Modularizing the discouraged functions

WordPress · Sep 28, 2016 · 0682c3c · 0682c3c
1 parent 51eb33b
commit 0682c3c
Show file tree

Hide file tree

Showing 20 changed files with 635 additions and 248 deletions.
diff --git a/WordPress/Sniffs/PHP/DevelopmentFunctionsSniff.php b/WordPress/Sniffs/PHP/DevelopmentFunctionsSniff.php
@@ -0,0 +1,62 @@
+<?php
+/**
+ * WordPress Coding Standard.
+ *
+ * @package WPCS\WordPressCodingStandards
+ * @link    https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards
+ * @license https://opensource.org/licenses/MIT MIT
+ */
+
+/**
+ * Restrict the use of various development functions.
+ *
+ * @package WPCS\WordPressCodingStandards
+ *
+ * @since   0.11.0
+ */
+class WordPress_Sniffs_PHP_DevelopmentFunctionsSniff extends WordPress_AbstractFunctionRestrictionsSniff {
+
+	/**
+	 * Groups of functions to restrict.
+	 *
+	 * Example: groups => array(
+	 * 	'lambda' => array(
+	 * 		'type'      => 'error' | 'warning',
+	 * 		'message'   => 'Use anonymous functions instead please!',
+	 * 		'functions' => array( 'eval', 'create_function' ),
+	 * 	)
+	 * )
+	 *
+	 * @return array
+	 */
+	public function getGroups() {
+		return array(
+			'error_log' => array(
+				'type'      => 'error',
+				'message'   => '%s Debug code is not to be used in Production',
+				'functions' => array(
+					'error_log',
+					'var_dump',
+					'var_export',
+					'print_r',
+					'trigger_error',
+					'set_error_handler',
+					'debug_backtrace',
+					'debug_print_backtrace',
+					'wp_debug_backtrace_summary',
+				),
+			),
+
+			'prevent_path_disclosure' => array(
+				'type'      => 'error',
+				'message'   => '%s is prohibited as it can lead to full path disclosure.',
+				'functions' => array(
+					'error_reporting',
+					'phpinfo',
+				),
+			),
+
+		);
+	} // end getGroups()
+
+} // end class
diff --git a/WordPress/Sniffs/PHP/DiscouragedFunctionsSniff.php b/WordPress/Sniffs/PHP/DiscouragedFunctionsSniff.php
@@ -7,65 +7,68 @@
  * @license https://opensource.org/licenses/MIT MIT
  */
 
-if ( ! class_exists( 'Generic_Sniffs_PHP_ForbiddenFunctionsSniff', true ) ) {
-	throw new PHP_CodeSniffer_Exception( 'Class Generic_Sniffs_PHP_ForbiddenFunctionsSniff not found' );
-}
-
 /**
- * Discourages the use of various functions and suggests (WordPress) alternatives.
+ * Discourages the use of various functions and suggests alternatives.
  *
  * @package WPCS\WordPressCodingStandards
  *
  * @since   0.1.0
  * @since   0.10.0 The checks for the POSIX functions have been replaced by the stand-alone
  *                 sniff WordPress_Sniffs_PHP_POSIXFunctionsSniff.
+ * @since   0.11.0 The checks for the PHP development functions have been replaced by the
+ *                 stand-alone sniff WordPress_Sniffs_PHP_DevelopmentFunctionsSniff.
+ *                 The checks for the PHP deprecated functions have been replaced by the
+ *                 stand-alone sniff WordPress_Sniffs_PHP_DeprecatedFunctionsSniff.
+ *                 The checks for the WP deprecated functions have been replaced by the
+ *                 stand-alone sniff WordPress_Sniffs_WP_DeprecatedFunctionsSniff.
+ *                 The checks for the PHP functions which have a WP alternative has been replaced
+ *                 by the stand-alone sniff WordPress_Sniffs_WP_AlternativeFunctionsSniff.
+ *                 The checks for the WP discouraged functions have been replaced by the
+ *                 stand-alone sniff WordPress_Sniffs_WP_DiscouragedFunctionsSniff.
  */
-class WordPress_Sniffs_PHP_DiscouragedFunctionsSniff extends Generic_Sniffs_PHP_ForbiddenFunctionsSniff {
+class WordPress_Sniffs_PHP_DiscouragedFunctionsSniff extends WordPress_AbstractFunctionRestrictionsSniff {
 
