Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Performance/WPQueryParams: prevent false positives for 'exclude' with get_users() #784

Merged

Conversation

jrfnl
Copy link
Collaborator

@jrfnl jrfnl commented Aug 25, 2023

As reported in #672 and #729, the get_users() function also takes an array parameter which takes an 'exclude' key. That key is not our target, so should not be flagged.

This commit adds a hard-coded exception specifically for that situation.

If at a later point in time, more situations which need exceptions would be discovered, this solution can be made more flexible, but for now, there is no need (or insight into where the flexibility should be).

As the AbstractArrayAssignmentRestrictionsSniff::callback() method does not have access to the $stackPtr, the logic which can be used in the callback() is limited. Also see the review notes from upstream WordPress/WordPress-Coding-Standards#2266, which basically already pointed out this exact problem.

To get round this, I'm overloading the process_token() method to set a temporary $in_get_users property, which can then be read out in the callback() method to be used in the actual determination of whether the exception should be made or not.

Includes tests.

Fixes #672

… get_users()

As reported in 672 and 729, the `get_users()` function also takes an array parameter which takes an `'exclude'` key. That key is not our target, so should not be flagged.

This commit adds a hard-coded exception specifically for that situation.

If at a later point in time, more situations which need exceptions would be discovered, this solution can be made more flexible, but for now, there is no need (or insight into where the flexibility should be).

As the `AbstractArrayAssignmentRestrictionsSniff::callback()` method does not have access to the `$stackPtr`, the logic which can be used in the `callback()` is limited. Also see the review notes from upstream 2266, which basically already pointed out this exact problem.

To get round this, I'm overloading the `process_token()` method to set a temporary `$in_get_users` property, which can then be read out in the `callback()` method to be used in the actual determination of whether the exception should be made or not.

Includes tests.

Fixes 672
@jrfnl jrfnl added this to the 3.0.0 milestone Aug 25, 2023
@jrfnl jrfnl requested a review from a team as a code owner August 25, 2023 23:11
Copy link
Contributor

@GaryJones GaryJones left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@GaryJones GaryJones merged commit 3ab2f0c into develop Aug 26, 2023
@GaryJones GaryJones deleted the 3.0/fix/672-wpqueryparams-prevent-false-positives-get_users branch August 26, 2023 00:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

WPQueryParams.PostNotIn_exclude: False positive outside get_posts context
2 participants