Latest release

3.3.0

@gsherwood gsherwood released this Jun 7, 2018 · 71 commits to master since this release

Deprecations

Squiz.WhiteSpace.LanguageConstructSpacing Sniff

The Squiz.WhiteSpace.LanguageConstructSpacing sniff has been deprecated and will be removed in version 4.

The sniff has been moved to the Generic standard, with a new code of Generic.WhiteSpace.LanguageConstructSpacing. The new Generic sniff now also checks many more language constructs to enforce additional spacing rules. The existing Squiz sniff will continue to work until version 4 has been released. Thanks to Mponos George for the contribution.

As soon as possible, replace all instances of the old sniff code with the new sniff code in your ruleset.xml files.

Setting Array Properties

The current method for setting array properties in ruleset files has been deprecated and will be removed in version 4.

Currently, setting an array value uses the string syntax print=>echo,create_function=>null. Now, individual array elements are specified using a new element tag with key and value attributes.

For example, the following array of forbidden functions:

<property name="forbiddenFunctions" type="array" value="sizeof=>count,delete=>unset,print=>echo,is_null=>null,create_function=>null"/>

Will be rewritten using this format:

<property name="forbiddenFunctions" type="array">
    <element key="sizeof" value="count"/>
    <element key="delete" value="unset"/>
    <element key="print" value="echo"/>
    <element key="is_null" value="null"/>
    <element key="create_function" value="null"/>
</property>

Thanks to Michał Bundyra for the patch.

T_ARRAY_HINT Token

The T_ARRAY_HINT token has been deprecated and will be removed in version 4.

The token was used to ensure array type hints were not tokenized as T_ARRAY, but no other type hints were given a special token. Array type hints now use the standard T_STRING token instead.

Sniffs referencing this token type will continue to run without error until version 4, but will not find any T_ARRAY_HINT tokens.

T_RETURN_TYPE Token

The T_RETURN_TYPE token has been deprecated and will be removed in version 4.

The token was used to ensure array/self/parent/callable return types were tokenized consistently. But for namespaced return types, only the last part of the string (the class name) was tokenized as T_RETURN_TYPE. This was not consistent and so return types are now left using their original token types so they are not skipped by sniffs. The exception are array return types, which are tokenized as T_STRING instead of T_ARRAY, as they are used for type hints.

Sniffs referencing this token type will continue to run without error until version 4, but will not find any T_RETUTN_TYPE tokens.

To get the return type of a function, use the File::getMethodProperties() method, which now contains a return_type array index. This index contains the return type of the function or closer, or a blank string if not specified. If the return type is nullable, the return type will contain the leading? and a nullable_return_type array index in the return value will also be set to true. If the return type contains namespace information, it will be cleaned of whitespace and comments. To access the original return value string, use the main tokens array.

PSR-12 Standard In-Progress

This release contains an incomplete version of the PSR-12 coding standard. Errors found using this standard should be valid, but it will miss a lot of violations until it is complete. If you'd like to test and help, you can use the standard by running PHPCS with --standard=PSR12

