Merge pull request #1709 from WordPress-Coding-Standards/develop

Release version 2.1.1

CHANGELOG.md

@@ -8,6 +8,27 @@ This projects adheres to [Semantic Versioning](https://semver.org/) and [Keep a
 
 _No documentation available about unreleased changes as of yet._
 
+
+## [2.1.1] - 2019-05-21
+
+### Changed
+- The `WordPress.WP.CapitalPDangit` will now ignore misspelled instances of `WordPress` within constant declarations.
+    This covers both constants declared using `defined()` as well as constants declared using the `const` keyword.
+- The default value for `minimum_supported_wp_version`, as used by a [number of sniffs detecting usage of deprecated WP features](https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/wiki/Customizable-sniff-properties#minimum-wp-version-to-check-for-usage-of-deprecated-functions-classes-and-function-parameters), has been updated to `4.9`.
+
+### Removed
+- `paginate_comments_links()` from the list of auto-escaped functions `Sniff::$autoEscapedFunctions`.
+    This affects the `WordPress.Security.EscapeOutput` sniff.
+
+### Fixed
+- The `$current_blog` and `$tag_ID` variables have been added to the list of WordPress global variables.
+    This fixes some false positives from the `WordPress.NamingConventions.PrefixAllGlobals` and the `WordPress.WP.GlobalVariablesOverride` sniffs.
+- The generic `TestCase` class name has been added to the `$test_class_whitelist`.
+    This fixes some false positives from the `WordPress.NamingConventions.FileName`, `WordPress.NamingConventions.PrefixAllGlobals` and the `WordPress.WP.GlobalVariablesOverride` sniffs.
+- The `WordPress.NamingConventions.ValidVariableName` sniff will now correctly recognize `$tag_ID` as a WordPress native, mixed-case variable.
+- The `WordPress.Security.NonceVerification` sniff will now correctly recognize nonce verification within a nested closure or anonymous class.
+
+
 ## [2.1.0] - 2019-04-08
 
 ### Added
@@ -1070,6 +1091,7 @@ See the comparison for full list.
 Initial tagged release.
 
 [Unreleased]: https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/compare/master...HEAD
+[2.1.1]: https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/compare/2.1.0...2.1.1
 [2.1.0]: https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/compare/2.0.0...2.1.0
 [2.0.0]: https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/compare/2.0.0-RC1...2.0.0
 [2.0.0-RC1]: https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/compare/1.2.1...2.0.0-RC1

WordPress/Sniff.php

@@ -82,7 +82,7 @@ abstract class Sniff implements PHPCS_Sniff {
 	 *
 	 * @var string WordPress version.
 	 */
-	public $minimum_supported_version = '4.8';
+	public $minimum_supported_version = '4.9';
 
 	/**
 	 * Custom list of classes which test classes can extend.
@@ -202,7 +202,6 @@ abstract class Sniff implements PHPCS_Sniff {
 		'get_the_ID'                => true,
 		'get_the_post_thumbnail'    => true,
 		'get_the_term_list'         => true,
-		'paginate_comments_links'   => true,
 		'post_type_archive_title'   => true,
 		'readonly'                  => true,
 		'selected'                  => true,
@@ -638,6 +637,7 @@ abstract class Sniff implements PHPCS_Sniff {
 		'compress_css'                     => true,
 		'compress_scripts'                 => true,
 		'concatenate_scripts'              => true,
+		'current_blog'                     => true,
 		'current_screen'                   => true,
 		'current_site'                     => true,
 		'current_user'                     => true,
@@ -740,6 +740,7 @@ abstract class Sniff implements PHPCS_Sniff {
 		'table_prefix'                     => true,
 		'tabs'                             => true,
 		'tag'                              => true,
+		'tag_ID'                           => true,
 		'targets'                          => true,
 		'tax'                              => true,
 		'taxnow'                           => true,
@@ -860,6 +861,8 @@ abstract class Sniff implements PHPCS_Sniff {
 		'WP_XMLRPC_UnitTestCase'                     => true,
 		'PHPUnit_Framework_TestCase'                 => true,
 		'PHPUnit\Framework\TestCase'                 => true,
+		// PHPUnit native TestCase class when imported via use statement.
+		'TestCase'                                   => true,
 	);
 
 	/**
@@ -1440,13 +1443,15 @@ protected function has_nonce_check( $stackPtr ) {
 		$tokens = $this->phpcsFile->getTokens();
 
