Add rule to prevent deregistering scripts. #26
Conversation
|
Hi @Pross Thanks for this! Great to see the enthousiasm & willingness to contribute to this project. In this case, your PR does need some work. Are you open for some coaching from me on this ? |
|
Of course! PM me on Slack. |
|
As discussed on Slack - PR reviews will take place here on GH as that way it can also be used as a reference for future contributors. As you're very quick to the party (quicker than I expected others to start contributing code), there will be a few start up hickups due to some changes we've initiated in the WPCS project. There is a PR open in WPCS at the moment to start checking for code style. As we very much would like the theme review branch to comply, I intended to rebase the theme review branch once that was merged and then to rebase my own open PRs on the rebased theme review branch. Yeah, I know, a bit of a hassle, but this would mean we'd have a clean code base to start from and the means to keep it that way. Once all the rebasing is done, we'll start merging PRs for items which have either been approved or are already well documented in the handbook. I hope you don't mind, but that does imply that I will ask you to rebase your PR some time over the next few days as well (hoping the open PR will be merged soon). So please bear with me on that. Having said all that, I'll now start leaving some feedback on the code ;-) Oh and one last note: you may want to consider using named feature branches forked from the |
WordPress-Theme/ruleset.xml
Outdated
| @@ -3,7 +3,7 @@ | |||
| <!-- For more information: https://make.wordpress.org/themes/handbook/review/ --> | |||
| <description>Standards any Theme to be published on wordpress.org should comply with.</description> | |||
|
|
|||
|
|
|||
| <rule ref="WordPress.Functions.FunctionRestrictions"/> | |||
There was a problem hiding this comment.
We'll be adding a new folder to the WordPress/Sniffs and WordPress/Tests directories names Theme. That folder will contain all sniffs (and it's sister the unit tests) which are very specific to the theme review process.
If you have a look at PR #10 where I've done something similar to what you're doing here, you can see what I mean and what that will look like.
Once the first custom sniff which will live in the Theme folder has been merged, the rule <rule ref="WordPress-Theme"/> will be added to the WordPress-Theme/ruleset.xml. From then on, all sniffs contained within the Theme folder will automatically be registered and run when running PHPCS against the new WordPress-Theme standard.
There was a problem hiding this comment.
For sniffs to be re-usable, it is also important to keep them modular and name them for their specific function.
In this case, may I suggest naming the sniff DeregisterScript ?
There was a problem hiding this comment.
Looks like I can simply add to that PR anyway.
There was a problem hiding this comment.
I'd rather you don't.
It'll be so much easier to manage the project if every rule has their own sniff. If a rule changes, we change the sniff without potentially impacting other sniffs.
Also, having each rule in a separate sniff will also allow for more modular disabling of sniffs.
While this won't be allowed for wp.org (of course!), I can imagine, commercial theme hosting parties which also have some form of theme review in place creating their own rule set based on the wp.org Theme ruleset and just selectively excluding some rules.
|
Ok, review notes are inline. As a side-note: as mentioned above, WPCS will start checking for code style. The current files do not comply. |
|
Updated the PR. Moved sniff to the Theme folder as per PR10 Also renamed the classes/files and made the examples a bit more realistic. |
WordPress-Theme/ruleset.xml
Outdated
| @@ -3,7 +3,7 @@ | |||
| <!-- For more information: https://make.wordpress.org/themes/handbook/review/ --> | |||
| <description>Standards any Theme to be published on wordpress.org should comply with.</description> | |||
|
|
|||
|
|
|||
| <rule ref="WordPress.Theme.DeregisterScript"/> | |||
There was a problem hiding this comment.
No need to specify the specific rule. All sniffs in the Theme folder will be automatically added once the below has gone into the ruleset (and it will as soon as we merge the first custom sniff).
<rule ref="WordPress.Theme/>
jrfnl
changed the title
|
P.S.: I've changed the issue title to better cover the PR. Hope you don't mind. |
grappler
force-pushed
the
feature/theme-review-sniffs
branch
from
b8a5e09
to
5dd4758
Compare
|
Closing for rewrite. |
|
@Pross You don't need to close the PR. You can just reset the branch and start again. |
|
Any idea how? Do I have to revert my commits? |
| * @author Simon Prosser <pross@pross.org.uk> | ||
| */ | ||
| class WordPress_Sniffs_Theme_NoDeregisterCoreScriptSniff extends WordPress_Sniffs_Functions_FunctionRestrictionsSniff | ||
| { |
There was a problem hiding this comment.
Please bring the bracket on the same line as the class name.
|
The check failed because of these styling issues. |
|
|
||
| $content = trim( $token['content'], '"\'' ); | ||
|
|
||
| $functions = array( |
There was a problem hiding this comment.