Other Changes

  • Config values set using --runtime-set now override any config values set in rulesets or the CodeSniffer.conf file
  • You can now apply include-pattern rules to individual message codes in a ruleset like you can with exclude-pattern rules
    • Previously, include-pattern rules only applied to entire sniffs
    • If a message code has both include and exclude patterns, the exclude patterns will be ignored
  • Using PHPCS annotations to selectively re-enable sniffs is now more flexible
    • Previously, you could only re-enable a sniff/category/standard using the exact same code that was disabled
    • Now, you can disable a standard and only re-enable a specific category or sniff
    • Or, you can disable a specific sniff and have it re-enable when you re-enable the category or standard
  • The value of array sniff properties can now be set using phpcs:set annotations
    • e.g., phpcs:set Standard.Category.SniffName property[] key=>value,key2=>value2
    • Thanks to Michał Bundyra for the patch
  • PHPCS annotations now remain as T_PHPCS_* tokens instead of reverting to comment tokens when --ignore-annotations is used
    • This stops sniffs (especially commenting sniffs) from generating a large number of false errors when ignoring
    • Any custom sniffs that are using the T_PHPCS_* tokens to detect annotations may need to be changed to ignore them
      • Check $phpcsFile->config->annotations to see if annotations are enabled and ignore when false
  • You can now use fully or partially qualified class names for custom reports instead of absolute file paths
    • To support this, you must specify an autoload file in your ruleset.xml file and use it to register an autoloader
    • Your autoloader will need to load your custom report class when requested
    • Thanks to Juliette Reinders Folmer for the patch
  • The JSON report format now does escaping in error source codes as well as error messages
    • Thanks to Martin Vasel for the patch
  • Invalid installed_paths values are now ignored instead of causing a fatal error
  • Improved testability of custom rulesets by allowing the installed standards to be overridden
    • Thanks to Timo Schinkel for the patch
  • The key used for caching PHPCS runs now includes all set config values
    • This fixes a problem where changing config values (e.g., via --runtime-set) used an incorrect cache file
  • The "Function opening brace placement" metric has been separated into function and closure metrics in the info report
    • Closures are no longer included in the "Function opening brace placement" metric
    • A new "Closure opening brace placement" metric now shows information for closures
  • Multi-line T_YIELD_FROM statements are now replicated properly for older PHP versions
  • The PSR2 standard no longer produces 2 error messages when the AS keyword in a foreach loop is not lowercase
  • Specifying a path to a non-existent dir when using the --report-[reportType]=/path/to/report CLI option no longer throws an exception
    • This now prints a readable error message, as it does when using --report-file
  • The File::getMethodParamaters() method now includes a type_hint_token array index in the return value
    • Provides the position in the token stack of the first token in the type hint
  • The File::getMethodProperties() method now includes a return_type_token array index in the return value
    • Provides the position in the token stack of the first token in the return type
  • The File::getTokensAsString() method can now optionally return original (non tab-replaced) content
    • Thanks to Juliette Reinders Folmer for the patch
  • Removed Squiz.PHP.DisallowObEndFlush from the Squiz standard
    • If you use this sniff and want to continue banning ob_end_flush(), use Generic.PHP.ForbiddenFunctions instead
    • You will need to set the forbiddenFunctions property in your ruleset.xml file
  • Removed Squiz.PHP.ForbiddenFunctions from the Squiz standard
    • Replaced by using the forbiddenFunctions property of Generic.PHP.ForbiddenFunctions in the Squiz ruleset.xml
    • Functionality of the Squiz standard remains the same, but the error codes are now different
    • Previously, Squiz.PHP.ForbiddenFunctions.Found and Squiz.PHP.ForbiddenFunctions.FoundWithAlternative
    • Now, Generic.PHP.ForbiddenFunctions.Found and Generic.PHP.ForbiddenFunctions.FoundWithAlternative
  • Added new Generic.PHP.LowerCaseType sniff
    • Ensures PHP types used for type hints, return types, and type casting are lowercase
    • Thanks to Juliette Reinders Folmer for the contribution
  • Added new Generic.WhiteSpace.ArbitraryParenthesesSpacing sniff
    • Generates an error for whitespace inside parenthesis that don't belong to a function call/declaration or control structure
    • Generates a warning for any empty parenthesis found
    • Allows the required spacing to be set using the spacing sniff property (default is 0)
    • Allows newlines to be used by setting the ignoreNewlines sniff property (default is false)
    • Thanks to Juliette Reinders Folmer for the contribution
  • Added new PSR12.Classes.ClassInstantiation sniff
    • Ensures parenthesis are used when instantiating a new class
  • Added new PSR12.Keywords.ShortFormTypeKeywords sniff
    • Ensures the short form of PHP types is used when type casting
  • Added new PSR12.Namespaces.CompundNamespaceDepth sniff
    • Ensures compound namespace use statements have a max depth of 2 levels
    • The max depth can be changed by setting the 'maxDepth' sniff property in a ruleset.xml file
  • Added new PSR12.Operators.OperatorSpacing sniff
    • Ensures operators are preceded and followed by at least 1 space
  • Improved core support for grouped property declarations
    • Also improves support in Squiz.WhiteSpace.ScopeKeywordSpacing and Squiz.WhiteSpace.MemberVarSpacing
    • Thanks to Juliette Reinders Folmer for the patch
  • Generic.Commenting.DocComment now produces a NonParamGroup error when tags are mixed in with the @param tag group
    • It would previously throw either a NonParamGroup or ParamGroup error depending on the order of tags
    • This change allows the NonParamGroup error to be suppressed in a ruleset to allow the @param group to contain other tags
    • Thanks to Phil Davis for the patch
  • Generic.Commenting.DocComment now continues checks param tags even if the doc comment short description is missing
    • This change allows the MissingShort error to be suppressed in a ruleset without all other errors being suppressed as well
    • Thanks to Phil Davis for the patch
  • Generic.CodeAnalysis.AssignmentInCondition now reports a different error code for assignments found in WHILE conditions
    • The return value of a function call is often assigned in a WHILE condition, so this change makes it easier to exclude these cases
    • The new code for this error message is Generic.CodeAnalysis.AssignmentInCondition.FoundInWhileCondition
    • The error code for all other cases remains as Generic.CodeAnalysis.AssignmentInCondition.Found
    • Thanks to Juliette Reinders Folmer for the patch
  • Generic.Functions.OpeningFunctionBraceBsdAllman now longer leaves trailing whitespace when moving the opening brace during fixing
    • Also applies to fixes made by PEAR.Functions.FunctionDeclaration and Squiz.Functions.MultiLineFunctionDeclaration
  • Generic.WhiteSpace.ScopeIndent now does a better job of fixing the indent of multi-line comments
  • Generic.WhiteSpace.ScopeIndent now does a better job of fixing the indent of PHP open and close tags
  • PEAR.Commenting.FunctionComment now report a different error code for param comment lines with too much padding
    • Previously, any lines of a param comment that don't start at the exact comment position got the same error code
