diff --git a/HM-Minimum/ruleset.xml b/HM-Minimum/ruleset.xml
index d3ee6e63..e03236b6 100644
--- a/HM-Minimum/ruleset.xml
+++ b/HM-Minimum/ruleset.xml
@@ -154,13 +154,12 @@
-
+
-
-
-
+
+
diff --git a/HM/Sniffs/ExtraSniffCode.php b/HM/Sniffs/ExtraSniffCode.php
index a04a2007..f2c3bff0 100644
--- a/HM/Sniffs/ExtraSniffCode.php
+++ b/HM/Sniffs/ExtraSniffCode.php
@@ -2,6 +2,7 @@
namespace HM\Sniffs;
+use PHP_CodeSniffer\Files\File as PhpcsFile;
use PHP_CodeSniffer\Util;
trait ExtraSniffCode {
@@ -11,13 +12,14 @@ trait ExtraSniffCode {
* This allows overriding an existing sniff and retaining the existing
* ignore statements.
*
+ * @param PhpcsFile $file File being checked.
* @param string $legacy Legacy sniff code
*/
- protected function duplicate_ignores( $legacy ) {
+ protected function duplicate_ignores( PhpcsFile $file, $legacy ) {
$expression = sprintf( '/^%s(\..+)?$/', preg_quote( $legacy ) );
$base_code = Util\Common::getSniffCode( get_class( $this ) );
- foreach ( $this->phpcsFile->tokenizer->ignoredLines as $line => $ignored ) {
+ foreach ( $file->tokenizer->ignoredLines as $line => $ignored ) {
$additional = [];
if ( empty( $ignored ) ) {
@@ -38,7 +40,7 @@ protected function duplicate_ignores( $legacy ) {
}
if ( ! empty( $additional ) ) {
- $this->phpcsFile->tokenizer->ignoredLines[ $line ] = array_merge( $ignored, $additional );
+ $file->tokenizer->ignoredLines[ $line ] = array_merge( $ignored, $additional );
}
}
diff --git a/HM/Sniffs/Performance/SlowMetaQuerySniff.php b/HM/Sniffs/Performance/SlowMetaQuerySniff.php
index d5950e3a..b473b53d 100644
--- a/HM/Sniffs/Performance/SlowMetaQuerySniff.php
+++ b/HM/Sniffs/Performance/SlowMetaQuerySniff.php
@@ -4,6 +4,9 @@
use PHP_CodeSniffer\Files\File;
use PHP_CodeSniffer\Util\Tokens;
+use PHPCSUtils\Utils\Arrays;
+use PHPCSUtils\Utils\MessageHelper;
+use PHPCSUtils\Utils\TextStrings;
use WordPressCS\WordPress\AbstractArrayAssignmentRestrictionsSniff;
/**
@@ -104,7 +107,8 @@ protected function check_meta_query_item( int $array_open ) {
$array_open_token = $this->tokens[ $array_open ];
if ( $array_open_token['code'] !== T_ARRAY && $array_open_token['code'] !== T_OPEN_SHORT_ARRAY ) {
// Dynamic value, we can't check.
- $this->addMessage(
+ MessageHelper::addMessage(
+ $this->phpcsFile,
'meta_query is dynamic, cannot be checked.',
$array_open,
'warning',
@@ -114,7 +118,7 @@ protected function check_meta_query_item( int $array_open ) {
return;
}
- $array_bounds = $this->find_array_open_close( $array_open );
+ $array_bounds = Arrays::getOpenClose( $this->phpcsFile, $array_open );
$elements = $this->get_array_indices( $array_bounds['opener'], $array_bounds['closer'] );
// Is this a "first-order" query?
@@ -138,7 +142,7 @@ protected function check_meta_query_item( int $array_open ) {
foreach ( $elements as $element ) {
if ( isset( $element['index_start'] ) ) {
- $index = $this->strip_quotes( $this->tokens[ $element['index_start'] ]['content'] );
+ $index = TextStrings::stripQuotes( $this->tokens[ $element['index_start'] ]['content'] );
if ( strtolower( $index ) === 'relation' ) {
// Skip 'relation' element.
