Coding standards: Use WordPress-Extra ruleset to prevent potential security issues #18502
Comments
mmtr
added
[Type] Enhancement
mmtr
changed the title
|
cc @ntwb , @westonruter Not really sure the history here as to whether it was an explicit choice. Based on some of the early pull requests (#617, #2914), I think there's been a pattern of gradual adoption of stricter rulesets. I personally don't see any reason why we shouldn't consider adopting these additional rules. |
aduth
added
the
[Type] Automated Testing
|
Yeah, the additional sniffs in |
|
What Weston said 👆🏼 |
mmtr
changed the title
gziolo
added
Good First Issue
|
After a discussion with @anton-vlasenko regarding issue #44151, I suggested the exact same thing: start using the I've done an initial pass at updating the ruleset and fixing up issues which would start to get flagged - either straight away or in the near future via WPCS 3.0.0 -. Even after those 11 PRs would be merged, there are still over 500 issues left to be fixed. Some of the fixes may be simply a case of adding select excludes to the updated ruleset, either for a complete sniff or for a sniff in combination with certain files/directories. In other cases, actual code improvements will need to be made and people more familiar with the Gutenberg code base than me, are better suited to make those fixes. Please regard this as a call to action for people more familiar with the code base to start fixing these issues and/or to let me know about excludes which should be made. If it helps, I can pull a draft PR with the proposed ruleset update already. The below is a list of issues by error code which still need to be fixed/reviewed before the ruleset update is viable. To see the underlying issues for any one of the sniffs, change vendor/bin/phpcs --sniffs=Standard.Category.SniffName... where |
|
I've worked on fixing
<rule ref="WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound">
<exclude-pattern>lib/compat/*</exclude-pattern>
<exclude-pattern>lib/experimental/*</exclude-pattern>
<exclude-pattern>bin/generate-gutenberg-php.php</exclude-pattern>
<exclude-pattern>packages/*</exclude-pattern>
</rule>
<rule ref="WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound">
<exclude-pattern>lib/compat/*</exclude-pattern>
<exclude-pattern>lib/experimental/*</exclude-pattern>
<exclude-pattern>bin/generate-gutenberg-php.php</exclude-pattern>
<exclude-pattern>packages/*</exclude-pattern>
</rule>
<rule ref="WordPress.NamingConventions.PrefixAllGlobals.ForbiddenPrefixPassed">
<exclude-pattern>lib/compat/*</exclude-pattern>
<exclude-pattern>lib/experimental/*</exclude-pattern>
<exclude-pattern>bin/generate-gutenberg-php.php</exclude-pattern>
<exclude-pattern>packages/*</exclude-pattern>
</rule>
<rule ref="WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound">
<exclude-pattern>lib/compat/*</exclude-pattern>
<exclude-pattern>lib/experimental/*</exclude-pattern>
<exclude-pattern>bin/generate-gutenberg-php.php</exclude-pattern>
<exclude-pattern>packages/*</exclude-pattern>
</rule>
<rule ref="WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound">
<exclude-pattern>lib/compat/*</exclude-pattern>
<exclude-pattern>lib/experimental/*</exclude-pattern>
<exclude-pattern>bin/generate-gutenberg-php.php</exclude-pattern>
<exclude-pattern>packages/*</exclude-pattern>
</rule>
<rule ref="WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound">
<exclude-pattern>lib/compat/*</exclude-pattern>
<exclude-pattern>lib/experimental/*</exclude-pattern>
<exclude-pattern>bin/generate-gutenberg-php.php</exclude-pattern>
<exclude-pattern>packages/*</exclude-pattern>
</rule>Let me explain the changes a bit. However, functions/classes in these folders should be guarded. There must be another sniff in place to check that since Let's exclude the
@jrfnl Would it be possible to add these |
Not sure this is a good idea. Why should core code (Gutenberg is core) be using non-core rules/sniffs? This may even increase the complexity when merging the PHP code from GitHub to Trac.
