s.'; + $data = array( + $matched_content, + $this->deprecated_functions[ $function_name ]['version'], + ); + + if ( ! empty( $this->deprecated_functions[ $function_name ]['alt'] ) ) { + $message .= ' Use %s instead.'; + $data[] = $this->deprecated_functions[ $function_name ]['alt']; + } + + $this->addMessage( + $message, + $stackPtr, + ( version_compare( $this->deprecated_functions[ $function_name ]['version'], $this->minimum_supported_version, '<' ) ), + $this->string_to_errorcode( $matched_content . 'Found' ), + $data + ); + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/DeprecatedParameterValuesSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/DeprecatedParameterValuesSniff.php new file mode 100644 index 00000000..0758def2 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/DeprecatedParameterValuesSniff.php @@ -0,0 +1,216 @@ + array( + * (int) Target parameter position, 1-based. => array( + * (string) Parameter value. => array( + * 'alt' => (string) Suggested alternative. + * 'version' => (int) The WordPress version when deprecated. + * ) + * ) + * ) + * ); + */ + protected $target_functions = array( + 'add_settings_field' => array( + 4 => array( + 'misc' => array( + 'alt' => 'another settings group', + 'version' => '3.0.0', + ), + 'privacy' => array( + 'alt' => 'another settings group', + 'version' => '3.5.0', + ), + ), + ), + 'add_settings_section' => array( + 4 => array( + 'misc' => array( + 'alt' => 'another settings group', + 'version' => '3.0.0', + ), + 'privacy' => array( + 'alt' => 'another settings group', + 'version' => '3.5.0', + ), + ), + ), + 'bloginfo' => array( + 1 => array( + 'home' => array( + 'alt' => 'the "url" argument', + 'version' => '2.2.0', + ), + 'siteurl' => array( + 'alt' => 'the "url" argument', + 'version' => '2.2.0', + ), + 'text_direction' => array( + 'alt' => 'is_rtl()', + 'version' => '2.2.0', + ), + ), + ), + 'get_bloginfo' => array( + 1 => array( + 'home' => array( + 'alt' => 'the "url" argument', + 'version' => '2.2.0', + ), + 'siteurl' => array( + 'alt' => 'the "url" argument', + 'version' => '2.2.0', + ), + 'text_direction' => array( + 'alt' => 'is_rtl()', + 'version' => '2.2.0', + ), + ), + ), + 'register_setting' => array( + 1 => array( + 'misc' => array( + 'alt' => 'another settings group', + 'version' => '3.0.0', + ), + 'privacy' => array( + 'alt' => 'another settings group', + 'version' => '3.5.0', + ), + ), + ), + 'unregister_setting' => array( + 1 => array( + 'misc' => array( + 'alt' => 'another settings group', + 'version' => '3.0.0', + ), + 'privacy' => array( + 'alt' => 'another settings group', + 'version' => '3.5.0', + ), + ), + ), + ); + + /** + * Process the parameters of a matched function. + * + * @since 1.0.0 + * + * @param int $stackPtr The position of the current token in the stack. + * @param string $group_name The name of the group which was matched. + * @param string $matched_content The token content (function name) which was matched. + * @param array $parameters Array with information about the parameters. + * + * @return void + */ + public function process_parameters( $stackPtr, $group_name, $matched_content, $parameters ) { + $this->get_wp_version_from_cl(); + $param_count = \count( $parameters ); + foreach ( $this->target_functions[ $matched_content ] as $position => $parameter_args ) { + + // Stop if the position is higher then the total number of parameters. + if ( $position > $param_count ) { + break; + } + + $this->process_parameter( $matched_content, $parameters[ $position ], $parameter_args ); + } + } + + /** + * Process the parameter of a matched function. + * + * @since 1.0.0 + * + * @param string $matched_content The token content (function name) which was matched. + * @param array $parameter Array with start and end token positon of the parameter. + * @param array $parameter_args Array with alternative and WordPress deprecation version of the parameter. + * + * @return void + */ + protected function process_parameter( $matched_content, $parameter, $parameter_args ) { + + $parameter_position = $this->phpcsFile->findNext( + Tokens::$emptyTokens, + $parameter['start'], + $parameter['end'] + 1, + true + ); + + if ( false === $parameter_position ) { + return; + } + + $matched_parameter = $this->strip_quotes( $this->tokens[ $parameter_position ]['content'] ); + if ( ! isset( $parameter_args[ $matched_parameter ] ) ) { + return; + } + + $message = 'The parameter value "%s" has been deprecated since WordPress version %s.'; + $data = array( + $matched_parameter, + $parameter_args[ $matched_parameter ]['version'], + ); + + if ( ! empty( $parameter_args[ $matched_parameter ]['alt'] ) ) { + $message .= ' Use %s instead.'; + $data[] = $parameter_args[ $matched_parameter ]['alt']; + } + + $is_error = version_compare( $parameter_args[ $matched_parameter ]['version'], $this->minimum_supported_version, '<' ); + $this->addMessage( + $message, + $parameter_position, + $is_error, + $this->string_to_errorcode( 'Found' ), + $data + ); + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/DeprecatedParametersSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/DeprecatedParametersSniff.php new file mode 100644 index 00000000..3d45bafc --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/DeprecatedParametersSniff.php @@ -0,0 +1,338 @@ + value + * in a custom ruleset. + * + * @uses \WordPressCS\WordPress\Sniff::$minimum_supported_version + */ +class DeprecatedParametersSniff extends AbstractFunctionParameterSniff { + + /** + * The group name for this group of functions. + * + * @since 0.12.0 + * + * @var string + */ + protected $group_name = 'wp_deprecated_parameters'; + + /** + * Array of function, argument, and default value for deprecated argument. + * + * The functions are ordered alphabetically. + * Last updated for WordPress 4.8.0. + * + * @since 0.12.0 + * + * @var array Multidimensional array with parameter details. + * $target_functions = array( + * (string) Function name. => array( + * (int) Target parameter position, 1-based. => array( + * 'value' => (mixed) Expected default value for the + * deprecated parameter. Currently the default + * values: true, false, null, empty arrays and + * both empty and non-empty strings can be + * handled correctly by the process_parameters() + * method. When an additional default value is + * added, the relevant code in the + * process_parameters() method will need to be + * adjusted. + * 'version' => (int) The WordPress version when deprecated. + * ) + * ) + * ); + */ + protected $target_functions = array( + + 'add_option' => array( + 3 => array( + 'value' => '', + 'version' => '2.3.0', + ), + ), + 'comments_link' => array( + 1 => array( + 'value' => '', + 'version' => '0.72', + ), + 2 => array( + 'value' => '', + 'version' => '1.3.0', + ), + ), + 'comments_number' => array( + 4 => array( + 'value' => '', + 'version' => '1.3.0', + ), + ), + 'convert_chars' => array( + 2 => array( + 'value' => '', + 'version' => '0.71', + ), + ), + 'discover_pingback_server_uri' => array( + 2 => array( + 'value' => '', + 'version' => '2.7.0', + ), + ), + 'get_category_parents' => array( + 5 => array( + 'value' => array(), + 'version' => '4.8.0', + ), + ), + 'get_delete_post_link' => array( + 2 => array( + 'value' => '', + 'version' => '3.0.0', + ), + ), + 'get_last_updated' => array( + 1 => array( + 'value' => '', + 'version' => '3.0.0', // Was previously part of MU. + ), + ), + 'get_the_author' => array( + 1 => array( + 'value' => '', + 'version' => '2.1.0', + ), + ), + 'get_user_option' => array( + 3 => array( + 'value' => '', + 'version' => '2.3.0', + ), + ), + 'get_wp_title_rss' => array( + 1 => array( + 'value' => '–', + 'version' => '4.4.0', + ), + ), + 'is_email' => array( + 2 => array( + 'value' => false, + 'version' => '3.0.0', + ), + ), + 'load_plugin_textdomain' => array( + 2 => array( + 'value' => false, + 'version' => '2.7.0', + ), + ), + 'safecss_filter_attr' => array( + 2 => array( + 'value' => '', + 'version' => '2.8.1', + ), + ), + 'the_attachment_link' => array( + 3 => array( + 'value' => false, + 'version' => '2.5.0', + ), + ), + 'the_author' => array( + 1 => array( + 'value' => '', + 'version' => '2.1.0', + ), + 2 => array( + 'value' => true, + 'version' => '1.5.0', + ), + ), + 'the_author_posts_link' => array( + 1 => array( + 'value' => '', + 'version' => '2.1.0', + ), + ), + 'trackback_rdf' => array( + 1 => array( + 'value' => '', + 'version' => '2.5.0', + ), + ), + 'trackback_url' => array( + 1 => array( + 'value' => true, + 'version' => '2.5.0', + ), + ), + 'update_blog_option' => array( + 4 => array( + 'value' => null, + 'version' => '3.1.0', + ), + ), + 'update_blog_status' => array( + 4 => array( + 'value' => null, + 'version' => '3.1.0', + ), + ), + 'update_user_status' => array( + 4 => array( + 'value' => null, + 'version' => '3.0.2', + ), + ), + 'unregister_setting' => array( + 4 => array( + 'value' => '', + 'version' => '4.7.0', + ), + ), + 'wp_get_http_headers' => array( + 2 => array( + 'value' => false, + 'version' => '2.7.0', + ), + ), + 'wp_get_sidebars_widgets' => array( + 1 => array( + 'value' => true, + 'version' => '2.8.1', + ), + ), + 'wp_install' => array( + 5 => array( + 'value' => '', + 'version' => '2.6.0', + ), + ), + 'wp_new_user_notification' => array( + 2 => array( + 'value' => null, + 'version' => '4.3.1', + ), + ), + 'wp_notify_postauthor' => array( + 2 => array( + 'value' => null, + 'version' => '3.8.0', + ), + ), + 'wp_title_rss' => array( + 1 => array( + 'value' => '–', + 'version' => '4.4.0', + ), + ), + 'wp_upload_bits' => array( + 2 => array( + 'value' => null, + 'version' => '2.0.0', + ), + ), + 'xfn_check' => array( + 3 => array( + 'value' => '', + 'version' => '2.5.0', + ), + ), + ); + + /** + * Process the parameters of a matched function. + * + * @since 0.12.0 + * + * @param int $stackPtr The position of the current token in the stack. + * @param string $group_name The name of the group which was matched. + * @param string $matched_content The token content (function name) which was matched. + * @param array $parameters Array with information about the parameters. + * + * @return void + */ + public function process_parameters( $stackPtr, $group_name, $matched_content, $parameters ) { + + $this->get_wp_version_from_cl(); + + $paramCount = \count( $parameters ); + foreach ( $this->target_functions[ $matched_content ] as $position => $parameter_args ) { + + // Check that number of parameters defined is not less than the position to check. + if ( $position > $paramCount ) { + break; + } + + // The list will need to updated if the default value is not supported. + switch ( $parameters[ $position ]['raw'] ) { + case 'true': + $matched_parameter = true; + break; + case 'false': + $matched_parameter = false; + break; + case 'null': + $matched_parameter = null; + break; + case 'array()': + case '[]': + $matched_parameter = array(); + break; + default: + $matched_parameter = $this->strip_quotes( $parameters[ $position ]['raw'] ); + break; + } + + if ( $parameter_args['value'] === $matched_parameter ) { + continue; + } + + $message = 'The parameter "%s" at position #%s of %s() has been deprecated since WordPress version %s.'; + $is_error = version_compare( $parameter_args['version'], $this->minimum_supported_version, '<' ); + $code = $this->string_to_errorcode( ucfirst( $matched_content ) . 