continue;
@@ -176,7 +180,7 @@ protected function get_static_value_for_element( array $element ) : ?string {
return static::DYNAMIC_VALUE;
}
- return $this->strip_quotes( $this->tokens[ $value_start ]['content'] );
+ return TextStrings::stripQuotes( $this->tokens[ $value_start ]['content'] );
}
/**
@@ -208,7 +212,7 @@ protected function find_key_in_array( array $elements, string $array_key ) : ?ar
continue;
}
- $index = $this->strip_quotes( $this->tokens[ $start ]['content'] );
+ $index = TextStrings::stripQuotes( $this->tokens[ $start ]['content'] );
if ( $index !== $array_key ) {
// Not the item we want, skip.
continue;
@@ -270,7 +274,8 @@ protected function check_compare_value( string $compare, int $stackPtr = null )
}
if ( $compare === static::DYNAMIC_VALUE ) {
- $this->addMessage(
+ MessageHelper::addMessage(
+ $this->phpcsFile,
'meta_query is using a dynamic comparison; this cannot be checked automatically, and may be non-performant.',
$stackPtr,
'warning',
@@ -278,7 +283,8 @@ protected function check_compare_value( string $compare, int $stackPtr = null )
);
} elseif ( $compare !== 'EXISTS' && $compare !== 'NOT EXISTS' ) {
// Add a message ourselves.
- $this->addMessage(
+ MessageHelper::addMessage(
+ $this->phpcsFile,
'meta_query is using %s comparison, which is non-performant.',
$stackPtr,
'warning',
diff --git a/HM/Sniffs/Performance/SlowOrderBySniff.php b/HM/Sniffs/Performance/SlowOrderBySniff.php
index 5c6a7d4c..c387125a 100644
--- a/HM/Sniffs/Performance/SlowOrderBySniff.php
+++ b/HM/Sniffs/Performance/SlowOrderBySniff.php
@@ -2,6 +2,7 @@
namespace HM\Sniffs\Performance;
+use PHPCSUtils\Utils\MessageHelper;
use WordPressCS\WordPress\AbstractArrayAssignmentRestrictionsSniff;
/**
@@ -61,7 +62,8 @@ public function callback( $key, $val, $line, $group ) {
case 'rand':
case 'meta_value':
case 'meta_value_num':
- $this->addMessage(
+ MessageHelper::addMessage(
+ $this->phpcsFile,
'Ordering query results by %s is not performant.',
$this->stackPtr,
'warning',
diff --git a/HM/Sniffs/Security/EscapeOutputSniff.php b/HM/Sniffs/Security/EscapeOutputSniff.php
index 8b1598ee..861113fe 100644
--- a/HM/Sniffs/Security/EscapeOutputSniff.php
+++ b/HM/Sniffs/Security/EscapeOutputSniff.php
@@ -14,6 +14,7 @@
*
* @see https://github.com/WordPress/WordPress-Coding-Standards/issues/1864
*/
+#[\AllowDynamicProperties]
class EscapeOutputSniff extends WPCSEscapeOutputSniff {
use ExtraSniffCode;
@@ -56,13 +57,13 @@ public function __construct() {
}
/**
- * Override init to duplicate any ignores.
+ * Override process to duplicate any ignores.
*
- * @param PhpcsFile $phpcsFile
+ * @param PhpcsFile $file
+ * @param int $stackPtr
*/
- protected function init( PhpcsFile $phpcsFile ) {
- parent::init( $phpcsFile );
-
- $this->duplicate_ignores( 'WordPress.Security.EscapeOutput' );
+ public function process( PhpcsFile $file, $stackPtr ) {
+ $this->duplicate_ignores( $file, 'WordPress.Security.EscapeOutput' );
+ return parent::process( $file, $stackPtr );
}
}
diff --git a/HM/Sniffs/Security/NonceVerificationSniff.php b/HM/Sniffs/Security/NonceVerificationSniff.php
index 20a9b61d..a1c09af8 100644
--- a/HM/Sniffs/Security/NonceVerificationSniff.php
+++ b/HM/Sniffs/Security/NonceVerificationSniff.php
@@ -27,17 +27,17 @@ class NonceVerificationSniff extends WPCSNonceVerificationSniff {
public $allowQueryVariables = false;
/**
- * Override init to override config and duplicate any ignores.
+ * Override process to override config and duplicate any ignores.