Enabling only this rule seems sufficient to fix the problem. Still there seem to be false positives (that need exceptions that later need to be removed before merging to Trac). Frankly I'm 50/50 on how useful |
Is there any reason why Gutenberg is not following the recommended best practices provided by the
WordPress-Extraruleset for phpcs?I enabled it on my local dev environment to check how many linting issues would it raise, and it seems it has a few, including some security issues like missing escaping and nonces.
See full log
FILE: /Users/mmtr/dev/gutenberg/bin/generate-gutenberg-php.php ---------------------------------------------------------------------- FOUND 5 ERRORS AND 3 WARNINGS AFFECTING 8 LINES ---------------------------------------------------------------------- 10 | WARNING | File operations should use WP_Filesystem methods | | instead of direct PHP filesystem calls. Found: | | fopen() | | (WordPress.WP.AlternativeFunctions.file_system_read_fopen) 22 | ERROR | All output should be run through an escaping function | | (see the Security sections in the WordPress Developer | | Handbooks), found '"define( 'GUTENBERG_VERSION', | | '$plugin_version' );\n"'. | | (WordPress.Security.EscapeOutput.OutputNotEscaped) 24 | WARNING | shell_exec() found. PHP system calls are often | | disabled by server admins. | | (WordPress.PHP.DiscouragedPHPFunctions.system_calls_shell_exec) 26 | ERROR | All output should be run through an escaping function | | (see the Security sections in the WordPress Developer | | Handbooks), found '"define( 'GUTENBERG_GIT_COMMIT', | | '$git_commit' );\n"'. | | (WordPress.Security.EscapeOutput.OutputNotEscaped) 45 | ERROR | All output should be run through an escaping function | | (see the Security sections in the WordPress Developer | | Handbooks), found '$line'. | | (WordPress.Security.EscapeOutput.OutputNotEscaped) 51 | ERROR | All output should be run through an escaping function | | (see the Security sections in the WordPress Developer | | Handbooks), found '$line'. | | (WordPress.Security.EscapeOutput.OutputNotEscaped) 56 | ERROR | All output should be run through an escaping function | | (see the Security sections in the WordPress Developer | | Handbooks), found '$line'. | | (WordPress.Security.EscapeOutput.OutputNotEscaped) 62 | WARNING | File operations should use WP_Filesystem methods | | instead of direct PHP filesystem calls. Found: | | fclose() | | (WordPress.WP.AlternativeFunctions.file_system_read_fclose) ----------------------------------------------------------------------FILE: /Users/mmtr/dev/gutenberg/bin/get-server-blocks.php
FOUND 0 ERRORS AND 3 WARNINGS AFFECTING 2 LINES
----------------------------------------------------------------------
13 | WARNING | error_reporting() can lead to full path
| | disclosure.
| | (WordPress.PHP.DevelopmentFunctions.prevent_path_disclosure_error_reporting)
13 | WARNING | error_reporting() found. Changing configuration
| | values at runtime is strongly discouraged.
| | (WordPress.PHP.DiscouragedPHPFunctions.runtime_configuration_error_reporting)
39 | WARNING | json_encode() is discouraged. Use wp_json_encode()
| | instead.
| | (WordPress.WP.AlternativeFunctions.json_encode_json_encode)
FILE: /Users/mmtr/dev/gutenberg/gutenberg.php
FOUND 6 ERRORS AFFECTING 6 LINES
14 | ERROR | Logical operator "or" is prohibited; use "||"
| | instead
| | (Squiz.Operators.ValidLogicalOperators.NotAllowed)
58 | ERROR | Overriding WordPress globals is prohibited. Found
| | assignment to $submenu
| | (WordPress.WP.GlobalVariablesOverride.Prohibited)
64 | ERROR | Overriding WordPress globals is prohibited. Found
| | assignment to $submenu
| | (WordPress.WP.GlobalVariablesOverride.Prohibited)
90 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found '__'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
103 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
137 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found 'wp_create_nonce'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
FILE: /Users/mmtr/dev/gutenberg/lib/widgets.php
FOUND 1 ERROR AFFECTING 1 LINE
71 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found 'wp_nonce_field'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
FILE: /Users/mmtr/dev/gutenberg/lib/experiments-page.php
FOUND 6 ERRORS AFFECTING 5 LINES
19 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found ''.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
106 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found '$args'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
107 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found '$args'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
107 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found '$args'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
108 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found '$args'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
120 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found ''.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
FILE: /Users/mmtr/dev/gutenberg/lib/rest-api.php
FOUND 0 ERRORS AND 1 WARNING AFFECTING 1 LINE
33 | WARNING | Processing form data without nonce verification.
