Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NonceVerification: use separate errorcodes for warning vs error #1487

Merged
merged 1 commit into from Dec 18, 2018
Merged

NonceVerification: use separate errorcodes for warning vs error #1487

merged 1 commit into from Dec 18, 2018

Conversation

jrfnl
Copy link
Member

@jrfnl jrfnl commented Sep 16, 2018
edited

While cleaning up a plugin, I noticed that the issue count for the WordPress.Security.NonceVerification.NoNonceVerification error code was different if I ran phpcs with the -n flag (no warnings).

Error codes should be unique. Having the same error code for something which is mandatory (error) and recommended (warning) is bad practice and does not properly allow for modular disabling of notices.

This PR fixes this.

As the error code is changing anyhow, I figured it made sense to also remove the duplication of the sniff name from the code.

This is a breaking change as <exclude>s for the old errorcode currently in custom rulesets will be invalidated by it, as well as inline annotations using the error code, so this PR should go into WPCS 2.0.0.

N.B.: The ruleset change is only necessary until the deprecated sniffs have been removed.

@jrfnl jrfnl added this to the 2.0.0 milestone Sep 16, 2018
@GaryJones GaryJones added Status: Requirement not met On hold until WPCS supports a particular version of a dependency (PHP, PHP_CodeSniffer, etc.). and removed Status: Requirement not met On hold until WPCS supports a particular version of a dependency (PHP, PHP_CodeSniffer, etc.). labels Nov 13, 2018
@jrfnl jrfnl force-pushed the feature/nonce-verification-errorcodes branch from 88fe6ae to 1696b85 Compare December 18, 2018 12:32
@jrfnl
NonceVerification: use separate errorcodes for warning vs error
7b920b4 
While cleaning up a plugin, I noticed that the issue count for the `WordPress.Security.NonceVerification.NoNonceVerification` error code was different if I ran phpcs with the `-n` flag (no warnings).

Error codes should be unique. Having the same error code for something which is mandatory (`error`) and recommended (`warning`) is bad practice and does not properly allow for modular disabling of notices.

This PR fixes this.

As the error code is changing anyhow, I figured it made sense to also remove the duplication of the sniff name from the code.

This is a breaking change as `<exclude>`s for the old errorcode currently in custom rulesets will be invalidated by it, so this PR should go into WPCS 2.0.0.

N.B.: The ruleset change is necessary until the deprecated sniffs have been removed.
@jrfnl jrfnl force-pushed the feature/nonce-verification-errorcodes branch from 1696b85 to 7b920b4 Compare December 18, 2018 14:11
@jrfnl
Copy link
Member Author

jrfnl commented Dec 18, 2018

Rebased. Once the build passes, this one should now be considered ready for review.

@GaryJones GaryJones merged commit 262d002 into develop Dec 18, 2018
@GaryJones GaryJones deleted the feature/nonce-verification-errorcodes branch December 18, 2018 16:01
@jrfnl jrfnl mentioned this pull request Dec 23, 2018
Closed
11 tasks
@jrfnl jrfnl mentioned this pull request Mar 3, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@GaryJones GaryJones GaryJones approved these changes

Assignees
No one assigned
Labels
Type: Bug
Projects
None yet
Milestone
2.0.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jrfnl @GaryJones