'Param' . $position . 'Found' ); + + $data = array( + $parameters[ $position ]['raw'], + $position, + $matched_content, + $parameter_args['version'], + ); + + if ( isset( $parameter_args['value'] ) && $position < $paramCount ) { + $message .= ' Use "%s" instead.'; + $data[] = (string) $parameter_args['value']; + } else { + $message .= ' Instead do not pass the parameter.'; + } + + $this->addMessage( $message, $stackPtr, $is_error, $code, $data, 0 ); + } + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/DiscouragedConstantsSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/DiscouragedConstantsSniff.php new file mode 100644 index 00000000..bcd960c4 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/DiscouragedConstantsSniff.php @@ -0,0 +1,217 @@ + 'get_stylesheet_directory()', + 'TEMPLATEPATH' => 'get_template_directory()', + 'PLUGINDIR' => 'WP_PLUGIN_DIR', + 'MUPLUGINDIR' => 'WPMU_PLUGIN_DIR', + 'HEADER_IMAGE' => 'add_theme_support( \'custom-header\' )', + 'NO_HEADER_TEXT' => 'add_theme_support( \'custom-header\' )', + 'HEADER_TEXTCOLOR' => 'add_theme_support( \'custom-header\' )', + 'HEADER_IMAGE_WIDTH' => 'add_theme_support( \'custom-header\' )', + 'HEADER_IMAGE_HEIGHT' => 'add_theme_support( \'custom-header\' )', + 'BACKGROUND_COLOR' => 'add_theme_support( \'custom-background\' )', + 'BACKGROUND_IMAGE' => 'add_theme_support( \'custom-background\' )', + ); + + /** + * Array of functions to check. + * + * @since 0.14.0 + * + * @var array => + */ + protected $target_functions = array( + 'define' => 1, + ); + + /** + * Array of tokens which if found preceding the $stackPtr indicate that a T_STRING is not a constant. + * + * @var array + */ + private $preceding_tokens_to_ignore = array( + \T_NAMESPACE => true, + \T_USE => true, + \T_CLASS => true, + \T_TRAIT => true, + \T_INTERFACE => true, + \T_EXTENDS => true, + \T_IMPLEMENTS => true, + \T_NEW => true, + \T_FUNCTION => true, + \T_DOUBLE_COLON => true, + \T_OBJECT_OPERATOR => true, + \T_INSTANCEOF => true, + \T_GOTO => true, + ); + + /** + * Processes this test, when one of its tokens is encountered. + * + * @since 0.14.0 + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + public function process_token( $stackPtr ) { + if ( isset( $this->target_functions[ strtolower( $this->tokens[ $stackPtr ]['content'] ) ] ) ) { + // Disallow excluding function groups for this sniff. + $this->exclude = array(); + + return parent::process_token( $stackPtr ); + + } else { + return $this->process_arbitrary_tstring( $stackPtr ); + } + } + + /** + * Process an arbitrary T_STRING token to determine whether it is one of the target constants. + * + * @since 0.14.0 + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return void + */ + public function process_arbitrary_tstring( $stackPtr ) { + $content = $this->tokens[ $stackPtr ]['content']; + + if ( ! isset( $this->discouraged_constants[ $content ] ) ) { + return; + } + + $next = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $stackPtr + 1 ), null, true ); + if ( false !== $next && \T_OPEN_PARENTHESIS === $this->tokens[ $next ]['code'] ) { + // Function call or declaration. + return; + } + + $prev = $this->phpcsFile->findPrevious( Tokens::$emptyTokens, ( $stackPtr - 1 ), null, true ); + if ( false !== $prev && isset( $this->preceding_tokens_to_ignore[ $this->tokens[ $prev ]['code'] ] ) ) { + // Not the use of a constant. + return; + } + + if ( $this->is_token_namespaced( $stackPtr ) === true ) { + // Namespaced constant of the same name. + return; + } + + if ( false !== $prev + && \T_CONST === $this->tokens[ $prev ]['code'] + && true === $this->is_class_constant( $prev ) + ) { + // Class constant of the same name. + return; + } + + /* + * Deal with a number of variations of use statements. + */ + for ( $i = $stackPtr; $i > 0; $i-- ) { + if ( $this->tokens[ $i ]['line'] !== $this->tokens[ $stackPtr ]['line'] ) { + break; + } + } + + $first_on_line = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $i + 1 ), null, true ); + if ( false !== $first_on_line && \T_USE === $this->tokens[ $first_on_line ]['code'] ) { + $next_on_line = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $first_on_line + 1 ), null, true ); + if ( false !== $next_on_line ) { + if ( ( \T_STRING === $this->tokens[ $next_on_line ]['code'] + && 'const' === $this->tokens[ $next_on_line ]['content'] ) + || \T_CONST === $this->tokens[ $next_on_line ]['code'] // Happens in some PHPCS versions. + ) { + $has_ns_sep = $this->phpcsFile->findNext( \T_NS_SEPARATOR, ( $next_on_line + 1 ), $stackPtr ); + if ( false !== $has_ns_sep ) { + // Namespaced const (group) use statement. + return; + } + } else { + // Not a const use statement. + return; + } + } + } + + // Ok, this is really one of the discouraged constants. + $this->phpcsFile->addWarning( + 'Found usage of constant "%s". Use %s instead.', + $stackPtr, + $this->string_to_errorcode( $content . 'UsageFound' ), + array( + $content, + $this->discouraged_constants[ $content ], + ) + ); + } + + /** + * Process the parameters of a matched `define` function call. + * + * @since 0.14.0 + * + * @param int $stackPtr The position of the current token in the stack. + * @param string $group_name The name of the group which was matched. + * @param string $matched_content The token content (function name) which was matched. + * @param array $parameters Array with information about the parameters. + * + * @return void + */ + public function process_parameters( $stackPtr, $group_name, $matched_content, $parameters ) { + $function_name = strtolower( $matched_content ); + $target_param = $this->target_functions[ $function_name ]; + + // Was the target parameter passed ? + if ( ! isset( $parameters[ $target_param ] ) ) { + return; + } + + $raw_content = $this->strip_quotes( $parameters[ $target_param ]['raw'] ); + + if ( isset( $this->discouraged_constants[ $raw_content ] ) ) { + $this->phpcsFile->addWarning( + 'Found declaration of constant "%s". Use %s instead.', + $stackPtr, + $this->string_to_errorcode( $raw_content . 'DeclarationFound' ), + array( + $raw_content, + $this->discouraged_constants[ $raw_content ], + ) + ); + } + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/DiscouragedFunctionsSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/DiscouragedFunctionsSniff.php new file mode 100644 index 00000000..d51504a3 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/DiscouragedFunctionsSniff.php @@ -0,0 +1,57 @@ + array( + * 'lambda' => array( + * 'type' => 'error' | 'warning', + * 'message' => 'Use anonymous functions instead please!', + * 'functions' => array( 'file_get_contents', 'create_function' ), + * ) + * ) + * + * @return array + */ + public function getGroups() { + return array( + 'query_posts' => array( + 'type' => 'warning', + 'message' => '%s() is discouraged. Use WP_Query instead.', + 'functions' => array( + 'query_posts', + ), + ), + + 'wp_reset_query' => array( + 'type' => 'warning', + 'message' => '%s() is discouraged. Use wp_reset_postdata() instead.', + 'functions' => array( + 'wp_reset_query', + ), + ), + ); + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/EnqueuedResourceParametersSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/EnqueuedResourceParametersSniff.php new file mode 100644 index 00000000..9c1f5f1e --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/EnqueuedResourceParametersSniff.php @@ -0,0 +1,223 @@ + => + */ + protected $target_functions = array( + 'wp_register_script' => true, + 'wp_enqueue_script' => true, + 'wp_register_style' => true, + 'wp_enqueue_style' => true, + ); + + /** + * False + the empty tokens array. + * + * This array is enriched with the $emptyTokens array in the register() method. + * + * @var array + */ + private $false_tokens = array( + \T_FALSE => \T_FALSE, + ); + + /** + * Token codes which are "safe" to accept to determine whether a version would evaluate to `false`. + * + * This array is enriched with the several of the PHPCS token arrays in the register() method. + * + * @var array + */ + private $safe_tokens = array( + \T_NULL => \T_NULL, + \T_FALSE => \T_FALSE, + \T_TRUE => \T_TRUE, + \T_LNUMBER => \T_LNUMBER, + \T_DNUMBER => \T_DNUMBER, + \T_CONSTANT_ENCAPSED_STRING => \T_CONSTANT_ENCAPSED_STRING, + \T_START_NOWDOC => \T_START_NOWDOC, + \T_NOWDOC => \T_NOWDOC, + \T_END_NOWDOC => \T_END_NOWDOC, + \T_OPEN_PARENTHESIS => \T_OPEN_PARENTHESIS, + \T_CLOSE_PARENTHESIS => \T_CLOSE_PARENTHESIS, + \T_STRING_CONCAT => \T_STRING_CONCAT, + ); + + /** + * Returns an array of tokens this test wants to listen for. + * + * Overloads and calls the parent method to allow for adding additional tokens to the $safe_tokens property. + * + * @return array + */ + public function register() { + $this->false_tokens += Tokens::$emptyTokens; + + $this->safe_tokens += Tokens::$emptyTokens; + $this->safe_tokens += Tokens::$assignmentTokens; + $this->safe_tokens += Tokens::$comparisonTokens; + $this->safe_tokens += Tokens::$operators; + $this->safe_tokens += Tokens::$booleanOperators; + $this->safe_tokens += Tokens::$castTokens; + + return parent::register(); + } + + /** + * Process the parameters of a matched function. + * + * @since 1.0.0 + * + * @param int $stackPtr The position of the current token in the stack. + * @param string $group_name The name of the group which was matched. + * @param string $matched_content The token content (function name) which was matched. + * @param array $parameters Array with information about the parameters. + * + * @return void + */ + public function process_parameters( $stackPtr, $group_name, $matched_content, $parameters ) { + + // Check to see if a source ($src) is specified. + if ( ! isset( $parameters[2] ) ) { + return; + } + + /* + * Version Check: Check to make sure the version is set explicitly. + */ + + if ( ! isset( $parameters[4] ) || 'null' === $parameters[4]['raw'] ) { + $type = 'script'; + if ( strpos( $matched_content, '_style' ) !== false ) { + $type = 'style'; + } + + $this->phpcsFile->addError( + 'Resource version not set in call to %s(). This means new versions of the %s will not always be loaded due to browser caching.', + $stackPtr, + 'MissingVersion', + array( $matched_content, $type ) + ); + } else { + // The version argument should have a non-false value. + if ( $this->is_falsy( $parameters[4]['start'], $parameters[4]['end'] ) ) { + $this->phpcsFile->addError( + 'Version parameter is not explicitly set or has been set to an equivalent of "false" for %s; ' . + 'This means that the WordPress core version will be used which is not recommended for plugin or theme development.', + $stackPtr, + 'NoExplicitVersion', + array( $matched_content ) + ); + } + } + + /* + * In footer Check + * + * Check to make sure that $in_footer is set to true. + * It will warn the user to make sure it is intended. + * + * Only wp_register_script and wp_enqueue_script need this check, + * as this parameter is not available to wp_register_style and wp_enqueue_style. + */ + if ( 'wp_register_script' !