| | (WordPress.Security.NonceVerification.Recommended)
FILE: /Users/mmtr/dev/gutenberg/lib/client-assets.php
FOUND 2 ERRORS AND 7 WARNINGS AFFECTING 8 LINES
241 | WARNING | [x] "require_once" is a statement not a function; no
| | parentheses are required
| | (PEAR.Files.IncludingFile.BracketsNotRequired)
443 | WARNING | [ ] In footer ($in_footer) is not set explicitly
| | wp_enqueue_script; It is recommended to load
| | scripts in the footer. Please set this value to
| |
trueto load it in the footer, or explicitly| |
falseif it should be loaded in the| | header.
| | (WordPress.WP.EnqueuedResourceParameters.NotInFooter)
443 | ERROR | [ ] Resource version not set in call to
| | wp_enqueue_script(). This means new versions of
| | the script will not always be loaded due to
| | browser caching.
| | (WordPress.WP.EnqueuedResourceParameters.MissingVersion)
509 | ERROR | [ ] All output should be run through an escaping
| | function (see the Security sections in the
| | WordPress Developer Handbooks), found
| | '"$src|$filename\n"'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
534 | WARNING | [ ] File operations should use WP_Filesystem methods
| | instead of direct PHP filesystem calls. Found:
| | fclose()
| | (WordPress.WP.AlternativeFunctions.file_system_read_fclose)
537 | WARNING | [ ] File operations should use WP_Filesystem methods
| | instead of direct PHP filesystem calls. Found:
| | fopen()
| | (WordPress.WP.AlternativeFunctions.file_system_read_fopen)
538 | WARNING | [ ] File operations should use WP_Filesystem methods
| | instead of direct PHP filesystem calls. Found:
| | fwrite()
| | (WordPress.WP.AlternativeFunctions.file_system_read_fwrite)
539 | WARNING | [ ] File operations should use WP_Filesystem methods
| | instead of direct PHP filesystem calls. Found:
| | fclose()
| | (WordPress.WP.AlternativeFunctions.file_system_read_fclose)
606 | WARNING | [ ] file_get_contents() is discouraged. Use
| | wp_remote_get() for remote URLs instead.
| | (WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents)
PHPCBF CAN FIX THE 1 MARKED SNIFF VIOLATIONS AUTOMATICALLY
FILE: /Users/mmtr/dev/gutenberg/lib/demo.php
FOUND 0 ERRORS AND 4 WARNINGS AFFECTING 3 LINES
18 | WARNING | Processing form data without nonce verification.
| | (WordPress.Security.NonceVerification.Recommended)
18 | WARNING | Processing form data without nonce verification.
| | (WordPress.Security.NonceVerification.Recommended)
34 | WARNING | Processing form data without nonce verification.
| | (WordPress.Security.NonceVerification.Recommended)
56 | WARNING | Processing form data without nonce verification.
| | (WordPress.Security.NonceVerification.Recommended)
FILE: ...ev/gutenberg/lib/class-experimental-wp-widget-blocks-manager.php
FOUND 4 ERRORS AND 1 WARNING AFFECTING 5 LINES
287 | WARNING | json_encode() is discouraged. Use wp_json_encode()
| | instead.
