2.8.1 - 2017-03-01

Security Advisory

• This release contains a fix for a security advisory related to the improper handling of shell commands
  • Uses of shell_exec() and exec() were not escaping filenames and configuration settings in most cases
  • A properly crafted filename or configuration option would allow for arbitrary code execution when using some features
  • All users are encouraged to upgrade to this version, especially if you are checking 3rd-party code
    • e.g., you run PHPCS over libraries that you did not write
    • e.g., you provide a web service that runs PHPCS over user-uploaded files or 3rd-party repositories
    • e.g., you allow external tool paths to be set by user-defined values
  • If you are unable to upgrade but you check 3rd-party code, ensure you are not using the following features:
    • The diff report
    • The notify-send report
    • The Generic.PHP.Syntax sniff
    • The Generic.Debug.CSSLint sniff
    • The Generic.Debug.ClosureLinter sniff
    • The Generic.Debug.JSHint sniff
    • The Squiz.Debug.JSLint sniff
    • The Squiz.Debug.JavaScriptLint sniff
    • The Zend.Debug.CodeAnalyzer sniff
  • Thanks to Klaus Purer for the report

Other Changes

• The PHP-supplied T_COALESCE_EQUAL token has been replicated for PHP versions before 7.2
• PEAR.Functions.FunctionDeclaration now reports an error for blank lines found inside a function declaration
• PEAR.Functions.FunctionDeclaration no longer reports indent errors for blank lines in a function declaration
• Squiz.Functions.MultiLineFunctionDeclaration no longer reports errors for blank lines in a function declaration
  • It would previously report that only one argument is allowed per line
• Squiz.Commenting.FunctionComment now corrects multi-line param comment padding more accurately
• Squiz.Commenting.FunctionComment now properly fixes pipe-separated param types
• Squiz.Commenting.FunctionComment now works correctly when function return types also contain a comment
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.ControlStructures.InlineIfDeclaration now supports the elvis operator
  • As this is not a real PHP operator, it enforces no spaces between ? and : when the THEN statement is empty
• Squiz.ControlStructures.InlineIfDeclaration is now able to fix the spacing errors it reports
• Fixed bug #1340 : STDIN file contents not being populated in some cases
  • Thanks to David Biňovec for the patch
• Fixed bug #1344 : PEAR.Functions.FunctionCallSignatureSniff throws error for blank comment lines
• Fixed bug #1347 : PSR2.Methods.FunctionCallSignature strips some comments during fixing
  • Thanks to Algirdas Gurevicius for the patch
• Fixed bug #1349 : Squiz.Strings.DoubleQuoteUsage.NotRequired message is badly formatted when string contains a CR newline char
  • Thanks to Algirdas Gurevicius for the patch
• Fixed bug #1350 : Invalid Squiz.Formatting.OperatorBracket error when using namespaces
• Fixed bug #1369 : Empty line in multi-line function declaration cause infinite loop

3.0.0RC3 - 2017-02-02

• Added support for ES6 class declarations
  • Previously, these class were tokenized as JS objects but are now tokenized as normal T_CLASS structures
• Added support for ES6 method declarations, where the "function" keyword is not used
  • Previously, these methods were tokenized as JS objects (fixes bug #1251)
  • The name of the ES6 method is now assigned the T_FUNCTION keyword and treated like a normal function
  • Custom sniffs that support JS and listen for T_FUNCTION tokens can't assume the token represents the word "function"
  • Check the contents of the token first, or use $phpcsFile->getDeclarationName($stackPtr) if you just want its name
  • There is no change for custom sniffs that only check PHP code
• PHPCBF exit codes have been changed so they are now more useful (request #1270)
  • Exit code 0 is now used to indicate that no fixable errors were found, and so nothing was fixed
  • Exit code 1 is now used to indicate that all fixable errors were fixed correctly
  • Exit code 2 is now used to indicate that PHPCBF failed to fix some of the fixable errors it found
  • Exit code 3 is now used for general script execution errors
• Added PEAR.Commenting.FileComment.ParamCommentAlignment to check alignment of multi-line param comments
• Includes all changes from the 2.8.0 release
• Fixed an issue where excluding a file using a @codingStandardsIgnoreFile comment would produce errors
  • For PHPCS, it would show empty files being processed
  • For PHPCBF, it would produce a PHP error
• Fixed bug #1233 : Can't set config data inside ruleset.xml file
• Fixed bug #1241 : CodeSniffer.conf not working with 3.x PHAR file