== $matched_content && 'wp_enqueue_script' !== $matched_content ) { + return; + } + + if ( ! isset( $parameters[5] ) ) { + // If in footer is not set, throw a warning about the default. + $this->phpcsFile->addWarning( + 'In footer ($in_footer) is not set explicitly %s; ' . + 'It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.', + $stackPtr, + 'NotInFooter', + array( $matched_content ) + ); + } + } + + /** + * Determine if a range has a falsy value. + * + * @param int $start The position to start looking from. + * @param int $end The position to stop looking (inclusive). + * + * @return bool True if the parameter is falsy. + * False if the parameter is not falsy or when it + * couldn't be reliably determined. + */ + protected function is_falsy( $start, $end ) { + + // Find anything excluding the false tokens. + $has_non_false = $this->phpcsFile->findNext( $this->false_tokens, $start, ( $end + 1 ), true ); + // If no non-false tokens are found, we are good. + if ( false === $has_non_false ) { + return true; + } + + $code_string = ''; + for ( $i = $start; $i <= $end; $i++ ) { + if ( isset( $this->safe_tokens[ $this->tokens[ $i ]['code'] ] ) === false ) { + // Function call/variable or other token which makes it neigh impossible + // to determine whether the actual value would evaluate to false. + return false; + } + + if ( isset( Tokens::$emptyTokens[ $this->tokens[ $i ]['code'] ] ) === true ) { + continue; + } + + $code_string .= $this->tokens[ $i ]['content']; + } + + if ( '' === $code_string ) { + return false; + } + + // Evaluate the argument to figure out the outcome is false or not. + // phpcs:ignore Squiz.PHP.Eval -- No harm here. + return ( false === eval( "return (bool) $code_string;" ) ); + } +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/EnqueuedResourcesSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/EnqueuedResourcesSniff.php new file mode 100644 index 00000000..27572e95 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/EnqueuedResourcesSniff.php @@ -0,0 +1,64 @@ +tokens[ $stackPtr ]; + + if ( preg_match( '# rel=\\\\?[\'"]?stylesheet\\\\?[\'"]?#', $token['content'] ) > 0 ) { + $this->phpcsFile->addError( + 'Stylesheets must be registered/enqueued via wp_enqueue_style', + $stackPtr, + 'NonEnqueuedStylesheet' + ); + } + + if ( preg_match( '#]*(?<=src=)#', $token['content'] ) > 0 ) { + $this->phpcsFile->addError( + 'Scripts must be registered/enqueued via wp_enqueue_script', + $stackPtr, + 'NonEnqueuedScript' + ); + } + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/GlobalVariablesOverrideSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/GlobalVariablesOverrideSniff.php new file mode 100644 index 00000000..37bf68b2 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/GlobalVariablesOverrideSniff.php @@ -0,0 +1,466 @@ + true, + 'wp_cockneyreplace' => true, + ); + + /** + * Scoped object and function structures to skip over as + * variables will have a different scope within those. + * + * @since 1.1.0 + * + * @var array + */ + private $skip_over = array( + \T_FUNCTION => true, + \T_CLOSURE => true, + ); + + /** + * Returns an array of tokens this test wants to listen for. + * + * @since 0.3.0 + * @since 1.1.0 Added class tokens for improved test classes skipping. + * + * @return array + */ + public function register() { + // Add the OO scope tokens to the $skip_over property. + $this->skip_over += Tokens::$ooScopeTokens; + + $targets = array( + \T_GLOBAL, + \T_VARIABLE, + \T_LIST, + \T_OPEN_SHORT_ARRAY, + ); + + // Only used to skip over test classes. + $targets += Tokens::$ooScopeTokens; + + return $targets; + } + + /** + * Processes this test, when one of its tokens is encountered. + * + * @since 0.3.0 + * @since 1.1.0 Split the token specific logic off into separate methods. + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + public function process_token( $stackPtr ) { + + $token = $this->tokens[ $stackPtr ]; + + // Ignore variable overrides in test classes. + if ( isset( Tokens::$ooScopeTokens[ $token['code'] ] ) ) { + + if ( true === $this->is_test_class( $stackPtr ) + && $token['scope_condition'] === $stackPtr + && isset( $token['scope_closer'] ) + ) { + // Skip forward to end of test class. + return $token['scope_closer']; + } + + // Otherwise ignore the tokens as they were only registered to enable skipping over test classes. + return; + } + + /* + * Examine variables within a function scope based on a `global` statement in the + * function. + * Examine variables not within a function scope, but within a list construct, based + * on that. + * Examine variables not within a function scope and access to the `$GLOBALS` + * variable based on the variable token. + */ + $in_function_scope = $this->phpcsFile->hasCondition( $stackPtr, array( \T_FUNCTION, \T_CLOSURE ) ); + + if ( ( \T_LIST === $token['code'] || \T_OPEN_SHORT_ARRAY === $token['code'] ) + && false === $in_function_scope + && false === $this->treat_files_as_scoped + ) { + return $this->process_list_assignment( $stackPtr ); + } elseif ( \T_VARIABLE === $token['code'] + && ( '$GLOBALS' === $token['content'] + || ( false === $in_function_scope && false === $this->treat_files_as_scoped ) ) + ) { + return $this->process_variable_assignment( $stackPtr ); + } elseif ( \T_GLOBAL === $token['code'] + && ( true === $in_function_scope || true === $this->treat_files_as_scoped ) + ) { + return $this->process_global_statement( $stackPtr, $in_function_scope ); + } + } + + /** + * Check that global variables declared via a list construct are prefixed. + * + * @internal No need to take special measures for nested lists. Nested or not, + * each list part can only contain one variable being written to. + * + * @since 2.2.0 + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + protected function process_list_assignment( $stackPtr ) { + $list_open_close = $this->find_list_open_close( $stackPtr ); + if ( false === $list_open_close ) { + // Short array, not short list. + return; + } + + $var_pointers = $this->get_list_variables( $stackPtr, $list_open_close ); + foreach ( $var_pointers as $ptr ) { + $this->process_variable_assignment( $ptr, true ); + } + + // No need to re-examine these variables. + return $list_open_close['closer']; + } + + /** + * Check that defined global variables are prefixed. + * + * @since 1.1.0 Logic was previously contained in the process_token() method. + * + * @param int $stackPtr The position of the current token in the stack. + * @param bool $in_list Whether or not this is a variable in a list assignment. + * Defaults to false. + * + * @return void + */ + protected function process_variable_assignment( $stackPtr, $in_list = false ) { + + if ( $this->has_whitelist_comment( 'override', $stackPtr ) === true ) { + return; + } + + $token = $this->tokens[ $stackPtr ]; + $var_name = substr( $token['content'], 1 ); // Strip the dollar sign. + $data = array(); + + // Determine the variable name for `$GLOBALS['array_key']`. + if ( 'GLOBALS' === $var_name ) { + $bracketPtr = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $stackPtr + 1 ), null, true ); + + if ( false === $bracketPtr || \T_OPEN_SQUARE_BRACKET !== $this->tokens[ $bracketPtr ]['code'] || ! isset( $this->tokens[ $bracketPtr ]['bracket_closer'] ) ) { + return; + } + + // Retrieve the array key and avoid getting tripped up by some simple obfuscation. + $var_name = ''; + $start = ( $bracketPtr + 1 ); + for ( $ptr = $start; $ptr < $this->tokens[ $bracketPtr ]['bracket_closer']; $ptr++ ) { + /* + * If the globals array key contains a variable, constant, function call + * or interpolated variable, bow out. + */ + if ( \T_VARIABLE === $this->tokens[ $ptr ]['code'] + || \T_STRING === $this->tokens[ $ptr ]['code'] + || \T_DOUBLE_QUOTED_STRING === $this->tokens[ $ptr ]['code'] + ) { + return; + } + + if ( \T_CONSTANT_ENCAPSED_STRING === $this->tokens[ $ptr ]['code'] ) { + $var_name .= $this->strip_quotes( $this->tokens[ $ptr ]['content'] ); + } + } + + if ( '' === $var_name ) { + // Shouldn't happen, but just in case. + return; + } + + // Set up the data for the error message. + $data[] = '$GLOBALS[\'' . $var_name . '\']'; + } + + /* + * Is this one of the WP global variables ? + */ + if ( isset( $this->wp_globals[ $var_name ] ) === false ) { + return; + } + + /* + * Is this one of the WP global variables which are allowed to be overwritten ? + */ + if ( isset( $this->override_allowed[ $var_name ] ) === true ) { + return; + } + + /* + * Check if the variable value is being changed. + */ + if ( false === $in_list + && false === $this->is_assignment( $stackPtr ) + && false === $this->is_foreach_as( $stackPtr ) + ) { + return; + } + + /* + * Function parameters with the same name as a WP global variable are fine, + * including when they are being assigned a default value. + */ + if ( false === $in_list && isset( $this->tokens[ $stackPtr ]['nested_parenthesis'] ) ) { + foreach ( $this->tokens[ $stackPtr ]['nested_parenthesis'] as $opener => $closer ) { + if ( isset( $this->tokens[ $opener ]['parenthesis_owner'] ) + && ( \T_FUNCTION === $this->tokens[ $this->tokens[ $opener ]['parenthesis_owner'] ]['code'] + || \T_CLOSURE === $this->tokens[ $this->tokens[ $opener ]['parenthesis_owner'] ]['code'] ) + ) { + return; + } + } + unset( $opener, $closer ); + } + + /* + * Class property declarations with the same name as WP global variables are fine. + */ + if ( false === $in_list && true === $this->is_class_property( $stackPtr ) ) { + return; + } + + // Still here ? In that case, the WP global variable is being tampered with. + $this->add_error( $stackPtr, $data ); + } + + /** + * Check that global variables imported into a function scope using a global statement + * are not being overruled. + * + * @since 1.1.0 Logic was previously contained in the process_token() method. + * + * @param int $stackPtr The position of the current token in the stack. + * @param bool $in_function_scope Whether the global statement is within a scoped function/closure. + * + * @return void + */ + protected function process_global_statement( $stackPtr, $in_function_scope ) { + /* + * Collect the variables to watch for. + */ + $search = array(); + $ptr = ( $stackPtr + 1 ); + while ( isset( $this->tokens[ $ptr ] ) ) { + $var = $this->tokens[ $ptr ]; + + // Halt the loop at end of statement. + if ( \T_SEMICOLON === $var['code'] ) { + break; + } + + if ( \T_VARIABLE === $var['code'] ) { + $var_name = substr( $var['content'], 1 ); + if ( isset( $this->wp_globals[ $var_name ] ) + && isset( $this->override_allowed[ $var_name ] ) === false + ) { + $search[] = $var['content']; + } + } + + $ptr++; + } + unset( $var ); + + if ( empty( $search ) ) { + return; + } + + /* + * Search for assignments to the imported global variables within the relevant scope. + */ + $start = $ptr; + if ( true === $in_function_scope ) { + $function_cond = $this->phpcsFile->getCondition( $stackPtr, \T_FUNCTION ); + $closure_cond = $this->phpcsFile->getCondition( $stackPtr, \T_CLOSURE ); + $scope_cond = max( $function_cond, $closure_cond ); // If false, it will evaluate as zero, so this is fine. + if ( isset( $this->tokens[ $scope_cond ]['scope_closer'] ) === false ) { + // Live coding or parse error. + return; + } + $end = $this->tokens[ $scope_cond ]['scope_closer']; + } else { + // Global statement in the global namespace with file is being treated as scoped. + $end = $this->phpcsFile->numTokens; + } + + for ( $ptr = $start; $ptr < $end; $ptr++ ) { + + // Skip over nested functions, classes and the likes. + if ( isset( $this->skip_over[ $this->tokens[ $ptr ]['code'] ] ) ) { + if ( ! isset( $this->tokens[ $ptr ]['scope_closer'] ) ) { + // Live coding or parse error. + break; + } + + $ptr = $this->tokens[ $ptr ]['scope_closer']; + continue; + } + + // Make sure to recognize assignments to variables in a list construct. + if ( \T_LIST === $this->tokens[ $ptr ]['code'] + || \T_OPEN_SHORT_ARRAY === $this->tokens[ $ptr ]['code'] + ) { + $list_open_close = $this->find_list_open_close( $ptr ); + + if ( false === $list_open_close ) { + // Short array, not short list. + continue; + } + + $var_pointers = $this->get_list_variables( $ptr, $list_open_close ); + foreach ( $var_pointers as $ptr ) { + $var_name = $this->tokens[ $ptr ]['content']; + if ( '$GLOBALS' === $var_name ) { + $var_name = '$' . $this->strip_quotes( $this->get_array_access_key( $ptr ) ); + } + + if ( \in_array( $var_name, $search, true ) ) { + $this->process_variable_assignment( $ptr, true ); + } + } + + // No need to re-examine these variables. + $ptr = $list_open_close['closer']; + continue; + } + + if ( \T_VARIABLE !== $this->tokens[ $ptr ]['code'] ) { + continue; + } + + if ( \in_array( $this->tokens[ $ptr ]['content'], $search, true ) === false ) { + // Not one of the variables we're interested in. + continue; + } + + // Don't throw false positives for static class properties. + if ( $this->is_class_object_call( $ptr ) === true ) { + continue; + } + + if ( true === $this->is_assignment( $ptr ) ) { + $this->maybe_add_error( $ptr ); + continue; + } + + // Check if this is a variable assignment within a `foreach()` declaration. + if ( $this->is_foreach_as( $ptr ) === true ) { + $this->maybe_add_error( $ptr ); + } + } + } + + /** + * Add the error if there is no whitelist comment present. + * + * @since 0.11.0 + * @since 1.1.0 - Visibility changed from public to protected. + * - Check for being in a test class moved to the process_token() method. + * + * @param int $stackPtr The position of the token to throw the error for. + * + * @return void + */ + protected function maybe_add_error( $stackPtr ) { + if ( $this->has_whitelist_comment( 'override', $stackPtr ) === false ) { + $this->add_error( $stackPtr ); + } + } + + /** + * Add the error. + * + * @since 1.1.0 + * + * @param int $stackPtr The position of the token to throw the error for. + * @param array $data Optional. Array containing one entry holding the + * name of the variable being overruled. + * Defaults to the 'content' of the $stackPtr token. + * + * @return void + */ + protected function add_error( $stackPtr, $data = array() ) { + if ( empty( $data ) ) { + $data[] = $this->tokens[ $stackPtr ]['content']; + } + + $this->phpcsFile->addError( + 'Overriding WordPress globals is prohibited. Found assignment to %s', + $stackPtr, + 'Prohibited', + $data + ); + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/I18nSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/I18nSniff.php new file mode 100644 index 00000000..d229cb5e --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/I18nSniff.php @@ -0,0 +1,789 @@ +phpcsFile->getFilename() + * @link https://youtrack.jetbrains.com/issue/WI-17740 + * + * @var string[]|string + */ + public $text_domain; + + /** + * The I18N functions in use in WP. + * + * @since 0.10.0 + * @since 0.11.0 Changed visibility from public to protected. + * + * @var array => + */ + protected $i18n_functions = array( + 'translate' => 'simple', + '__' => 'simple', + 'esc_attr__' => 'simple', + 'esc_html__' => 'simple', + '_e' => 'simple', + 'esc_attr_e' => 'simple', + 'esc_html_e' => 'simple', + 'translate_with_gettext_context' => 'context', + '_x' => 'context', + '_ex' => 'context', + 'esc_attr_x' => 'context', + 'esc_html_x' => 'context', + '_n' => 'number', + '_nx' => 'number_context', + '_n_noop' => 'noopnumber', + '_nx_noop' => 'noopnumber_context', + ); + + /** + * Toggle whether or not to check for translators comments for text string containing placeholders. + * + * Intended to make this part of the sniff unit testable, but can be used by end-users too, + * though they can just as easily disable this via the sniff code. + * + * @since 0.11.0 + * + * @var bool + */ + public $check_translator_comments = true; + + /** + * Whether or not the `default` text domain is one of the allowed text domains. + * + * @since 0.14.0 + * + * @var bool + */ + private $text_domain_contains_default = false; + + /** + * Whether or not the `default` text domain is the only allowed text domain. + * + * @since 0.14.0 + * + * @var bool + */ + private $text_domain_is_default = false; + + /** + * Groups of functions to restrict. + * + * Example: groups => array( + * 'lambda' => array( + * 'type' => 'error' | 'warning', + * 'message' => 'Use anonymous functions instead please!', + * 'functions' => array( 'file_get_contents', 'create_function' ), + * ) + * ) + * + * @return array + */ + public function getGroups() { + return array( + 'i18n' => array( + 'functions' => array_keys( $this->i18n_functions ), + ), + 'typos' => array( + 'functions' => array( + '_', + ), + ), + ); + } + + /** + * Processes this test, when one of its tokens is encountered. + * + * @since 1.0.0 Defers to the abstractFunctionRestriction sniff for determining + * whether something is a function call. The logic after that has + * been split off to the `process_matched_token()` method. + * + * @param int $stack_ptr The position of the current token in the stack. + * + * @return void + */ + public function process_token( $stack_ptr ) { + + // Reset defaults. + $this->text_domain_contains_default = false; + $this->text_domain_is_default = false; + + // Allow overruling the text_domain set in a ruleset via the command line. + $cl_text_domain = trim( PHPCSHelper::get_config_data( 'text_domain' ) ); + if ( ! empty( $cl_text_domain ) ) { + $this->text_domain = array_filter( array_map( 'trim', explode( ',', $cl_text_domain ) ) ); + } + + $this->text_domain = $this->merge_custom_array( $this->text_domain, array(), false ); + + if ( ! empty( $this->text_domain ) ) { + if ( \in_array( 'default', $this->text_domain, true ) ) { + $this->text_domain_contains_default = true; + if ( \count( $this->text_domain ) === 1 ) { + $this->text_domain_is_default = true; + } + } + } + + // Prevent exclusion of the i18n group. + $this->exclude = array(); + + parent::process_token( $stack_ptr ); + } + + /** + * Process a matched token. + * + * @since 1.0.0 Logic split off from the `process_token()` method. + * + * @param int $stack_ptr The position of the current token in the stack. + * @param string $group_name The name of the group which was matched. + * @param string $matched_content The token content (function name) which was matched. + * + * @return int|void Integer stack pointer to skip forward or void to continue + * normal file processing. + */ + public function process_matched_token( $stack_ptr, $group_name, $matched_content ) { + + $func_open_paren_token = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $stack_ptr + 1 ), null, true ); + if ( false === $func_open_paren_token + || \T_OPEN_PARENTHESIS !== $this->tokens[ $func_open_paren_token ]['code'] + || ! isset( $this->tokens[ $func_open_paren_token ]['parenthesis_closer'] ) + ) { + // Live coding, parse error or not a function call. + return; + } + + if ( 'typos' === $group_name && '_' === $matched_content ) { + $this->phpcsFile->addError( 'Found single-underscore "_()" function when double-underscore expected.', $stack_ptr, 'SingleUnderscoreGetTextFunction' ); + return; + } + + if ( \in_array( $matched_content, array( 'translate', 'translate_with_gettext_context' ), true ) ) { + $this->phpcsFile->addWarning( 'Use of the "%s()" function is reserved for low-level API usage.', $stack_ptr, 'LowLevelTranslationFunction', array( $matched_content ) ); + } + + $arguments_tokens = array(); + $argument_tokens = array(); + $tokens = $this->tokens; + + // Look at arguments. + for ( $i = ( $func_open_paren_token + 1 ); $i < $this->tokens[ $func_open_paren_token ]['parenthesis_closer']; $i++ ) { + $this_token = $this->tokens[ $i ]; + $this_token['token_index'] = $i; + if ( isset( Tokens::$emptyTokens[ $this_token['code'] ] ) ) { + continue; + } + if ( \T_COMMA === $this_token['code'] ) { + $arguments_tokens[] = $argument_tokens; + $argument_tokens = array(); + continue; + } + + // Merge consecutive single or double quoted strings (when they span multiple lines). + if ( isset( Tokens::$textStringTokens[ $this_token['code'] ] ) ) { + for ( $j = ( $i + 1 ); $j < $this->tokens[ $func_open_paren_token ]['parenthesis_closer']; $j++ ) { + if ( $this_token['code'] === $this->tokens[ $j ]['code'] ) { + $this_token['content'] .