FileInclude: check for restricted files.

[dmtrmrv]

This PR is addressing issues #87 and #44. Took me a while, but I managed to finish this (I think).

The approach is really simple, the sniff detects one of the include/require statements and checks if it is used to include one of the restricted files. If yes, it throws an error.

Any feedback is highly appreciated as I'm new to writing sniffs.

[ernilambar]

include_once('/admin.php');

admin.php is not necessarily that admin file from WP admin. In my theme I have an admin page and filename is admin.php. Similar to other files.

[jrfnl]

@dmtrmrv Have you seen the Theme.FileInclude sniff ? https://github.com/WPTRT/WordPress-Coding-Standards/blob/feature/theme-review-sniffs/WordPress/Sniffs/Theme/FileIncludeSniff.php

I think it would be a good idea to combine your work with that sniff rather than having it as a separate sniff.

Logic wise I imagine your check would come first and throw an error if any of these file names are found. If not, the already existing check which throws a warning should be executed.

[dmtrmrv]

Thanks for the feedback, guys. @jrfnl yes, I think this makes sense. Should I update the PR? And what about admin.php? I have mixed feelings about not including that file. On one hand, like @ernilambar mentioned, the filename is too generic, on the other, I prefer to call theme-related files something like theme-admin.php or project-admin.php to avoid any confusion, but that's just me.

[dmtrmrv]

And another thing, I can't quite figure out why the checks are failing. Could you point me in the right direction so I can fix it? Thanks!

[jrfnl]

Should I update the PR?

Please do.

And what about admin.php?

That is something for someone on the TRT to have an opinion on /cc @grappler @justintadlock

I can't quite figure out why the checks are failing. Could you point me in the right direction so I can fix it?

If you click on the "Details" link next to the failed build/commit, it will take you to a page listing all the builds tested. Any build with a red X has failed, clicking on the specific line will take you to the detailed report. In this case, you're getting a fatal error because of memory issues. I would look critically at how you're sniffing/walking through the file to see where you can optimize.
I suspect line 59 to be the culprit as you're not passing any tokens so are probably throwing PHPCS into an infinite loop.
You may want to investigate whether the PHPCS native findEndOfStatement() method might be what you need.

[grappler]

Thank you for the PR! 👍

Regarding admin.php I would include the folder with it that you are checking for wp-admin/admin.php that way we are sure it is not a theme. I would also use real world examples from themes and plugins to check for.

The sniff is failing because it is running out of memory. How much memory is the sniff using when you are running it on a file locally?

[dmtrmrv]

@grappler No problem, thanks for the comment! Will update the PR. Also, could you expand a bit on real life examples that should be restricted?

Regarding the memory, I was testing different include/require cases separately and there were no problems with the memory usage. But now, after I ran the same sniff on the actual test file, it ran out of memory on my local machine as well. I'll ty to use findEndOfStatement() as @jrfnl suggested and see if it resolves the memory issue.

[jrfnl]

Just wondering how you're getting on with this @dmtrmrv ...

[dmtrmrv]

@jrfnl Sorry for the delay guys, shame on me. Will update the PR today.

[jrfnl]

@dmtrmrv No worries, just making sure this PR has not been abandoned.

[dmtrmrv]

Looks like it's all working now, but some tests are still failing. First, it was because I didn't write the FileIncludeUnitTest.php properly, but then there was another error. Not sure if it is related to the code I was working on, or to the fact that I synced my fork with the upstream (was it the right thing to do?) before proceeding with my work.

[jrfnl]

I synced my fork with the upstream (was it the right thing to do?) before proceeding with my work.

Please undo that. Upstream is merged periodically into the theme-review-sniffs branch. This should not be done in PRs adding features as it makes it impossible to review them.
If your branch was behind the theme-review-sniffs branch, you can rebase it on that. This will still leave you with a clean PR which can be reviewed for what it is.

As for the build failure:

• There are a few code style issues you should solve in https://travis-ci.org/WPTRT/WordPress-Coding-Standards/jobs/212388634
• Other than that, the build is failing on PHP 7. This is a known issue: Unit tests failing under PHPUnit 6.x squizlabs/PHP_CodeSniffer#1383

[dmtrmrv]

Thanks for the clarification, all should be alright now.

[jrfnl]

Status:

• Needs code technical review /cc @jrfnl
• Needs more in-depth checking to prevent false positive, i.e. make sure that the files being restricted are WP Core files.

@dmtrmrv Hi Dmitry, new life has been breathed into this project. Are you still interested in bringing this sniff over the finish line and would you have time to work on that with me over the next few weeks ?
If not, would you be ok with me updating the sniff where needed ?

[dmtrmrv]

Hi, @jrfnl. Sorry for a delay with the follow-up. If the question is still relevant, I'll be glad to get this over the finish line.