3.0.0
版本发布时间: 2023-08-21 22:37:13
WordPress/WordPress-Coding-Standards最新发布版本:3.1.0(2024-03-26 00:44:32)
Important information about this release:
At long last... WordPressCS 3.0.0 is here.
This is an important release which makes significant changes to improve the accuracy, performance, stability and maintainability of all sniffs, as well as making WordPressCS much better at handling modern PHP.
WordPressCS 3.0.0 contains breaking changes, both for people using ignore annotations, people maintaining custom rulesets, as well as for sniff developers who maintain a custom PHPCS standard based on WordPressCS.
If you are an end-user or maintain a custom WordPressCS based ruleset, please start by reading the Upgrade Guide to WordPressCS 3.0.0 for ruleset maintainers which lists the most important changes and contains a step by step guide for upgrading.
If you are a maintainer of an external standard based on WordPressCS and any of your custom sniffs are based on or extend WordPressCS sniffs, please read the Upgrade Guide to WordPressCS 3.0.0 for Developers.
In all cases, please read the complete changelog carefully before you upgrade.
Added
- Dependencies on the following packages: PHPCSUtils, PHPCSExtra and the Composer PHPCS plugin.
- A best effort has been made to add support for the new PHP syntaxes/features to all WordPressCS native sniffs and utility functions (or to verify/improve existing support).
While support in external sniffs used by WordPressCS has not be exhaustively verified, a lot of work has been done to try and add support for new PHP syntaxes to those as well.
WordPressCS native sniffs and utilities have received fixes for the following syntaxes:
- PHP 7.2
- Keyed lists.
- PHP 7.3
- Flexible heredoc/nowdoc (providing the PHPCS scan is run on PHP 7.3 or higher).
- Trailing commas in function calls.
- PHP 7.4
- Arrow functions.
- Array unpacking in array expressions.
- Numeric literals with underscores.
- Typed properties.
- Null coalesce equals operator.
- PHP 8.0
- Nullsafe object operators.
- Match expressions.
- Named arguments in function calls.
- Attributes.
- Union types // including supporting the
false
andnull
types. - Constructor property promotion.
-
$object::class
- Throw as an expression.
- PHP 8.1
- Enumerations.
- Explicit octal notation.
- Final class constants
- First class callables.
- Intersection types.
- PHP 8.2
- Constants in traits.
- PHP 7.2
- New
WordPress.CodeAnalysis.AssignmentInTernaryCondition
sniff to theWordPress-Core
ruleset which partially replaces the removedWordPress.CodeAnalysis.AssignmentInCondition
sniff. - New
WordPress.WhiteSpace.ObjectOperatorSpacing
sniff which replaces the use of theSquiz.WhiteSpace.ObjectOperatorSpacing
sniff in theWordPress-Core
ruleset. - New
WordPress.WP.ClassNameCase
sniff to theWordPress-Core
ruleset, to check that any class name references to WP native classes and classes from external dependencies use the case of the class as per the class declaration. - New
WordPress.WP.Capabilities
sniff to theWordPress-Extra
ruleset. This sniff checks that valid capabilities are used, not roles or user levels. Props, amongst others, to @grappler and @khacoder. Custom capabilities can be added to the sniff via acustom_capabilities
ruleset property. The sniff also supports theminimum_wp_version
property to allow the sniff to accurately determine how the use of deprecated capabilities should be flagged. - The
WordPress.WP.CapitalPDangit
sniff contains a new check to verify the correct spelling ofWordPress
in namespace names. - The
WordPress.WP.I18n
sniff contains a newEmptyTextDomain
error code for an empty text string being passed as the text domain, which overrules the default value of the parameter and renders a text untranslatable. - The
WordPress.DB.PreparedSQLPlaceholders
sniff has been expanded with additional checks for the correct use of the%i
placeholder, which was introduced in WP 6.2. Props @craigfrancis. The sniff now also supports theminimum_wp_version
ruleset property to determine whether the%i
placeholder can be used. -
WordPress-Core
: the following additional sniffs (or select error codes from these sniffs) have been added to the ruleset:Generic.CodeAnalysis.AssignmentInCondition
,Generic.CodeAnalysis.EmptyPHPStatement
(replaces the WordPressCS native sniff),Generic.VersionControl.GitMergeConflict
,Generic.WhiteSpace.IncrementDecrementSpacing
,Generic.WhiteSpace.LanguageConstructSpacing
,Generic.WhiteSpace.SpreadOperatorSpacingAfter
,PSR2.Classes.ClassDeclaration
,PSR2.Methods.FunctionClosingBrace
,PSR12.Classes.ClassInstantiation
,PSR12.Files.FileHeader
(select error codes only),PSR12.Functions.NullableTypeDeclaration
,PSR12.Functions.ReturnTypeDeclaration
,PSR12.Traits.UseDeclaration
,Squiz.Functions.MultiLineFunctionDeclaration
(replaces part of theWordPress.WhiteSpace.ControlStructureSpacing
sniff),Modernize.FunctionCalls.Dirname
,NormalizedArrays.Arrays.ArrayBraceSpacing
