0.14.0
版本发布时间: 2017-11-01 23:13:23
WordPress/WordPress-Coding-Standards最新发布版本:3.1.0(2024-03-26 00:44:32)
Added
-
WordPress.Arrays.MultipleStatementAlignment
sniff to theWordPress-Core
ruleset which will align the array assignment operator for multi-item, multi-line associative arrays. This new sniff offers four custom properties to customize its behaviour:ignoreNewlines
,exact
,maxColumn
andalignMultilineItems
. -
WordPress.DB.PreparedSQLPlaceholders
sniff to theWordPress-Core
ruleset which will analyse the placeholders passed to$wpdb->prepare()
for their validity, check whether queries usingIN ()
andLIKE
statements are created correctly and will check whether a correct number of replacements are passed. This sniff should help detect queries which are impacted by the security fixes to$wpdb->prepare()
which shipped with WP 4.8.2 and 4.8.3. The sniff also adds a new "PreparedSQLPlaceholders replacement count" whitelist comment for pertinent replacement count vs placeholder mismatches. Please consider carefully whether something could be a bug when you are tempted to use the whitelist comment and if so, report it. -
WordPress.PHP.DiscourageGoto
sniff to theWordPress-Core
ruleset. -
WordPress.PHP.RestrictedFunctions
sniff to theWordPress-Core
ruleset which initially forbids the use ofcreate_function()
. This was previous only discouraged under certain circumstances. -
WordPress.WhiteSpace.ArbitraryParenthesesSpacing
sniff to theWordPress-Core
ruleset which checks the spacing on the inside of arbitrary parentheses. -
WordPress.WhiteSpace.PrecisionAlignment
sniff to theWordPress-Core
ruleset which will throw a warning when precision alignment is detected in PHP, JS and CSS files. -
WordPress.WhiteSpace.SemicolonSpacing
sniff to theWordPress-Core
ruleset which will throw a (fixable) error when whitespace is found before a semi-colon, except for when the semi-colon denotes an emptyfor()
condition. -
WordPress.CodeAnalysis.AssignmentInCondition
sniff to theWordPress-Extra
ruleset. -
WordPress.WP.DiscouragedConstants
sniff to theWordPress-Extra
andWordPress-VIP
rulesets to detect usage of deprecated WordPress constants, such asSTYLESHEETPATH
andHEADER_IMAGE
. - Ability to pass the
minimum_supported_version
to use for theDeprecatedFunctions
,DeprecatedClasses
andDeprecatedParameters
sniff in one go. You can pass aminimum_supported_wp_version
runtime variable for this from the command line or pass it using aconfig
directive in a custom ruleset. -
Generic.Formatting.MultipleStatementAlignment
- customized to have amaxPadding
of40
-,Generic.Functions.FunctionCallArgumentSpacing
andSquiz.WhiteSpace.ObjectOperatorSpacing
to theWordPress-Core
ruleset. -
Squiz.Scope.MethodScope
,Squiz.Scope.MemberVarScope
,Squiz.WhiteSpace.ScopeKeywordSpacing
,PSR2.Methods.MethodDeclaration
,Generic.Files.OneClassPerFile
,Generic.Files.OneInterfacePerFile
,Generic.Files.OneTraitPerFile
,PEAR.Files.IncludingFile
,Squiz.WhiteSpace.LanguageConstructSpacing
,PSR2.Namespaces.NamespaceDeclaration
to theWordPress-Extra
ruleset. - The
is_class_constant()
,is_class_property
andvalid_direct_scope()
utility methods to theWordPress\Sniff
class.
Changed
- When passing an array property via a custom ruleset to PHP_CodeSniffer, spaces around the key/value are taken as intentional and parsed as part of the array key/value. In practice, this leads to confusion and WPCS does not expect any values which could be preceded/followed by a space, so for the WordPress Coding Standard native array properties, like
customAutoEscapedFunction
,text_domain
,prefixes
, WPCS will now trim whitespace from the keys/values received before use. - The WPCS native whitelist comments used to only work when they were put on the end of the line of the code they applied to. As of now, they will also be recognized when they are be put at the end of the statement they apply to.