= $this->tokens[ $j ]['content']; + $i = $j; + } else { + break; + } + } + } + $argument_tokens[] = $this_token; + + // Include everything up to and including the parenthesis_closer if this token has one. + if ( ! empty( $this_token['parenthesis_closer'] ) ) { + for ( $j = ( $i + 1 ); $j <= $this_token['parenthesis_closer']; $j++ ) { + $tokens[ $j ]['token_index'] = $j; + $argument_tokens[] = $tokens[ $j ]; + } + $i = $this_token['parenthesis_closer']; + } + } + + if ( ! empty( $argument_tokens ) ) { + $arguments_tokens[] = $argument_tokens; + } + unset( $argument_tokens ); + + $argument_assertions = array(); + if ( 'simple' === $this->i18n_functions[ $matched_content ] ) { + $argument_assertions[] = array( + 'arg_name' => 'text', + 'tokens' => array_shift( $arguments_tokens ), + ); + $argument_assertions[] = array( + 'arg_name' => 'domain', + 'tokens' => array_shift( $arguments_tokens ), + ); + } elseif ( 'context' === $this->i18n_functions[ $matched_content ] ) { + $argument_assertions[] = array( + 'arg_name' => 'text', + 'tokens' => array_shift( $arguments_tokens ), + ); + $argument_assertions[] = array( + 'arg_name' => 'context', + 'tokens' => array_shift( $arguments_tokens ), + ); + $argument_assertions[] = array( + 'arg_name' => 'domain', + 'tokens' => array_shift( $arguments_tokens ), + ); + } elseif ( 'number' === $this->i18n_functions[ $matched_content ] ) { + $argument_assertions[] = array( + 'arg_name' => 'single', + 'tokens' => array_shift( $arguments_tokens ), + ); + $argument_assertions[] = array( + 'arg_name' => 'plural', + 'tokens' => array_shift( $arguments_tokens ), + ); + array_shift( $arguments_tokens ); + $argument_assertions[] = array( + 'arg_name' => 'domain', + 'tokens' => array_shift( $arguments_tokens ), + ); + } elseif ( 'number_context' === $this->i18n_functions[ $matched_content ] ) { + $argument_assertions[] = array( + 'arg_name' => 'single', + 'tokens' => array_shift( $arguments_tokens ), + ); + $argument_assertions[] = array( + 'arg_name' => 'plural', + 'tokens' => array_shift( $arguments_tokens ), + ); + array_shift( $arguments_tokens ); + $argument_assertions[] = array( + 'arg_name' => 'context', + 'tokens' => array_shift( $arguments_tokens ), + ); + $argument_assertions[] = array( + 'arg_name' => 'domain', + 'tokens' => array_shift( $arguments_tokens ), + ); + } elseif ( 'noopnumber' === $this->i18n_functions[ $matched_content ] ) { + $argument_assertions[] = array( + 'arg_name' => 'single', + 'tokens' => array_shift( $arguments_tokens ), + ); + $argument_assertions[] = array( + 'arg_name' => 'plural', + 'tokens' => array_shift( $arguments_tokens ), + ); + $argument_assertions[] = array( + 'arg_name' => 'domain', + 'tokens' => array_shift( $arguments_tokens ), + ); + } elseif ( 'noopnumber_context' === $this->i18n_functions[ $matched_content ] ) { + $argument_assertions[] = array( + 'arg_name' => 'single', + 'tokens' => array_shift( $arguments_tokens ), + ); + $argument_assertions[] = array( + 'arg_name' => 'plural', + 'tokens' => array_shift( $arguments_tokens ), + ); + $argument_assertions[] = array( + 'arg_name' => 'context', + 'tokens' => array_shift( $arguments_tokens ), + ); + $argument_assertions[] = array( + 'arg_name' => 'domain', + 'tokens' => array_shift( $arguments_tokens ), + ); + } + + if ( ! empty( $arguments_tokens ) ) { + $this->phpcsFile->addError( 'Too many arguments for function "%s".', $func_open_paren_token, 'TooManyFunctionArgs', array( $matched_content ) ); + } + + foreach ( $argument_assertions as $argument_assertion_context ) { + if ( empty( $argument_assertion_context['tokens'][0] ) ) { + $argument_assertion_context['stack_ptr'] = $func_open_paren_token; + } else { + $argument_assertion_context['stack_ptr'] = $argument_assertion_context['tokens'][0]['token_index']; + } + $this->check_argument_tokens( $argument_assertion_context ); + } + + /* + * For _n*() calls, compare the singular and plural strings. + * If either of the arguments is missing, empty or has more than 1 token, skip out. + * An error for that will already have been reported via the `check_argument_tokens()` method. + */ + if ( false !== strpos( $this->i18n_functions[ $matched_content ], 'number' ) + && isset( $argument_assertions[0]['tokens'], $argument_assertions[1]['tokens'] ) + && count( $argument_assertions[0]['tokens'] ) === 1 + && count( $argument_assertions[1]['tokens'] ) === 1 + ) { + $single_context = $argument_assertions[0]; + $plural_context = $argument_assertions[1]; + + $this->compare_single_and_plural_arguments( $stack_ptr, $single_context, $plural_context ); + } + + if ( true === $this->check_translator_comments ) { + $this->check_for_translator_comment( $stack_ptr, $argument_assertions ); + } + } + + /** + * Check if supplied tokens represent a translation text string literal. + * + * @param array $context Context (@todo needs better description). + * @return bool + */ + protected function check_argument_tokens( $context ) { + $stack_ptr = $context['stack_ptr']; + $tokens = $context['tokens']; + $arg_name = $context['arg_name']; + $is_error = empty( $context['warning'] ); + $content = isset( $tokens[0] ) ? $tokens[0]['content'] : ''; + + if ( empty( $tokens ) || 0 === \count( $tokens ) ) { + $code = $this->string_to_errorcode( 'MissingArg' . ucfirst( $arg_name ) ); + if ( 'domain' !== $arg_name ) { + $this->addMessage( 'Missing $%s arg.', $stack_ptr, $is_error, $code, array( $arg_name ) ); + return false; + } + + // Ok, we're examining a text domain, now deal correctly with the 'default' text domain. + if ( true === $this->text_domain_is_default ) { + return true; + } + + if ( true === $this->text_domain_contains_default ) { + $this->phpcsFile->addWarning( + 'Missing $%s arg. If this text string is supposed to use a WP Core translation, use the "default" text domain.', + $stack_ptr, + $code . 'Default', + array( $arg_name ) + ); + } elseif ( ! empty( $this->text_domain ) ) { + $this->addMessage( 'Missing $%s arg.', $stack_ptr, $is_error, $code, array( $arg_name ) ); + } + + return false; + } + + if ( \count( $tokens ) > 1 ) { + $contents = ''; + foreach ( $tokens as $token ) { + $contents .= $token['content']; + } + $code = $this->string_to_errorcode( 'NonSingularStringLiteral' . ucfirst( $arg_name ) ); + $this->addMessage( 'The $%s arg must be a single string literal, not "%s".', $stack_ptr, $is_error, $code, array( $arg_name, $contents ) ); + return false; + } + + if ( \in_array( $arg_name, array( 'text', 'single', 'plural' ), true ) ) { + $this->check_text( $context ); + } + + if ( \T_DOUBLE_QUOTED_STRING === $tokens[0]['code'] || \T_HEREDOC === $tokens[0]['code'] ) { + $interpolated_variables = $this->get_interpolated_variables( $content ); + foreach ( $interpolated_variables as $interpolated_variable ) { + $code = $this->string_to_errorcode( 'InterpolatedVariable' . ucfirst( $arg_name ) ); + $this->addMessage( 'The $%s arg must not contain interpolated variables. Found "$%s".', $stack_ptr, $is_error, $code, array( $arg_name, $interpolated_variable ) ); + } + if ( ! empty( $interpolated_variables ) ) { + return false; + } + } + + if ( isset( Tokens::$textStringTokens[ $tokens[0]['code'] ] ) ) { + if ( 'domain' === $arg_name && ! empty( $this->text_domain ) ) { + $stripped_content = $this->strip_quotes( $content ); + + if ( ! \in_array( $stripped_content, $this->text_domain, true ) ) { + $this->addMessage( + 'Mismatched text domain. Expected \'%s\' but got %s.', + $stack_ptr, + $is_error, + 'TextDomainMismatch', + array( implode( "' or '", $this->text_domain ), $content ) + ); + return false; + } + + if ( true === $this->text_domain_is_default && 'default' === $stripped_content ) { + $fixable = false; + $error = 'No need to supply the text domain when the only accepted text domain is "default".'; + $error_code = 'SuperfluousDefaultTextDomain'; + + if ( $tokens[0]['token_index'] === $stack_ptr ) { + $prev = $this->phpcsFile->findPrevious( \T_WHITESPACE, ( $stack_ptr - 1 ), null, true ); + if ( false !== $prev && \T_COMMA === $this->tokens[ $prev ]['code'] ) { + $fixable = true; + } + } + + if ( false === $fixable ) { + $this->phpcsFile->addWarning( $error, $stack_ptr, $error_code ); + return false; + } + + $fix = $this->phpcsFile->addFixableWarning( $error, $stack_ptr, $error_code ); + if ( true === $fix ) { + // Remove preceeding comma, whitespace and the text domain token. + $this->phpcsFile->fixer->beginChangeset(); + for ( $i = $prev; $i <= $stack_ptr; $i++ ) { + $this->phpcsFile->fixer->replaceToken( $i, '' ); + } + $this->phpcsFile->fixer->endChangeset(); + } + + return false; + } + } + + return true; + } + + $code = $this->string_to_errorcode( 'NonSingularStringLiteral' . ucfirst( $arg_name ) ); + $this->addMessage( 'The $%s arg must be a single string literal, not "%s".', $stack_ptr, $is_error, $code, array( $arg_name, $content ) ); + return false; + } + + /** + * Check for inconsistencies between single and plural arguments. + * + * @param int $stack_ptr The position of the current token in the stack. + * @param array $single_context Single context (@todo needs better description). + * @param array $plural_context Plural context (@todo needs better description). + * @return void + */ + protected function compare_single_and_plural_arguments( $stack_ptr, $single_context, $plural_context ) { + $single_content = $single_context['tokens'][0]['content']; + $plural_content = $plural_context['tokens'][0]['content']; + + preg_match_all( self::SPRINTF_PLACEHOLDER_REGEX, $single_content, $single_placeholders ); + $single_placeholders = $single_placeholders[0]; + + preg_match_all( self::SPRINTF_PLACEHOLDER_REGEX, $plural_content, $plural_placeholders ); + $plural_placeholders = $plural_placeholders[0]; + + // English conflates "singular" with "only one", described in the codex: + // https://codex.wordpress.org/I18n_for_WordPress_Developers#Plurals . + if ( \count( $single_placeholders ) < \count( $plural_placeholders ) ) { + $error_string = 'Missing singular placeholder, needed for some languages. See https://codex.wordpress.org/I18n_for_WordPress_Developers#Plurals'; + $single_index = $single_context['tokens'][0]['token_index']; + + $this->phpcsFile->addError( $error_string, $single_index, 'MissingSingularPlaceholder' ); + } + + // Reordering is fine, but mismatched placeholders is probably wrong. + sort( $single_placeholders ); + sort( $plural_placeholders ); + + if ( $single_placeholders !== $plural_placeholders ) { + $this->phpcsFile->addWarning( 'Mismatched placeholders is probably an error', $stack_ptr, 'MismatchedPlaceholders' ); + } + } + + /** + * Check the string itself for problems. + * + * @param array $context Context (@todo needs better description). + * @return void + */ + protected function check_text( $context ) { + $stack_ptr = $context['stack_ptr']; + $arg_name = $context['arg_name']; + $content = $context['tokens'][0]['content']; + $is_error = empty( $context['warning'] ); + + // UnorderedPlaceholders: Check for multiple unordered placeholders. + $unordered_matches_count = preg_match_all( self::UNORDERED_SPRINTF_PLACEHOLDER_REGEX, $content, $unordered_matches ); + $unordered_matches = $unordered_matches[0]; + $all_matches_count = preg_match_all( self::SPRINTF_PLACEHOLDER_REGEX, $content, $all_matches ); + + if ( $unordered_matches_count > 0 && $unordered_matches_count !== $all_matches_count && $all_matches_count > 1 ) { + $code = $this->string_to_errorcode( 'MixedOrderedPlaceholders' . ucfirst( $arg_name ) ); + $this->phpcsFile->addError( + 'Multiple placeholders should be ordered. Mix of ordered and non-ordered placeholders found. Found: %s.', + $stack_ptr, + $code, + array( implode( ', ', $all_matches[0] ) ) + ); + + } elseif ( $unordered_matches_count >= 2 ) { + $code = $this->string_to_errorcode( 'UnorderedPlaceholders' . ucfirst( $arg_name ) ); + + $suggestions = array(); + $replace_regexes = array(); + $replacements = array(); + for ( $i = 0; $i < $unordered_matches_count; $i++ ) { + $to_insert = ( $i + 1 ); + $to_insert .= ( '"' !