2.8.0 - 2017-02-02

• The Internal.NoCodeFound error is no longer generated for content sourced from STDIN
  • This should stop some Git hooks generating errors because PHPCS is trying to process the refs passed on STDIN
• Squiz.Commenting.DocCommentAlignment now checks comments on class properties defined using the VAR keyword
  • Thanks to Klaus Purer for the patch
• The getMethodParameters() method now recognises "self" as a valid type hint
  • The return array now contains a new "content" index containing the raw content of the param definition
  • Thanks to Juliette Reinders Folmer for the patch
• The getMethodParameters() method now supports nullable types
  • The return array now contains a new "nullable_type" index set to true or false for each method param
  • Thanks to Juliette Reinders Folmer for the patch
• The getMethodParameters() method now supports closures
  • Thanks to Juliette Reinders Folmer for the patch
• Added more guard code for JS files with syntax errors (request #1271 and request #1272)
• Added more guard code for CSS files with syntax errors (request #1304)
• PEAR.Commenting.FunctionComment fixers now correctly handle multi-line param comments
• AbstractVariableSniff now supports anonymous classes
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.NamingConventions.ConstructorName and PEAR.NamingConventions.ValidVariable now support anonymous classes
• Generic.NamingConventions.CamelCapsFunctionName and PEAR.NamingConventions.ValidFunctionName now support anonymous classes
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.CodeAnalysis.UnusedFunctionParameter and PEAR.Functions.ValidDefaultValue now support closures
  • Thanks to Juliette Reinders Folmer for the patch
• PEAR.NamingConventions.ValidClassName and Squiz.Classes.ValidClassName now support traits
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.Functions.FunctionCallArgumentSpacing now supports closures other PHP-provided functions
  • Thanks to Algirdas Gurevicius for the patch
• Fixed an error where a nullable type character was detected as an inline then token
  • A new T_NULLABLE token has been added to represent the ? nullable type character
  • Thanks to Jaroslav Hanslík for the patch
• Squiz.WhiteSpace.SemicolonSpacing no longer removes comments while fixing the placement of semicolons
  • Thanks to Algirdas Gurevicius for the patch
• Fixed bug #1230 : JS tokeniser incorrectly tokenises bitwise shifts as comparison
  • Thanks to Ryan McCue for the patch
• Fixed bug #1237 : Uninitialized string offset in PHP Tokenizer on PHP 5.2
• Fixed bug #1239 : Warning when static method name is 'default'
• Fixed bug #1240 : False positive for function names starting with triple underscore
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #1245 : SELF is not recognised as T_SELF token in: return new self
• Fixed bug #1246 : A mix of USE statements with and without braces can cause the tokenizer to mismatch brace tokens
  • Thanks to Michał Bundyra for the patch
• Fixed bug #1249 : GitBlame report requires a .git directory
• Fixed bug #1252 : Squiz.Strings.ConcatenationSpacing fix creates syntax error when joining a number to a string
• Fixed bug #1253 : Generic.ControlStructures.InlineControlStructure fix creates syntax error fixing if-try/catch
• Fixed bug #1255 : Inconsistent indentation check results when ELSE on new line
• Fixed bug #1257 : Double dash in CSS class name can lead to "Named colours are forbidden" false positives
• Fixed bug #1260 : Syntax errors not being shown when error_prepend_string is set
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #1264 : Array return type hint is sometimes detected as T_ARRAY_HINT instead of T_RETURN_TYPE
  • Thanks to Jaroslav Hanslík for the patch
• Fixed bug #1265 : ES6 arrow function raises unexpected operator spacing errors
• Fixed bug #1267 : Fixer incorrectly handles filepaths with repeated dir names
  • Thanks to Sergey Ovchinnikov for the patch
• Fixed bug #1276 : Commenting.FunctionComment.InvalidReturnVoid conditional issue with anonymous classes
• Fixed bug #1277 : Squiz.PHP.DisallowMultipleAssignments.Found error when var assignment is on the same line as an open tag
• Fixed bug #1284 : Squiz.Arrays.ArrayBracketSpacing.SpaceBeforeBracket false positive match for short list syntax

