Warn about __FILE__ for page registration

Sniffs/VIP/PluginMenuSlugSniff.php

@@ -0,0 +1,73 @@
+<?php
+/**
+ * Warn about __FILE__ for page registration
+ *
+ * @category PHP
+ * @package  PHP_CodeSniffer
+ * @author   Shady Sharaf <shady@x-team.com>
+ */
+class WordPress_Sniffs_VIP_PluginMenuSlugSniff implements PHP_CodeSniffer_Sniff
+{
+
+	public $add_menu_functions = array(
+		'add_menu_page',
+		'add_object_page',
+		'add_utility_page',
+		'add_submenu_page',
+		'add_dashboard_page',
+		'add_posts_page',
+		'add_media_page',
+		'add_links_page',
+		'add_pages_page',
+		'add_comments_page',
+		'add_theme_page',
+		'add_plugins_page',
+		'add_users_page',
+		'add_management_page',
+		'add_options_page',
+		);
+
+	/**
+	 * Returns an array of tokens this test wants to listen for.
+	 *
+	 * @return array
+	 */
+	public function register()
+	{
+		return array(
+				T_STRING,
+			   );
+
+	}//end register()
+
+
+	/**
+	 * Processes this test, when one of its tokens is encountered.
+	 *
+	 * @param PHP_CodeSniffer_File $phpcsFile The file being scanned.
+	 * @param int                  $stackPtr  The position of the current token
+	 *                                        in the stack passed in $tokens.
+	 *
+	 * @return void
+	 */
+	public function process( PHP_CodeSniffer_File $phpcsFile, $stackPtr )
+	{
+		$tokens = $phpcsFile->getTokens();
+		$token  = $tokens[$stackPtr];
+
+		if ( ! in_array( $token['content'], $this->add_menu_functions ) ) {
+			return;
+		}
+
+		$opening = $phpcsFile->findNext( T_OPEN_PARENTHESIS, $stackPtr );
+		$closing = $tokens[$opening]['parenthesis_closer'];
+
+		$string = $phpcsFile->findNext( T_FILE, $opening, $closing, null, '__FILE__', true );
+
+		if ( $string ) {
+			$phpcsFile->addError( 'Using __FILE__ for menu slugs risks exposing filesystem structure.', $stackPtr );
+		}
+
+	}//end process()
+
+}//end class

Tests/VIP/PluginMenuSlugUnitTest.inc

@@ -0,0 +1,7 @@
+<?php
+
+add_menu_page( $page_title, $menu_title, $capability, __FILE__, $function, $icon_url, $position ); // bad
+
+add_dashboard_page( $page_title, $menu_title, $capability, __FILE__, $function); // bad
+
+add_submenu_page( $parent_slug, $page_title, $menu_title, $capability, 'awesome-submenu-page', $function ); // ok

Tests/VIP/PluginMenuSlugUnitTest.php

@@ -0,0 +1,47 @@
+<?php
+/**
+ * A sniff unit test checks a .inc file for expected violations of a single
+ * coding standard. Expected errors and warnings are stored in this class.
+ *
+ * @category  PHP
+ * @package   PHP_CodeSniffer
+ * @author    Shady Sharaf <shady@x-team.com>
+ */
+class WordPress_Tests_VIP_PluginMenuSlugUnitTest extends AbstractSniffUnitTest
+{
+
+		/**
+		 * Returns the lines where errors should occur.
+		 *
+		 * The key of the array should represent the line number and the value
+		 * should represent the number of errors that should occur on that line.
+		 *
+		 * @return array(int => int)
+		 */
+		public function getErrorList()
+		{
+			return array(
+				3 => 1,
+				5 => 1,
+				);
+
+		}//end getErrorList()
+
+
+		/**
+		 * Returns the lines where warnings should occur.
+		 *
+		 * The key of the array should represent the line number and the value
+		 * should represent the number of warnings that should occur on that line.
+		 *
+		 * @return array(int => int)
+		 */
+		public function getWarningList()
+		{
+			return array(
+					);
+
+		}//end getWarningList()
+
+
+}//end class