    • Now, only comment lines with too little padding use ParamCommentAlignment as they are clearly mistakes
    • Comment lines with too much padding may be using precision alignment as now use ParamCommentAlignmentExceeded
    • This allows for excessive padding to be excluded from a ruleset while continuing to enforce a minimum padding
  • PEAR.WhiteSpace.ObjectOperatorIndent now checks the indent of more chained operators
    • Previously, it only checked chains beginning with a variable
    • Now, it checks chains beginning with function calls, static class names, etc
  • Squiz.Arrays.ArrayDeclaration now continues checking array formatting even if the key indent is not correct
    • Allows for using different array indent rules while still checking/fixing double arrow and value alignment
  • Squiz.Commenting.BlockComment has improved support for tab-indented comments
    • Thanks to Juliette Reinders Folmer for the patch
  • Squiz.Commenting.BlockComment auto fixing no longer breaks when two block comments follow each other
    • Also stopped single-line block comments from being auto fixed when they are embedded in other code
    • Also fixed as issue found when PHPCS annotations were used inside a block comment
    • Thanks to Juliette Reinders Folmer for the patch
  • Squiz.Commenting.BlockComment.LastLineIndent is now able to be fixed with phpcbf
    • Thanks to Juliette Reinders Folmer for the patch
  • Squiz.Commenting.BlockComment now aligns star-prefixed lines under the opening tag while fixing, instead of indenting them
    • Thanks to Juliette Reinders Folmer for the patch
  • Squiz.Commenting.FunctionComment.IncorrectTypeHint message no longer contains cut-off suggested type hints
  • Squiz.Commenting.InlineComment now uses a new error code for inline comments at the end of a function
    • Previously, all inline comments followed by a blank line threw a Squiz.Commenting.InlineComment.SpacingAfter error
    • Now, inline comments at the end of a function will instead throw Squiz.Commenting.InlineComment.SpacingAfterAtFunctionEnd
    • If you previously excluded SpacingAfter, add an exclusion for SpacingAfterAtFunctionEnd to your ruleset as well
    • If you previously only included SpacingAfter, consider including SpacingAfterAtFunctionEnd as well
    • The Squiz standard now excludes SpacingAfterAtFunctionEnd as the blank line is checked elsewhere
    • Thanks to Juliette Reinders Folmer for the patch
  • Squiz.ControlStructures.ControlSignature now errors when a comment follows the closing brace of an earlier body
    • Applies to catch, finally, else, elseif, and do/while structures
    • The included PSR2 standard now enforces this rule
    • Thanks to Juliette Reinders Folmer for the patch
  • Squiz.Formatting.OperatorBracket.MissingBrackets message has been changed to remove the word "arithmetic"
    • The sniff checks more than just arithmetic operators, so the message is now clearer
  • Sniffs.Operators.ComparisonOperatorUsage now detects more cases of implicit true comparisons
    • It could previously be confused by comparisons used as function arguments
  • Squiz.PHP.CommentedOutCode now ignores simple @-style annotation comments so they are not flagged as commented out code
    • Thanks to Juliette Reinders Folmer for the patch
  • Squiz.PHP.CommentedOutCode now ignores a greater number of short comments so they are not flagged as commented out code
    • Thanks to Juliette Reinders Folmer for the patch
  • Squiz.PHP.DisallowComparisonAssignment no longer errors when using the null coalescing operator
    • Given this operator is used almost exclusively to assign values, it didn't make sense to generate an error
  • Squiz.WhiteSpacing.FunctionSpacing now has a property to specify how many blank lines should be before the first class method
    • Only applies when a method is the first code block in a class (i.e., there are no member vars before it)
    • Override the 'spacingBeforeFirst' property in a ruleset.xml file to change
    • If not set, the sniff will use whatever value is set for the existing 'spacing' property
  • Squiz.WhiteSpacing.FunctionSpacing now has a property to specify how many blank lines should be after the last class method
    • Only applies when a method is the last code block in a class (i.e., there are no member vars after it)
    • Override the 'spacingAfterLast' property in a ruleset.xml file to change
    • If not set, the sniff will use whatever value is set for the existing 'spacing' property
  • Fixed bug #1863 : File::findEndOfStatement() not working when passed a scope opener
  • Fixed bug #1876 : PSR2.Namespaces.UseDeclaration not giving error for use statements before the namespace declaration
    • Adds a new PSR2.Namespaces.UseDeclaration.UseBeforeNamespace error message
  • Fixed bug #1881 : Generic.Arrays.ArrayIndent is indenting sub-arrays incorrectly when comma not used after the last value
  • Fixed bug #1882 : Conditional with missing braces confused by indirect variables
  • Fixed bug #1915 : JS tokenizer fails to tokenize regular expression proceeded by boolean not operator
  • Fixed bug #1920 : Directory exclude pattern improperly excludes files with names that start the same
    • Thanks to Jeff Puckett for the patch
  • Fixed bug #1922 : Equal sign alignment check broken when list syntax used before assignment operator
  • Fixed bug #1925 : Generic.Formatting.MultipleStatementAlignment skipping assignments within closures
  • Fixed bug #1931 : Generic opening brace placement sniffs do not correctly support function return types
  • Fixed bug #1932 : Generic.ControlStructures.InlineControlStructure fixer moves new PHPCS annotations
  • Fixed bug #1938 : Generic opening brace placement sniffs incorrectly move PHPCS annotations
    • Thanks to Juliette Reinders Folmer for the patch
  • Fixed bug #1939 : phpcs:set annotations do not cause the line they are on to be ignored
    • Thanks to Juliette Reinders Folmer for the patch
  • Fixed bug #1949 : Squiz.PHP.DisallowMultipleAssignments false positive when using namespaces with static assignments
  • Fixed bug #1959 : SquizMultiLineFunctionDeclaration error when param has trailing comment
    • Thanks to Juliette Reinders Folmer for the patch
  • Fixed bug #1963 : Squiz.Scope.MemberVarScope does not work for multiline member declaration
    • Thanks to Juliette Reinders Folmer for the patch
  • Fixed bug #1971 : Short array list syntax not correctly tokenized if short array is the first content in a file
  • Fixed bug #1979 : Tokenizer does not change heredoc to nowdoc token if the start tag contains spaces
  • Fixed bug #1982 : Squiz.Arrays.ArrayDeclaration fixer sometimes puts a comma in front of the last array value
  • Fixed bug #1993 : PSR1/PSR2 not reporting or fixing short open tags
  • Fixed bug #1996 : Custom report paths don't work on case-sensitive filesystems
  • Fixed bug #2006 : Squiz.Functions.FunctionDeclarationArgumentSpacing fixer removes comment between parens when no args
    • The SpacingAfterOpenHint error message has been removed
      • It is replaced by the the existing SpacingAfterOpen message
    • The error message format for the SpacingAfterOpen and SpacingBeforeClose messages has been changed
      • These used to contain 3 pieces of data, but now only contain 2
    • If you have customised the error messages of this sniff, please review your ruleset after upgrading
  • Fixed bug #2018 : Generic.Formatting.MultipleStatementAlignment does see PHP close tag as end of statement block
    • Thanks to Juliette Reinders Folmer for the patch
  • Fixed bug #2027 : PEAR.NamingConventions.ValidFunctionName error when function name includes double underscore
    • Thanks to Juliette Reinders Folmer for the patch

