Skip to content

Commit fa5414f

Browse files
ci: add PHPCompatibilityWP sniff
1 parent 73aedac commit fa5414f

5 files changed

Lines changed: 17 additions & 6 deletions

File tree

composer.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,8 @@
2727
"phpstan/phpstan": "^2.1",
2828
"szepeviktor/phpstan-wordpress": "^2.0",
2929
"phpstan/extension-installer": "^1.4",
30-
"wp-coding-standards/wpcs": "^3.0"
30+
"wp-coding-standards/wpcs": "^3.0",
31+
"phpcompatibility/phpcompatibility-wp": "^2.1"
3132
},
3233
"scripts": {
3334
"all-checks": [

phpcs.xml.dist

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,5 +16,11 @@
1616
<exclude name="Squiz.Classes.ValidClassName.NotCamelCaps" />
1717
<exclude name="PSR1.Methods.CamelCapsMethodName.NotCamelCaps" />
1818
</rule>
19+
<rule ref="WordPress.Security">
20+
<exclude name="WordPress.Security.ValidatedSanitizedInput.InputNotSanitized"/>
21+
</rule>
1922
<rule ref="WordPress.DB"/>
23+
<rule ref="WordPress.WP.I18n"/>
24+
<rule ref="WordPress.NamingConventions"/>
25+
<rule ref="PHPCompatibilityWP"/>
2026
</ruleset>

src/admin/class-admin.php

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -482,13 +482,14 @@ public function save_box_options($box_id, $post)
482482
return;
483483
}
484484

485+
// phpcs:disable WordPress.Security.NonceVerification
485486
// make sure options array is set
486487
if (! isset($_POST['boxzilla_box']) || ! is_array($_POST['boxzilla_box'])) {
487488
return;
488489
}
489490

490491
// get new options from $_POST
491-
$opts = $this->sanitize_box_options($_POST['boxzilla_box']);
492+
$opts = $this->sanitize_box_options(wp_unslash($_POST['boxzilla_box']));
492493

493494
// allow extensions to filter the saved options
494495
$opts = apply_filters('boxzilla_saved_options', $opts, $box_id);
@@ -498,7 +499,7 @@ public function save_box_options($box_id, $post)
498499

499500
// update global settings if given
500501
if (! empty($_POST['boxzilla_global_settings'])) {
501-
$raw_global_settings = $_POST['boxzilla_global_settings'];
502+
$raw_global_settings = wp_unslash($_POST['boxzilla_global_settings']);
502503
$global_settings = get_option('boxzilla_settings', []);
503504
if (! is_array($global_settings)) {
504505
$global_settings = [];
@@ -510,6 +511,8 @@ public function save_box_options($box_id, $post)
510511
}
511512

512513
$this->flush_rules($box_id);
514+
515+
// phpcs:enable WordPress.Security.NonceVerification
513516
}
514517

515518
/**

src/admin/views/metaboxes/box-option-controls.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020
];
2121

2222
$rule_options = apply_filters('boxzilla_rules_options', $rule_options);
23+
2324
?>
2425
<table class="form-table">
2526
<?php

src/class-loader.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -112,7 +112,7 @@ protected function match_patterns($string, array $patterns, $contains = false)
112112
*/
113113
protected function get_request_url()
114114
{
115-
return rtrim($_SERVER['REQUEST_URI'] ?? '', '/');
115+
return rtrim(wp_unslash($_SERVER['REQUEST_URI'] ?? ''), '/');
116116
}
117117

118118
/**
@@ -143,7 +143,7 @@ protected function match_rule($condition, $value, $qualifier = true)
143143

144144
case 'is_referer':
145145
if (! empty($_SERVER['HTTP_REFERER'])) {
146-
$referer = $_SERVER['HTTP_REFERER'];
146+
$referer = wp_unslash($_SERVER['HTTP_REFERER']);
147147
$matched = $this->match_patterns($referer, $values, $qualifier === 'contains' || $qualifier === 'not_contains');
148148
}
149149
break;
@@ -303,7 +303,7 @@ public function print_boxes_content()
303303

304304
echo '<div style="display: none;">';
305305
foreach ($boxes as $box) {
306-
printf('<div id="boxzilla-box-%d-content">%s</div>', absint($box->ID), $box->get_content());
306+
printf('<div id="boxzilla-box-%d-content">%s</div>', absint($box->ID), $box->get_content()); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
307307
}
308308
echo '</div>';
309309
}

0 commit comments

Comments
 (0)