(replaces part of theWordPress.Arrays.ArrayDeclarationSpacing
sniff),NormalizedArrays.Arrays.CommaAfterLast
(replaces the WordPressCS native sniff),Universal.Classes.ModifierKeywordOrder
,Universal.Classes.RequireAnonClassParentheses
,Universal.Constants.LowercaseClassResolutionKeyword
,Universal.Constants.ModifierKeywordOrder
,Universal.Constants.UppercaseMagicConstants
,Universal.Namespaces.DisallowCurlyBraceSyntax
,Universal.Namespaces.DisallowDeclarationWithoutName
,Universal.Namespaces.OneDeclarationPerFile
,Universal.NamingConventions.NoReservedKeywordParameterNames
,Universal.Operators.DisallowShortTernary
(replaces the WordPressCS native sniff),Universal.Operators.DisallowStandalonePostIncrementDecrement
,Universal.Operators.StrictComparisons
(replaces the WordPressCS native sniff),Universal.Operators.TypeSeparatorSpacing
,Universal.UseStatements.DisallowMixedGroupUse
,Universal.UseStatements.KeywordSpacing
,Universal.UseStatements.LowercaseFunctionConst
,Universal.UseStatements.NoLeadingBackslash
,Universal.UseStatements.NoUselessAliases
,Universal.WhiteSpace.CommaSpacing
,Universal.WhiteSpace.DisallowInlineTabs
(replaces the WordPressCS native sniff),Universal.WhiteSpace.PrecisionAlignment
(replaces the WordPressCS native sniff),Universal.WhiteSpace.AnonClassKeywordSpacing
. -
WordPress-Extra
: the following additional sniffs have been added to the ruleset:Generic.CodeAnalysis.UnusedFunctionParameter
,Universal.Arrays.DuplicateArrayKey
,Universal.CodeAnalysis.ConstructorDestructorReturn
,Universal.CodeAnalysis.ForeachUniqueAssignment
,Universal.CodeAnalysis.NoEchoSprintf
,Universal.CodeAnalysis.StaticInFinalClass
,Universal.ControlStructures.DisallowLonelyIf
,Universal.Files.SeparateFunctionsFromOO
. -
WordPress.Utils.I18nTextDomainFixer
: theload_script_textdomain()
function to the functions the sniff looks for. -
WordPress.WP.AlternativeFunctions
: the following PHP native functions have been added to the sniff and will now be flagged when used:unlink()
(in a newunlink
group) ,rename()
(in a newrename
group),chgrp()
,chmod()
,chown()
,is_writable()
is_writeable()
,mkdir()
,rmdir()
,touch()
,fputs()
(in the existingfile_system_operations
group, which was previously namedfile_system_read
). Props @sandeshjangam and @JDGrimes. - The
PHPUnit_Adapter_TestCase
class to the list of "known test (case) classes". - The
antispambot()
function to the list of known "formatting" functions. - The
esc_xml()
andwp_kses_one_attr()
functions to the list of known "escaping" functions. - The
wp_timezone_choice()
andwp_readonly()
functions to the list of known "auto escaping" functions. - The
sanitize_url()
andwp_kses_one_attr()
functions to the list of known "sanitizing" functions. - Metrics for blank lines at the start/end of a control structure body to the
WordPress.WhiteSpace.ControlStructureSpacing
sniff. These can be displayed using--report=info
when theblank_line_check
property has been set totrue
. - End-user documentation to the following new and pre-existing sniffs:
WordPress.DateTime.RestrictedFunctions
,WordPress.NamingConventions.PrefixAllGlobals
(props @Ipstenu),WordPress.PHP.StrictInArray
(props @marconmartins),WordPress.PHP.YodaConditions
(props @Ipstenu),WordPress.WhiteSpace.ControlStructureSpacing
(props @ckanitz),WordPress.WhiteSpace.ObjectOperatorSpacing
,WordPress.WhiteSpace.OperatorSpacing
(props @ckanitz),WordPress.WP.CapitalPDangit
(props @NielsdeBlaauw),WordPress.WP.Capabilities
,WordPress.WP.ClassNameCase
,WordPress.WP.EnqueueResourceParameters
(props @NielsdeBlaauw). This documentation can be exposed via thePHP_CodeSniffer
--generator=...
command-line argument. Note: all sniffs which have been added from PHPCSExtra (Universal, Modernize, NormalizedArrays sniffs) are also fully documented.
Added (internal/dev-only)
- New Helper classes:
-
ArrayWalkingFunctionsHelper
-
ConstantsHelper
* -
ContextHelper
* -
DeprecationHelper
* -
FormattingFunctionsHelper
-
ListHelper
* -
RulesetPropertyHelper
* -
SnakeCaseHelper
* -
UnslashingFunctionsHelper
-
ValidationHelper
-
VariableHelper
* -
WPGlobalVariablesHelper
-
WPHookHelper
-
- New Helper traits:
-
EscapingFunctionsTrait
-
IsUnitTestTrait
-
MinimumWPVersionTrait
-
PrintingFunctionsTrait
-
SanitizationHelperTrait
* -
WPDBTrait
-
These classes and traits mostly contain pre-existing functionality moved from the Sniff
class.
The classes marked with an *
are considered internal and do not have any promise of future backward compatibility.
More information is available in the Upgrade Guide to WordPressCS 3.0.0 for Developers.
Changed
- As of this version, installation via Composer is the only supported manner of installation. Installing in a different manner (git clone/PEAR/PHAR) is still possible, but no longer supported.
- The minimum required
PHP_CodeSniffer
version to 3.7.2 (was 3.3.1). - Composer: the package will now identify itself as a static analysis tool.