 	/**
-	 * A list of forbidden functions with their alternatives.
+	 * Groups of functions to discourage.
 	 *
-	 * The value is NULL if no alternative exists. I.e. the
-	 * function should just not be used.
+	 * Example: groups => array(
+	 * 	'lambda' => array(
+	 * 		'type'      => 'error' | 'warning',
+	 * 		'message'   => 'Use anonymous functions instead please!',
+	 * 		'functions' => array( 'eval', 'create_function' ),
+	 * 	)
+	 * )
 	 *
-	 * @var array(string => string|null)
+	 * @return array
 	 */
-	public $forbiddenFunctions = array(
-		// Development.
-		'print_r'                  => null,
-		'debug_print_backtrace'    => null,
-		'var_dump'                 => null,
-		'var_export'               => null,
-
-		// Discouraged.
-		'json_encode'              => 'wp_json_encode',
+	public function getGroups() {
+		return array(
+			'create_function' => array(
+				'type'      => 'warning',
+				'message'   => '%s is discouraged, please use anonymous functions instead.',
+				'functions' => array(
+					'create_function',
+				),
+			),
 
-		// WordPress deprecated.
-		'find_base_dir'            => 'WP_Filesystem::abspath',
-		'get_base_dir'             => 'WP_Filesystem::abspath',
-		'dropdown_categories'      => 'wp_link_category_checklist',
-		'dropdown_link_categories' => 'wp_link_category_checklist',
-		'get_link'                 => 'get_bookmark',
-		'get_catname'              => 'get_cat_name',
-		'register_globals'         => null,
-		'wp_setcookie'             => 'wp_set_auth_cookie',
-		'wp_get_cookie_login'      => null,
-		'wp_login'                 => 'wp_signon',
-		'get_the_attachment_link'  => 'wp_get_attachment_link',
-		'get_attachment_icon_src'  => 'wp_get_attachment_image_src',
-		'get_attachment_icon'      => 'wp_get_attachment_image',
-		'get_attachment_innerHTML' => 'wp_get_attachment_image',
+			'serialize' => array(
+				'type'      => 'warning',
+				'message'   => '%s Serialized data has <a href=\'https://www.owasp.org/index.php/PHP_Object_Injection\'>known vulnerability problems</a> with Object Injection. JSON is generally a better approach for serializing data.',
+				'functions' => array(
+					'serialize',
+					'unserialize',
+				),
+			),
 
-		// WordPress discouraged.
-		'query_posts'              => 'WP_Query',
-		'wp_reset_query'           => 'wp_reset_postdata',
-	);
+			'urlencode' => array(
+				'type'      => 'warning',
+				'message'   => '%s urlencode should only be used when dealing with legacy applications rawurlencode should now de used instead. See http://php.net/manual/en/function.rawurlencode.php and http://www.faqs.org/rfcs/rfc3986.html',
+				'functions' => array(
+					'urlencode',
+				),
+			),
 
-	/**
-	 * If true, an error will be thrown; otherwise a warning.
-	 *
-	 * @var bool
-	 */
-	public $error = false;
+		);
+	} // end getGroups()
 
 } // End class.
diff --git a/WordPress/Sniffs/PHP/RestrictedFunctionsSniff.php b/WordPress/Sniffs/PHP/RestrictedFunctionsSniff.php
@@ -0,0 +1,45 @@
+<?php
+/**
+ * WordPress Coding Standard.
+ *
+ * @package WPCS\WordPressCodingStandards
+ * @link    https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards
+ * @license https://opensource.org/licenses/MIT MIT
+ */
+
+/**
+ * Restricts the use of various functions and suggests alternatives.
+ *
+ * @package WPCS\WordPressCodingStandards
+ *
+ * @since   0.11.0
+ */
+class WordPress_Sniffs_PHP_RestrictedFunctionsSniff extends WordPress_AbstractFunctionRestrictionsSniff {
+
+	/**
+	 * Groups of functions to discourage.
+	 *
+	 * Example: groups => array(
+	 * 	'lambda' => array(
+	 * 		'type'      => 'error' | 'warning',
+	 * 		'message'   => 'Use anonymous functions instead please!',
+	 * 		'functions' => array( 'eval', 'create_function' ),
+	 * 	)
+	 * )
+	 *
+	 * @return array
+	 */
+	public function getGroups() {
+		return array(
+			'eval' => array(
+				'type'      => 'error',
+				'message'   => '%s is prohibited, please use anonymous functions instead.',
+				'functions' => array(
+					'eval',
+				),
+			),
+
+		);
+	} // end getGroups()
+
+} // End class.
diff --git a/WordPress/Sniffs/VIP/RestrictedFunctionsSniff.php b/WordPress/Sniffs/VIP/RestrictedFunctionsSniff.php
@@ -16,6 +16,15 @@
  * @since   0.10.0 The checks for `extract()` and the POSIX functions have been replaced by
  *                 the stand-alone sniffs WordPress_Sniffs_Functions_DontExtractSniff and
  *                 WordPress_Sniffs_PHP_POSIXFunctionsSniff respectively.
+ * @since   0.11.0 The checks for `create_function()`, `serialize()`/`unserialize()` and
+ *                 `urlencode` have been moved to the stand-alone sniff
+ *                 WordPress_Sniffs_PHP_DiscouragedFunctionsSniff.
+ *                 The checks for `parse_url()` hs been moved to the stand-alone sniff
+ *                 WordPress_Sniffs_WP_AlternativesFunctionsSniff.
+ *                 The checks for `eval()` hs been moved to the stand-alone sniff
+ *                 WordPress_Sniffs_PHP_RestrictedFunctionsSniff.
+ *                 The checks for PHP developer functions, `error_reporting` and `phpinfo`have been
+ *                 moved to the stand-alone sniff WordPress_Sniffs_PHP_DevelopmentFunctionsSniff.
  */
 class WordPress_Sniffs_VIP_RestrictedFunctionsSniff extends WordPress_AbstractFunctionRestrictionsSniff {
 