3.2.3

@gsherwood gsherwood released this Feb 20, 2018 · 311 commits to master since this release

  • The new phpcs: comment syntax can now be prefixed with an at symbol ( @phpcs: )
    • This restores the behaviour of the previous syntax where these comments are ignored by doc generators
  • The current PHP version ID is now used to generate cache files
    • This ensures that only cache files generated by the current PHP version are selected
    • This change fixes caching issues when using sniffs that produce errors based on the current PHP version
  • A new Tokens::$phpcsCommentTokens array is now available for sniff developers to detect phpcs: comment syntax
    • Thanks to Juliette Reinders Folmer for the patch
  • Error message codes generated by Generic.CodeAnalysis.EmptyStatement are no longer all-uppercase
    • For example Generic.CodeAnalysis.EmptyStatement.DetectedCATCH becomes Generic.CodeAnalysis.EmptyStatement.DetectedCatch
  • The PEAR.Commenting.FunctionComment.Missing error message now includes the name of the function
    • Thanks to Yorman Arias for the patch
  • The PEAR.Commenting.ClassComment.Missing and Squiz.Commenting.ClassComment.Missing error messages now include the name of the class
    • Thanks to Yorman Arias for the patch
  • PEAR.Functions.FunctionCallSignature now only forces alignment at a specific tab stop while fixing
    • It was enforcing this during checking, but this meant invalid errors if the OpeningIndent message was being muted
    • This fixes incorrect errors when using the PSR2 standard with some code blocks
  • Generic.Files.LineLength now ignores lines that only contain phpcs: annotation comments
    • Thanks to Juliette Reinders Folmer for the patch
  • Generic.Formatting.MultipleStatementAlignment now skips over arrays containing comments
    • Thanks to Juliette Reinders Folmer for the patch
  • Generic.PHP.Syntax now forces display_errors to ON when linting
    • Thanks to Raúl Arellano for the patch
  • PSR2.Namespaces.UseDeclaration has improved syntax error handling and closure detection
    • Thanks to Juliette Reinders Folmer for the patch
  • Squiz.PHP.CommentedOutCode now has improved comment block detection for improved accuracy
    • Thanks to Juliette Reinders Folmer for the patch
  • Squiz.PHP.NonExecutableCode could fatal error while fixing file with syntax error
  • Squiz.PHP.NonExecutableCode now detects unreachable code after a goto statement
    • Thanks to Juliette Reinders Folmer for the patch
  • Squiz.WhiteSpace.LanguageConstructSpacing has improved syntax error handling while fixing
    • Thanks to Juliette Reinders Folmer for the patch
  • Improved phpcs: annotation syntax handling for a number of sniffs
    • Thanks to Juliette Reinders Folmer for the patch
  • Improved auto-fixing of files with incomplete comment blocks for various commenting sniffs
    • Thanks to Juliette Reinders Folmer for the patch
  • Fixed test suite compatibility with PHPUnit 7
  • Fixed bug #1793 : PSR2 forcing exact indent for function call opening statements
  • Fixed bug #1803 : Squiz.WhiteSpace.ScopeKeywordSpacing removes member var name while fixing if no space after scope keyword
  • Fixed bug #1817 : Blank line not enforced after control structure if comment on same line as closing brace
  • Fixed bug #1827 : A phpcs:enable comment is not tokenized correctly if it is outside a phpcs:disable block
    • Thanks to Juliette Reinders Folmer for the patch
  • Fixed bug #1828 : Squiz.WhiteSpace.SuperfluousWhiteSpace ignoreBlankLines property ignores whitespace after single line comments
    • Thanks to Juliette Reinders Folmer for the patch
  • Fixed bug #1840 : When a comment has too many asterisks, phpcbf gives FAILED TO FIX error
  • Fixed bug #1867 : Cant use phpcs:ignore where the next line is HTML
  • Fixed bug #1870 : Invalid warning in multiple assignments alignment with closure or anon class
  • Fixed bug #1890 : Incorrect Squiz.WhiteSpace.ControlStructureSpacing.NoLineAfterClose error between catch and finally statements
  • Fixed bug #1891 : Comment on last USE statement causes false positive for PSR2.Namespaces.UseDeclaration.SpaceAfterLastUse
    • Thanks to Matt Coleman, Daniel Hensby, and Juliette Reinders Folmer for the patch
  • Fixed bug #1901 : Fixed PHPCS annotations in multi-line tab-indented comments + not ignoring whole line for phpcs:set
    • Thanks to Juliette Reinders Folmer for the patch

3.2.2

@gsherwood gsherwood released this Dec 19, 2017 · 444 commits to master since this release

  • Disabled STDIN detection on Windows
    • This fixes a problem with IDE plugins (e.g., PHPStorm) hanging on Windows

3.2.1

@gsherwood gsherwood released this Dec 18, 2017 · 447 commits to master since this release

  • Fixed problems with some scripts and plugins waiting for STDIN
    • This was a notable problem with IDE plugins (e.g., PHPStorm) and build systems
  • Empty diffs are no longer followed by a newline character (request #1781)
  • Generic.Functions.OpeningFunctionBraceKernighanRitchie no longer complains when the open brace is followed by a close tag
    • This makes the sniff more useful when used in templates
    • Thanks to Joseph Zidell for the patch
  • Fixed bug #1782 : Incorrect detection of operator in ternary + anonymous function

3.2.0

@gsherwood gsherwood released this Dec 12, 2017 · 462 commits to master since this release

Comment Syntax Changes

This release deprecates the @codingStandards comment syntax used for sending commands to PHP_CodeSniffer. The existing syntax will continue to work in all version 3 releases, but will be removed in version 4

The comment formats have been replaced by a shorter syntax:

  • @codingStandardsIgnoreFile becomes phpcs:ignoreFile
  • @codingStandardsIgnoreStart becomes phpcs:disable
  • @codingStandardsIgnoreEnd becomes phpcs:enable
  • @codingStandardsIgnoreLine becomes phpcs:ignore
  • @codingStandardsChangeSetting becomes phpcs:set

The new syntax allows for additional developer comments to be added after a -- separator. This is useful for describing why a code block is being ignored, or why a setting is being changed. E.g., // phpcs:disable -- This code block must be left as-is.

