@@ -155,7 +155,7 @@ jobs:
155155name : Run PHPCS
156156 run : |
157157 # Use WordPress-Core standard which has fewer dependencies
158- phpcs --standard=WordPress-extra --extensions=php --ignore=vendor,tests,node_modules . || exit 0
158+ phpcs --standard=WordPress-extra --extensions=php --ignore=vendor,tests,node_modules,.github,.vscode . || exit 0
159159
160160name : Create issue on PHPCS failure
161161 if : ${{ failure() }}
@@ -226,6 +226,7 @@ jobs:
226226 <exclude-pattern>*/languages/*</exclude-pattern>
227227 <exclude-pattern>*/.git/*</exclude-pattern>
228228 <exclude-pattern>*/.github/*</exclude-pattern>
229+ <exclude-pattern>*/.vscode/*</exclude-pattern>
229230 <exclude-pattern>*.js</exclude-pattern>
230231 <exclude-pattern>*.css</exclude-pattern>
231232
@@ -474,41 +475,41 @@ jobs:
474475 echo "🔍 Checking for common security issues..."
475476
476477 # Check for potential SQL injection patterns
477- if grep -r "mysql_query\|mysqli_query" --include="*.php" . 2>/dev/null; then
478+ if grep -r "mysql_query\|mysqli_query" --include="*.php" --exclude-dir=.github --exclude-dir=.vscode . 2>/dev/null; then
478479 echo "⚠️ Warning: Direct database queries found - ensure proper sanitization"
479480 fi
480481
481482 # Check for potential XSS vulnerabilities (missing escaping)
482- if grep -r "echo \$_\|print \$_" --include="*.php" . 2>/dev/null; then
483+ if grep -r "echo \$_\|print \$_" --include="*.php" --exclude-dir=.github --exclude-dir=.vscode . 2>/dev/null; then
483484 echo "⚠️ Warning: Potential XSS vulnerability - ensure output is escaped"
484485 fi
485486
486487 # Check for file inclusion vulnerabilities
487- if grep -r "include.*\$_\|require.*\$_" --include="*.php" . 2>/dev/null; then
488+ if grep -r "include.*\$_\|require.*\$_" --include="*.php" --exclude-dir=.github --exclude-dir=.vscode . 2>/dev/null; then
488489 echo "⚠️ Warning: Potential file inclusion vulnerability found"
489490 fi
490491
491492 # Check for eval() usage (security risk)
492- if grep -r "eval(" --include="*.php" . 2>/dev/null; then
493+ if grep -r "eval(" --include="*.php" --exclude-dir=.github --exclude-dir=.vscode . 2>/dev/null; then
493494 echo "⚠️ Warning: eval() function usage detected - security risk"
494495 fi
495496
496497 # Check for proper nonce usage
497- if grep -r "wp_nonce_field\|wp_verify_nonce" --include="*.php" . >/dev/null 2>&1; then
498+ if grep -r "wp_nonce_field\|wp_verify_nonce" --include="*.php" --exclude-dir=.github --exclude-dir=.vscode . >/dev/null 2>&1; then
498499 echo "✅ WordPress nonce usage detected - good security practice"
499500 else
500501 echo "ℹ️ Info: Consider adding WordPress nonces for form security"
501502 fi
502503
503504 # Check for proper sanitization functions
504- if grep -r "sanitize_\|esc_" --include="*.php" . >/dev/null 2>&1; then
505+ if grep -r "sanitize_\|esc_" --include="*.php" --exclude-dir=.github --exclude-dir=.vscode . >/dev/null 2>&1; then
505506 echo "✅ WordPress sanitization functions detected - good security practice"
506507 else
507508 echo "⚠️ Warning: Limited use of WordPress sanitization functions"
508509 fi
509510
510511 # Check for capability checks
511- if grep -r "current_user_can\|user_can" --include="*.php" . >/dev/null 2>&1; then
512+ if grep -r "current_user_can\|user_can" --include="*.php" --exclude-dir=.github --exclude-dir=.vscode . >/dev/null 2>&1; then
512513 echo "✅ WordPress capability checks detected - good security practice"
513514 else
514515 echo "ℹ️ Info: Consider adding user capability checks where appropriate"
@@ -528,6 +529,58 @@ jobs:
528529 filename : .github/ISSUE_TEMPLATE/security-failure.md
529530 update_existing : false
