Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sniff to detect proper usage of preg_quote() ? #1371

Open
jrfnl opened this issue Jun 9, 2018 · 2 comments · Fixed by #1375
Open

Sniff to detect proper usage of preg_quote() ? #1371

jrfnl opened this issue Jun 9, 2018 · 2 comments · Fixed by #1375
Labels
Component: Extra Focus: Code analysis Sniffs to prevent common mistakes and improve code in general Type: Enhancement

Comments

@jrfnl
Copy link
Member

jrfnl commented Jun 9, 2018

I'd like to suggest adding two new sniffs around the usage of preg_quote().

  • Verify the $regex parameter of any PCRE function calls to make sure that if the regex is being build up by concatenating parts together, that any $variable parts are wrapped in a call to preg_quote(). 
    preg_match( '`http[s]?://[^\s<>\'"()]*' . preg_quote( $match_data[0], '`' ) . '`', $content ); // OK.
preg_match( '`http[s]?://[^\s<>\'"()]*' . $match_data[0] . '`', $content ); // Warning.
preg_match( $regex, $content ); // OK, ignore as impossible to check reliably.
  • Verify that the optional second parameter $delimiter of preg_quote() is always passed.
    Too often I come across code where it is missing and unless it is passed, the default / delimiters are presumed, which is often wrong.

Initially these sniffs would go into Extra, but I'd encourage the WP Core team to consider accepting them into the Core ruleset.

Opinions ?
@jrfnl jrfnl mentioned this issue Jun 9, 2018
Merged
@jrfnl
Copy link
Member Author

jrfnl commented Jun 9, 2018

Re-opened as the first bullet point has not been addressed yet.

@jrfnl jrfnl reopened this Jun 9, 2018
@jrfnl jrfnl self-assigned this Jun 11, 2018
@jrfnl jrfnl mentioned this issue Jun 25, 2018
Merged
@jrfnl jrfnl added the Focus: Code analysis Sniffs to prevent common mistakes and improve code in general label Apr 1, 2019
@jrfnl jrfnl mentioned this issue Dec 9, 2022
Open
@jrfnl
Copy link
Member Author

jrfnl commented Dec 9, 2022

An issue has been opened in PHPCSExtra for this: PHPCSStandards/PHPCSExtra#190

Once PHPCSExtra has the sniff(s) for this, those should be added to WPCS Extra (and possibly Core).

@jrfnl jrfnl removed their assignment Dec 9, 2022
@rodrigoprimo rodrigoprimo mentioned this issue Sep 17, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Component: Extra Focus: Code analysis Sniffs to prevent common mistakes and improve code in general Type: Enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

New "PregQuoteDelimiter" sniff WordPress/WordPress-Coding-Standards
1 participant
@jrfnl