Comments using the new syntax are assigned new comment token types to allow them to be detected:

  • phpcs:ignoreFile has the token T_PHPCS_IGNORE_FILE
  • phpcs:disable has the token T_PHPCS_DISABLE
  • phpcs:enable has the token T_PHPCS_ENABLE
  • phpcs:ignore has the token T_PHPCS_IGNORE
  • phpcs:set has the token T_PHPCS_SET

Other Changes

  • The phpcs:disable and phpcs:ignore comments can now selectively ignore specific sniffs (request #604)
    • E.g., // phpcs:disable Generic.Commenting.Todo.Found for a specific message
    • E.g., // phpcs:disable Generic.Commenting.Todo for a whole sniff
    • E.g., // phpcs:disable Generic.Commenting for a whole category of sniffs
    • E.g., // phpcs:disable Generic for a whole standard
    • Multiple sniff codes can be specified by comma separating them
      • E.g., // phpcs:disable Generic.Commenting.Todo,PSR1.Files
  • @codingStandardsIgnoreLine comments now only ignore the following line if they are on a line by themselves
    • If they are at the end of an existing line, they will only ignore the line they are on
    • Stops some lines from accidentally being ignored
    • Same rule applies for the new phpcs:ignore comment syntax
  • PSR1.Files.SideEffects now respects the new phpcs:disable comment syntax
    • The sniff will no longer check any code that is between phpcs:disable and phpcs:enable comments
    • The sniff does not support phpcs:ignore; you must wrap code structures with disable/enable comments
    • Previously, there was no way to have this sniff ignore parts of a file
  • Fixed a problem where PHPCS would sometimes hang waiting for STDIN, or read incomplete versions of large files
    • Thanks to Arne Jørgensen for the patch
  • Array properties specified in ruleset files now have their keys and values trimmed
    • This saves having to do this in individual sniffs and stops errors introduced by whitespace in rulesets
    • Thanks to Juliette Reinders Folmer for the patch
  • Added phpcs.xsd to allow validation of ruleset XML files
    • Thanks to Renaat De Muynck for the contribution
  • File paths specified using --stdin-path can now point to fake file locations (request #1488)
    • Previously, STDIN files using fake file paths were excluded from checking
  • Setting an empty basepath (--basepath=) on the CLI will now clear a basepath set directly in a ruleset
    • Thanks to Xaver Loppenstedt for the patch
  • Ignore patterns are now checked on symlink target paths instead of symlink source paths
    • Restores previous behaviour of this feature
  • Metrics were being double counted when multiple sniffs were recording the same metric
  • Added support for bash process substitution
    • Thanks to Scott Dutton for the contribution
  • Files included in the cache file code hash are now sorted to aid in cache file reuse across servers
  • Windows BAT files can now be used outside a PEAR install
    • You must have the path to PHP set in your PATH environment variable
    • Thanks to Joris Debonnet for the patch
  • The JS unsigned right shift assignment operator is now properly classified as an assignment operator
    • Thanks to Juliette Reinders Folmer for the patch
  • The AbstractVariableSniff abstract sniff now supports anonymous classes and nested functions
    • Also fixes an issue with Squiz.Scope.MemberVarScope where member vars of anonymous classes were not being checked
  • Added AbstractArraySniff to make it easier to create sniffs that check array formatting
    • Allows for checking of single and multi line arrays easily
    • Provides a parsed structure of the array including positions of keys, values, and double arrows
  • Added Generic.Arrays.ArrayIndent to enforce a single tab stop indent for array keys in multi-line arrays
    • Also ensures the close brace is on a new line and indented to the same level as the original statement
    • Allows for the indent size to be set using an indent property of the sniff
  • Added Generic.PHP.DiscourageGoto to warn about the use of the GOTO language construct
    • Thanks to Juliette Reinders Folmer for the contribution
  • Generic.Debug.ClosureLinter was not running the gjslint command
    • Thanks to Michał Bundyra for the patch
  • Generic.WhiteSpace.DisallowSpaceIndent now fixes space indents in multi-line block comments
    • Thanks to Juliette Reinders Folmer for the patch
  • Generic.WhiteSpace.DisallowSpaceIndent now fixes mixed space/tab indents more accurately
    • Thanks to Juliette Reinders Folmer for the patch
  • Generic.WhiteSpace.DisallowTabIndent now fixes tab indents in multi-line block comments
    • Thanks to Juliette Reinders Folmer for the patch
  • PEAR.Functions.FunctionDeclaration no longer errors when a function declaration is the first content in a JS file
    • Thanks to Juliette Reinders Folmer for the patch
  • PEAR.Functions.FunctionCallSignature now requires the function name to be indented to an exact tab stop
    • If the function name is not the start of the statement, the opening statement must be indented correctly instead
    • Added a new fixable error code PEAR.Functions.FunctionCallSignature.OpeningIndent for this error
  • Squiz.Functions.FunctionDeclarationArgumentSpacing is no longer confused about comments in function declarations
    • Thanks to Juliette Reinders Folmer for the patch
  • Squiz.PHP.NonExecutableCode error messages now indicate which line the code block ending is on
    • Makes it easier to identify where the code block exited or returned
    • Thanks to Juliette Reinders Folmer for the patch
  • Squiz.Commenting.FunctionComment now supports nullable type hints
  • Squiz.Commenting.FunctionCommentThrowTag no longer assigns throw tags inside anon classes to the enclosing function
  • Squiz.WhiteSpace.SemicolonSpacing now ignores semicolons used for empty statements inside FOR conditions
    • Thanks to Juliette Reinders Folmer for the patch
  • Squiz.ControlStructures.ControlSignature now allows configuring the number of spaces before the colon in alternative syntax
    • Override the requiredSpacesBeforeColon setting in a ruleset.xml file to change
    • Default remains at 1
    • Thanks to Nikola Kovacs for the patch
  • The Squiz standard now ensures array keys are indented 4 spaces from the main statement
    • Previously, this standard aligned keys 1 space from the start of the array keyword
  • The Squiz standard now ensures array end braces are aligned with the main statement
    • Previously, this standard aligned the close brace with the start of the array keyword
  • The standard for PHP_CodeSniffer itself now enforces short array syntax
  • The standard for PHP_CodeSniffer itself now uses the Generic.Arrays/ArrayIndent sniff rules
  • Improved fixer conflicts and syntax error handling for a number of sniffs
    • Thanks to Juliette Reinders Folmer for the patch
  • Fixed bug #1462 : Error processing cyrillic strings in Tokenizer
  • Fixed bug #1573 : Squiz.WhiteSpace.LanguageConstructSpacing does not properly check for tabs and newlines
    • Thanks to Michał Bundyra for the patch
  • Fixed bug #1590 : InlineControlStructure CBF issue while adding braces to an if thats returning a nested function
  • Fixed bug #1718 : Unclosed strings at EOF sometimes tokenized as T_WHITESPACE by the JS tokenizer
  • Fixed bug #1731 : Directory exclusions do not work as expected when a single file name is passed to phpcs
  • Fixed bug #1737 : Squiz.CSS.EmptyStyleDefinition sees comment as style definition and fails to report error
  • Fixed bug #1746 : Very large reports can sometimes become garbled when using the parallel option
  • Fixed bug #1747 : Squiz.Scope.StaticThisUsage incorrectly looking inside closures
  • Fixed bug #1757 : Unknown type hint "object" in Squiz.Commenting.FunctionComment
  • Fixed bug #1758 : PHPCS gets stuck creating file list when processing circular symlinks
  • Fixed bug #1761 : Generic.WhiteSpace.ScopeIndent error on multi-line function call with static closure argument
  • Fixed bug #1762 : Generic.WhiteSpace.Disallow[Space/Tab]Indent not inspecting content before open tag
    • Thanks to Juliette Reinders Folmer for the patch
  • Fixed bug #1769 : Custom "define" function triggers a warning about declaring new symbols
  • Fixed bug #1776 : Squiz.Scope.StaticThisUsage incorrectly looking inside anon classes
  • Fixed bug #1777 : Generic.WhiteSpace.ScopeIndent incorrect indent errors when self called function proceeded by comme

