Add PHPCS ruleset from Plugin Check and fix issues #2048
Conversation
westonruter
added
[Type] Bug
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## trunk #2048 +/- ##
==========================================
+ Coverage 68.02% 68.03% +0.01%
==========================================
Files 92 92
Lines 7627 7631 +4
==========================================
+ Hits 5188 5192 +4
Misses 2439 2439
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
| @@ -305,7 +305,7 @@ function perflab_install_activate_plugin_callback(): void { | |||
| wp_die( esc_html__( 'Missing required parameter.', 'performance-lab' ) ); | |||
| } | |||
|
|
|||
| $plugin_slug = perflab_sanitize_plugin_slug( wp_unslash( $_GET['slug'] ) ); | |||
| $plugin_slug = perflab_sanitize_plugin_slug( wp_unslash( $_GET['slug'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- perflab_sanitize_plugin_slug() is a sanitizing function. | |||
There was a problem hiding this comment.
As an alternative to this, the function could be added to customUnslashingSanitizingFunctions, but then Plugin Check wouldn't know about it.
There was a problem hiding this comment.
On the other hand, I don't think Plugin Check handles phpcs:ignore comments, so it won't have an effect there.
Related: WordPress/plugin-check#901
There was a problem hiding this comment.
I guess then it's still better to have these comments because if a plugin reviewer looks at the line they can at least see the explanatory comment.
westonruter
requested review from
felixarntz,
adamsilverstein,
pbearne,
joemcgill,
mukeshpanchal27 and
manuelRod
as code owners
|
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message. To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
westonruter
removed
the
no milestone
| <!-- For more information: https://make.wordpress.org/plugins/handbook/review/ --> | ||
| <description>Standards any plugin to be published on wordpress.org should comply with.</description> | ||
|
|
||
| <!-- The following rules have been copied from https://github.com/WordPress/plugin-check/blob/95c426228a23a3b290de7758a1708e95fd3c5345/phpcs-rulesets/plugin-review.xml#L33-L174 --> |
There was a problem hiding this comment.
Instead of copying the file, can we just reference it in phpcs.ruleset.xml from vendor/[...]/plugin-check/phpcs-rulesets/plugin-review.xml?
There was a problem hiding this comment.
Good question. I thought about this but I didn't try it because that ruleset includes other rules which we don't want, namely:
The config <config name="testVersion" value="5.2-"/> is causing a lot of failures in PHPCompatibility. I just tried.
It would be nice if there was a base ruleset in PCP which plugin-review.xml included that we could also include.
There was a problem hiding this comment.
I see, makes sense.
Yeah there might be ways to make that easier. Can't hurt to open an issue there with this suggestion 👍
There was a problem hiding this comment.
Good idea. Opened: WordPress/plugin-check#966
|
The changes here are nice for local development. For CI, it might be easier to just use https://github.com/WordPress/plugin-check-action |
Co-authored-by: swissspidy <[email protected]>
I thought about that, but the only concern there would be duplication in the failures, right? Also, if PCP ignores |
Yes there would be duplication. So probably have to pick one or the other.
It depends. PCP Is the source of truth after all, as that's what's being run on dotorg for plugin submissions (and eventually updates) |
Fixes #2043
Fixes #2049