- The
WordPress.Arrays.ArrayDeclarationSpacing
sniff used to enforce all associative arrays to be multi-line. The handbook has been updated to only require this for multi-item associative arrays and the sniff has been updated accordingly. The original behaviour can still be enforced by setting the newallow_single_item_single_line_associative_arrays
property tofalse
in a custom ruleset. - The
WordPress.NamingConventions.PrefixAllGlobals
sniff will now allow for a limited list of WP core hooks which are intended to be called by plugins and themes. - The
WordPress.PHP.DiscouragedFunctions
sniff used to includecreate_function
. This check has been moved to the newWordPress.PHP.RestrictedFunctions
sniff. - The
WordPress.PHP.StrictInArray
sniff now has a separate error codeFoundNonStrictFalse
for when the$strict
parameter has been set tofalse
. This allows for excluding the warnings for that particular situation, which will normally be intentional, via a custom ruleset. - The
WordPress.VIP.CronInterval
sniff now allows for customizing the minimum allowed cron interval by setting a property in a custom ruleset. - The
WordPress.VIP.RestrictedFunctions
sniff used to prohibit the use of certain WP native functions, recommending the use ofwpcom_vip_get_term_link()
,wpcom_vip_get_term_by()
andwpcom_vip_get_category_by_slug()
instead, as the WP native functions were not being cached. As the results of the relevant WP native functions are cached as of WP 4.8, the advice has now been reversed i.e. use the WP native functions instead ofwpcom...
functions. - The
WordPress.VIP.PostsPerPage
sniff now allows for customizing thepost_per_page
limit for which the sniff will trigger by setting a property in a custom ruleset. - The
WordPress.WP.I18n
sniff will now allow and actively encourage omitting the text-domain in I18n function calls if the text-domain passed via thetext_domain
property isdefault
, i.e. the domain used by Core. Whendefault
is one of several text-domains passed via thetext_domain
property, the error thrown when the domain is missing has been downgraded to awarning
. - The
WordPress.XSS.EscapeOutput
sniff now has a separate error codeOutputNotEscapedShortEcho
and the error message texts have been updated. - Moved
Squiz.PHP.Eval
from theWordPress-Extra
andWordPress-VIP
to theWordPress-Core
ruleset. - Removed two sniffs from the
WordPress-VIP
ruleset which were already included via theWordPress-Core
ruleset. - The unit test suite is now compatible with PHPCS 3.1.0+ and PHPUnit 6.x.
- Some tidying up of the unit test case files.
- All sniffs are now also being tested against PHP 7.2 for consistent sniff results.
- An attempt is made to detect potential fixer conflicts early via a special build test.
- Various minor documentation fixes.
- Improved the Atom setup instructions in the Readme.
- Updated the unit testing information in Contributing.
- Updated the custom ruleset example for the changes contained in this release and to make it more explicit what is recommended versus example code.
- The minimum recommended version for the suggested
DealerDirect/phpcodesniffer-composer-installer
Composer plugin has gone up to0.4.3
. This patch version fixes support for PHP 5.3.
Fixed
- The
WordPress.Arrays.ArrayIndentation
sniff did not correctly handle array items with multi-line strings as a value. - The
WordPress.Arrays.ArrayIndentation
sniff did not correctly handle array items directly after an array item with a trailing comment. - The
WordPress.Classes.ClassInstantiation
sniff will now correctly handle detection when usingnew $array['key']
ornew $array[0]
. - The
WordPress.NamingConventions.PrefixAllGlobals
sniff did not allow for arbitrary word separators in hook names. - The
WordPress.NamingConventions.PrefixAllGlobals
sniff did not correctly recognize namespaced constants as prefixed. - The
WordPress.PHP.StrictInArray
sniff would erronously trigger if thetrue
for$strict
was passed in uppercase. - The
WordPress.PHP.YodaConditions
sniff could get confused over complex ternaries containing assignments. This has been remedied. - The
WordPress.WP.PreparedSQL
sniff would erronously throw errors about comments found within a DB function call. - The
WordPress.WP.PreparedSQL
sniff would erronously throw errors about(int)
,(float)
and(bool)
casts and would also flag the subsequent variable which had been safe casted. - The
WordPress.XSS.EscapeOutput
sniff would erronously trigger when using a fully qualified function call - including the global namespace\
indicator - to one of the escaping functions. - The lists of WP global variables and WP mixed case variables have been synchronized, which fixes some false positives.