3.0.0RC2 - 2016-11-30

• Fixed an undefined var name error that could be produced while running PHPCBF
• Made the Runner class easier to use with wrapper scripts
• Full usage information is no longer printed when a usage error is encountered (request #1186)
  • Makes it a lot easier to find and read the error message that was printed
• Includes all changes from the 2.7.1 release
• Fixed bug #1167 : 3.0.0RC1 PHAR does not work with PEAR standard
• Fixed bug #1208 : Excluding files doesn't work when using STDIN with a filename specified

2.7.1 - 2016-11-30

• Squiz.ControlStructures.ControlSignature.SpaceAfterCloseParenthesis fix now removes unnecessary whitespace
• Squiz.Formatting.OperatorBracket no longer errors for negative array indexes used within a function call
• Squiz.PHP.EmbeddedPhp no longer expects a semicolon after statements that are only opening a scope
• Fixed a problem where the content of T_DOC_COMMENT_CLOSE_TAG tokens could sometimes be (boolean) false
• Developers of custom standards with custom test runners can now have their standards ignored by the built-in test runner
  • Set the value of an environment variable called PHPCS_IGNORE_TESTS with a comma separated list of your standard names
  • Thanks to Juliette Reinders Folmer for the patch
• The unit test runner now loads the test sniff outside of the standard's ruleset so that exclude rules do not get applied
  • This may have caused problems when testing custom sniffs inside custom standards
  • Also makes the unit tests runs a little faster
• The SVN pre-commit hook now works correctly when installed via composer
  • Thanks to Sergey for the patch
• Fixed bug #1135 : PEAR.ControlStructures.MultiLineCondition.CloseBracketNewLine not detected if preceded by multiline function call
• Fixed bug #1138 : PEAR.ControlStructures.MultiLineCondition.Alignment not detected if closing brace is first token on line
• Fixed bug #1141 : Sniffs that check EOF newlines don't detect newlines properly when the last token is a doc block
• Fixed bug #1150 : Squiz.Strings.EchoedStrings does not properly fix bracketed statements
• Fixed bug #1156 : Generic.Formatting.DisallowMultipleStatements errors when multiple short echo tags are used on the same line
  • Thanks to Nikola Kovacs for the patch
• Fixed bug #1161 : Absolute report path is treated like a relative path if it also exists within the current directory
• Fixed bug #1170 : Javascript regular expression literal not recognized after comparison operator
• Fixed bug #1180 : Class constant named FUNCTION is incorrectly tokenized
• Fixed bug #1181 : Squiz.Operators.IncrementDecrementUsage.NoBrackets false positive when incrementing properties
  • Thanks to Jürgen Henge-Ernst for the patch
• Fixed bug #1188 : Generic.WhiteSpace.ScopeIndent issues with inline HTML and multi-line function signatures
• Fixed bug #1190 : phpcbf on if/else with trailing comment generates erroneous code
• Fixed bug #1191 : Javascript sniffer fails with function called "Function"
• Fixed bug #1203 : Inconsistent behavior of PHP_CodeSniffer_File::findEndOfStatement
• Fixed bug #1218 : CASE conditions using class constants named NAMESPACE/INTERFACE/TRAIT etc are incorrectly tokenized
• Fixed bug #1221 : Indented function call with multiple closure arguments can cause scope indent error
• Fixed bug #1224 : PHPCBF fails to fix code with heredoc/nowdoc as first argument to a function

3.0.0RC1 - 2016-09-02

• Progress output now shows E and W in green when a file has fixable errors or warnings
  • Only supported if colors are enabled
• PHPCBF no longer produces verbose output by default (request #699)
  • Use the -v command line argument to show verbose fixing output
  • Use the -q command line argument to disable verbose information if enabled by default
• PHPBF now prints a summary report after fixing files
  • Report shows files that were fixed, how many errors were fixed, and how many remain
• PHPCBF now supports the -p command line argument to print progress information
  • Prints a green F for files where fixes occurred
  • Prints a red E for files that could not be fixed due to an error
  • Use the -q command line argument to disable progress information if enabled by default
• Running unit tests using --verbose no longer throws errors
• Fixed shell error appearing on some systems when trying to find executable paths
• Includes all changes from the 2.7.0 release