== $content[0] ) ? '$' : '\$'; + $suggestions[ $i ] = substr_replace( $unordered_matches[ $i ], $to_insert, 1, 0 ); + + // Prepare the strings for use a regex. + $replace_regexes[ $i ] = '`\Q' . $unordered_matches[ $i ] . '\E`'; + // Note: the initial \\ is a literal \, the four \ in the replacement translate to also to a literal \. + $replacements[ $i ] = str_replace( '\\', '\\\\', $suggestions[ $i ] ); + // Note: the $ needs escaping to prevent numeric sequences after the $ being interpreted as match replacements. + $replacements[ $i ] = str_replace( '$', '\\$', $replacements[ $i ] ); + } + + $fix = $this->addFixableMessage( + 'Multiple placeholders should be ordered. Expected \'%s\', but got %s.', + $stack_ptr, + $is_error, + $code, + array( implode( ', ', $suggestions ), implode( ', ', $unordered_matches ) ) + ); + + if ( true === $fix ) { + $fixed_str = preg_replace( $replace_regexes, $replacements, $content, 1 ); + + $this->phpcsFile->fixer->replaceToken( $stack_ptr, $fixed_str ); + } + } + + /* + * NoEmptyStrings. + * + * Strip placeholders and surrounding quotes. + */ + $content_without_quotes = trim( $this->strip_quotes( $content ) ); + $non_placeholder_content = preg_replace( self::SPRINTF_PLACEHOLDER_REGEX, '', $content_without_quotes ); + + if ( '' === $non_placeholder_content ) { + $this->phpcsFile->addError( 'Strings should have translatable content', $stack_ptr, 'NoEmptyStrings' ); + return; + } + + /* + * NoHtmlWrappedStrings + * + * Strip surrounding quotes. + */ + $reader = new \XMLReader(); + $reader->XML( $content_without_quotes, 'UTF-8', LIBXML_NOERROR | LIBXML_ERR_NONE | LIBXML_NOWARNING ); + + // Is the first node an HTML element? + if ( ! $reader->read() || \XMLReader::ELEMENT !== $reader->nodeType ) { + return; + } + + // If the opening HTML element includes placeholders in its attributes, we don't warn. + // E.g. ''. + $i = 0; + while ( $attr = $reader->getAttributeNo( $i ) ) { + if ( preg_match( self::SPRINTF_PLACEHOLDER_REGEX, $attr ) === 1 ) { + return; + } + + ++$i; + } + + // We don't flag strings wrapped in `...`, as the link target might actually need localization. + if ( 'a' === $reader->name && $reader->getAttribute( 'href' ) ) { + return; + } + + // Does the entire string only consist of this HTML node? + if ( $reader->readOuterXml() === $content_without_quotes ) { + $this->phpcsFile->addWarning( 'Strings should not be wrapped in HTML', $stack_ptr, 'NoHtmlWrappedStrings' ); + } + } + + /** + * Check for the presence of a translators comment if one of the text strings contains a placeholder. + * + * @param int $stack_ptr The position of the gettext call token in the stack. + * @param array $args The function arguments. + * @return void + */ + protected function check_for_translator_comment( $stack_ptr, $args ) { + foreach ( $args as $arg ) { + if ( false === \in_array( $arg['arg_name'], array( 'text', 'single', 'plural' ), true ) ) { + continue; + } + + if ( empty( $arg['tokens'] ) ) { + continue; + } + + foreach ( $arg['tokens'] as $token ) { + if ( empty( $token['content'] ) ) { + continue; + } + + if ( preg_match( self::SPRINTF_PLACEHOLDER_REGEX, $token['content'], $placeholders ) < 1 ) { + // No placeholders found. + continue; + } + + $previous_comment = $this->phpcsFile->findPrevious( Tokens::$commentTokens, ( $stack_ptr - 1 ) ); + + if ( false !== $previous_comment ) { + /* + * Check that the comment is either on the line before the gettext call or + * if it's not, that there is only whitespace between. + */ + $correctly_placed = false; + + if ( ( $this->tokens[ $previous_comment ]['line'] + 1 ) === $this->tokens[ $stack_ptr ]['line'] ) { + $correctly_placed = true; + } else { + $next_non_whitespace = $this->phpcsFile->findNext( \T_WHITESPACE, ( $previous_comment + 1 ), $stack_ptr, true ); + if ( false === $next_non_whitespace || $this->tokens[ $next_non_whitespace ]['line'] === $this->tokens[ $stack_ptr ]['line'] ) { + // No non-whitespace found or next non-whitespace is on same line as gettext call. + $correctly_placed = true; + } + unset( $next_non_whitespace ); + } + + /* + * Check that the comment starts with 'translators:'. + */ + if ( true === $correctly_placed ) { + + if ( \T_COMMENT === $this->tokens[ $previous_comment ]['code'] ) { + $comment_text = trim( $this->tokens[ $previous_comment ]['content'] ); + + // If it's multi-line /* */ comment, collect all the parts. + if ( '*/' === substr( $comment_text, -2 ) && '/*' !== substr( $comment_text, 0, 2 ) ) { + for ( $i = ( $previous_comment - 1 ); 0 <= $i; $i-- ) { + if ( \T_COMMENT !== $this->tokens[ $i ]['code'] ) { + break; + } + + $comment_text = trim( $this->tokens[ $i ]['content'] ) . $comment_text; + } + } + + if ( true === $this->is_translators_comment( $comment_text ) ) { + // Comment is ok. + return; + } + } elseif ( \T_DOC_COMMENT_CLOSE_TAG === $this->tokens[ $previous_comment ]['code'] ) { + // If it's docblock comment (wrong style) make sure that it's a translators comment. + $db_start = $this->phpcsFile->findPrevious( \T_DOC_COMMENT_OPEN_TAG, ( $previous_comment - 1 ) ); + $db_first_text = $this->phpcsFile->findNext( \T_DOC_COMMENT_STRING, ( $db_start + 1 ), $previous_comment ); + + if ( true === $this->is_translators_comment( $this->tokens[ $db_first_text ]['content'] ) ) { + $this->phpcsFile->addWarning( + 'A "translators:" comment must be a "/* */" style comment. Docblock comments will not be picked up by the tools to generate a ".pot" file.', + $stack_ptr, + 'TranslatorsCommentWrongStyle' + ); + return; + } + } + } + } + + // Found placeholders but no translators comment. + $this->phpcsFile->addWarning( + 'A gettext call containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.', + $stack_ptr, + 'MissingTranslatorsComment' + ); + return; + } + } + } + + /** + * Check if a (collated) comment string starts with 'translators:'. + * + * @since 0.11.0 + * + * @param string $content Comment string content. + * @return bool + */ + private function is_translators_comment( $content ) { + if ( preg_match( '`^(?:(?://|/\*{1,2}) )?translators:`i', $content, $matches ) === 1 ) { + return true; + } + return false; + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/PostsPerPageSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/PostsPerPageSniff.php new file mode 100644 index 00000000..968a0342 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/PostsPerPageSniff.php @@ -0,0 +1,78 @@ + array( + 'type' => 'warning', + 'keys' => array( + 'posts_per_page', + 'numberposts', + ), + ), + ); + } + + /** + * Callback to process each confirmed key, to check value. + * + * @param string $key Array index / key. + * @param mixed $val Assigned value. + * @param int $line Token line. + * @param array $group Group definition. + * @return mixed FALSE if no match, TRUE if matches, STRING if matches + * with custom error message passed to ->process(). + */ + public function callback( $key, $val, $line, $group ) { + $this->posts_per_page = (int) $this->posts_per_page; + + if ( $val > $this->posts_per_page ) { + return 'Detected high pagination limit, `%s` is set to `%s`'; + } + + return false; + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/TimezoneChangeSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/TimezoneChangeSniff.php new file mode 100644 index 00000000..f376c5e3 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WP/TimezoneChangeSniff.php @@ -0,0 +1,88 @@ + false, + 'FoundPropertyForDeprecatedSniff' => false, + ); + + /** + * Don't use. + * + * @deprecated 2.2.0 + * + * @return array + */ + public function getGroups() { + $groups = parent::getGroups(); + return array( 'timezone_change' => $groups['timezone_change'] ); + } + + /** + * Don't use. + * + * @since 2.2.0 Added to allow for throwing the deprecation notices. + * @deprecated 2.2.0 + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return void|int + */ + public function process_token( $stackPtr ) { + if ( false === $this->thrown['DeprecatedSniff'] ) { + $this->thrown['DeprecatedSniff'] = $this->phpcsFile->addWarning( + 'The "WordPress.WP.TimezoneChange" sniff has been deprecated. Use the "WordPress.DateTime.RestrictedFunctions" sniff instead. Please update your custom ruleset.', + 0, + 'DeprecatedSniff' + ); + } + + if ( ! empty( $this->exclude ) + && false === $this->thrown['FoundPropertyForDeprecatedSniff'] + ) { + $this->thrown['FoundPropertyForDeprecatedSniff'] = $this->phpcsFile->addWarning( + 'The "WordPress.WP.TimezoneChange" sniff has been deprecated. Use the "WordPress.DateTime.RestrictedFunctions" sniff instead. "exclude" property setting found. Please update your custom ruleset.', + 0, + 'FoundPropertyForDeprecatedSniff' + ); + } + + return parent::process_token( $stackPtr ); + } +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WhiteSpace/CastStructureSpacingSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WhiteSpace/CastStructureSpacingSniff.php new file mode 100644 index 00000000..41494b91 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WhiteSpace/CastStructureSpacingSniff.php @@ -0,0 +1,62 @@ +tokens[ ( $stackPtr - 1 ) ]['code'] + && \T_ELLIPSIS !== $this->tokens[ ( $stackPtr - 1 ) ]['code'] + ) { + $error = 'No space before opening casting parenthesis is prohibited'; + $fix = $this->phpcsFile->addFixableError( $error, $stackPtr, 'NoSpaceBeforeOpenParenthesis' ); + if ( true === $fix ) { + $this->phpcsFile->fixer->addContentBefore( $stackPtr, ' ' ); + } + } + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WhiteSpace/ControlStructureSpacingSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WhiteSpace/ControlStructureSpacingSniff.php new file mode 100644 index 00000000..5f7b9a3c --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WhiteSpace/ControlStructureSpacingSniff.php @@ -0,0 +1,572 @@ + true, + \T_CLOSURE => true, + \T_DO => true, + \T_ELSE => true, + \T_TRY => true, + ); + + /** + * Returns an array of tokens this test wants to listen for. + * + * @return array + */ + public function register() { + return array( + \T_IF, + \T_WHILE, + \T_FOREACH, + \T_FOR, + \T_SWITCH, + \T_DO, + \T_ELSE, + \T_ELSEIF, + \T_FUNCTION, + \T_CLOSURE, + \T_USE, + \T_TRY, + \T_CATCH, + ); + } + + /** + * Processes this test, when one of its tokens is encountered. + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return void + */ + public function process_token( $stackPtr ) { + $this->spaces_before_closure_open_paren = (int) $this->spaces_before_closure_open_paren; + + if ( isset( $this->tokens[ ( $stackPtr + 1 ) ] ) && \T_WHITESPACE !