3.1.1

@gsherwood gsherwood released this Oct 16, 2017 · 602 commits to master since this release

  • Restored preference of non-dist files over dist files for phpcs.xml and phpcs.xml.dist
    • The order that the files are searched is now: .phpcs.xml, phpcs.xml, .phpcs.xml.dist, phpcs.xml.dist
    • Thanks to Juliette Reinders Folmer for the patch
  • Progress output now correctly shows skipped files
  • Progress output now shows 100% when the file list has finished processing (request #1697)
  • Stopped some IDEs complaining about testing class aliases
    • Thanks to Vytautas Stankus for the patch
  • Squiz.Commenting.InlineComment incorrectly identified comment blocks in some cases, muting some errors
    • Thanks to Juliette Reinders Folmer for the patch
  • Fixed bug #1512 : PEAR.Functions.FunctionCallSignature enforces spaces when no arguments if required spaces is not 0
  • Fixed bug #1522 : Squiz Arrays.ArrayDeclaration and Strings.ConcatenationSpacing fixers causing parse errors with here/nowdocs
  • Fixed bug #1570 : Squiz.Arrays.ArrayDeclaration fixer removes comments between array keyword and open parentheses
  • Fixed bug #1604 : File::isReference has problems with some bitwise operators and class property references
    • Thanks to Juliette Reinders Folmer for the patch
  • Fixed bug #1645 : Squiz.Commenting.InlineComment will fail to fix comments at the end of the file
    • Thanks to Juliette Reinders Folmer for the patch
  • Fixed bug #1656 : Using the --sniffs argument has a problem with case sensitivity
  • Fixed bug #1657 : Uninitialized string offset: 0 when sniffing CSS
  • Fixed bug #1669 : Temporary expression proceeded by curly brace is detected as function call
  • Fixed bug #1681 : Huge arrays are super slow to scan with Squiz.Arrays.ArrayDeclaration sniff
  • Fixed bug #1694 : Squiz.Arrays.ArrayBracketSpacing is removing some comments during fixing
    • Thanks to Juliette Reinders Folmer for the patch
  • Fixed bug #1702 : Generic.WhiteSpaceDisallowSpaceIndent fixer bug when line only contains superfluous whitespace

3.1.0

@gsherwood gsherwood released this Sep 19, 2017 · 645 commits to master since this release

Unit Test Changes

  • This release includes a change to support newer versions of PHPUnit (versions 4, 5, and 6 are now supported)
    • The custom PHP_CodeSniffer test runner now requires a bootstrap file
    • Developers with custom standards using the PHP_CodeSniffer test runner will need to do one of the following:
      • run your unit tests from the PHP_CodeSniffer root dir so the bootstrap file is included
      • specify the PHP_CodeSniffer bootstrap file on the command line: phpunit --bootstrap=/path/to/phpcs/tests/bootstrap.php
      • require the PHP_CodeSniffer bootstrap file from your own bootstrap file
    • If you don't run PHP_CodeSniffer unit tests, this change will not affect you
    • Thanks to Juliette Reinders Folmer for the patch