530531
532+ phpstan-wordpress :
533+ name : PHPStan for WordPress (PHP 8.3)
534+ runs-on : ubuntu-latest
535+ steps :
536+ - name : Checkout code
537+ uses : actions/checkout@v5
538+ with :
539+ # Always fetch the latest commit, disable any caching
540+ fetch-depth : 0
541+ clean : true
542+
543+ - name : Setup PHP 8.3
544+ uses : shivammathur/setup-php@v2
545+ with :
546+ php-version : ' 8.3'
547+ extensions : mysqli, curl, zip, intl, gd, mbstring, fileinfo, xml
548+ coverage : none
549+ tools : composer:v2
550+
551+ - name : Clear any existing composer cache
552+ run : |
553+ composer clear-cache || true
554+ rm -rf vendor/ composer.lock || true
555+
556+ name : Install Composer dependencies (no cache)
557+ run : |
558+ composer install --prefer-dist --no-progress --no-cache
559+
560+ name : Verify phpstan.neon content
561+ run : |
562+ echo "=== Current phpstan.neon content ==="
563+ cat phpstan.neon
564+ echo "=== End phpstan.neon content ==="
565+
566+ name : PHPStan for WordPress Analysis
567+ run : |
568+ echo "Running PHPStan analysis with WordPress stubs..."
569+ vendor/bin/phpstan analyse --no-progress --error-format=table
570+ echo "✅ PHPStan analysis completed successfully!"
571+
572+ name : Create issue on PHPStan failure
573+ if : ${{ failure() }}
574+ uses : JasonEtco/create-an-issue@v2
575+ env :
576+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
577+ PHP_VERSION : ' 8.3'
578+ RUN_ID : ${{ github.run_id }}
579+ WORKFLOW_URL : ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
580+ with :
581+ filename : .github/ISSUE_TEMPLATE/phpstan-failure.md
582+ update_existing : false
583+
531584 wp-version-test :
532585 name : Test WordPress ${{ matrix.wp-version }} with PHP ${{ matrix.php-version }}
533586 runs-on : ubuntu-latest
@@ -812,56 +865,4 @@ jobs:
812865 WORKFLOW_URL : ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
813866 with :
814867 filename : .github/ISSUE_TEMPLATE/wp-version-test-failure.md
815- update_existing : false
816-
817- phpstan-wordpress :
818- name : PHPStan for WordPress (PHP 8.3)
819- runs-on : ubuntu-latest
820- steps :
821- - name : Checkout code
822- uses : actions/checkout@v5
823- with :
824- # Always fetch the latest commit, disable any caching
825- fetch-depth : 0
826- clean : true
827-
828- - name : Setup PHP 8.3
829- uses : shivammathur/setup-php@v2
830- with :
831- php-version : ' 8.3'
832- extensions : mysqli, curl, zip, intl, gd, mbstring, fileinfo, xml
833- coverage : none
834- tools : composer:v2
835-
836- - name : Clear any existing composer cache
837- run : |
838- composer clear-cache || true
839- rm -rf vendor/ composer.lock || true
840-
841- name : Install Composer dependencies (no cache)
842- run : |
843- composer install --prefer-dist --no-progress --no-cache
844-
845- name : Verify phpstan.neon content
846- run : |
847- echo "=== Current phpstan.neon content ==="
848- cat phpstan.neon
849- echo "=== End phpstan.neon content ==="
850-
851- name : PHPStan for WordPress Analysis
852- run : |
853- echo "Running PHPStan analysis with WordPress stubs..."
854- vendor/bin/phpstan analyse --no-progress --error-format=table
855- echo "✅ PHPStan analysis completed successfully!"
856-
857- name : Create issue on PHPStan failure
858- if : ${{ failure() }}
859- uses : JasonEtco/create-an-issue@v2
860- env :
861- GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
862- PHP_VERSION : ' 8.3'
863- RUN_ID : ${{ github.run_id }}
864- WORKFLOW_URL : ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
865- with :
866- filename : .github/ISSUE_TEMPLATE/phpstan-failure.md
867868 update_existing : false
0 commit comments