- The PHP
filter
,libxml
andXMLReader
extensions are now explicitly required. It is recommended to also have theMbstring
andiconv
extensions enabled for the most accurate results. - The release branch has been renamed from
master
tomain
. - The following sniffs have been moved from
WordPress-Extra
toWordPress-Core
: theGeneric.Files.OneObjectStructurePerFile
(also changed fromwarning
toerror
),Generic.PHP.BacktickOperator
,PEAR.Files.IncludingFile
,PSR2.Classes.PropertyDeclaration
,PSR2.Methods.MethodDeclaration
,Squiz.Scope.MethodScope
,Squiz.WhiteSpace.ScopeKeywordSpacing
sniffs. Props, amongst others, to @desrosj. -
WordPress-Core
: TheGeneric.Arrays.DisallowShortArraySyntax
sniff has been replaced by theUniversal.Arrays.DisallowShortArraySyntax
sniff. The new sniff will recognize short lists correctly and ignore them. -
WordPress-Core
: TheGeneric.Files.EndFileNewline
sniff has been replaced by the more comprehensivePSR2.Files.EndFileNewline
sniff. - A number of sniffs support setting the minimum WP version for the code being scanned.
This could be done in two different ways:
- By setting the
minimum_supported_version
property for each sniff from a ruleset. - By passing
--runtime-set minimum_supported_wp_version #.#
on the command line. The names of the property and the CLI setting have now been aligned to both useminimum_wp_version
as the name. Both ways of passing the value are still supported.
- By setting the
-
WordPress.NamingConventions.PrefixAllGlobals
: thecustom_test_class_whitelist
property has been renamed tocustom_test_classes
. -
WordPress.NamingConventions.ValidVariableName
: thecustomPropertiesWhitelist
property has been renamed toallowed_custom_properties
. -
WordPress.PHP.NoSilencedErrors
: thecustom_whitelist
property has been renamed tocustomAllowedFunctionsList
. -
WordPress.PHP.NoSilencedErrors
: theuse_default_whitelist
property has been renamed tousePHPFunctionsList
. -
WordPress.WP.GlobalVariablesOverride
: thecustom_test_class_whitelist
property has been renamed tocustom_test_classes
. - Sniffs are now able to handle fully qualified names for custom test classes provided via a
custom_test_classes
(previouslycustom_test_class_whitelist
) ruleset property. - The default value for
minimum_supported_wp_version
, as used by a number of sniffs detecting usage of deprecated WP features, has been updated to6.0
. -
WordPress.NamingConventions.PrefixAllGlobals
now takes new pluggable constants into account as introduced in WordPress up to WP 6.3. -
WordPress.NamingConventions.ValidPostTypeSlug
now takes new reserved post types into account as introduced in WordPress up to WP 6.3. -
WordPress.WP.DeprecatedClasses
now detects classes deprecated in WordPress up to WP 6.3. -
WordPress.WP.DeprecatedFunctions
now detects functions deprecated in WordPress up to WP 6.3. -
WordPress.WP.DeprecatedParameters
now detects parameters deprecated in WordPress up to WP 6.3. -
WordPress.WP.DeprecatedParameterValues
now detects parameter values deprecated in WordPress up to WP 6.3. -
WordPress.Utils.I18nTextDomainFixer
: the lists of recognized plugin and theme header tags has been updated based on the current information in the plugin and theme handbooks. -
WordPress.WP.AlternativeFunctions
: the "group" namefile_system_read
, which can be used with theexclude
property, has been renamed tofile_system_operations
. This also means that the error codes for individual functions flagged via that group have changed fromWordPress.WP.AlternativeFunctions.file_system_read_*
toWordPress.WP.AlternativeFunctions.file_system_operations_*
. -
WordPress.WP.CapitalPDangit
: theMisspelled
error code has been split into two error codes -MisspelledInText
andMisspelledInComment
- to allow for more modular exclusions/selectively turning off the auto-fixer for the sniff. -
WordPress.WP.I18n
no longer throws both theMissingSingularPlaceholder
and theMismatchedPlaceholders
for the same code, as the errors have an overlap. -
WordPress-Core
: previously only the spacing around commas in arrays, function declarations and function calls was checked. Now, the spacing around commas will be checked in all contexts. -
WordPress.Arrays.ArrayKeySpacingRestrictions
: a newSpacesBetweenBrackets
error code has been introduced for the spacing between square brackets for array assignments without key. Previously, this would throw aNoSpacesAroundArrayKeys
error with an unclear error message. -
WordPress.Files.FileName
now recognizes more word separators, meaning that files using other word separators than underscores will now be flagged for not using hyphenation. -
WordPress.Files.FileName
now checks if a file contains a test class and if so, will bow out. This change was made to prevent issues with PHPUnit 9.1+, which strongly prefers PSR4-style file names. Whether something is test class or not is based on a pre-defined list of "known" test case classes which can be extended and, optionally, a list of user provided test case classes provided via setting thecustom_test_classes
property in a custom ruleset or the complete test directory can be excluded via a custom ruleset. -
WordPress.NamingConventions.PrefixAllGlobals
now allows for pluggable functions and classes, which should not be prefixed when "plugged". -
WordPress.PHP.NoSilencedErrors
: the metric, which displays in theinfo
report, has been renamed from "whitelisted function call" to "silencing allowed function call". -
WordPress.Security.EscapeOutput
now flags the use ofget_search_query( false )
when generating output (as thefalse
turns off the escaping). -
WordPress.Security.EscapeOutput
