Be notified of new releases
Create your free GitHub account today to subscribe to this repository for new releases and build software alongside 28 million developers.Sign up
WordPress.Arrays.MultipleStatementAlignmentsniff to the
WordPress-Coreruleset which will align the array assignment operator for multi-item, multi-line associative arrays.
This new sniff offers four custom properties to customize its behaviour:
WordPress.DB.PreparedSQLPlaceholderssniff to the
WordPress-Coreruleset which will analyse the placeholders passed to
$wpdb->prepare()for their validity, check whether queries using
LIKEstatements are created correctly and will check whether a correct number of replacements are passed.
This sniff should help detect queries which are impacted by the security fixes to
$wpdb->prepare()which shipped with WP 4.8.2 and 4.8.3.
The sniff also adds a new "PreparedSQLPlaceholders replacement count" whitelist comment for pertinent replacement count vs placeholder mismatches. Please consider carefully whether something could be a bug when you are tempted to use the whitelist comment and if so, report it.
WordPress.PHP.DiscourageGotosniff to the
WordPress.PHP.RestrictedFunctionssniff to the
WordPress-Coreruleset which initially forbids the use of
This was previous only discouraged under certain circumstances.
WordPress.WhiteSpace.ArbitraryParenthesesSpacingsniff to the
WordPress-Coreruleset which checks the spacing on the inside of arbitrary parentheses.
WordPress.WhiteSpace.PrecisionAlignmentsniff to the
WordPress-Coreruleset which will throw a warning when precision alignment is detected in PHP, JS and CSS files.
WordPress.WhiteSpace.SemicolonSpacingsniff to the
WordPress-Coreruleset which will throw a (fixable) error when whitespace is found before a semi-colon, except for when the semi-colon denotes an empty
WordPress.CodeAnalysis.AssignmentInConditionsniff to the
WordPress.WP.DiscouragedConstantssniff to the
WordPress-VIPrulesets to detect usage of deprecated WordPress constants, such as
- Ability to pass the
minimum_supported_versionto use for the
DeprecatedParameterssniff in one go. You can pass a
minimum_supported_wp_versionruntime variable for this from the command line or pass it using a
configdirective in a custom ruleset.
Generic.Formatting.MultipleStatementAlignment- customized to have a
valid_direct_scope()utility methods to the
- When passing an array property via a custom ruleset to PHP_CodeSniffer, spaces around the key/value are taken as intentional and parsed as part of the array key/value. In practice, this leads to confusion and WPCS does not expect any values which could be preceded/followed by a space, so for the WordPress Coding Standard native array properties, like
prefixes, WPCS will now trim whitespace from the keys/values received before use.
- The WPCS native whitelist comments used to only work when they were put on the end of the line of the code they applied to. As of now, they will also be recognized when they are be put at the end of the statement they apply to.
WordPress.Arrays.ArrayDeclarationSpacingsniff used to enforce all associative arrays to be multi-line. The handbook has been updated to only require this for multi-item associative arrays and the sniff has been updated accordingly.
The original behaviour can still be enforced by setting the new
falsein a custom ruleset.
WordPress.NamingConventions.PrefixAllGlobalssniff will now allow for a limited list of WP core hooks which are intended to be called by plugins and themes.
WordPress.PHP.DiscouragedFunctionssniff used to include
create_function. This check has been moved to the new
WordPress.PHP.StrictInArraysniff now has a separate error code
FoundNonStrictFalsefor when the
$strictparameter has been set to
false. This allows for excluding the warnings for that particular situation, which will normally be intentional, via a custom ruleset.
WordPress.VIP.CronIntervalsniff now allows for customizing the minimum allowed cron interval by setting a property in a custom ruleset.
WordPress.VIP.RestrictedFunctionssniff used to prohibit the use of certain WP native functions, recommending the use of
wpcom_vip_get_category_by_slug()instead, as the WP native functions were not being cached. As the results of the relevant WP native functions are cached as of WP 4.8, the advice has now been reversed i.e. use the WP native functions instead of
WordPress.VIP.PostsPerPagesniff now allows for customizing the
post_per_pagelimit for which the sniff will trigger by setting a property in a custom ruleset.
WordPress.WP.I18nsniff will now allow and actively encourage omitting the text-domain in I18n function calls if the text-domain passed via the
default, i.e. the domain used by Core.
defaultis one of several text-domains passed via the
text_domainproperty, the error thrown when the domain is missing has been downgraded to a
WordPress.XSS.EscapeOutputsniff now has a separate error code
OutputNotEscapedShortEchoand the error message texts have been updated.
- Removed two sniffs from the
WordPress-VIPruleset which were already included via the
- The unit test suite is now compatible with PHPCS 3.1.0+ and PHPUnit 6.x.
- Some tidying up of the unit test case files.
- All sniffs are now also being tested against PHP 7.2 for consistent sniff results.
- An attempt is made to detect potential fixer conflicts early via a special build test.
- Various minor documentation fixes.
- Improved the Atom setup instructions in the Readme.
- Updated the unit testing information in Contributing.
- Updated the custom ruleset example for the changes contained in this release and to make it more explicit what is recommended versus example code.
- The minimum recommended version for the suggested
DealerDirect/phpcodesniffer-composer-installerComposer plugin has gone up to
0.4.3. This patch version fixes support for PHP 5.3.
WordPress.Arrays.ArrayIndentationsniff did not correctly handle array items with multi-line strings as a value.
WordPress.Arrays.ArrayIndentationsniff did not correctly handle array items directly after an array item with a trailing comment.
WordPress.Classes.ClassInstantiationsniff will now correctly handle detection when using
WordPress.NamingConventions.PrefixAllGlobalssniff did not allow for arbitrary word separators in hook names.
WordPress.NamingConventions.PrefixAllGlobalssniff did not correctly recognize namespaced constants as prefixed.
WordPress.PHP.StrictInArraysniff would erronously trigger if the
$strictwas passed in uppercase.
WordPress.PHP.YodaConditionssniff could get confused over complex ternaries containing assignments. This has been remedied.
WordPress.WP.PreparedSQLsniff would erronously throw errors about comments found within a DB function call.
WordPress.WP.PreparedSQLsniff would erronously throw errors about
(bool)casts and would also flag the subsequent variable which had been safe casted.
WordPress.XSS.EscapeOutputsniff would erronously trigger when using a fully qualified function call - including the global namespace
\indicator - to one of the escaping functions.
- The lists of WP global variables and WP mixed case variables have been synchronized, which fixes some false positives.