Add a sniff to detect the usage of the backtick operator. #1073
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
5 tasks
| { | ||
| $errors = array(); | ||
|
|
||
| if ($this->isSafeModeEnabled() === false) { |
There was a problem hiding this comment.
Instead you can:
- also expect errors
- add
shouldSkipTestfunction that would call$this->isSafeModeEnabled() === false - in fact you can inline the
isSafeModeEnabledfunction intoshouldSkipTest
There was a problem hiding this comment.
Good point - adjusting now.
There was a problem hiding this comment.
Originally I intended to check for the backtick character in other tokens when safe mode was enabled and throw a warning, but decided against it. This code was left behind from that.
jrfnl
force-pushed
the
feature/no-backtick-eval
branch
from
0f1b06d
to
4b38d66
Compare
jrfnl
force-pushed
the
feature/no-backtick-eval
branch
from
4b38d66
to
4543ab2
Compare
gsherwood
added a commit
that referenced
this pull request
Jul 26, 2016
|
I ended up making the error message say "forbidden" instead of "strongly discouraged" because it was an error instead of a warning, and it also matches other error messages. But the message and type (error/warning) can be overridden in a ruleset.xml file, so I don't think that should be a problem. Thanks for the new sniff. |
jrfnl
added a commit
to WordPress/WordPress-Coding-Standards
that referenced
this pull request
Jul 26, 2016
… to `extra`. Execution of shell commands should be discouraged. A number of the other commands along the same lines are discouraged via function sniffs, however, the backtick operator was so far ignored. For this sniff to be added, the minimum PHPCS version needs to be upped as it has only just been added in the latest release. See: squizlabs/PHP_CodeSniffer#1073
|
@gsherwood That's absolutely fine by me and shouldn't be an issue for the depending projects (in my case). |
jrfnl
added a commit
to WordPress/WordPress-Coding-Standards
that referenced
this pull request
Jul 28, 2016
… to `extra`. Execution of shell commands should be discouraged. A number of the other commands along the same lines are discouraged via function sniffs, however, the backtick operator was so far ignored. For this sniff to be added, the minimum PHPCS version needs to be upped as it has only just been added in the latest release. See: squizlabs/PHP_CodeSniffer#1073
jrfnl
added a commit
to WordPress/WordPress-Coding-Standards
that referenced
this pull request
Aug 18, 2016
… to `extra`. Execution of shell commands should be discouraged. A number of the other commands along the same lines are discouraged via function sniffs, however, the backtick operator was so far ignored. For this sniff to be added, the minimum PHPCS version needs to be upped as it has only just been added in the latest release. See: squizlabs/PHP_CodeSniffer#1073
jrfnl
added a commit
to WordPress/WordPress-Coding-Standards
that referenced
this pull request
Aug 26, 2016
… to `extra`. Execution of shell commands should be discouraged. A number of the other commands along the same lines are discouraged via function sniffs, however, the backtick operator was so far ignored. For this sniff to be added, the minimum PHPCS version needs to be upped as it has only just been added in the latest release. See: squizlabs/PHP_CodeSniffer#1073
jrfnl
added a commit
to WordPress/WordPress-Coding-Standards
that referenced
this pull request
Sep 6, 2016
… to `extra`. Execution of shell commands should be discouraged. A number of the other commands along the same lines are discouraged via function sniffs, however, the backtick operator was so far ignored. For this sniff to be added, the minimum PHPCS version needs to be upped as it has only just been added in the latest release. See: squizlabs/PHP_CodeSniffer#1073
jrfnl
added a commit
to WPTT/WPThemeReview
that referenced
this pull request
Sep 6, 2016
Execution of shell commands should be discouraged. A number of the other commands along the same lines are discouraged via function sniffs, however, the backtick operator was so far ignored. For this sniff to be added, the minimum PHPCS version needs to be upped as it has only just been added in the latest release. See: squizlabs/PHP_CodeSniffer#1073
jrfnl
added a commit
to WordPress/WordPress-Coding-Standards
that referenced
this pull request
Sep 7, 2016
… to `extra`. Execution of shell commands should be discouraged. A number of the other commands along the same lines are discouraged via function sniffs, however, the backtick operator was so far ignored. For this sniff to be added, the minimum PHPCS version needs to be upped as it has only just been added in the latest release. See: squizlabs/PHP_CodeSniffer#1073
jrfnl
added a commit
to WordPress/WordPress-Coding-Standards
that referenced
this pull request
Sep 11, 2016
… to `extra`. Execution of shell commands should be discouraged. A number of the other commands along the same lines are discouraged via function sniffs, however, the backtick operator was so far ignored. For this sniff to be added, the minimum PHPCS version needs to be upped as it has only just been added in the latest release. See: squizlabs/PHP_CodeSniffer#1073
jrfnl
added a commit
to WPTT/WPThemeReview
that referenced
this pull request
Oct 27, 2016
Execution of shell commands should be discouraged. A number of the other commands along the same lines are discouraged via function sniffs, however, the backtick operator was so far ignored. For this sniff to be added, the minimum PHPCS version needs to be upped as it has only just been added in the latest release. See: squizlabs/PHP_CodeSniffer#1073
grappler
pushed a commit
to WPTT/WPThemeReview
that referenced
this pull request
Oct 27, 2016
#86) Execution of shell commands should be discouraged. A number of the other commands along the same lines are discouraged via function sniffs, however, the backtick operator was so far ignored. For this sniff to be added, the minimum PHPCS version needs to be upped as it has only just been added in the latest release. See: squizlabs/PHP_CodeSniffer#1073
grappler
pushed a commit
to grappler/WordPress-Coding-Standards
that referenced
this pull request
Feb 10, 2017
WordPress#86) Execution of shell commands should be discouraged. A number of the other commands along the same lines are discouraged via function sniffs, however, the backtick operator was so far ignored. For this sniff to be added, the minimum PHPCS version needs to be upped as it has only just been added in the latest release. See: squizlabs/PHP_CodeSniffer#1073
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Working on a project now which wants to add a sniff like this as part of their security-sniffs and figured it would be re-usable for others as well.