now also examines parameters passed for exception creation inthrow
statements and expressions for correct escaping. -
WordPress.Security.ValidatedSanitizedInput
now examines all superglobal (except for$GLOBALS
). Previously, the$_SESSION
and$_ENV
superglobals would not be flagged as needing validation/sanitization. -
WordPress.WP.I18n
now recognizes the new PHP 8.0+h
andH
type specifiers. -
WordPress.WP.PostsPerPage
has improved recognition for numbers prefixed with a unary operator and non-decimal numbers. -
WordPress.DB.PreparedSQL
will identify more precisely the code which is problematic. -
WordPress.DB.PreparedSQLPlaceholders
will identify more precisely the code which is problematic. -
WordPress.DB.SlowDBQuery
will identify more precisely the code which is problematic. -
WordPress.Security.PluginMenuSlug
: the error will now be thrown more precisely on the code which triggered the error. Depending on code layout, this may mean that an error will now be thrown on a different line. -
WordPress.WP.DiscouragedConstants
: the error will now be thrown more precisely on the code which triggered the error. Depending on code layout, this may mean that an error will now be thrown on a different line. -
WordPress.WP.EnqueuedResourceParameters
: the error will now be thrown more precisely on the code which triggered the error. Depending on code layout, this may mean that an error will now be thrown on a different line. -
WordPress.WP.I18n
: the errors will now be thrown more precisely on the code which triggered the error. Depending on code layout, this may mean that an error will now be thrown on a different line. -
WordPress.WP.PostsPerPage
will identify more precisely the code which is problematic. -
WordPress.PHP.TypeCasts.UnsetFound
has been changed from awarning
to anerror
as the(unset)
cast is no longer available in PHP 8.0 and higher. -
WordPress.WP.EnqueuedResourceParameters.MissingVersion
has been changed from anerror
to awarning
. -
WordPress.Arrays.ArrayKeySpacingRestrictions
: improved the clarity of the error messages for theTooMuchSpaceBeforeKey
andTooMuchSpaceAfterKey
error codes. -
WordPress.CodeAnalysis.EscapedNotTranslated
: improved the clarity of the error message. -
WordPress.PHP.IniSet
: improved the clarity of the error messages for the sniff. -
WordPress.PHP.PregQuoteDelimiter
: improved the clarity of the error message for theMissing
error code. -
WordPress.PHP.RestrictedFunctions
: improved the clarity of the error messages for the sniff. -
WordPress.PHP.RestrictedPHPFunctions
: improved the error message for thecreate_function_create_function
error code. -
WordPress.PHP.TypeCast
: improved the clarity of the error message for theUnsetFound
error code. It will no longer advise assigningnull
. -
WordPress.Security.SafeRedirect
: improved the clarity of the error message. (very minor) -
WordPress.Security.ValidatedSanitizedInput
: improved the clarity of the error messages for theMissingUnslash
error code. -
WordPress.WhiteSpace.CastStructureSpacing
: improved the clarity of the error message for theNoSpaceBeforeOpenParenthesis
error code. -
WordPress.WP.I18n
: improved the clarity of the error messages for the sniff. -
WordPress.WP.I18n
: the error messages will now use the correct parameter name. - The error messages for the
WordPress.CodeAnalysis.EscapedNotTranslated
,WordPress.NamingConventions.PrefixAllGlobals
,WordPress.NamingConventions.ValidPostTypeSlug
,WordPress.PHP.IniSet
, and theWordPress.PHP.NoSilencedErrors
sniff will now display the code sample found without comments and extranuous whitespace. - Various updates to the README, the example ruleset and other documentation. Props, amongst others, to @Luc45, @slaFFik.
- Continuous Integration checks are now run via GitHub Actions. Props @desrosj.
- Various other CI/QA improvements.
- Code coverage will now be monitored via CodeCov.
- All sniffs are now also being tested against PHP 8.0, 8.1, 8.2 and 8.3 for consistent sniff results.
Changed (internal/dev-only)
- All non-abstract classes in WordPressCS are now
final
with the exception of the following four classes which are known to be extended by external PHPCS standards build on top of WordPressCS:WordPress.NamingConventions.ValidHookName
,WordPress.Security.EscapeOutput
,WordPress.Security.NonceVerification
,WordPress.Security.ValidatedSanitizedInput
. - Most remaining utility properties and methods, previously contained in the
WordPressCS\WordPress\Sniff
class, have been moved to dedicated Helper classes and traits or, in some cases, to the sniff class using them. As this change is only relevant for extenders, the full details of these moves are not included in this changelog, but can be found in the Developers Upgrade Guide to WordPressCS 3.0.0 - A few customizable
public
properties, which were used by multiple sniffs, have been moved from*Sniff
classes to traits. Again, the full details of these moves are not included in this changelog, but can be found in the Developers Upgrade Guide to WordPressCS 3.0.0 - A number of non-public properties in sniffs have been renamed. As this change is only relevant for extenders, the full details of these renames are not included in this changelog, but can be found in the Developers Upgrade Guide to WordPressCS 3.0.0
-
AbstractFunctionRestrictionsSniff
: Thewhitelist
key in the$groups
array property has been renamed toallow
. - The
WordPress.NamingConventions.ValidFunctionName
sniff no longer extends the similar PHPCS nativePEAR
sniff.
Removed
- Support for the deprecated, old-style WordPressCS native ignore annotations. Use the PHPCS native selective ignore annotations instead.
