Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions WordPress/Helpers/WPDBTrait.php
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
use PHP_CodeSniffer\Util\Tokens;
use PHPCSUtils\BackCompat\BCFile;
use PHPCSUtils\Tokens\Collections;
use WordPressCS\WordPress\Helpers\ContextHelper;

/**
* Helper utilities for sniffs which examine WPDB method calls.
Expand Down Expand Up @@ -79,6 +80,11 @@ final protected function is_wpdb_method_call( File $phpcsFile, $stackPtr, array
return false;
}

// If calling the method statically, ensure we are calling the global wpdb class.
if ( \T_STRING === $tokens[ $stackPtr ]['code'] && ContextHelper::is_token_namespaced( $phpcsFile, $stackPtr ) ) {
return false;
}

$methodPtr = $phpcsFile->findNext( Tokens::$emptyTokens, ( $is_object_call + 1 ), null, true, null, true );
if ( false === $methodPtr ) {
return false;
Expand Down
14 changes: 14 additions & 0 deletions WordPress/Tests/DB/PreparedSQLPlaceholdersUnitTest.inc
Original file line number Diff line number Diff line change
Expand Up @@ -518,3 +518,17 @@ $where = $wpdb->prepare(
*/
$callback = $wpdb->prepare(...); // OK.

/*
* Safeguard correct handling of all types of namespaced calls to the wpdb::prepare() method.
*
* Note that calling wpdb::prepare() statically will result in an error. Still, the tests are included here since the
* sniff handles those calls.
*
* Related to: https://github.com/WordPress/WordPress-Coding-Standards/issues/2710.
*/
$sql = \wpdb::prepare( "SELECT * FROM $wpdb->users WHERE id = %d AND user_login = %s" ); // Error.
$sql = \WPDB::prepare( "SELECT * FROM $wpdb->users WHERE id = %d AND user_login = %s" ); // Error.
$sql = MyNamespace\wpdb::prepare( "SELECT * FROM $wpdb->users WHERE id = %d AND user_login = %s" ); // OK.
$sql = \MyNamespace\WPDB::prepare( "SELECT * FROM $wpdb->users WHERE id = %d AND user_login = %s" ); // OK.
$sql = namespace\wpdb::prepare( "SELECT * FROM $wpdb->users WHERE id = %d AND user_login = %s" ); // Ok. The sniff should start flagging this once it can resolve relative namespaces as this test file is not namespaced.
$sql = namespace\Sub\wpdb::prepare( "SELECT * FROM $wpdb->users WHERE id = %d AND user_login = %s" ); // OK.
4 changes: 4 additions & 0 deletions WordPress/Tests/DB/PreparedSQLPlaceholdersUnitTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,10 @@ public function getErrorList() {

// Named parameter support.
418 => 1,

// Fully qualified calls to the global class wpdb.
529 => 1,
530 => 1,
);
}

Expand Down
16 changes: 14 additions & 2 deletions WordPress/Tests/DB/PreparedSQLUnitTest.1.inc
Original file line number Diff line number Diff line change
Expand Up @@ -143,5 +143,17 @@ echo $wpdb::CONSTANT_NAME;
// Not an identifiable method call.
$wpdb->{$methodName}('query');

// Don't throw an error during live coding.
wpdb::prepare( "SELECT * FROM $wpdb->posts
/*
* Safeguard correct handling of all types of namespaced calls to the wpdb::prepare() method.
*
* Note that calling wpdb::prepare() statically will result in an error. Still, the tests are included here since the
* sniff handles those calls.
*
* Related to: https://github.com/WordPress/WordPress-Coding-Standards/issues/2710.
*/
\wpdb::prepare( "SELECT * FROM $wpdb->posts WHERE post_title LIKE '" . foo() . "';" ); // Bad.
\WPDB::prepare( "SELECT * FROM $wpdb->posts WHERE post_title LIKE '" . foo() . "';" ); // Bad.
MyNamespace\wpdb::prepare( "SELECT * FROM $wpdb->posts WHERE post_title LIKE '" . foo() . "';" ); // Ok.
\MyNamespace\WPDB::prepare( "SELECT * FROM $wpdb->posts WHERE post_title LIKE '" . foo() . "';" ); // Ok.
namespace\wpdb::prepare( "SELECT * FROM $wpdb->posts WHERE post_title LIKE '" . foo() . "';" ); // Ok. The sniff should start flagging this once it can resolve relative namespaces as this test file is not namespaced.
namespace\Sub\wpdb::prepare( "SELECT * FROM $wpdb->posts WHERE post_title LIKE '" . foo() . "';" ); // Ok.
8 changes: 8 additions & 0 deletions WordPress/Tests/DB/PreparedSQLUnitTest.3.inc
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
<?php

/*
* Intentional parse error (unclosed string).
* This should be the only test in this file.
*/

wpdb::prepare( "SELECT * FROM $wpdb->posts
2 changes: 2 additions & 0 deletions WordPress/Tests/DB/PreparedSQLUnitTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,8 @@ public function getErrorList( $testFile = '' ) {
124 => 1,
128 => 1,
132 => 2,
154 => 1,
155 => 1,
);

case 'PreparedSQLUnitTest.2.inc':
Expand Down
Loading