 		// If we're in a function, only look inside of it.
-		$f = $this->phpcsFile->getCondition( $stackPtr, \T_FUNCTION );
-		if ( false !== $f ) {
-			$start = $tokens[ $f ]['scope_opener'];
-		} else {
-			$f = $this->phpcsFile->getCondition( $stackPtr, \T_CLOSURE );
-			if ( false !== $f ) {
-				$start = $tokens[ $f ]['scope_opener'];
+		// Once PHPCS 3.5.0 comes out this should be changed to the new Conditions::GetLastCondition() method.
+		if ( isset( $tokens[ $stackPtr ]['conditions'] ) === true ) {
+			$conditions = $tokens[ $stackPtr ]['conditions'];
+			$conditions = array_reverse( $conditions, true );
+			foreach ( $conditions as $tokenPtr => $condition ) {
+				if ( \T_FUNCTION === $condition || \T_CLOSURE === $condition ) {
+					$start = $tokens[ $tokenPtr ]['scope_opener'];
+					break;
+				}
 			}
 		}
 

WordPress/Sniffs/NamingConventions/ValidVariableNameSniff.php

@@ -50,6 +50,7 @@ class ValidVariableNameSniff extends PHPCS_AbstractVariableSniff {
 		'is_winIE'          => true,
 		'PHP_SELF'          => true,
 		'post_ID'           => true,
+		'tag_ID'            => true,
 		'user_ID'           => true,
 	);
 

WordPress/Sniffs/WP/CapitalPDangitSniff.php

@@ -188,6 +188,24 @@ public function process_token( $stackPtr ) {
 			}
 		}
 
+		// Ignore constant declarations via define().
+		if ( $this->is_in_function_call( $stackPtr, array( 'define' => true ), true, true ) ) {
+			return;
+		}
+
+		// Ignore constant declarations using the const keyword.
+		$stop_points = array(
+			\T_CONST,
+			\T_SEMICOLON,
+			\T_OPEN_TAG,
+			\T_CLOSE_TAG,
+			\T_OPEN_CURLY_BRACKET,
+		);
+		$maybe_const = $this->phpcsFile->findPrevious( $stop_points, ( $stackPtr - 1 ) );
+		if ( false !== $maybe_const && \T_CONST === $this->tokens[ $maybe_const ]['code'] ) {
+			return;
+		}
+
 		$content = $this->tokens[ $stackPtr ]['content'];
 
 		if ( preg_match_all( self::WP_REGEX, $content, $matches, ( \PREG_PATTERN_ORDER | \PREG_OFFSET_CAPTURE ) ) > 0 ) {

WordPress/Tests/Files/FileNameUnitTests/TestFiles/test-sample-namespaced-extends.4.inc

@@ -2,5 +2,5 @@
 phpcs:set WordPress.Files.FileName custom_test_class_whitelist[] Some\Name\TestSample
 <?php
 
-class TestCase extends TestSample {}
+class MyUnitTest extends TestSample {}
 /* phpcs:set WordPress.Files.FileName custom_test_class_whitelist[] */

WordPress/Tests/Security/NonceVerificationUnitTest.inc

@@ -247,7 +247,7 @@ function allow_for_array_comparison_in_condition() {
 	}
 }
 
-# Issue #572.
+// Issue #572.
 function allow_for_unslash_before_noncecheck_but_demand_noncecheck() {
 	$var = wp_unslash( $_POST['foo'] ); // Bad.
 	echo $var;
@@ -275,3 +275,29 @@ function dont_allow_bypass_nonce_via_sanitization() {
 	wp_verify_nonce( $var );
 	echo $var;
 }
+
+// Issue #1694
+function function_containing_nested_class() {
+	if ( !class_exists( 'Nested_Class' ) ) {
+		class Nested_Class extends Something {
+			public function method_in_nested_class() {
+				if ( isset( $_POST['my_nonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['my_nonce'] ) ), 'the_nonce' ) ) {
+					if ( isset( $_POST['hello'] ) ) {
+						echo 'world';
+					}
+				}
+			}
+		}
+	}
+}
+
+function function_containing_nested_closure() {
+	$closure = function() {
+		if ( isset( $_POST['my_nonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['my_nonce'] ) ), 'the_nonce' ) ) {
+			if ( isset( $_POST['hello'] ) ) {
+				echo 'world';
+			}
+		}
+	};
+}
+

WordPress/Tests/WP/CapitalPDangitUnitTest.inc

@@ -180,3 +180,11 @@ wordpress.pot
 $text = <<<'EOD'
 This is an explanation about word-press.
 EOD;
+
+// Issue 1698 - ignore constant declarations.
+define( 'WORDPRESS_SOMETHING', 'wordpress' ); // OK.
+class TestMe {
+	public const MY_CONST = 123,
+		ANOTHER => array( 'a' => 'b' ),
+		WORDPRESS_SOMETHING = 'wordpress'; // OK (complex declaration to make sure start of statement is detected correctly).
+}