- The following WordPressCS native sniffs have been removed:
- The
WordPress.Arrays.CommaAfterArrayItem
sniff (replaced by theNormalizedArrays.Arrays.CommaAfterLast
and theUniversal.WhiteSpace.CommaSpacing
sniffs). - The
WordPress.Classes.ClassInstantiation
sniff (replaced by thePSR12.Classes.ClassInstantiation
,Universal.Classes.RequireAnonClassParentheses
andUniversal.WhiteSpace.AnonClassKeywordSpacing
sniffs). - The
WordPress.CodeAnalysis.AssignmentInCondition
sniff (replaced by theGeneric.CodeAnalysis.AssignmentInCondition
and theWordPress.CodeAnalysis.AssignmentInTernaryCondition
sniffs). - The
WordPress.CodeAnalysis.EmptyStatement
sniff (replaced by theGeneric.CodeAnalysis.EmptyPHPStatement
sniff). - The
WordPress.PHP.DisallowShortTernary
sniff (replaced by theUniversal.Operators.DisallowShortTernary
sniff). - The
WordPress.PHP.StrictComparisons
sniff (replaced by theUniversal.Operators.StrictComparisons
sniff). - The
WordPress.WhiteSpace.DisallowInlineTabs
sniff (replaced by theUniversal.WhiteSpace.DisallowInlineTabs
sniff). - The
WordPress.WhiteSpace.PrecisionAlignment
sniff (replaced by theUniversal.WhiteSpace.PrecisionAlignment
sniff). - The
WordPress.WP.TimezoneChange
sniff (replaced by theWordPress.DateTime.RestrictedFunctions
sniff). This sniff was previously already deprecated.
- The
-
WordPress-Extra
: TheSquiz.WhiteSpace.LanguageConstructSpacing
sniff (replaced by the added, more comprehensiveGeneric.WhiteSpace.LanguageConstructSpacing
sniff in theWordPress-Core
ruleset). -
WordPress.Arrays.ArrayDeclarationSpacing
: array brace spacing checks (replaced by theNormalizedArrays.Arrays.ArrayBraceSpacing
sniff). -
WordPress.WhiteSpace.ControlStructureSpacing
: checks for the spacing for function declarations (replaced by theSquiz.Functions.MultiLineFunctionDeclaration
sniff). Includes removal of thespaces_before_closure_open_paren
property for this sniff. -
WordPress.WP.I18n
: thecheck_translator_comments
property. Exclude theWordPress.WP.I18n.MissingTranslatorsComment
and theWordPress.WP.I18n.TranslatorsCommentWrongStyle
error codes instead. - WordPressCS will no longer check for assigning the return value of an object instantiation by reference.
This is a PHP parse error since PHP 7.0. Use the
PHPCompatibilityWP
standard to check for PHP cross-version compatibility issues. - The check for object instantiations will no longer check JavaScript files.
- The
WordPress.Arrays.ArrayKeySpacingRestrictions.MissingBracketCloser
error code as sniffs should not report on parse errors. - The
WordPress.CodeAnalysis.AssignmentIn[Ternary]Condition.NonVariableAssignmentFound
error code as sniffs should not report on parse errors. - The
Block_Supported_Styles_Test
class will no longer incorrectly be recognized as an extendable test case class.
Removed (internal/dev-only)
-
AbstractArrayAssignmentRestrictionsSniff
: support for the optional'callback'
key in the array returned bygetGroups()
. -
WordPressCS\WordPress\PHPCSHelper
class (use thePHPCSUtils\BackCompat\Helper
class instead). -
WordPressCS\WordPress\Sniff::addMessage()
method (use thePHPCSUtils\Utils\MessageHelper::addMessage()
method instead). -
WordPressCS\WordPress\Sniff::addFixableMessage()
method (use thePHPCSUtils\Utils\MessageHelper::addFixableMessage()
method instead). -
WordPressCS\WordPress\Sniff::determine_namespace()
method (use thePHPCSUtils\Utils\Namespaces::determineNamespace()
method instead). -
WordPressCS\WordPress\Sniff::does_function_call_have_parameters()
method (use thePHPCSUtils\Utils\PassedParameters::hasParameters()
method instead). -
WordPressCS\WordPress\Sniff::find_array_open_close()
method (use thePHPCSUtils\Utils\Arrays::getOpenClose()
method instead). -
WordPressCS\WordPress\Sniff::find_list_open_close()
method (use thePHPCSUtils\Utils\Lists::getOpenClose()
method instead). -
WordPressCS\WordPress\Sniff::get_declared_namespace_name()
method (use thePHPCSUtils\Utils\Namespaces::getDeclaredName()
method instead). -
WordPressCS\WordPress\Sniff::get_function_call_parameter_count()
method (use thePHPCSUtils\Utils\PassedParameters::getParameterCount()
method instead). -
WordPressCS\WordPress\Sniff::get_function_call_parameters()
method (use thePHPCSUtils\Utils\PassedParameters::getParameters()
method instead). -
WordPressCS\WordPress\Sniff::get_function_call_parameter()
method (use thePHPCSUtils\Utils\PassedParameters::getParameter()
method instead). -
WordPressCS\WordPress\Sniff::get_interpolated_variables()
method (use thePHPCSUtils\Utils\TextStrings::getEmbeds()
method instead). -
WordPressCS\WordPress\Sniff::get_last_ptr_on_line()
method (no replacement available at this time). -
WordPressCS\WordPress\Sniff::get_use_type()
method (use thePHPCSUtils\Utils\UseStatements::getType()
method instead). -
WordPressCS\WordPress\Sniff::has_whitelist_comment()
method (no replacement). -
WordPressCS\WordPress\Sniff::$hookFunctions
property (no replacement available at this time). -
WordPressCS\WordPress\Sniff::init()
method (no replacement). -
WordPressCS\WordPress\Sniff::is_class_constant()