2.7.0 - 2016-09-02

• Added --file-list command line argument to allow a list of files and directories to be specified in an external file
  • Useful is you have a generated list of files to check that would be too long for the command line
  • File and directory paths are listed one per line
  • Usage is: phpcs --file-list=/path/to/file-list ...
  • Thanks to Blotzu for the patch
• Values set using @codingStandardsChangeSetting comments can now contain spaces
• Sniff unit tests can now specify a list of test files instead of letting the runner pick them (request #1078)
  • Useful if a sniff needs to exclude files based on the environment, or is checking filenames
  • Override the new getTestFiles() method to specify your own list of test files
• Generic.Functions.OpeningFunctionBraceKernighanRitchie now ignores spacing for function return types
  • The sniff code Generic.Functions.OpeningFunctionBraceKernighanRitchie.SpaceAfterBracket has been removed
  • Replaced by Generic.Functions.OpeningFunctionBraceKernighanRitchie.SpaceBeforeBrace
  • The new error message is slightly clearer as it indicates that a single space is needed before the brace
• Squiz.Commenting.LongConditionClosingComment now allows for the length of a code block to be configured
  • Set the lineLimit property (default is 20) in your ruleset.xml file to set the code block length
  • When the code block length is reached, the sniff will enforce a closing comment after the closing brace
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.Commenting.LongConditionClosingComment now allows for the end comment format to be configured
  • Set the commentFormat property (default is "//end %s") in your ruleset.xml file to set the format
  • The placeholder %s will be replaced with the type of condition opener, e.g., "//end foreach"
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.PHPForbiddenFunctions now allows forbidden functions to have mixed case
  • Previously, it would only do a strtolower comparison
  • Error message now shows what case was found in the code and what the correct case should be
  • Thanks to Juliette Reinders Folmer for the patch
• Added Generic.Classes.OpeningBraceSameLine to ensure opening brace of class/interface/trait is on the same line as the declaration
  • Thanks to Juliette Reinders Folmer for the patch
• Added Generic.PHP.BacktickOperator to ban the use of the backtick operator for running shell commands
  • Thanks to Juliette Reinders Folmer for the patch
• Added Generic.PHP.DisallowAlternativePHPTags to ban the use of alternate PHP tags
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.WhiteSpace.LanguageConstructSpacing no longer checks for spaces if parenthesis are being used (request #1062)
  • Makes this sniff more compatibile with those that check parenthesis spacing of function calls
• Squiz.WhiteSpace.ObjectOperatorSpacing now has a setting to ignore newline characters around object operators
  • Default remains FALSE, so newlines are not allowed
  • Override the "ignoreNewlines" setting in a ruleset.xml file to change
  • Thanks to Alex Howansky for the patch
• Squiz.Scope.MethodScope now sniffs traits as well as classes and interfaces
  • Thanks to Jesse Donat for the patch
• PHPCBF is now able to fix Squiz.SelfMemberReference.IncorrectCase errors
  • Thanks to Nikola Kovacs for the patch
• PHPCBF is now able to fix Squiz.Commenting.VariableComment.IncorrectVarType
  • Thanks to Walt Sorensen for the patch
• PHPCBF is now able to fix Generic.PHP.DisallowShortOpenTag
  • Thanks to Juliette Reinders Folmer for the patch
• Improved the formatting of the end brace when auto fixing InlineControlStructure errors (request #1121)
• Generic.Functions.OpeningFunctionBraceKernighanRitchie.BraceOnNewLine fix no longer leaves blank line after brace (request #1085)
• Generic UpperCaseConstantNameSniff now allows lowercase namespaces in constant definitions
  • Thanks to Daniel Schniepp for the patch
• Squiz DoubleQuoteUsageSniff is now more tolerant of syntax errors caused by mismatched string tokens
• A few sniffs that produce errors based on the current PHP version can now be told to run using a specific PHP version
  • Set the php_version config var using --config-set, --runtime-set, or in a ruleset to specify a specific PHP version
  • The format of the PHP version is the same as the PHP_VERSION_ID constant (e.g., 50403 for version 5.4.3)
  • Supported sniffs are Generic.PHP.DisallowAlternativePHPTags, PSR1.Classes.ClassDeclaration, Squiz.Commenting.FunctionComment
  • Thanks to Finlay Beaton for the patch
• Fixed bug #985 : Duplicate class definition detection generates false-positives in media queries
  • Thanks to Raphael Horber for the patch
• Fixed bug #1014 : Squiz VariableCommentSniff doesn't always detect a missing comment
• Fixed bug #1066 : Undefined index: quiet in CLI.php during unit test run with -v command line arg
• Fixed bug #1072 : Squiz.SelfMemberReference.NotUsed not detected if leading namespace separator is used
• Fixed bug #1089 : Rulesets cannot be loaded if the path contains urlencoded characters
• Fixed bug #1091 : PEAR and Squiz FunctionComment sniffs throw errors for some invalid @param line formats
• Fixed bug #1092 : PEAR.Functions.ValidDefaultValue should not flag type hinted methods with a NULL default argument
• Fixed bug #1095 : Generic LineEndings sniff replaces tabs with spaces with --tab-width is set
• Fixed bug #1096 : Squiz FunctionDeclarationArgumentSpacing gives incorrect error/fix when variadic operator is followed by a space
• Fixed bug #1099 : Group use declarations are incorrectly fixed by the PSR2 standard
  • Thanks to Jason McCreary for the patch
• Fixed bug #1101 : Incorrect indent errors when breaking out of PHP inside an IF statement
• Fixed bug #1102 : Squiz.Formatting.OperatorBracket.MissingBrackets faulty bracketing fix
• Fixed bug #1109 : Wrong scope indent reported in anonymous class
• Fixed bug #1112 : File docblock not recognized when require_once follows it
• Fixed bug #1120 : InlineControlStructureSniff does not handle auto-fixing for control structures that make function calls
• Fixed bug #1124 : Squiz.Operators.ComparisonOperatorUsage does not detect bracketed conditions for inline IF statements
  • Thanks to Raphael Horber for the patch