Other Changes

  • A phpcs.xml or phpcs.xml.dist file now takes precedence over the default_standard config setting
    • Thanks to Björn Fischer for the patch
  • Both phpcs.xml and phpcs.xml.dist files can now be prefixed with a dot (request #1566)
    • The order that the files are searched is: .phpcs.xml, .phpcs.xml.dist, phpcs.xml, phpcs.xml.dist
  • The autoloader will now search for files during unit tests runs from the same locations as during normal phpcs runs
    • Allows for easier unit testing of custom standards that use helper classes or custom namespaces
  • Include patterns for sniffs now use OR logic instead of AND logic
    • Previously, a file had to be in each of the include patterns to be processed by a sniff
    • Now, a file has to only be in at least one of the patterns
    • This change reflects the original intention of the feature
  • PHPCS will now follow symlinks under the list of checked directories
    • This previously only worked if you specified the path to a symlink on the command line
  • Output from --config-show, --config-set, and --config-delete now includes the path to the loaded config file
  • PHPCS now cleanly exits if its config file is not readable
    • Previously, a combination of PHP notices and PHPCS errors would be generated
  • Comment tokens that start with /** are now always tokenized as docblocks
    • Thanks to Michał Bundyra for the patch
  • The PHP-supplied T_YIELD and T_YIELD_FROM tokens have been replicated for older PHP versions
    • Thanks to Michał Bundyra for the patch
  • Added new Generic.CodeAnalysis.AssignmentInCondition sniff to warn about variable assignments inside conditions
    • Thanks to Juliette Reinders Folmer for the contribution
  • Added Generic.Files.OneObjectStructurePerFile sniff to ensure there is a single class/interface/trait per file
    • Thanks to Mponos George for the contribution
  • Function call sniffs now check variable function names and self/static object creation
    • Specific sniffs are Generic.Functions.FunctionCallArgumentSpacing, PEAR.Functions.FunctionCallSignature, and PSR2.Methods.FunctionCallSignature
    • Thanks to Michał Bundyra for the patch
  • Generic.Files.LineLength can now be configured to ignore all comment lines, no matter their length
    • Set the ignoreComments property to TRUE (default is FALSE) in your ruleset.xml file to enable this
    • Thanks to Juliette Reinders Folmer for the patch
  • Generic.PHP.LowerCaseKeyword now checks self, parent, yield, yield from, and closure (function) keywords
    • Thanks to Michał Bundyra for the patch
  • PEAR.Functions.FunctionDeclaration now removes a blank line if it creates one by moving the curly brace during fixing
  • Squiz.Commenting.FunctionCommentThrowTag now supports PHP 7.1 multi catch exceptions
  • Squiz.Formatting.OperatorBracket no longer throws errors for PHP 7.1 multi catch exceptions
  • Squiz.Commenting.LongConditionClosingComment now supports finally statements
  • Squiz.Formatting.OperatorBracket now correctly fixes pipe separated flags
  • Squiz.Formatting.OperatorBracket now correctly fixes statements containing short array syntax
  • Squiz.PHP.EmbeddedPhp now properly fixes cases where the only content in an embedded PHP block is a comment
    • Thanks to Juliette Reinders Folmer for the patch
  • Squiz.WhiteSpace.ControlStructureSpacing now ignores comments when checking blank lines at the top of control structures
  • Squiz.WhiteSpace.ObjectOperatorSpacing now detects and fixes spaces around double colons
    • Thanks to Julius Šmatavičius for the patch
  • Squiz.WhiteSpace.MemberVarSpacing can now be configured to check any number of blank lines between member vars
    • Set the spacing property (default is 1) in your ruleset.xml file to set the spacing
  • Squiz.WhiteSpace.MemberVarSpacing can now be configured to check a different number of blank lines before the first member var
    • Set the spacingBeforeFirst property (default is 1) in your ruleset.xml file to set the spacing
  • Added a new PHP_CodeSniffer\Util\Tokens::$ooScopeTokens static member var for quickly checking object scope
    • Includes T_CLASS, T_ANON_CLASS, T_INTERFACE, and T_TRAIT
    • Thanks to Juliette Reinders Folmer for the patch
  • PHP_CodeSniffer\Files\File::findExtendedClassName() now supports extended interfaces
    • Thanks to Martin Hujer for the patch
  • Fixed bug #1550 : Squiz.Commenting.FunctionComment false positive when function contains closure
  • Fixed bug #1577 : Generic.InlineControlStructureSniff breaks with a comment between body and condition in do while loops
  • Fixed bug #1581 : Sniffs not loaded when one-standard directories are being registered in installed_paths
  • Fixed bug #1591 : Autoloader failing to load arbitrary files when installed_paths only set via a custom ruleset
  • Fixed bug #1605 : Squiz.WhiteSpace.OperatorSpacing false positive on unary minus after comment
    • Thanks to Juliette Reinders Folmer for the patch
  • Fixed bug #1615 : Uncaught RuntimeException when phpcbf fails to fix files
  • Fixed bug #1637 : Generic.WhiteSpaceScopeIndent closure argument indenting incorrect with multi-line strings
  • Fixed bug #1638 : Squiz.WhiteSpace.ScopeClosingBrace closure argument indenting incorrect with multi-line strings
  • Fixed bug #1640 : Squiz.Strings.DoubleQuoteUsage replaces tabs with spaces when fixing
    • Thanks to Juliette Reinders Folmer for the patch

3.0.2

@gsherwood gsherwood released this Jul 18, 2017 · 756 commits to master since this release