method (use thePHPCSUtils\Utils\Scopes::isOOConstant()
method instead). -
WordPressCS\WordPress\Sniff::is_class_property()
method (use thePHPCSUtils\Utils\Scopes::isOOProperty()
method instead). -
WordPressCS\WordPress\Sniff::is_foreach_as()
method (use thePHPCSUtils\Utils\Context::inForeachCondition()
method instead). -
WordPressCS\WordPress\Sniff::is_short_list()
method (depending on your needs, use thePHPCSUtils\Utils\Lists::isShortList()
or thePHPCSUtils\Utils\Arrays::isShortArray()
method instead). -
WordPressCS\WordPress\Sniff::is_token_in_test_method()
method (no replacement available at this time). -
WordPressCS\WordPress\Sniff::REGEX_COMPLEX_VARS
constant (use the PHPCSUtilsPHPCSUtils\Utils\TextStrings::stripEmbeds()
andPHPCSUtils\Utils\TextStrings::getEmbeds()
methods instead). -
WordPressCS\WordPress\Sniff::string_to_errorcode()
method (use thePHPCSUtils\Utils\MessageHelper::stringToErrorcode()
method instead). -
WordPressCS\WordPress\Sniff::strip_interpolated_variables()
method (use thePHPCSUtils\Utils\TextStrings::stripEmbeds()
method instead). -
WordPressCS\WordPress\Sniff::strip_quotes()
method (use thePHPCSUtils\Utils\TextStrings::stripQuotes()
method instead). -
WordPressCS\WordPress\Sniff::valid_direct_scope()
method (use thePHPCSUtils\Utils\Scopes::validDirectScope()
method instead). - Unused dev-only files in the (now removed)
bin
directory.
Fixed
- All sniffs which, in one way or another, check whether code represents a short list or a short array will now do so more accurately. This fixes various false positives and false negatives.
- Sniffs supporting the
minimum_wp_version
property (previouslyminimum_supported_version
) will no longer throw a "passing null to non-nullable" deprecation notice on PHP 8.1+. -
WordPress.WhiteSpace.ControlStructureSpacing
no longer throws aTypeError
on PHP 8.0+. -
WordPress.NamingConventions.PrefixAllGlobals
no longer throws a "passing null to non-nullable" deprecation notice on PHP 8.1+. -
WordPress.WP.I18n
no longer throws a "passing null to non-nullable" deprecation notice on PHP 8.1+. -
VariableHelper::is_comparison()
(previouslySniff::is_comparison()
): fixed risk of undefined array key notice when scanning code containing parse errors. -
AbstractArrayAssignmentRestrictionsSniff
could previously get confused when it encountered comments in unexpected places. This fix has a positive impact on all sniffs which are based on this abstract (2 sniffs). -
AbstractArrayAssignmentRestrictionsSniff
no longer examines numeric string keys as PHP treats those as integer keys, which were never intended as the target of this abstract. This fix has a positive impact on all sniffs which are based on this abstract (2 sniffs). -
AbstractArrayAssignmentRestrictionsSniff
in case of duplicate entries, the sniff will now only examine the last value, as that's the value PHP will see. This fix has a positive impact on all sniffs which are based on this abstract (2 sniffs). -
AbstractArrayAssignmentRestrictionsSniff
now determines the assigned value with higher accuracy. This fix has a positive impact on all sniffs which are based on this abstract (2 sniffs). -
AbstractClassRestrictionsSniff
now treats thenamespace
keyword when used as an operator case-insensitively. This fix has a positive impact on all sniffs which are based on this abstract (3 sniffs). -
AbstractClassRestrictionsSniff
now treats the hierarchy keywords (self
,parent
,static
) case-insensitively. This fix has a positive impact on all sniffs which are based on this abstract (3 sniffs). -
AbstractClassRestrictionsSniff
now limits itself correctly when trying to find a class name before a::
. This fix has a positive impact on all sniffs which are based on this abstract (3 sniffs). -
AbstractClassRestrictionsSniff
: false negatives on class instantiation statements ending on a PHP close tag. This fix has a positive impact on all sniffs which are based on this abstract (3 sniffs). -
AbstractClassRestrictionsSniff
: false negatives on class instantiation statements combined with method chaining. This fix has a positive impact on all sniffs which are based on this abstract (3 sniffs). -
AbstractFunctionRestrictionsSniff
: false positives on function declarations when the function returns by reference. This fix has a positive impact on all sniffs which are based on this abstract (nearly half of the WordPressCS sniffs). -
AbstractFunctionRestrictionsSniff
: false positives on instantiation of a class with the same name as a targetted function. This fix has a positive impact on all sniffs which are based on this abstract (nearly half of the WordPressCS sniffs). -
AbstractFunctionRestrictionsSniff
now respects that function names in PHP are case-insensitive in more places. This fix has a positive impact on all sniffs which are based on this abstract (nearly half of the WordPressCS sniffs). - Various utility methods in Helper classes/traits have received fixes to correctly treat function and class names as case-insensitive. These fixes have a positive impact on all sniffs using these methods.