WordPress/Tests/WP/CapitalPDangitUnitTest.inc.fixed

@@ -180,3 +180,11 @@ wordpress.pot
 $text = <<<'EOD'
 This is an explanation about WordPress.
 EOD;
+
+// Issue 1698 - ignore constant declarations.
+define( 'WORDPRESS_SOMETHING', 'wordpress' ); // OK.
+class TestMe {
+	public const MY_CONST = 123,
+		ANOTHER => array( 'a' => 'b' ),
+		WORDPRESS_SOMETHING = 'wordpress'; // OK (complex declaration to make sure start of statement is detected correctly).
+}

WordPress/Tests/WP/DeprecatedFunctionsUnitTest.inc

@@ -327,12 +327,12 @@ _usort_terms_by_name();
 get_paged_template();
 wp_get_network();
 wp_kses_js_entities();
+/* ============ WP 4.8 ============ */
+wp_dashboard_plugins_output();
 
 /*
  * Warning.
  */
-/* ============ WP 4.8 ============ */
-wp_dashboard_plugins_output();
 /* ============ WP 4.9 ============ */
 get_shortcut_link();
 is_user_option_local();

WordPress/Tests/WP/DeprecatedFunctionsUnitTest.php

@@ -28,7 +28,7 @@ class DeprecatedFunctionsUnitTest extends AbstractSniffUnitTest {
 	 */
 	public function getErrorList() {
 
-		$errors = array_fill( 8, 322, 1 );
+		$errors = array_fill( 8, 324, 1 );
 
 		// Unset the lines related to version comments.
 		unset(
@@ -61,7 +61,8 @@ public function getErrorList() {
 			$errors[304],
 			$errors[311],
 			$errors[319],
-			$errors[323]
+			$errors[323],
+			$errors[330]
 		);
 
 		return $errors;
@@ -74,10 +75,10 @@ public function getErrorList() {
 	 */
 	public function getWarningList() {
 
-		$warnings = array_fill( 335, 9, 1 );
+		$warnings = array_fill( 337, 7, 1 );
 
 		// Unset the lines related to version comments.
-		unset( $warnings[336], $warnings[341] );
+		unset( $warnings[341] );
 
 		return $warnings;
 	}

WordPress/Tests/WP/DeprecatedParametersUnitTest.inc

@@ -34,6 +34,7 @@ comments_link( 'deprecated', 'deprecated' );
 comments_number( '', '', '', 'deprecated' );
 convert_chars( '', 'deprecated' );
 discover_pingback_server_uri( '', 'deprecated' );
+get_category_parents( '', '', '', '', array( 'deprecated') );
 get_delete_post_link( '', 'deprecated' );
 get_last_updated( 'deprecated' );
 get_the_author( 'deprecated' );
@@ -61,6 +62,4 @@ wp_title_rss( 'deprecated' );
 wp_upload_bits( '', 'deprecated' );
 xfn_check( '', '', 'deprecated' );
 
-// All will give an WARNING as they have been deprecated after WP 4.8.
-
-get_category_parents( '', '', '', '', array( 'deprecated') );
+// All will give an WARNING as they have been deprecated after WP 4.9.

WordPress/Tests/WP/DeprecatedParametersUnitTest.php

@@ -27,15 +27,15 @@ class DeprecatedParametersUnitTest extends AbstractSniffUnitTest {
 	 * @return array <int line number> => <int number of errors>
 	 */
 	public function getErrorList() {
-		$errors = array_fill( 28, 35, 1 );
+		$errors = array_fill( 28, 36, 1 );
 
 		$errors[22] = 1;
 		$errors[23] = 1;
 		$errors[24] = 1;
 
 		// Override number of errors.
 		$errors[33] = 2;
-		$errors[47] = 2;
+		$errors[48] = 2;
 
 		return $errors;
 	}
@@ -46,9 +46,7 @@ public function getErrorList() {
 	 * @return array <int line number> => <int number of warnings>
 	 */
 	public function getWarningList() {
-		return array(
-			66 => 1,
-		);
+		return array();
 	}
 
 }

WordPress/Tests/WP/GlobalVariablesOverrideUnitTest.5.inc

@@ -0,0 +1,11 @@
+<?php
+
+use PHPUnit\Framework\TestCase;
+
+class Test_Class_D extends TestCase {
+
+	public function test_something() {
+		global $tabs;
+		$tabs = 50; // Ok.
+	}
+}

phpcs.xml.dist.sample

@@ -70,7 +70,7 @@
 	the wiki:
 	https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/wiki/Customizable-sniff-properties
 	-->
-	<config name="minimum_supported_wp_version" value="4.8"/>
+	<config name="minimum_supported_wp_version" value="4.9"/>
 
 	<rule ref="WordPress.WP.I18n">
 		<properties>