3.0.0a1 - 2016-07-20

This is the first alpha release of the 3.0.0 version, and is a large refactoring of the code base. It breaks backwards compatibility for all custom sniffs and custom reports. An upgrade guide for sniff and report developers is available here: https://github.com/PHPCSStandards/PHP_CodeSniffer/wiki/Version-3.0-Upgrade-Guide

Note: If you only use the built-in coding standards (such as PEAR or PSR2), or you have a custom ruleset.xml file that only makes use of the sniffs and reports distributed with PHP_CodeSniffer, you do not need to make any changes to use this alpha release.

PHP version change

This release changes the minimum PHP version from 5.1.2 to 5.4.0.

• Why not 5.6? Because the reality is that many developers have to work in corporate environments where the PHP version is maintained by the OS vendor. 5.6 and 7 are out of reach for a large number of developers working on big commercial applications, which is a place where PHPCS is of great benefit.
• Why not 5.3? Where 5.3 is available, 5.4 should be available through official OS repositories. The min PHP version for PHPCS will remain stable for some time, so an attempt has been made to pick a version that is hopefully available to the vast majority of developers while still providing new language features to PHPCS itself.

Installation

You can install PHP_CodeSniffer 3.0.0a1 via composer or PEAR, or download the PHAR files attached to these release notes. You can also clone the git repository directly and run PHPCS from there.

If you are using composer, you can use the 3.x-dev branch alias:

{
    "require-dev": {
        "squizlabs/php_codesniffer": "3.x-dev"
    }
}

If you are installing via PEAR, please first uninstall the existing PHP_CodeSniffer package before installing the new one:

