-
-
Notifications
You must be signed in to change notification settings - Fork 480
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #633 from grappler/feature/discouraged-functions
Modularizing the discouraged functions
- Loading branch information
Showing
29 changed files
with
2,226 additions
and
340 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
<?php | ||
/** | ||
* WordPress Coding Standard. | ||
* | ||
* @package WPCS\WordPressCodingStandards | ||
* @link https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards | ||
* @license https://opensource.org/licenses/MIT MIT | ||
*/ | ||
|
||
/** | ||
* Restrict the use of various development functions. | ||
* | ||
* @package WPCS\WordPressCodingStandards | ||
* | ||
* @since 0.11.0 | ||
*/ | ||
class WordPress_Sniffs_PHP_DevelopmentFunctionsSniff extends WordPress_AbstractFunctionRestrictionsSniff { | ||
|
||
/** | ||
* Groups of functions to restrict. | ||
* | ||
* Example: groups => array( | ||
* 'lambda' => array( | ||
* 'type' => 'error' | 'warning', | ||
* 'message' => 'Use anonymous functions instead please!', | ||
* 'functions' => array( 'eval', 'create_function' ), | ||
* ) | ||
* ) | ||
* | ||
* @return array | ||
*/ | ||
public function getGroups() { | ||
return array( | ||
'error_log' => array( | ||
'type' => 'warning', | ||
'message' => '%s() found. Debug code should not normally be used in production.', | ||
'functions' => array( | ||
'error_log', | ||
'var_dump', | ||
'var_export', | ||
'print_r', | ||
'trigger_error', | ||
'set_error_handler', | ||
'debug_backtrace', | ||
'debug_print_backtrace', | ||
'wp_debug_backtrace_summary', | ||
), | ||
), | ||
|
||
'prevent_path_disclosure' => array( | ||
'type' => 'warning', | ||
'message' => '%s() can lead to full path disclosure.', | ||
'functions' => array( | ||
'error_reporting', | ||
'phpinfo', | ||
), | ||
), | ||
|
||
); | ||
} // end getGroups() | ||
|
||
} // end class |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,108 @@ | ||
<?php | ||
/** | ||
* WordPress Coding Standard. | ||
* | ||
* @package WPCS\WordPressCodingStandards | ||
* @link https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards | ||
* @license https://opensource.org/licenses/MIT MIT | ||
*/ | ||
|
||
/** | ||
* Discourages the use of various native PHP functions and suggests alternatives. | ||
* | ||
* @package WPCS\WordPressCodingStandards | ||
* | ||
* @since 0.11.0 | ||
*/ | ||
class WordPress_Sniffs_PHP_DiscouragedPHPFunctionsSniff extends WordPress_AbstractFunctionRestrictionsSniff { | ||
|
||
/** | ||
* Groups of functions to discourage. | ||
* | ||
* Example: groups => array( | ||
* 'lambda' => array( | ||
* 'type' => 'error' | 'warning', | ||
* 'message' => 'Use anonymous functions instead please!', | ||
* 'functions' => array( 'eval', 'create_function' ), | ||
* ) | ||
* ) | ||
* | ||
* @return array | ||
*/ | ||
public function getGroups() { | ||
return array( | ||
'create_function' => array( | ||
'type' => 'warning', | ||
'message' => '%s() is discouraged, please use anonymous functions instead.', | ||
'functions' => array( | ||
'create_function', | ||
), | ||
), | ||
|
||
'serialize' => array( | ||
'type' => 'warning', | ||
'message' => '%s() found. Serialized data has known vulnerability problems with Object Injection. JSON is generally a better approach for serializing data. See https://www.owasp.org/index.php/PHP_Object_Injection', | ||
'functions' => array( | ||
'serialize', | ||
'unserialize', | ||
), | ||
), | ||
|
||
'urlencode' => array( | ||
'type' => 'warning', | ||
'message' => '%s() should only be used when dealing with legacy applications rawurlencode() should now be used instead. See http://php.net/manual/en/function.rawurlencode.php and http://www.faqs.org/rfcs/rfc3986.html', | ||
'functions' => array( | ||
'urlencode', | ||
), | ||
), | ||
|
||
'runtime_configuration' => array( | ||
'type' => 'warning', | ||
'message' => '%s() found. Changing configuration at runtime is rarely necessary.', | ||
'functions' => array( | ||
'error_reporting', | ||
'ini_alter', | ||
'ini_restore', | ||
'ini_set', | ||
'apache_setenv', | ||
'putenv', | ||
'set_include_path', | ||
'restore_include_path', | ||
// This alias was DEPRECATED in PHP 5.3.0, and REMOVED as of PHP 7.0.0. | ||
'magic_quotes_runtime', | ||
// Warning This function was DEPRECATED in PHP 5.3.0, and REMOVED as of PHP 7.0.0. | ||
'set_magic_quotes_runtime', | ||
// Warning This function was removed from most SAPIs in PHP 5.3.0, and was removed from PHP-FPM in PHP 7.0.0. | ||
'dl', | ||
), | ||
), | ||
|
||
'system_calls' => array( | ||
'type' => 'warning', | ||
'message' => '%s() found. PHP system calls are often disabled by server admins.', | ||
'functions' => array( | ||
'exec', | ||
'passthru', | ||
'proc_open', | ||
'shell_exec', | ||
'system', | ||
'popen', | ||
), | ||
), | ||
|
||
'obfuscation' => array( | ||
'type' => 'warning', | ||
'message' => '%s() can be used to obfuscate code which is strongly discouraged. Please verify that the function is used for benign reasons.', | ||
'functions' => array( | ||
'base64_decode', | ||
'base64_encode', | ||
'convert_uudecode', | ||
'convert_uuencode', | ||
'str_rot13', | ||
), | ||
), | ||
|
||
); | ||
} // end getGroups() | ||
|
||
} // End class. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.