*
* @param PhpcsFile $phpcsFile
+ * @param int $stackPtr
*/
- public function init( PhpcsFile $file ) {
- parent::init( $file );
-
+ public function process( PhpcsFile $file, $stackPtr ) {
if ( $this->allowQueryVariables ) {
unset( $this->superglobals[ '$_GET' ] );
}
- $this->duplicate_ignores( 'WordPress.Security.NonceVerification' );
+ $this->duplicate_ignores( $file, 'WordPress.Security.NonceVerification' );
+ return parent::process( $file, $stackPtr );
}
}
diff --git a/HM/Sniffs/Security/ValidatedSanitizedInputSniff.php b/HM/Sniffs/Security/ValidatedSanitizedInputSniff.php
index 0d13bb4b..8104efdd 100644
--- a/HM/Sniffs/Security/ValidatedSanitizedInputSniff.php
+++ b/HM/Sniffs/Security/ValidatedSanitizedInputSniff.php
@@ -4,6 +4,8 @@
use HM\Sniffs\ExtraSniffCode;
use PHP_CodeSniffer\Files\File as PhpcsFile;
+use PHPCSUtils\Utils\TextStrings;
+use WordPressCS\WordPress\Helpers\VariableHelper;
use WordPressCS\WordPress\Sniffs\Security\ValidatedSanitizedInputSniff as WPCSValidatedSanitizedInputSniff;
class ValidatedSanitizedInputSniff extends WPCSValidatedSanitizedInputSniff {
@@ -34,14 +36,14 @@ class ValidatedSanitizedInputSniff extends WPCSValidatedSanitizedInputSniff {
];
/**
- * Override init to duplicate any ignores.
+ * Override process to duplicate any ignores.
*
* @param PhpcsFile $phpcsFile
+ * @param int $stackPtr
*/
- protected function init( PhpcsFile $phpcsFile ) {
- parent::init( $phpcsFile );
-
- $this->duplicate_ignores( 'WordPress.Security.ValidatedSanitizedInput' );
+ public function process( PhpcsFile $file, $stackPtr ) {
+ $this->duplicate_ignores( $file, 'WordPress.Security.ValidatedSanitizedInput' );
+ return parent::process( $file, $stackPtr );
}
/**
@@ -71,7 +73,7 @@ public function process_token( $stackPtr ) {
* @return bool True if this is a $_SERVER variable and is safe, false to run regular checks.
*/
protected function check_server_variable( $stackPtr ) {
- $key = $this->get_array_access_key( $stackPtr );
+ $key = VariableHelper::get_array_access_key( $this->phpcsFile, $stackPtr );
// Find the next non-whitespace token.
$open_bracket = $this->phpcsFile->findNext( T_WHITESPACE, ( $stackPtr + 1 ), null, true );
@@ -94,7 +96,7 @@ protected function check_server_variable( $stackPtr ) {
}
// Constant string, check if it's allowed.
- $key = $this->strip_quotes( $this->tokens[ $index_token ]['content'] );
+ $key = TextStrings::stripQuotes( $this->tokens[ $index_token ]['content'] );
if ( ! in_array( $key, $this->allowedServerKeys, true ) ) {
// Unsafe key, requires sanitising.
return false;
diff --git a/HM/ruleset.xml b/HM/ruleset.xml
index 8e472a4d..10670a54 100644
--- a/HM/ruleset.xml
+++ b/HM/ruleset.xml
@@ -24,9 +24,9 @@
-
-
-
+
+
+
-
+
-
+
-
+
diff --git a/composer.json b/composer.json
index 4a0c621a..24ca041d 100644
--- a/composer.json
+++ b/composer.json
@@ -5,8 +5,8 @@
"license": "GPL-2.0-or-later",
"require": {
"php": ">=7.1",
- "wp-coding-standards/wpcs": "2.3.0",
- "automattic/vipwpcs": "2.0.0",
+ "wp-coding-standards/wpcs": "~3.0.0",
+ "automattic/vipwpcs": "~3.0.0",
"fig-r/psr2r-sniffer": "^0.5.0",
"phpcompatibility/phpcompatibility-wp": "^2.0.0",
"squizlabs/php_codesniffer": "~3.5",
diff --git a/tests/bootstrap.php b/tests/bootstrap.php
index 1afd902e..025aff9b 100644
--- a/tests/bootstrap.php
+++ b/tests/bootstrap.php
@@ -27,4 +27,5 @@
require dirname( __DIR__ ) . '/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Security/NonceVerificationSniff.php';
require dirname( __DIR__ ) . '/vendor/wp-coding-standards/wpcs/WordPress/PHPCSHelper.php';
require dirname( __DIR__ ) . '/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Security/EscapeOutputSniff.php';
+require dirname( __DIR__ ) . '/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Security/NonceVerificationSniff.php';
require dirname( __DIR__ ) . '/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/Security/ValidatedSanitizedInputSniff.php';