pear uninstall PHP_CodeSniffer
pear install PHP_CodeSniffer-3.0.0a1

New features and core changes

• Added optional caching of results between runs (request #530)
  • Enable the cache by using the --cache command line argument
  • If you want the cache file written somewhere specific, use --cache=/path/to/cacheFile
  • Use the command "phpcs --config-set cache true" to turn caching on by default
  • Use the --no-cache command line argument to disable caching if it is being turned on automatically
• Add support for checking file in parallel (request #421)
  • Tell PHPCS how many files to check at once using the --parallel command line argument
  • To check 100 files at once, using --parallel=100
  • To disable parallel checking if it is being turned on automatically, use --parallel=1
  • Requires PHP to be compiled with the PCNTL package
• The default encoding has been changed from iso-8859-1 to utf-8 (request #760)
  • The --encoding command line argument still works, but you no longer have to set it to process files as utf-8
  • If encoding is being set to utf-8 in a ruleset or on the CLI, it can be safely removed
  • If the iconv PHP extension is not installed, standard non-multibyte aware functions will be used
• Added a new "code" report type to show a code snippet for each error (request #419)
  • The line containing the error is printed, along with 2 lines above and below it to show context
  • The location of the errors is underlined in the code snippet if you also use --colors
  • Use --report=code to generate this report
• Added support for custom filtering of the file list
  • Developers can write their own filter classes to perform custom filtering of the list before the run starts
  • Use the command line arg --filter=/path/to/filter.php to specify a filter to use
  • Extend \PHP_CodeSniffer\Filters\Filter to also support the core PHPCS extension and path filtering
  • Extend \PHP_CodeSniffer\Filters\ExactMatch to get the core filtering and the ability to use blacklists and whitelists
  • The included \PHP_CodeSniffer\Filters\GitModified filter is a good example of an ExactMatch filter
• Added support for only checking files that have been locally modified or added in a git repo
  • Use --filter=gitmodified to check these files
  • You still need to give PHPCS a list of files or directories in which to check
• Added automatic discovery of executable paths (request #571)
  • Thanks to Sergey Morozov for the patch
• You must now pass "-" on the command line to have PHPCS wait for STDIN
  • E.g., phpcs --standard=PSR2 -
  • You can still pipe content via STDIN as normal as PHPCS will see this and process it
  • But without the "-", PHPCS will throw an error if no content or files are passed to it
• All PHP errors generated by sniffs are caught, re-thrown as exceptions, and reported in the standard error reports
  • This should stop bugs inside sniffs causing infinite loops
  • Also stops invalid reports being produced as errors don't print to the screen directly
• Sniff codes are no longer optional
  • If a sniff throws and error or a warning, it must specify an internal code for that message
• The installed_paths config setting can now point directly to a standard
  • Previously, it had to always point to the directory in which the standard lives
• Multiple reports can now be specified using the --report command line argument
  • Report types are separated by commas
  • E.g., --report=full,summary,info
  • Previously, you had to use one argument for each report such as --report=full --report=summary --report=info
• You can now set the severity, message type, and exclude patterns for an entire sniff, category, or standard
  • Previously, this was only available for a single message
• You can now include a single sniff code in a ruleset instead of having to include an entire sniff
  • Including a sniff code will automatically exclude all other messages from that sniff
  • If the sniff is already included by an imported standard, set the sniff severity to 0 and include the specific message you want
• PHPCBF no longer uses patch
  • Files are now always overwritten
  • The --no-patch option has been removed
• Added a --basepath option to strip a directory from the front of file paths in output (request #470)
  • The basepath is absolute or relative to the current directory
  • E.g., to output paths relative to current dir in reports, use --basepath=.
• Ignore rules are now checked when using STDIN (request #733)
• Added an include-pattern tag to rulesets to include a sniff for specific files and folders only (request #656)
  • This is the exact opposite of the exclude-pattern tag
  • This option is only usable within sniffs, not globally like exclude-patterns are
• Added a new -m option to stop error messages from being recorded, which saves a lot of memory
  • PHPCBF always uses this setting to reduce memory as it never outputs error messages
  • Setting the $recordErrors member var inside custom report classes is no longer supported (use -m instead)
• Exit code 2 is now used to indicate fixable errors were found (request #930)
  • Exit code 3 is now used for general script execution errors
  • Exit code 1 is used to indicate that coding standard errors were found, but none are fixable
  • Exit code 0 is unchanged and continues to mean no coding standard errors found
• The included PHPCS standard has been removed
  • All rules are now found inside the phpcs.xml.dist file
  • Running "phpcs" without any arguments from a git clone will use this ruleset
• The included SVN pre-commit hook has been removed
  • Hooks for version control systems will no longer be maintained within the PHPCS project