  • Fixed a problem where the source report was not printing the correct number of errors found
  • Fixed a problem where the --cache=/path/to/cachefile CLI argument was not working
  • The code report now gracefully handles tokenizer exceptions
  • The phpcs and phpcbf scripts are now the only places that exit() in the code
    • This allows for easier usage of core PHPCS functions from external scripts
    • If you are calling Runner::runPHPCS() or Runner::runPHPCBF() directly, you will get back the full range of exit codes
    • If not, catch the new DeepExitException to get the error message ($e->getMessage()) and exit code ($e->getCode())
  • NOWDOC tokens are now considered conditions, just as HEREDOC tokens are
    • This makes it easier to find the start and end of a NOWDOC from any token within it
    • Thanks to Michał Bundyra for the patch
  • Custom autoloaders are now only included once in case multiple standards are using the same one
    • Thanks to Juliette Reinders Folmer for the patch
  • Improved tokenizing of fallthrough CASE and DEFAULT statements that share a closing statement and use curly braces
  • Improved the error message when Squiz.ControlStructures.ControlSignature detects a newline after the closing parenthesis
  • Fixed bug #1465 : Generic.WhiteSpace.ScopeIndent reports incorrect errors when indenting double arrows in short arrays
  • Fixed bug #1478 : Indentation in fallthrough CASE that contains a closure
  • Fixed bug #1497 : Fatal error if composer prepend-autoloader is set to false
    • Thanks to Kunal Mehta for the patch
  • Fixed bug #1503 : Alternative control structure syntax not always recognized as scoped
  • Fixed bug #1523 : Fatal error when using the --suffix argument
    • Thanks to Juliette Reinders Folmer for the patch
  • Fixed bug #1526 : Use of basepath setting can stop PHPCBF being able to write fixed files
  • Fixed bug #1530 : Generic.WhiteSpace.ScopeIndent can increase indent too much for lines within code blocks
  • Fixed bug #1547 : Wrong token type for backslash in use function
    • Thanks to Michał Bundyra for the patch
  • Fixed bug #1549 : Squiz.PHP.EmbeddedPhp fixer conflict with // comment before PHP close tag
    • Thanks to Juliette Reinders Folmer for the patch
  • Fixed bug #1560 : Squiz.Commenting.FunctionComment fatal error when fixing additional param comment lines that have no indent

3.0.1

@gsherwood gsherwood released this Jun 14, 2017 · 792 commits to master since this release

Security Advisory

  • This release contains a fix for a security advisory related to the improper handling of a shell command
    • A properly crafted filename would allow for arbitrary code execution when using the --filter=gitmodified command line option
    • All version 3 users are encouraged to upgrade to this version, especially if you are checking 3rd-party code
      • e.g., you run PHPCS over libraries that you did not write
      • e.g., you provide a web service that runs PHPCS over user-uploaded files or 3rd-party repositories
      • e.g., you allow external tool paths to be set by user-defined values
    • If you are unable to upgrade but you check 3rd-party code, ensure you are not using the Git modified filter
    • This advisory does not affect PHP_CodeSniffer version 2.
    • Thanks to Sergei Morozov for the report and patch

Other Changes

  • Arguments on the command line now override or merge with those specified in a ruleset.xml file in all cases
  • PHPCS now stops looking for a phpcs.xml file as soon as one is found, favoring the closest one to the current dir
  • Added missing help text for the --stdin-path CLI option to --help
  • Re-added missing help text for the --file-list and --bootstrap CLI options to --help
  • Runner::runPHPCS() and Runner::runPHPCBF() now return an exit code instead of exiting directly (request #1484)
  • The Squiz standard now enforces short array syntax by default
  • The autoloader is now working correctly with classes created with class_alias()
  • The autoloader will now search for files inside all directories in the installed_paths config var
    • This allows autoloading of files inside included custom coding standards without manually requiring them
  • You can now specify a namespace for a custom coding standard, used by the autoloader to load non-sniff helper files
    • Also used by the autoloader to help other standards directly include sniffs for your standard
    • Set the value to the namespace prefix you are using for sniff files (everything up to \Sniffs\)
    • e.g., if your namespace format is MyProject\CS\Standard\Sniffs\Category set the namespace to MyProject\CS\Standard
    • If omitted, the namespace is assumed to be the same as the directory name containing the ruleset.xml file
    • The namespace is set in the ruleset tag of the ruleset.xml file
    • e.g., <ruleset name="My Coding Standard" namespace="MyProject\CS\Standard">
  • Rulesets can now specify custom autoloaders using the new autoload tag
    • Autoloaders are included while the ruleset is being processed and before any custom sniffs are included
    • Allows for very custom autoloading of helper classes well before the bootstrap files are included
  • The PEAR standard now includes Squiz.Commenting.DocCommentAlignment
    • It previously broke comments onto multiple lines, but didn't align them
  • Fixed a problem where excluding a message from a custom standard's own sniff would exclude the whole sniff
    • This caused some PSR2 errors to be under-reported
  • Fixed bug #1442 : T_NULLABLE detection not working for nullable parameters and return type hints in some cases
  • Fixed bug #1447 : Running the unit tests with a phpunit config file breaks the test suite
    • Unknown arguments were not being handled correctly, but are now stored in $config->unknown
  • Fixed bug #1449 : Generic.Classes.OpeningBraceSameLine doesn't detect comment before opening brace
    • Thanks to Juliette Reinders Folmer for the patch
  • Fixed bug #1450 : Coding standard located under an installed_path with the same directory name throws an error
    • Thanks to Juliette Reinders Folmer for the patch
  • Fixed bug #1451 : Sniff exclusions/restrictions dont work with custom sniffs unless they use the PHP_CodeSniffer NS
  • Fixed bug #1454 : Squiz.WhiteSpace.OperatorSpacing is not checking spacing on either side of a short ternary operator
    • Thanks to Mponos George for the patch
  • Fixed bug #1495 : Setting an invalid installed path breaks all commands
  • Fixed bug #1496 : Squiz.Strings.DoubleQuoteUsage not unescaping dollar sign when fixing
    • Thanks to Michał Bundyra for the patch
  • Fixed bug #1501 : Interactive mode is broken
  • Fixed bug #1504 : PSR2.Namespaces.UseDeclaration hangs fixing use statement with no trailing code

2.9.1

@gsherwood gsherwood released this May 22, 2017 · 1446 commits to master since this release

  • Fixed bug #1442 : T_NULLABLE detection not working for nullable parameters and return type hints in some cases
  • Fixed bug #1448 : Generic.Classes.OpeningBraceSameLine doesn't detect comment before opening brace
    • Thanks to Juliette Reinders Folmer for the patch