== $this->tokens[ ( $stackPtr + 1 ) ]['code'] + && ! ( \T_ELSE === $this->tokens[ $stackPtr ]['code'] && \T_COLON === $this->tokens[ ( $stackPtr + 1 ) ]['code'] ) + && ! ( \T_CLOSURE === $this->tokens[ $stackPtr ]['code'] + && 0 >= $this->spaces_before_closure_open_paren ) + ) { + $error = 'Space after opening control structure is required'; + $fix = $this->phpcsFile->addFixableError( $error, $stackPtr, 'NoSpaceAfterStructureOpen' ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->addContent( $stackPtr, ' ' ); + } + } + + if ( ! isset( $this->tokens[ $stackPtr ]['scope_closer'] ) ) { + + if ( \T_USE === $this->tokens[ $stackPtr ]['code'] && 'closure' === $this->get_use_type( $stackPtr ) ) { + $scopeOpener = $this->phpcsFile->findNext( \T_OPEN_CURLY_BRACKET, ( $stackPtr + 1 ) ); + $scopeCloser = $this->tokens[ $scopeOpener ]['scope_closer']; + } elseif ( \T_WHILE !== $this->tokens[ $stackPtr ]['code'] ) { + return; + } + } else { + $scopeOpener = $this->tokens[ $stackPtr ]['scope_opener']; + $scopeCloser = $this->tokens[ $stackPtr ]['scope_closer']; + } + + // Alternative syntax. + if ( isset( $scopeOpener ) && \T_COLON === $this->tokens[ $scopeOpener ]['code'] ) { + + if ( 'required' === $this->space_before_colon ) { + + if ( \T_WHITESPACE !== $this->tokens[ ( $scopeOpener - 1 ) ]['code'] ) { + $error = 'Space between opening control structure and T_COLON is required'; + $fix = $this->phpcsFile->addFixableError( $error, $scopeOpener, 'NoSpaceBetweenStructureColon' ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->addContentBefore( $scopeOpener, ' ' ); + } + } + } elseif ( 'forbidden' === $this->space_before_colon ) { + + if ( \T_WHITESPACE === $this->tokens[ ( $scopeOpener - 1 ) ]['code'] ) { + $error = 'Extra space between opening control structure and T_COLON found'; + $fix = $this->phpcsFile->addFixableError( $error, ( $scopeOpener - 1 ), 'SpaceBetweenStructureColon' ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->replaceToken( ( $scopeOpener - 1 ), '' ); + } + } + } + } + + $parenthesisOpener = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $stackPtr + 1 ), null, true ); + + // If this is a function declaration. + if ( \T_FUNCTION === $this->tokens[ $stackPtr ]['code'] ) { + + if ( \T_STRING === $this->tokens[ $parenthesisOpener ]['code'] ) { + + $function_name_ptr = $parenthesisOpener; + + } elseif ( \T_BITWISE_AND === $this->tokens[ $parenthesisOpener ]['code'] ) { + + // This function returns by reference (function &function_name() {}). + $parenthesisOpener = $this->phpcsFile->findNext( + Tokens::$emptyTokens, + ( $parenthesisOpener + 1 ), + null, + true + ); + $function_name_ptr = $parenthesisOpener; + } + + if ( isset( $function_name_ptr ) ) { + $parenthesisOpener = $this->phpcsFile->findNext( + Tokens::$emptyTokens, + ( $parenthesisOpener + 1 ), + null, + true + ); + + // Checking this: function my_function[*](...) {}. + if ( ( $function_name_ptr + 1 ) !== $parenthesisOpener ) { + + $error = 'Space between function name and opening parenthesis is prohibited.'; + $fix = $this->phpcsFile->addFixableError( + $error, + $stackPtr, + 'SpaceBeforeFunctionOpenParenthesis', + $this->tokens[ ( $function_name_ptr + 1 ) ]['content'] + ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->replaceToken( ( $function_name_ptr + 1 ), '' ); + } + } + } + } elseif ( \T_CLOSURE === $this->tokens[ $stackPtr ]['code'] ) { + + // Check if there is a use () statement. + if ( isset( $this->tokens[ $parenthesisOpener ]['parenthesis_closer'] ) ) { + + $usePtr = $this->phpcsFile->findNext( + Tokens::$emptyTokens, + ( $this->tokens[ $parenthesisOpener ]['parenthesis_closer'] + 1 ), + null, + true, + null, + true + ); + + // If it is, we set that as the "scope opener". + if ( \T_USE === $this->tokens[ $usePtr ]['code'] ) { + $scopeOpener = $usePtr; + } + } + } + + if ( \T_COLON !== $this->tokens[ $parenthesisOpener ]['code'] + && \T_FUNCTION !== $this->tokens[ $stackPtr ]['code'] + ) { + + if ( \T_CLOSURE === $this->tokens[ $stackPtr ]['code'] + && 0 === $this->spaces_before_closure_open_paren + ) { + + if ( ( $stackPtr + 1 ) !== $parenthesisOpener ) { + // Checking this: function[*](...) {}. + $error = 'Space before closure opening parenthesis is prohibited'; + $fix = $this->phpcsFile->addFixableError( $error, $stackPtr, 'SpaceBeforeClosureOpenParenthesis' ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->replaceToken( ( $stackPtr + 1 ), '' ); + } + } + } elseif ( + ( + \T_CLOSURE !== $this->tokens[ $stackPtr ]['code'] + || 1 === $this->spaces_before_closure_open_paren + ) + && ( $stackPtr + 1 ) === $parenthesisOpener + ) { + + // Checking this: if[*](...) {}. + $error = 'No space before opening parenthesis is prohibited'; + $fix = $this->phpcsFile->addFixableError( $error, $stackPtr, 'NoSpaceBeforeOpenParenthesis' ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->addContent( $stackPtr, ' ' ); + } + } + } + + if ( \T_WHITESPACE === $this->tokens[ ( $stackPtr + 1 ) ]['code'] + && ' ' !== $this->tokens[ ( $stackPtr + 1 ) ]['content'] + ) { + // Checking this: if [*](...) {}. + $error = 'Expected exactly one space before opening parenthesis; "%s" found.'; + $fix = $this->phpcsFile->addFixableError( + $error, + $stackPtr, + 'ExtraSpaceBeforeOpenParenthesis', + $this->tokens[ ( $stackPtr + 1 ) ]['content'] + ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->replaceToken( ( $stackPtr + 1 ), ' ' ); + } + } + + if ( \T_CLOSE_PARENTHESIS !== $this->tokens[ ( $parenthesisOpener + 1 ) ]['code'] ) { + if ( \T_WHITESPACE !== $this->tokens[ ( $parenthesisOpener + 1 ) ]['code'] ) { + // Checking this: $value = my_function([*]...). + $error = 'No space after opening parenthesis is prohibited'; + $fix = $this->phpcsFile->addFixableError( $error, $stackPtr, 'NoSpaceAfterOpenParenthesis' ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->addContent( $parenthesisOpener, ' ' ); + } + } elseif ( ( ' ' !== $this->tokens[ ( $parenthesisOpener + 1 ) ]['content'] + && "\n" !== $this->tokens[ ( $parenthesisOpener + 1 ) ]['content'] + && "\r\n" !== $this->tokens[ ( $parenthesisOpener + 1 ) ]['content'] ) + && ! isset( $this->ignore_extra_space_after_open_paren[ $this->tokens[ $stackPtr ]['code'] ] ) + ) { + // Checking this: if ([*]...) {}. + $error = 'Expected exactly one space after opening parenthesis; "%s" found.'; + $fix = $this->phpcsFile->addFixableError( + $error, + $stackPtr, + 'ExtraSpaceAfterOpenParenthesis', + $this->tokens[ ( $parenthesisOpener + 1 ) ]['content'] + ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->replaceToken( ( $parenthesisOpener + 1 ), ' ' ); + } + } + } + + if ( isset( $this->tokens[ $parenthesisOpener ]['parenthesis_closer'] ) ) { + + $parenthesisCloser = $this->tokens[ $parenthesisOpener ]['parenthesis_closer']; + + if ( \T_CLOSE_PARENTHESIS !== $this->tokens[ ( $parenthesisOpener + 1 ) ]['code'] ) { + + // Checking this: if (...[*]) {}. + if ( \T_WHITESPACE !== $this->tokens[ ( $parenthesisCloser - 1 ) ]['code'] ) { + $error = 'No space before closing parenthesis is prohibited'; + $fix = $this->phpcsFile->addFixableError( $error, $parenthesisCloser, 'NoSpaceBeforeCloseParenthesis' ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->addContentBefore( $parenthesisCloser, ' ' ); + } + } elseif ( ' ' !== $this->tokens[ ( $parenthesisCloser - 1 ) ]['content'] ) { + $prevNonEmpty = $this->phpcsFile->findPrevious( Tokens::$emptyTokens, ( $parenthesisCloser - 1 ), null, true ); + if ( $this->tokens[ ( $parenthesisCloser ) ]['line'] === $this->tokens[ ( $prevNonEmpty + 1 ) ]['line'] ) { + $error = 'Expected exactly one space before closing parenthesis; "%s" found.'; + $fix = $this->phpcsFile->addFixableError( + $error, + $stackPtr, + 'ExtraSpaceBeforeCloseParenthesis', + $this->tokens[ ( $parenthesisCloser - 1 ) ]['content'] + ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->replaceToken( ( $parenthesisCloser - 1 ), ' ' ); + } + } + } + + if ( \T_WHITESPACE !== $this->tokens[ ( $parenthesisCloser + 1 ) ]['code'] + && ! ( // Do NOT flag : immediately following ) for return types declarations. + \T_COLON === $this->tokens[ ( $parenthesisCloser + 1 ) ]['code'] + && ( isset( $this->tokens[ $parenthesisCloser ]['parenthesis_owner'] ) === false + || in_array( $this->tokens[ $this->tokens[ $parenthesisCloser ]['parenthesis_owner'] ]['code'], array( \T_FUNCTION, \T_CLOSURE ), true ) ) + ) + && ( isset( $scopeOpener ) && \T_COLON !== $this->tokens[ $scopeOpener ]['code'] ) + ) { + $error = 'Space between opening control structure and closing parenthesis is required'; + $fix = $this->phpcsFile->addFixableError( $error, $scopeOpener, 'NoSpaceAfterCloseParenthesis' ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->addContentBefore( $scopeOpener, ' ' ); + } + } + } + + // Ignore this for function declarations. Handled by the OpeningFunctionBraceKernighanRitchie sniff. + if ( \T_FUNCTION !== $this->tokens[ $stackPtr ]['code'] + && \T_CLOSURE !== $this->tokens[ $stackPtr ]['code'] + && isset( $this->tokens[ $parenthesisOpener ]['parenthesis_owner'] ) + && ( isset( $scopeOpener ) + && $this->tokens[ $parenthesisCloser ]['line'] !== $this->tokens[ $scopeOpener ]['line'] ) + ) { + $error = 'Opening brace should be on the same line as the declaration'; + $fix = $this->phpcsFile->addFixableError( $error, $parenthesisOpener, 'OpenBraceNotSameLine' ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->beginChangeset(); + + for ( $i = ( $parenthesisCloser + 1 ); $i < $scopeOpener; $i++ ) { + $this->phpcsFile->fixer->replaceToken( $i, '' ); + } + + $this->phpcsFile->fixer->addContent( $parenthesisCloser, ' ' ); + $this->phpcsFile->fixer->endChangeset(); + } + return; + + } elseif ( \T_WHITESPACE === $this->tokens[ ( $parenthesisCloser + 1 ) ]['code'] + && ' ' !== $this->tokens[ ( $parenthesisCloser + 1 ) ]['content'] + ) { + + // Checking this: if (...) [*]{}. + $error = 'Expected exactly one space between closing parenthesis and opening control structure; "%s" found.'; + $fix = $this->phpcsFile->addFixableError( + $error, + $stackPtr, + 'ExtraSpaceAfterCloseParenthesis', + $this->tokens[ ( $parenthesisCloser + 1 ) ]['content'] + ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->replaceToken( ( $parenthesisCloser + 1 ), ' ' ); + } + } + } + + if ( false !== $this->blank_line_check && isset( $scopeOpener ) ) { + $firstContent = $this->phpcsFile->findNext( \T_WHITESPACE, ( $scopeOpener + 1 ), null, true ); + + // We ignore spacing for some structures that tend to have their own rules. + $ignore = array( + \T_FUNCTION => true, + \T_CLOSURE => true, + \T_DOC_COMMENT_OPEN_TAG => true, + \T_CLOSE_TAG => true, + \T_COMMENT => true, + ); + $ignore += Tokens::$ooScopeTokens; + + if ( ! isset( $ignore[ $this->tokens[ $firstContent ]['code'] ] ) + && $this->tokens[ $firstContent ]['line'] > ( $this->tokens[ $scopeOpener ]['line'] + 1 ) + ) { + $error = 'Blank line found at start of control structure'; + $fix = $this->phpcsFile->addFixableError( $error, $scopeOpener, 'BlankLineAfterStart' ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->beginChangeset(); + + for ( $i = ( $scopeOpener + 1 ); $i < $firstContent; $i++ ) { + if ( $this->tokens[ $i ]['line'] === $this->tokens[ $firstContent ]['line'] ) { + break; + } + $this->phpcsFile->fixer->replaceToken( $i, '' ); + } + + $this->phpcsFile->fixer->addNewline( $scopeOpener ); + $this->phpcsFile->fixer->endChangeset(); + } + } + + if ( $firstContent !== $scopeCloser ) { + $lastContent = $this->phpcsFile->findPrevious( \T_WHITESPACE, ( $scopeCloser - 1 ), null, true ); + + $lastNonEmptyContent = $this->phpcsFile->findPrevious( Tokens::$emptyTokens, ( $scopeCloser - 1 ), null, true ); + + $checkToken = $lastContent; + if ( isset( $this->tokens[ $lastNonEmptyContent ]['scope_condition'] ) ) { + $checkToken = $this->tokens[ $lastNonEmptyContent ]['scope_condition']; + } + + if ( ! isset( $ignore[ $this->tokens[ $checkToken ]['code'] ] ) + && $this->tokens[ $lastContent ]['line'] <= ( $this->tokens[ $scopeCloser ]['line'] - 2 ) + ) { + for ( $i = ( $scopeCloser - 1 ); $i > $lastContent; $i-- ) { + if ( $this->tokens[ $i ]['line'] < $this->tokens[ $scopeCloser ]['line'] + && \T_OPEN_TAG !== $this->tokens[ $firstContent ]['code'] + ) { + // TODO: Reporting error at empty line won't highlight it in IDE. + $error = 'Blank line found at end of control structure'; + $fix = $this->phpcsFile->addFixableError( $error, $i, 'BlankLineBeforeEnd' ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->beginChangeset(); + + for ( $j = ( $lastContent + 1 ); $j < $scopeCloser; $j++ ) { + if ( $this->tokens[ $j ]['line'] === $this->tokens[ $scopeCloser ]['line'] ) { + break; + } + $this->phpcsFile->fixer->replaceToken( $j, '' ); + } + + /* + * PHPCS annotations, like normal inline comments, are tokenized including + * the new line at the end, so don't add any extra as it would cause a fixer + * conflict. + */ + if ( \T_COMMENT !== $this->tokens[ $lastContent ]['code'] + && ! isset( Tokens::$phpcsCommentTokens[ $this->tokens[ $lastContent ]['code'] ] ) ) { + $this->phpcsFile->fixer->addNewlineBefore( $j ); + } + + $this->phpcsFile->fixer->endChangeset(); + } + break; + } + } + } + } + unset( $ignore ); + } + + if ( ! isset( $scopeCloser ) || true !== $this->blank_line_after_check ) { + return; + } + + // {@internal This is just for the blank line check. Only whitespace should be considered, + // not "other" empty tokens.}} + $trailingContent = $this->phpcsFile->findNext( \T_WHITESPACE, ( $scopeCloser + 1 ), null, true ); + if ( false === $trailingContent ) { + return; + } + + if ( \T_COMMENT === $this->tokens[ $trailingContent ]['code'] + || isset( Tokens::$phpcsCommentTokens[ $this->tokens[ $trailingContent ]['code'] ] ) + ) { + // Special exception for code where the comment about + // an ELSE or ELSEIF is written between the control structures. + $nextCode = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $scopeCloser + 1 ), null, true ); + + if ( \T_ELSE === $this->tokens[ $nextCode ]['code'] || \T_ELSEIF === $this->tokens[ $nextCode ]['code'] ) { + $trailingContent = $nextCode; + } + + // Move past end comments. + if ( $this->tokens[ $trailingContent ]['line'] === $this->tokens[ $scopeCloser ]['line'] ) { + if ( preg_match( '`^//[ ]?end`i', $this->tokens[ $trailingContent ]['content'], $matches ) > 0 ) { + $scopeCloser = $trailingContent; + $trailingContent = $this->phpcsFile->findNext( \T_WHITESPACE, ( $trailingContent + 1 ), null, true ); + } + } + } + + if ( \T_ELSE === $this->tokens[ $trailingContent ]['code'] && \T_IF === $this->tokens[ $stackPtr ]['code'] ) { + // IF with ELSE. + return; + } + + if ( \T_WHILE === $this->tokens[ $trailingContent ]['code'] && \T_DO === $this->tokens[ $stackPtr ]['code'] ) { + // DO with WHILE. + return; + } + + if ( \T_CLOSE_TAG === $this->tokens[ $trailingContent ]['code'] ) { + // At the end of the script or embedded code. + return; + } + + if ( isset( $this->tokens[ $trailingContent ]['scope_condition'] ) + && \T_CLOSE_CURLY_BRACKET === $this->tokens[ $trailingContent ]['code'] + ) { + // Another control structure's closing brace. + $owner = $this->tokens[ $trailingContent ]['scope_condition']; + if ( \in_array( $this->tokens[ $owner ]['code'], array( \T_FUNCTION, \T_CLOSURE, \T_CLASS, \T_ANON_CLASS, \T_INTERFACE, \T_TRAIT ), true ) ) { + // The next content is the closing brace of a function, class, interface or trait + // so normal function/class rules apply and we can ignore it. + return; + } + + if ( ( $this->tokens[ $scopeCloser ]['line'] + 1 ) !== $this->tokens[ $trailingContent ]['line'] ) { + // TODO: Won't cover following case: "} echo 'OK';". + $error = 'Blank line found after control structure'; + $fix = $this->phpcsFile->addFixableError( $error, $scopeCloser, 'BlankLineAfterEnd' ); + + if ( true === $fix ) { + $this->phpcsFile->fixer->beginChangeset(); + + $i = ( $scopeCloser + 1 ); + while ( $this->tokens[ $i ]['line'] !== $this->tokens[ $trailingContent ]['line'] ) { + $this->phpcsFile->fixer->replaceToken( $i, '' ); + $i++; + } + + // TODO: Instead a separate error should be triggered when content comes right after closing brace. + if ( \T_COMMENT !== $this->tokens[ $scopeCloser ]['code'] + && isset( Tokens::$phpcsCommentTokens[ $this->tokens[ $scopeCloser ]['code'] ] ) === false + ) { + $this->phpcsFile->fixer->addNewlineBefore( $trailingContent ); + } + $this->phpcsFile->fixer->endChangeset(); + } + } + } + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WhiteSpace/DisallowInlineTabsSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WhiteSpace/DisallowInlineTabsSniff.php new file mode 100644 index 00000000..c20a4d33 --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WhiteSpace/DisallowInlineTabsSniff.php @@ -0,0 +1,104 @@ +tab_width ) ) { + $this->tab_width = PHPCSHelper::get_tab_width( $this->phpcsFile ); + } + + $check_tokens = array( + \T_WHITESPACE => true, + \T_DOC_COMMENT_WHITESPACE => true, + \T_DOC_COMMENT_STRING => true, + ); + + for ( $i = ( $stackPtr + 1 ); $i < $this->phpcsFile->numTokens; $i++ ) { + // Skip all non-whitespace tokens and skip whitespace at the start of a new line. + if ( ! isset( $check_tokens[ $this->tokens[ $i ]['code'] ] ) || 1 === $this->tokens[ $i ]['column'] ) { + continue; + } + + // If tabs are being converted to spaces by the tokenizer, the + // original content should be checked instead of the converted content. + if ( isset( $this->tokens[ $i ]['orig_content'] ) ) { + $content = $this->tokens[ $i ]['orig_content']; + } else { + $content = $this->tokens[ $i ]['content']; + } + + if ( '' === $content || strpos( $content, "\t" ) === false ) { + continue; + } + + $fix = $this->phpcsFile->addFixableError( + 'Spaces must be used for mid-line alignment; tabs are not allowed', + $i, + 'NonIndentTabsUsed' + ); + if ( true === $fix ) { + if ( isset( $this->tokens[ $i ]['orig_content'] ) ) { + // Use the replacement that PHPCS has already done. + $this->phpcsFile->fixer->replaceToken( $i, $this->tokens[ $i ]['content'] ); + } else { + // Replace tabs with spaces, using an indent of $tab_width. + // Other sniffs can then correct the indent if they need to. + $spaces = str_repeat( ' ', $this->tab_width ); + $newContent = str_replace( "\t", $spaces, $this->tokens[ $i ]['content'] ); + $this->phpcsFile->fixer->replaceToken( $i, $newContent ); + } + } + } + + // Ignore the rest of the file. + return ( $this->phpcsFile->numTokens + 1 ); + } + +} diff --git a/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WhiteSpace/OperatorSpacingSniff.php b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WhiteSpace/OperatorSpacingSniff.php new file mode 100644 index 00000000..17e5090c --- /dev/null +++ b/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/WhiteSpace/OperatorSpacingSniff.php @@ -0,0 +1,64 @@ + + * + * + * + * + * + * + * + * + * @var array + */ + public $ignoreAlignmentTokens = array(); + + /** + * The --tab-width CLI value that is being used. + * + * @var int + */ + private $tab_width; + + /** + * Returns an array of tokens this test wants to listen for. + * + * @return array + */ + public function register() { + return array( + \T_OPEN_TAG, + \T_OPEN_TAG_WITH_ECHO, + ); + } + + /** + * Processes this test, when one of its tokens is encountered. + * + * @param int $stackPtr The position of the current token in the stack. + * + * @return int Integer stack pointer to skip the rest of the file. + */ + public function process_token( $stackPtr ) { + if ( ! isset( $this->tab_width ) ) { + $this->tab_width = PHPCSHelper::get_tab_width( $this->phpcsFile ); + } + + // Handle any custom ignore tokens received from a ruleset. + $ignoreAlignmentTokens = $this->merge_custom_array( $this->ignoreAlignmentTokens ); + + $check_tokens = array( + \T_WHITESPACE => true, + \T_INLINE_HTML => true, + \T_DOC_COMMENT_WHITESPACE => true, + \T_COMMENT => true, + ); + $check_tokens += Tokens::$phpcsCommentTokens; + + for ( $i = 0; $i < $this->phpcsFile->numTokens; $i++ ) { + + if ( 1 !== $this->tokens[ $i ]['column'] ) { + continue; + } elseif ( isset( $check_tokens[ $this->tokens[ $i ]['code'] ] ) === false + || ( isset( $this->tokens[ ( $i + 1 ) ] ) + && \T_WHITESPACE === $this->tokens[ ( $i + 1 ) ]['code'] ) + || $this->tokens[ $i ]['content'] === $this->phpcsFile->eolChar + || isset( $ignoreAlignmentTokens[ $this->tokens[ $i ]['type'] ] ) + || ( isset( $this->tokens[ ( $i + 1 ) ] ) + && isset( $ignoreAlignmentTokens[ $this->tokens[ ( $i + 1 ) ]['type'] ] ) ) + ) { + continue; + } + + $spaces = 0; + switch ( $this->tokens[ $i ]['type'] ) { + case 'T_WHITESPACE': + $spaces = ( $this->tokens[ $i ]['length'] % $this->tab_width ); + break; + + case 'T_DOC_COMMENT_WHITESPACE': + $length = $this->tokens[ $i ]['length']; + $spaces = ( $length % $this->tab_width ); + + if ( isset( $this->tokens[ ( $i + 1 ) ] ) + && ( \T_DOC_COMMENT_STAR === $this->tokens[ ( $i + 1 ) ]['code'] + || \T_DOC_COMMENT_CLOSE_TAG === $this->tokens[ ( $i + 1 ) ]['code'] ) + && 0 !== $spaces + ) { + // One alignment space expected before the *. + --$spaces; + } + break; + + case 'T_COMMENT': + case 'T_PHPCS_ENABLE': + case 'T_PHPCS_DISABLE': + case 'T_PHPCS_SET': + case 'T_PHPCS_IGNORE': + case 'T_PHPCS_IGNORE_FILE': + /* + * Indentation whitespace for subsequent lines of multi-line comments + * are tokenized as part of the comment. + */ + $comment = ltrim( $this->tokens[ $i ]['content'] ); + $whitespace = str_replace( $comment, '', $this->tokens[ $i ]['content'] ); + $length = \strlen( $whitespace ); + $spaces = ( $length % $this->tab_width ); + + if ( isset( $comment[0] ) && '*' === $comment[0] && 0 !== $spaces ) { + --$spaces; + } + break; + + case 'T_INLINE_HTML': + if ( $this->tokens[ $i ]['content'] === $this->phpcsFile->eolChar ) { + $spaces = 0; + } else { + /* + * Indentation whitespace for inline HTML is part of the T_INLINE_HTML token. + */ + $content = ltrim( $this->tokens[ $i ]['content'] ); + $whitespace = str_replace( $content, '', $this->tokens[ $i ]['content'] ); + $spaces = ( \strlen( $whitespace ) % $this->tab_width ); + } + + /* + * Prevent triggering on multi-line /*-style inline javascript comments. + * This may cause false negatives as there is no check for being in a + *