Skip to content

Commit d4381a9

Browse files
PDowneyPDowney
committed
Fixes
1 parent fd7567b commit d4381a9

6 files changed

Lines changed: 17 additions & 236 deletions

File tree

.github/workflows/continuous-integration.yml

Lines changed: 0 additions & 187 deletions
This file was deleted.

.github/workflows/wp-compatibility-test.yml

Lines changed: 3 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -156,22 +156,10 @@ jobs:
156156
dependency-versions: highest
157157
composer-options: "--prefer-dist --no-progress"
158158

159-
- name: Install WordPress Coding Standards
159+
- name: Verify PHPCS standards
160160
run: |
161-
# Install PHPCS and WordPress Coding Standards using the dealerdirect installer
162-
composer global config allow-plugins.dealerdirect/phpcodesniffer-composer-installer true
163-
composer global require --dev squizlabs/php_codesniffer:"^3.13.5"
164-
composer global require --dev wp-coding-standards/wpcs:"^3.3"
165-
composer global require --dev phpcompatibility/php-compatibility:"^9.3"
166-
composer global require --dev phpcompatibility/phpcompatibility-wp:"^2.1"
167-
composer global require --dev automattic/vipwpcs:"^3.0.1"
168-
composer global require --dev dealerdirect/phpcodesniffer-composer-installer:"^1.2"
169-
170-
# Add composer bin to PATH
171-
echo "$HOME/.composer/vendor/bin" >> $GITHUB_PATH
172-
173-
# Verify installation and show available standards
174-
phpcs -i
161+
# Verify the project-local PHPCS installation and registered standards.
162+
vendor/bin/phpcs -i
175163
176164
- name: Run PHPCS
177165
run: |
@@ -433,8 +421,6 @@ jobs:
433421
<directory name="." />
434422
<ignoreFiles>
435423
<directory name="vendor" />
436-
<directory name="tests" />
437-
<directory name="node_modules" />
438424
</ignoreFiles>
439425
</projectFiles>
440426
</psalm>

includes/archive.php

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -307,7 +307,13 @@ function sse_write_engine_script_manifest( array $bundle_paths, string $site_ide
307307
]
308308
) . "\n";
309309

310-
if ( false === file_put_contents( $bundle_paths['manifest_path'], $manifest_content ) ) { // phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_file_put_contents -- Writing generated local manifest into staging directory.
310+
$filesystem_init = sse_init_filesystem();
311+
if ( is_wp_error( $filesystem_init ) ) {
312+
return $filesystem_init;
313+
}
314+
315+
global $wp_filesystem;
316+
if ( ! $wp_filesystem->put_contents( $bundle_paths['manifest_path'], $manifest_content, FS_CHMOD_FILE ) ) {
311317
return new WP_Error( 'manifest_write_failed', __( 'Could not write EngineScript export manifest.', 'enginescript-site-exporter' ) );
312318
}
313319

includes/helpers.php

Lines changed: 3 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -16,16 +16,9 @@
1616
* @return string Client IP address or 'unknown' if not available.
1717
*/
1818
function sse_get_client_ip(): string {
19-
// WordPress-style IP detection with validation.
20-
$client_ip = 'unknown';
19+
$client_ip = filter_input( INPUT_SERVER, 'REMOTE_ADDR', FILTER_VALIDATE_IP );
2120

22-
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotValidated -- $_SERVER['REMOTE_ADDR'] is safe for IP logging when properly sanitized
23-
if ( isset( $_SERVER['REMOTE_ADDR'] ) ) {
24-
$client_ip = sanitize_text_field( wp_unslash( $_SERVER['REMOTE_ADDR'] ) );
25-
}
26-
27-
// Basic IP validation.
28-
if ( filter_var( $client_ip, FILTER_VALIDATE_IP ) !== false ) {
21+
if ( is_string( $client_ip ) ) {
2922
return $client_ip;
3023
}
3124

@@ -187,7 +180,7 @@ function sse_wp_die( string $message, int $response = 500 ): void {
187180
esc_html( $message ),
188181
'',
189182
[
190-
'response' => $response,
183+
'response' => absint( $response ),
191184
]
192185
);
193186
}

phpcs.xml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -109,10 +109,11 @@
109109
<include-pattern>*\.php$</include-pattern>
110110
</rule>
111111

112-
<!-- PHPCSExtra rules for additional code quality checks -->
113-
<rule ref="PHPCSExtra">
112+
<!-- PHPCSExtra standards for additional code quality checks -->
113+
<rule ref="Modernize">
114114
<exclude name="Modernize.FunctionCalls.Dirname.Nested"/>
115115
</rule>
116+
<rule ref="NormalizedArrays"/>
116117

117118
<!-- Set minimum WordPress version for deprecated function checks -->
118119
<config name="minimum_wp_version" value="6.8"/>

phpmd.xml

Lines changed: 1 addition & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -147,22 +147,4 @@
147147
<!-- For spacing enforcement, use PHPCS with WordPress standards instead -->
148148
<!-- This PHPMD config focuses on code quality and WordPress-compatible naming -->
149149

150-
<!-- Custom WordPress-specific rules -->
151-
<rule name="WordPressSecurityRule"
152-
message="Use WordPress sanitization functions for user input"
153-
class="net.sourceforge.pmd.lang.rule.XPathRule">
154-
<description>
155-
Ensure WordPress sanitization functions are used for user input
156-
</description>
157-
<properties>
158-
<property name="xpath">
159-
<value>
160-
//FunctionCall[FunctionName/@Image='$_GET' or FunctionName/@Image='$_POST' or FunctionName/@Image='$_REQUEST']
161-
[not(ancestor::FunctionCall[FunctionName/@Image='sanitize_text_field' or FunctionName/@Image='wp_unslash' or FunctionName/@Image='esc_html' or FunctionName/@Image='esc_attr'])]
162-
</value>
163-
</property>
164-
</properties>
165-
<priority>2</priority>
166-
</rule>
167-
168-
</ruleset>
150+
</ruleset>

0 commit comments

Comments
 (0)