@@ -41,24 +50,6 @@ public function getGroups() {
 				'functions' => array( 'switch_to_blog' ),
 			),
 
-			// @link https://vip.wordpress.com/documentation/vip/code-review-what-we-look-for/#eval-and-create_function
-			'create_function' => array(
-				'type'      => 'warning',
-				'message'   => '%s is discouraged, please use Anonymous functions instead.',
-				'functions' => array(
-					'create_function',
-				),
-			),
-
-			// @link https://vip.wordpress.com/documentation/vip/code-review-what-we-look-for/#eval-and-create_function
-			'eval' => array(
-				'type'      => 'error',
-				'message'   => '%s is prohibited, please use Anonymous functions instead.',
-				'functions' => array(
-					'eval',
-				),
-			),
-
 			'file_get_contents' => array(
 				'type'      => 'warning',
 				'message'   => '%s is highly discouraged, please use wpcom_vip_file_get_contents() instead.',
@@ -234,15 +225,6 @@ public function getGroups() {
 				),
 			),
 
-			// @link https://vip.wordpress.com/documentation/vip/code-review-what-we-look-for/#use-wp_parse_url-instead-of-parse_url
-			'parse_url' => array(
-				'type'      => 'warning',
-				'message'   => '%s is discouraged due to a lack for backwards-compatibility in PHP versions; please use wp_parse_url() instead.',
-				'functions' => array(
-					'parse_url',
-				),
-			),
-
 			'get_intermediate_image_sizes' => array(
 				'type'      => 'error',
 				'message'   => 'Intermediate images do not exist on the VIP platform, and thus get_intermediate_image_sizes() returns an empty array() on the platform. This behavior is intentional to prevent WordPress from generating multiple thumbnails when images are uploaded.',
@@ -251,29 +233,6 @@ public function getGroups() {
 				),
 			),
 
-			// @link https://vip.wordpress.com/documentation/vip/code-review-what-we-look-for/#serializing-data
-			'serialize' => array(
-				'type'      => 'warning',
-				'message'   => '%s Serialized data has <a href=\'https://www.owasp.org/index.php/PHP_Object_Injection\'>known vulnerability problems</a> with Object Injection. JSON is generally a better approach for serializing data.',
-				'functions' => array(
-					'serialize',
-					'unserialize',
-				),
-			),
-
-			// @link https://vip.wordpress.com/documentation/vip/code-review-what-we-look-for/#commented-out-code-debug-code-or-output
-			'error_log' => array(
-				'type'      => 'error',
-				'message'   => '%s Debug code is not allowed on VIP Production',
-				'functions' => array(
-					'error_log',
-					'var_dump',
-					'print_r',
-					'trigger_error',
-					'set_error_handler',
-				),
-			),
-
 			// @link https://vip.wordpress.com/documentation/vip/code-review-what-we-look-for/#use-wp_safe_redirect-instead-of-wp_redirect
 			'wp_redirect' => array(
 				'type'     => 'warning',
@@ -292,15 +251,6 @@ public function getGroups() {
 				),
 			),
 
-			// @link https://vip.wordpress.com/documentation/vip/code-review-what-we-look-for/#encoding-values-used-when-creating-a-url-or-passed-to-add_query_arg
-			'urlencode' => array(
-				'type'      => 'warning',
-				'message'   => '%s should only be used when dealing with legacy applications, rawurlencode() should now be used instead. See http://php.net/manual/en/function.rawurlencode.php and http://www.faqs.org/rfcs/rfc3986.html',
-				'functions' => array(
-					'urlencode',
-				),
-			),
-
 			// @link https://vip.wordpress.com/documentation/vip/code-review-what-we-look-for/#settings-alteration
 			'runtime_configuration' => array(
 				'type'      => 'error',
@@ -320,15 +270,6 @@ public function getGroups() {
 				),
 			),
 
-			'prevent_path_disclosure' => array(
-				'type'      => 'error',
-				'message'   => '%s is prohibited as it can lead to full path disclosure.',
-				'functions' => array(
-					'error_reporting',
-					'phpinfo',
-				),
-			),
-
 		);
 	} // End getGroups().