I would suggest making both the $functions array as well as the $scripts array class properties.
|
I've rebased & updated the sniff. This should now be ready for a final review & merge. Update notes:
To do at a later stage:
|
|
FYI: I've added one more commit to make the "dynamic handle" check yet more rigorous. This last commit can be squashed into the "update based on feedback" commit before merge. |
|
FYI: And another commit updating the docblock for the script list. This one should probably be squashed into either or the last two commits before merge. |
| @@ -22,6 +22,9 @@ wp_deregister_script( 'themename-' . 'common' ); | |||
| */ | |||
| wp_deregister_script( $prefix . '-common' ); // Warning. | |||
| wp_deregister_script( $something, 'jquery' ); // Warning for variable. Having the handle as second param will not work anyway, so no error. | |||
| wp_deregister_script( self::$script_handle, 'jquery' ); // Warning for variable/dynamic param. | |||
| wp_deregister_script( parent::SCRIPT_HANDLE, 'jquery' ); // Warning for variable/dynamic param. | |||
| wp_deregister_script( get_script_handle(), 'jquery' ); // Warning for variable/dynamic param. | |||
There was a problem hiding this comment.
The second argument is not valid. Is there a reason to add it?
There was a problem hiding this comment.
Ah, that was only meant to be in the test on line 24, will remove them from the others. And yes, it is just testing that the correct param is being checked.
| } | ||
|
|
||
| $text .= $this->strip_quotes( $this->tokens[ $i ]['content'] ); | ||
| } |
There was a problem hiding this comment.
We were discussing in WordPress/WordPress-Coding-Standards#1364 about a utility function to return a string of all of the text string tokens.
I was wondering if it would be better to split the $found_variable_token from the $text code. This change would be my suggestion. https://gist.github.com/grappler/10dc57b4b3ab71a35e2fe925ef4da1ec The Unit Tests pass with this change.
There was a problem hiding this comment.
When I wrote that code, I chose not to do so for efficiency reasons. The findNext() function walks the token array as well, so with your example code, there would be two foreach()-es walking the same tokens, while the current code does the same while only walking the tokens once.
| $matched_parameter = $this->strip_quotes( $parameters[1]['raw'] ); | ||
|
|
||
| if ( isset( $this->target_functions[ $matched_content ][ $matched_parameter ] ) ) { | ||
| $this->throw_prohibited_error( $stackPtr, array( $matched_parameter ) ); |
There was a problem hiding this comment.
It may be better to show the error at the parameter instead of the function. This is not a blocker.
There was a problem hiding this comment.
A case can be made for either. Is the deregistering the most important bit or is the fact that its a core script being deregistered that's important ?
There was a problem hiding this comment.
For me the important part of this is that it's deregistering a core script. Sometimes scripts could be deregistered (such as child theme removing parent scripts) but core scripts almost always should not be removed.
There was a problem hiding this comment.
Thanks for the feedback. I've added an additional commit which changes the line on which the error/warning is reported to the line containing the script handle.
| */ | ||
| public function throw_variable_handle_warning( $stackPtr, $data = array() ) { | ||
| $this->phpcsFile->addWarning( | ||
| 'Deregistering core scripts is prohibited. A variable script handle was found. Inspection of the %s() call needed.', |
There was a problem hiding this comment.
It may be good to output the variable in the error message so that a preliminary check could be made from the error message.
* Update link to handbook. * Make the sniff slightly less easy to bypass by doing a quick check on the `raw` value of the parameter first and doing a more rigorous check if that yielded no results. * Abstracted the throwing of the actual error out to a separate method to make this class more easily extendable. This allows for adding a separate sniff to detect calls to `wp_deregister_style()` to unregister WP Core external stylesheets which basically needs the same logic. * If a variable was detected in `$handle`, throw a warning. Similar to the error, the warning is thrown from a separate method for easier extending of the class. * Updated and added more unit tests.
As the array is only checked with `isset()`, there is no need for the value to have any meaning. This makes maintenance of the array simpler.
|
I've updated the PR based on @grappler's feedback (last commit) and squashed earlier commits which needed squashing. Just one open question left and this can be merged: #26 (comment) |
|
In the meeting an interesting point was raised by @joyously:
So we should only forbid deregistering core scripts? Because we know which script is a core script (https://developer.wordpress.org/reference/functions/wp_enqueue_script/#default-scripts-included-and-registered-by-wordpress). |
|
The only core scripts I could really see deregistering are the audio/video/playlist shortcode scripts. Theme might very well want to do something custom there, and this would be directly related to presentation on the front end. Then again, they could simply That's the only use case I've come across where it makes sense for themes to remove a core script in any way. |
…ntains the script handle
|
The sniff only looks at deregistering and only for core scripts, so the last two comments are - as far as I'm concerned - already addressed. |
Actions needed
Action for later
|
|
Ok, since nobody gave the advice about the core scripts, I'll assume that the list is ok. Also I ran the unit test with the Not really sure if something else needs to be done on it, so I'll approve it. |
|
@dingo-d will update the list of core scripts slugs. |
Added wp_deregister_script with a unit test.
Not sure if this is the way to do this, please let me know if it isnt!