| | (WordPress.WP.AlternativeFunctions.json_encode_json_encode)
313 | ERROR | All output should be run through an escaping
| | function (see the Security sections in the WordPress
| | Developer Handbooks), found '$options'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
315 | ERROR | All output should be run through an escaping
| | function (see the Security sections in the WordPress
| | Developer Handbooks), found 'render_block'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
317 | ERROR | All output should be run through an escaping
| | function (see the Security sections in the WordPress
| | Developer Handbooks), found '$options'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
416 | ERROR | Overriding WordPress globals is prohibited. Found
| | assignment to $sidebars_widgets
| | (WordPress.WP.GlobalVariablesOverride.Prohibited)
FILE: /Users/mmtr/dev/gutenberg/lib/customizer.php
FOUND 0 ERRORS AND 1 WARNING AFFECTING 1 LINE
35 | WARNING | json_encode() is discouraged. Use wp_json_encode()
| | instead.
| | (WordPress.WP.AlternativeFunctions.json_encode_json_encode)
FILE: /Users/mmtr/dev/gutenberg/lib/class-wp-block-styles-registry.php
FOUND 3 ERRORS AFFECTING 3 LINES
45 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found '$message'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
51 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found '$message'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
77 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found '$message'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
FILE: /Users/mmtr/dev/gutenberg/lib/template-loader.php
FOUND 1 ERROR AND 1 WARNING AFFECTING 2 LINES
137 | WARNING | file_get_contents() is discouraged. Use
| | wp_remote_get() for remote URLs instead.
| | (WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents)
175 | ERROR | All output should be run through an escaping
| | function (see the Security sections in the WordPress
| | Developer Handbooks), found
| | 'wp_get_document_title'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
FILE: ...r/dev/gutenberg/lib/class-wp-rest-block-directory-controller.php
FOUND 0 ERRORS AND 9 WARNINGS AFFECTING 9 LINES
97 | WARNING | [x] "include_once" is a statement not a function; no
| | parentheses are required
| | (PEAR.Files.IncludingFile.BracketsNotRequired)
98 | WARNING | [x] "include_once" is a statement not a function; no
| | parentheses are required
| | (PEAR.Files.IncludingFile.BracketsNotRequired)
99 | WARNING | [x] "include_once" is a statement not a function; no
| | parentheses are required
| | (PEAR.Files.IncludingFile.BracketsNotRequired)
100 | WARNING | [x] "include_once" is a statement not a function; no
| | parentheses are required
| | (PEAR.Files.IncludingFile.BracketsNotRequired)
169 | WARNING | [x] "include_once" is a statement not a function; no
| | parentheses are required
| | (PEAR.Files.IncludingFile.BracketsNotRequired)
170 | WARNING | [x] "include_once" is a statement not a function; no
| | parentheses are required
| | (PEAR.Files.IncludingFile.BracketsNotRequired)
171 | WARNING | [x] "include_once" is a statement not a function; no
| | parentheses are required
| | (PEAR.Files.IncludingFile.BracketsNotRequired)
172 | WARNING | [x] "include_once" is a statement not a function; no
| | parentheses are required
| | (PEAR.Files.IncludingFile.BracketsNotRequired)
221 | WARNING | [x] "include" is a statement not a function; no
| | parentheses are required
| | (PEAR.Files.IncludingFile.BracketsNotRequired)
PHPCBF CAN FIX THE 9 MARKED SNIFF VIOLATIONS AUTOMATICALLY
FILE: /Users/mmtr/dev/gutenberg/lib/compat.php
FOUND 1 ERROR AFFECTING 1 LINE
70 | ERROR | Overriding WordPress globals is prohibited. Found
| | assignment to $post
| | (WordPress.WP.GlobalVariablesOverride.Prohibited)
FILE: ...gutenberg/packages/block-serialization-default-parser/parser.php