- Version comparisons done by sniffs supporting the
minimum_wp_version
property (previouslyminimum_supported_version
) will now be more precise. -
WordPress.Arrays.ArrayIndentation
now ignores indentation issues for array items which are not the first thing on a line. This fixes a potential fixer conflict. -
WordPress.Arrays.ArrayKeySpacingRestrictions
: signed positive integer keys will now be treated the same as signed negative integer keys. -
WordPress.Arrays.ArrayKeySpacingRestrictions
: keys consisting of calculations will now be recognized more accurately. -
WordPress.Arrays.ArrayKeySpacingRestrictions.NoSpacesAroundArrayKeys
: now has better protection in case of a fixer conflict. -
WordPress.Classes.ClassInstantiation
could create parse errors when fixing a class instantiation using variable variables. This has been fixed by replacing the sniff with thePSR12.Classes.ClassInstantiation
sniff (and some others). -
WordPress.DB.DirectDatabaseQuery
could previously get confused when it encountered comments in unexpected places. -
WordPress.DB.DirectDatabaseQuery
now respects that function (method) names in PHP are case-insensitive. -
WordPress.DB.DirectDatabaseQuery
now only looks at the current statement to find a method call to the$wpdb
object. -
WordPress.DB.DirectDatabaseQuery
no longer warns aboutTRUNCATE
queries as those cannot be cached and need a direct database query. -
WordPress.DB.PreparedSQL
could previously get confused when it encountered comments in unexpected places. -
WordPress.DB.PreparedSQL
now respects that function names in PHP are case-insensitive. -
WordPress.DB.PreparedSQL
improved recognition of interpolated variables and expressions in the$text
argument. This fixes both some false negatives as well as some false positives. -
WordPress.DB.PreparedSQL
stricter recognition of the$wpdb
variable in double quoted query strings. -
WordPress.DB.PreparedSQL
false positive for floating point numbers concatenated into an SQL query. -
WordPress.DB.PreparedSQLPlaceholders
could previously get confused when it encountered comments in unexpected places. -
WordPress.DB.PreparedSQLPlaceholders
now respects that function names in PHP are case-insensitive. -
WordPress.DB.PreparedSQLPlaceholders
stricter recognition of the$wpdb
variable in double quotes query strings. -
WordPress.DB.PreparedSQLPlaceholders
false positive when a fully qualified function call is encountered in animplode( ', ', array_fill(...))
pattern. -
WordPress.Files.FileName
no longer presumes a three character file extension. -
WordPress.NamingConventions.PrefixAllGlobals
could previously get confused when it encountered comments in unexpected places in function calls which were being examined. -
WordPress.NamingConventions.PrefixAllGlobals
now respects that function names in PHP are case-insensitive when checking whether a function declaration is polyfilling a PHP native function. -
WordPress.NamingConventions.PrefixAllGlobals
improved false positive prevention for variable assignments via keyed lists. -
WordPress.NamingConventions.PrefixAllGlobals
now only looks at the current statement when determining which variables were imported via aglobal
statement. This prevents both false positives as well as false negatives. -
WordPress.NamingConventions.PrefixAllGlobals
no longer gets confused overglobal
statements in nested clsure/function declarations. -
WordPress.NamingConventions.ValidFunctionName
now also checks the names of (global) functions when the declaration is nested within an OO method. -
WordPress.NamingConventions.ValidFunctionName
no longer throws false positives for triple underscore methods. -
WordPress.NamingConventions.ValidFunctionName
the suggested replacement names in the error message no longer remove underscores from a name in case of leading or trailing underscores, or multiple underscores in the middle of a name. -
WordPress.NamingConventions.ValidFunctionName
the determination whether a name is insnake_case
is now more accurate and has improved handling of non-ascii characters. -
WordPress.NamingConventions.ValidFunctionName
now correctly recognizes a PHP4-style constructor when the class and the constructor method name contains non-ascii characters. -
WordPress.NamingConventions.ValidHookName
no longer throws false positives when the hook name is generated via a function call and that function is passed string literals as parameters. -
WordPress.NamingConventions.ValidHookName
now ignores parameters in a variable function call (like a call to a closure). -
WordPress.NamingConventions.ValidPostTypeSlug
no longer throws false positives for interpolated text strings with complex embedded variables/expressions. -
WordPress.NamingConventions.ValidVariableName
the suggested replacement names in the error message will no longer remove underscores from a name in case of leading or trailing underscores, or multiple underscores in the middle of a name. -
WordPress.NamingConventions.ValidVariableName
the determination whether a name is insnake_case
is now more accurate and has improved handling of non-ascii characters. -
WordPress.NamingConventions.ValidVariableName
now examines all variables and variables in expressions in a text string containing interpolation. -
WordPress.NamingConventions.ValidVariableName
now has improved recognition of variables in complex embedded variables/expressions in interpolated text strings. -
WordPress.PHP.IniSet
no longer gets confused over comments in the code when determining whether the ini value is an allowed one. -
WordPress.PHP.NoSilencedErrors
no longer throws an error when error silencing is encountered for function calls to the PHP nativelibxml_disable_entity_loader()
andimagecreatefromwebp()
methods. -
WordPress.PHP.StrictInArray
no longer gets confused over comments in the code when determining whether the$strict
parameter is used. -
WordPress.Security.EscapeOutput
no longer throws a false positive on function calls where the parameters need escaping, when no parameters are being passed. -
WordPress.Security.EscapeOutput
no longer throws a false positive when a fully qualified function call to the\basename()
