Move sanitization methods to SanitizationHelperTrait + minor improvements #2356
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The `Sniff:;is_*sanitized()` utility methods are about to be moved to this trait, but once they have been, the trait name is no longer correct as all other `*Functions[Helper|Trait]` classes/traits _only_ deal with function lists and checking whether something is in those lists, while this trait will now do more than that. With that in mind, I propose to rename the trait to `SanitizationHelperTrait`.
|
Also note: I still have a niggly feeling there is a logic error in the The logic error I suspect is in the following code: // The only parentheses should belong to the sanitizing function. If there's
// more than one set, this isn't *only* sanitization.
return ( \count( $tokens[ $stackPtr ]['nested_parenthesis'] ) === 1 );This seems to presume that parentheses could only be for function calls, while the extra parentheses may just as well be for control structure conditions. If the other parentheses are for control structure conditions, I believe the variable should still count as "only sanitized". $a = is_email( $_GET['email'] ); // is_ony_sanitized(): true
$a = is_email( wp_unslash( $_GET['email'] ) ); // is_ony_sanitized(): false
if ( is_email( $_GET['email'] ) ) {} // is_ony_sanitized(): falseThis should probably be further investigated when adding dedicated tests for these methods (#2272). |
GaryJones
approved these changes
Aug 18, 2023
This moves the last utility functions from the `Sniff` class to a dedicated trait. I am also explicitly marking the trait as internal API to allow us to iterate on this (not so very clean) solution in future 3.x releases without being forced to wait for a 4.0 release. The methods have been made stand-alone, as in, the presumption that the WPCS `Sniff` class is being extended has been removed by adding the `$phpcsFile` parameter. Closes 1465
As this method is now stand-alone, we'd better make sure the token being examined exists. Note: no need to do the same for the `is_only_sanitized()` method as the first thing that method calls is this method and if this method returns `false`, the `is_only_sanitized()` method will too.
Note: The `$functionPtr` variable is overwritten a few lines later and the other variables being set are effectively unused (other than in these lines), so this code can be safely removed/replaced.
…t check up A variable which is being unset, doesn't need to be unslashed or sanitized, so bow out early.
…rmance Remove the need for a call to the performance negative `array_diff_key()` function by setting up the original arrays in a better way.
* Get rid of an unnecessary `else`. * Improve readability of long condition. * Get rid of unnecessary true/false condition code.
jrfnl
force-pushed
the
feature/sniff-move-is_sanitized-to-trait-and-improve
branch
from
2c66696
to
2d019df
Compare
|
Repushed to fix the order of the remaining |
dingo-d
approved these changes
Aug 18, 2023
dingo-d
deleted the
feature/sniff-move-is_sanitized-to-trait-and-improve
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
These methods haven't had extensive work done as they barely do any token walking themselves and the underlying functions used by the methods all have had work done to improve them.
Note: the
is_only_sanitized()method could be moved to theNonceVerificationsniff as it's only used by that sniff, but for now, I've elected to keep it together with theis_sanitized()method.Rename SanitizingFunctionsTrait to SanitizationHelperTrait
The
Sniff:;is_*sanitized()utility methods are about to be moved to this trait, but once they have been, the trait name is no longer correct as all other*Functions[Helper|Trait]classes/traits only deal with function lists and checking whether something is in those lists, while this trait will now do more than that.With that in mind, I propose to rename the trait to
SanitizationHelperTrait.Move sanitization methods to SanitizationHelperTrait
This moves the last utility functions from the
Sniffclass to a dedicated trait.I am also explicitly marking the trait as internal API to allow us to iterate on this (not so very clean) solution in future 3.x releases without being forced to wait for a 4.0 release.
The methods have been made stand-alone, as in, the presumption that the WPCS
Sniffclass is being extended has been removed by adding the$phpcsFileparameter.Closes #1465
SanitizationHelperTrait::is_sanitized(): add some defensive coding
As this method is now stand-alone, we'd better make sure the token being examined exists.
Note: no need to do the same for the
is_only_sanitized()method as the first thing that method calls is this method and if this method returnsfalse, theis_only_sanitized()method will too.SanitizationHelperTrait::is_sanitized(): implement PHPCSUtils
Note: The
$functionPtrvariable is overwritten a few lines later and the other variables being set are effectively unused (other than in these lines), so this code can be safely removed/replaced.SanitizationHelperTrait::is_sanitized(): efficiency tweak - move unset check up
A variable which is being unset, doesn't need to be unslashed or sanitized, so bow out early.
SanitizationHelperTrait::is_sanitized(): efficiency fix/improve performance
Remove the need for a call to the performance negative
array_diff_key()function by setting up the original arrays in a better way.SanitizationHelperTrait::is_sanitized(): minor code tweaks
else.SanitizationHelperTrait::is_sanitized(): minor doc tweaks