2.6.2 - 2016-07-14

• Added a new --exclude CLI argument to exclude a list of sniffs from checking and fixing (request #904)
  • Accepts the same sniff codes as the --sniffs command line argument, but provides the opposite functionality
• Added a new -q command line argument to disable progress and verbose information from being printed (request #969)
  • Useful if a coding standard hard-codes progess or verbose output but you want PHPCS to be quiet
  • Use the command "phpcs --config-set quiet true" to turn quiet mode on by default
• Generic LineLength sniff no longer errors for comments that cannot be broken out onto a new line (request #766)
  • A typical case is a comment that contains a very long URL
  • The comment is ignored if putting the URL on a indented new comment line would be longer than the allowed length
• Settings extensions in a ruleset no longer causes PHP notices during unit testing
  • Thanks to Klaus Purer for the patch
• Version control reports now show which errors are fixable if you are showing sources
• Added a new sniff to enforce a single space after a NOT operator (request #1051)
  • Include in a ruleset using the code Generic.Formatting.SpaceAfterNot
• The Squiz.Commenting.BlockComment sniff now supports tabs for indenting comment lines (request #1056)
• Fixed bug #790 : Incorrect missing @throws error in methods that use closures
• Fixed bug #908 : PSR2 standard is not checking that closing brace is on line following the body
• Fixed bug #945 : Incorrect indent behavior using deep-nested function and arrays
• Fixed bug #961 : Two anonymous functions passed as function/method arguments cause indentation false positive
• Fixed bug #1005 : Using global composer vendor autoload breaks PHP lowercase built-in function sniff
  • Thanks to Michael Butler for the patch
• Fixed bug #1007 : Squiz Unreachable code detection is not working properly with a closure inside a case
• Fixed bug #1023 : PSR2.Classes.ClassDeclaration fails if class extends base class and "implements" is on trailing line
• Fixed bug #1026 : Arrays in comma delimited class properties cause ScopeIndent to increase indent
• Fixed bug #1028 : Squiz ArrayDeclaration incorrectly fixes multi-line array where end bracket is not on a new line
• Fixed bug #1034 : Squiz FunctionDeclarationArgumentSpacing gives incorrect error when first arg is a variadic
• Fixed bug #1036 : Adjacent assignments aligned analysis statement wrong
• Fixed bug #1049 : Version control reports can show notices when the report width is very small
• Fixed bug #21050 : PEAR MultiLineCondition sniff suppresses errors on last condition line

2.6.1 - 2016-05-31

• The PHP-supplied T_COALESCE token has been replicated for PHP versions before 7.0
• Function return types of self, parent and callable are now tokenized as T_RETURN_TYPE
  • Thanks to Jaroslav Hanslík for the patch
• The default_standard config setting now allows multiple standards to be listed, like on the command line
  • Thanks to Michael Mayer for the patch
• Installations done via composer now only include the composer autoloader for PHP 5.3.2+ (request #942)
• Added a rollbackChangeset() method to the Fixer class to purposely rollback the active changeset
• Fixed bug #940 : Auto-fixing issue encountered with inconsistent use of braces
• Fixed bug #943 : Squiz.PHP.InnerFunctions.NotAllowed reported in anonymous classes
• Fixed bug #944 : PHP warning when running the latest phar
• Fixed bug #951 : InlineIfDeclaration: invalid error produced with UTF-8 string
• Fixed bug #957 : Operator spacing sniff errors when plus is used as part of a number
  • Thanks to Klaus Purer for the patch
• Fixed bug #959 : Call-time pass-by-reference false positive if there is a square bracket before the ampersand
  • Thanks to Konstantin Leboev for the patch
• Fixed bug #962 : Null coalescing operator (??) not detected as a token
  • Thanks to Joel Posti for the patch
• Fixed bug #973 : Anonymous class declaration and PSR1.Files.SideEffects.FoundWithSymbols
• Fixed bug #974 : Error when file ends with "function"
• Fixed bug #979 : Anonymous function with return type hint is not refactored as expected
• Fixed bug #983 : Squiz.WhiteSpace.MemberVarSpacing.AfterComment fails to fix error when comment is not a docblock
• Fixed bug #1010 : Squiz NonExectuableCode sniff does not detect boolean OR
  • Thanks to Derek Henderson for the patch
• Fixed bug #1015 : The Squiz.Commenting.FunctionComment sniff doesn't allow description in @return tag
  • Thanks to Alexander Obuhovich for the patch
• Fixed bug #1022 : Duplicate spaces after opening bracket error with PSR2 standard
• Fixed bug #1025 : Syntax error in JS file can cause undefined index for parenthesis_closer