function is encountered within a call to_deprecated_file()
. -
WordPress.Security.EscapeOutput
could previously get confused when it encountered comments in the$file
parameter for_deprecated_file()
. -
WordPress.Security.EscapeOutput
now ignores significantly more operators which should yield more accurate results. -
WordPress.Security.EscapeOutput
now respects that function names in PHP are case-insensitive when checking whether a printing function is being used. -
WordPress.Security.EscapeOutput
no longer throws anInternal.Exception
when it encounters a constant or property mirroring the name of one of the printing functions being targetted, nor will it throw false positives for those. -
WordPress.Security.EscapeOutput
no longer incorrectly handles method calls or calls to namespaced functions mirroring the name of one of the printing functions being targetted. -
WordPress.Security.EscapeOutput
now ignoresexit
/die
statements without a status being passed, preventing false positives on code after the statement. -
WordPress.Security.EscapeOutput
now has improved recognition thatprint
can also be used as an expression, not only as a statement. -
WordPress.Security.EscapeOutput
now has much, much, much more accurate handling of code involving ternary expressions and should now correctly ignore the ternary condition in all long ternaries being examined. -
WordPress.Security.EscapeOutput
no longer disregards the ternary condition in a short ternary. -
WordPress.Security.EscapeOutput
no longer skips over a constant or property mirroring the name of one of the (auto-)escaping/formatting functions being targeted. -
WordPress.Security.EscapeOutput
no longer throws false positives for*::class
, which will always evaluate to a plain string. -
WordPress.Security.EscapeOutput
no longer throws false positives on output generating keywords encountered in an inline expression. -
WordPress.Security.EscapeOutput
no longer throws false positives on parameters passed to_e()
or_ex()
, which won't be used in the output. -
WordPress.Security.EscapeOutput
no longer throws false positives on heredocs not using interpolation. -
WordPress.Security.NonceVerification
now respects that function names in PHP are case-insensitive when checking whether an array comparison function is being used. -
WordPress.Security.NonceVerification
now also checks for nonce verification when the$_FILES
superglobal is being used. -
WordPress.Security.NonceVerification
now ignores properties named after superglobals. -
WordPress.Security.NonceVerification
now ignores list assignments to superglobals. -
WordPress.Security.NonceVerification
now ignores superglobals being unset. -
WordPress.Security.ValidatedSanitizedInput
now respects that function names in PHP are case-insensitive when checking whether an array comparison function is being used. -
WordPress.Security.ValidatedSanitizedInput
now respects that function names in PHP are case-insensitive when checking whether a variable is being validated using[array_]key_exists()
. -
WordPress.Security.ValidatedSanitizedInput
improved recognition of interpolated variables and expression in the text strings. This fixes some false negatives. -
WordPress.Security.ValidatedSanitizedInput
no longer incorrectly regards anunset()
as variable validation. -
WordPress.Security.ValidatedSanitizedInput
no longer incorrectly regards validation in a nested scope as validation which applies to the superglobal being examined. -
WordPress.WP.AlternativeFunctions
could previously get confused when it encountered comments in unexpected places. -
WordPress.WP.AlternativeFunctions
now correctly takes theminimum_wp_version
into account when determining whether a call toparse_url()
could switch over to usingwp_parse_url()
. -
WordPress.WP.CapitalPDangit
now skips (keyed) list assignments to prevent false positives. -
WordPress.WP.CapitalPDangit
now always skips all array keys, not just plain text array keys. -
WordPress.WP.CronInterval
no longer throws aChangeDetected
warning for interval calculations wrapped in parentheses, but for which the value for the interval is otherwise known. -
WordPress.WP.CronInterval
no longer throws aChangeDetected
warning for interval calculations using fully qualified WP native time constants, but for which the value for the interval is otherwise known. -
WordPress.WP.DeprecatedParameters
no longer throws a false positive for function calls tocomments_number()
using the fourth parameter (which was deprecated, but has been repurposed since WP 5.4). -
WordPress.WP.DeprecatedParameters
now looks for the correct parameter in calls to theunregister_setting()
function. -
WordPress.WP.DeprecatedParameters
now lists the correct WP version for the deprecation of the third parameter in function calls toget_user_option()
. -
WordPress.WP.DiscouragedConstants
could previously get confused when it encountered comments in unexpected places. -
WordPress.WP.EnqueuedResources
now recognizes enqueuing in a multi-line text string correctly. -
WordPress.WP.EnqueuedResourceParameters
could previously get confused when it encountered comments in unexpected places. -
WordPress.WP.GlobalVariablesOverride
improved false positive prevention for variable assignments via keyed lists. -
WordPress.WP.GlobalVariablesOverride
now only looks at the current statement when determining which variables were imported via aglobal
statement. This prevents both false positives as well as false negatives. -
WordPress.WP.I18n
improved recognition of interpolated variables and expression in the$text
argument. This fixes some false negatives. -
WordPress.WP.I18n
no longer potentially creates parse errors when auto-fixing anUnorderedPlaceholders*
error involving a multi-line text string. -
WordPress.WP.I18n
no longer throws false positives for compound parameters starting with a text string, which were previously checked as if the parameter only consisted of a text string. -
WordPress.WP.PostsPerPage
now determines the end of statement with more precision and will no longer throw a false positive for function calls on PHP 8.0+.