FOUND 12 ERRORS AND 2 WARNINGS AFFECTING 14 LINES
83 | ERROR | Visibility must be declared on method
| | "__construct" (Squiz.Scope.MethodScope.Missing)
100 | WARNING | Only one object structure is allowed in a file
| | (Generic.Files.OneObjectStructurePerFile.MultipleFound)
155 | ERROR | Visibility must be declared on method
| | "__construct" (Squiz.Scope.MethodScope.Missing)
172 | WARNING | Only one object structure is allowed in a file
| | (Generic.Files.OneObjectStructurePerFile.MultipleFound)
227 | ERROR | Visibility must be declared on method "parse"
| | (Squiz.Scope.MethodScope.Missing)
234 | ERROR | Empty DO statement detected
| | (Generic.CodeAnalysis.EmptyStatement.DetectedDo)
255 | ERROR | Visibility must be declared on method "proceed"
| | (Squiz.Scope.MethodScope.Missing)
291 | ERROR | The use of count() inside a loop condition is not
| | allowed; assign the return value to a variable and
| | use the variable in the loop condition instead
| | (Squiz.PHP.DisallowSizeFunctionsInLoops.Found)
401 | ERROR | Visibility must be declared on method
| | "next_token" (Squiz.Scope.MethodScope.Missing)
452 | ERROR | Empty IF statement detected
| | (Generic.CodeAnalysis.EmptyStatement.DetectedIf)
476 | ERROR | Visibility must be declared on method "freeform"
| | (Squiz.Scope.MethodScope.Missing)
488 | ERROR | Visibility must be declared on method
| | "add_freeform" (Squiz.Scope.MethodScope.Missing)
509 | ERROR | Visibility must be declared on method
| | "add_inner_block"
| | (Squiz.Scope.MethodScope.Missing)
530 | ERROR | Visibility must be declared on method
| | "add_block_from_stack"
| | (Squiz.Scope.MethodScope.Missing)
FILE: ...packages/block-serialization-default-parser/test/test-parser.php
FOUND 0 ERRORS AND 1 WARNING AFFECTING 1 LINE
15 | WARNING | json_encode() is discouraged. Use wp_json_encode()
| | instead.
| | (WordPress.WP.AlternativeFunctions.json_encode_json_encode)
FILE: ...mmtr/dev/gutenberg/packages/block-library/src/calendar/index.php
FOUND 4 ERRORS AFFECTING 4 LINES
28 | ERROR | Overriding WordPress globals is prohibited. Found
| | assignment to $monthnum
| | (WordPress.WP.GlobalVariablesOverride.Prohibited)
30 | ERROR | Overriding WordPress globals is prohibited. Found
| | assignment to $year
| | (WordPress.WP.GlobalVariablesOverride.Prohibited)
44 | ERROR | Overriding WordPress globals is prohibited. Found
| | assignment to $monthnum
| | (WordPress.WP.GlobalVariablesOverride.Prohibited)
46 | ERROR | Overriding WordPress globals is prohibited. Found
| | assignment to $year
| | (WordPress.WP.GlobalVariablesOverride.Prohibited)
FILE: ...sers/mmtr/dev/gutenberg/packages/block-library/src/rss/index.php
FOUND 0 ERRORS AND 3 WARNINGS AFFECTING 3 LINES
33 | WARNING | strip_tags() is discouraged. Use the more
| | comprehensive wp_strip_all_tags() instead.
| | (WordPress.WP.AlternativeFunctions.strip_tags_strip_tags)
62 | WARNING | strip_tags() is discouraged. Use the more
| | comprehensive wp_strip_all_tags() instead.
| | (WordPress.WP.AlternativeFunctions.strip_tags_strip_tags)
71 | WARNING | This comment is 44% valid code; is this commented out
| | code? (Squiz.PHP.CommentedOutCode.Found)
FILE: ...s/mmtr/dev/gutenberg/packages/block-library/src/search/index.php
FOUND 1 ERROR AFFECTING 1 LINE
18 | ERROR | Increment and decrement operators must be bracketed
| | when used in string concatenation
| | (Squiz.Operators.IncrementDecrementUsage.NoBrackets)
FILE: ...tr/dev/gutenberg/packages/block-library/src/categories/index.php
FOUND 1 ERROR AFFECTING 1 LINE
77 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found 'home_url'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
FILE: ...r/dev/gutenberg/packages/e2e-tests/plugins/wp-editor-metabox.php
FOUND 2 ERRORS AFFECTING 2 LINES
51 | ERROR | Processing form data without nonce verification.
