New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Theme forbidden PHP functions sniff + unit tests. #10
Add Theme forbidden PHP functions sniff + unit tests. #10
Conversation
4d3d110
to
47976eb
Compare
f84cf0f
to
c6fd313
Compare
b8a5e09
to
5dd4758
Compare
7249019
to
d312c6b
Compare
d312c6b
to
fd3ae5b
Compare
Regarding the travis failure: this has to do with a double fix upstream in WPCS and in PHPCS. Once the up to date version of WPCS develop has been merged in, I'll rebase and the build will pass. |
I propose adding |
I would like to fully modularize the discouraged functions upstream before we merge this in. Ref: WordPress/WordPress-Coding-Standards#633
Also https://twitter.com/grapplerulrich/status/759126711929798660 |
Its drafted for deprecation in 7.1 |
But it's the only alternative to anonymous functions in PHP 5.2 and as WP is still not dropping 5.2 and the adoption of WP on 5.2 > than WP on 7.1.... |
Also: AFAICS looks like no vote has taken place yet and as PHP 7.1 is already in |
When something hooked using create_function, that cannot be unhook/removed/modified from child theme. Thus making theme not fully child theme ready (which is against TRT guideline). |
Are there any use cases for Like @ernilambar said, themes must be child-theme ready. Something like this is not child-theme compatible:
However, this is child theme compatible because the widget can be deregistered:
At the very least, this should be a warning. More times than not, it's going to be an indication of some issue. Reviewers and theme authors should definitely be made aware of it. |
563cd1d
to
6671823
Compare
fd3ae5b
to
ffebe73
Compare
|
The two most likely use cases for
But, legit use cases are few and far between. |
5951a76
to
cbeb66e
Compare
cbeb66e
to
cd34a9c
Compare
cd34a9c
to
7726530
Compare
@jrfnl I think this can be merged? I don't see any reason not to. |
public function getGroups() { | ||
return array( | ||
|
||
'eval' => array( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
eval
should be removed here as it's a language construct, not a function (the dedicated token has since the original PR been removed from the parent sniff as well).
An upstream Squiz sniff should be added instead.
See: https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/blob/develop/WordPress-Extra/ruleset.xml#L73-L77
* | ||
* @since 0.xx.0 | ||
*/ | ||
class WordPress_Sniffs_Theme_RestrictedPHPFunctionsSniff extends WordPress_Sniffs_Functions_FunctionRestrictionsSniff { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This WPCS has since the original PR been deprecated. The WordPress\AbstractFunctionRestrictionsSniff
should be used instead.
*/ | ||
|
||
/** | ||
* Forbids usage of certain fuctions and recommends alternatives. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fuctions
=> functions
), | ||
), | ||
|
||
'system_calls' => array( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This group should be removed as it's already covered in the PHP\DiscouragedPHPFunctions
sniff.
If the error level & message needs changing, this can be done from the ruleset.
/** | ||
* Groups of functions to restrict | ||
* | ||
* Example: groups => array( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Example should be removed (as it belong with the parent class) or updated.
), | ||
), | ||
|
||
'obfuscation' => array( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This group should be removed as it's already covered in the PHP\DiscouragedPHPFunctions sniff.
If the error level & message needs changing, this can be done from the ruleset.
* | ||
* @category Theme | ||
* @package PHP_CodeSniffer | ||
* @author Juliette Reinders Folmer <wpplugins_nospam@adviesenzo.nl> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Alignment + comment style should be updated to reflect upstream changes ;-)
@@ -89,6 +89,12 @@ | |||
<!-- Prohibit the use of the backtick operator. --> | |||
<rule ref="Generic.PHP.BacktickOperator"/> | |||
|
|||
<!-- Discourage a number of functions for usage in a theme. --> | |||
<rule ref="WordPress.PHP.DiscouragedFunctions"/> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This sniff is now deprecated.
The WordPress.PHP.PHPDiscouragedFunctions
sniff covers at least part of it.
Had a quick look and sorry, no, this can't be merged as is. Code is very out of date compared to upstream. |
|
7726530
to
1bd5a98
Compare
`eval()` is a language construct, not a function, so cannot and should not be in this sniff. The ruleset already contains a separate sniff which checks for it - see 121 -, so removing does not devaluate what's being checked by WPTRT-CS.
For history: This PR was closed when we replaced the It will not be re-opened for the following reasons:
|
Initial setup for the forbidden functions sniff as described in issue #9.
[Edit] Changed over to use
WordPress_Sniffs_Functions_FunctionRestrictionsSniff
as the base class rather thanGeneric_Sniffs_PHP_ForbiddenFunctionsSniff
.This allows for better differentiation of the error messages, keeping it more in line with what people have come to expect from Theme Check.