| | (WordPress.Security.NonceVerification.Missing)
54 | ERROR | Processing form data without nonce verification.
| | (WordPress.Security.NonceVerification.Missing)
FILE: ...rg/packages/block-serialization-spec-parser/test/test-parser.php
FOUND 0 ERRORS AND 1 WARNING AFFECTING 1 LINE
15 | WARNING | json_encode() is discouraged. Use wp_json_encode()
| | instead.
| | (WordPress.WP.AlternativeFunctions.json_encode_json_encode)
FILE: ...s/mmtr/dev/gutenberg/phpunit/class-extend-preload-paths-test.php
FOUND 2 ERRORS AFFECTING 2 LINES
23 | ERROR | Visibility must be declared on method
| | "test_localizes_script"
| | (Squiz.Scope.MethodScope.Missing)
35 | ERROR | Visibility must be declared on method
| | "test_replaces_registered_properties"
| | (Squiz.Scope.MethodScope.Missing)
FILE: ...mmtr/dev/gutenberg/phpunit/class-vendor-script-filename-test.php
FOUND 2 ERRORS AFFECTING 2 LINES
9 | ERROR | Visibility must be declared on method
| | "vendor_script_filename_cases"
| | (Squiz.Scope.MethodScope.Missing)
55 | ERROR | Visibility must be declared on method
| | "test_gutenberg_vendor_script_filename"
| | (Squiz.Scope.MethodScope.Missing)
FILE: /Users/mmtr/dev/gutenberg/phpunit/class-extend-styles-test.php
FOUND 5 ERRORS AND 2 WARNINGS AFFECTING 7 LINES
61 | WARNING | file_get_contents() is discouraged. Use
| | wp_remote_get() for remote URLs instead.
| | (WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents)
69 | WARNING | File operations should use WP_Filesystem methods
| | instead of direct PHP filesystem calls. Found:
| | file_put_contents()
| | (WordPress.WP.AlternativeFunctions.file_system_read_file_put_contents)
77 | ERROR | Visibility must be declared on method
| | "test_without_built_styles"
| | (Squiz.Scope.MethodScope.Missing)
95 | ERROR | Visibility must be declared on method
| | "test_unset_editor_settings_style"
| | (Squiz.Scope.MethodScope.Missing)
111 | ERROR | Visibility must be declared on method
| | "test_replace_default_editor_styles"
| | (Squiz.Scope.MethodScope.Missing)
138 | ERROR | Visibility must be declared on method
| | "test_replace_rearranged_default_editor_styles"
| | (Squiz.Scope.MethodScope.Missing)
165 | ERROR | Visibility must be declared on method
| | "test_without_default_editor_styles"
| | (Squiz.Scope.MethodScope.Missing)
FILE: /Users/mmtr/dev/gutenberg/phpunit/class-override-script-test.php
FOUND 5 ERRORS AFFECTING 5 LINES
9 | ERROR | Visibility must be declared on method "setUp"
| | (Squiz.Scope.MethodScope.Missing)
21 | ERROR | Visibility must be declared on method "tearDown"
| | (Squiz.Scope.MethodScope.Missing)
30 | ERROR | Visibility must be declared on method
| | "test_localizes_script"
| | (Squiz.Scope.MethodScope.Missing)
49 | ERROR | Visibility must be declared on method
| | "test_replaces_registered_properties"
| | (Squiz.Scope.MethodScope.Missing)
71 | ERROR | Visibility must be declared on method
| | "test_registers_new_script"
| | (Squiz.Scope.MethodScope.Missing)
FILE: /Users/mmtr/dev/gutenberg/post-content.php
FOUND 37 ERRORS AFFECTING 36 LINES
11 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
16 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
20 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
24 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
28 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
32 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
36 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
42 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
48 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
52 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
56 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
60 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
65 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
66 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
67 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
68 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
69 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
70 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
79 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
83 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
88 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
89 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
94 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
98 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
112 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
116 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
120 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
124 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
128 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
141 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
145 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
155 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
159 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
159 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
168 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found '__'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
177 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
185 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
The text was updated successfully, but these errors were encountered: