Merge pull request #699 from Automattic/develop

Release 2.3.3

.gitignore

@@ -4,3 +4,4 @@ composer.lock
 phpcs.xml
 .phpcs.xml
 phpunit.xml
+phpcs.cache

.phpcs.xml.dist

@@ -13,6 +13,9 @@
 	<arg name="extensions" value="php"/>
 	<arg name="parallel" value="50"/>
 
+	<!-- Cache the results between runs. -->
+	<arg name="cache" value="./phpcs.cache"/>
+
 	<rule ref="WordPress-Extra">
 		<exclude name="WordPress.Files.FileName"/>
 		<exclude name="WordPress.NamingConventions.ValidVariableName"/>

CHANGELOG.md

@@ -4,6 +4,19 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.3.3] - 2021-09-29
+
+Props: gudmdharalds, jrfnl, BrookeDot, rebeccahum
+
+## Changed
+- [#690](https://github.com/Automattic/VIP-Coding-Standards/pull/690): Ruleset: do not flag undefined variables in file scope or unused variables before require statement.
+- [#691](https://github.com/Automattic/VIP-Coding-Standards/pull/691): Composer: use VariableAnalysis 2.11.1.
+- [#694](https://github.com/Automattic/VIP-Coding-Standards/pull/694): PHPCS: enable caching for quicker scanning.
+- [#697](https://github.com/Automattic/VIP-Coding-Standards/pull/697): ProperEscapingFunction: upgrade htmlAttrNotByEscHTML to default severity level.
+
+## Removed
+- [#692](https://github.com/Automattic/VIP-Coding-Standards/pull/692): RestrictedFunctions: remove dbDelta group.
+
 ## [2.3.2] - 2021-04-28
 
 Props: jrfnl
@@ -557,6 +570,7 @@ Initial release.
 Props: david-binda, pkevan.
 
 
+[2.3.3]: https://github.com/Automattic/VIP-Coding-Standards/compare/2.3.2...2.3.3
 [2.3.2]: https://github.com/Automattic/VIP-Coding-Standards/compare/2.3.1...2.3.2
 [2.3.1]: https://github.com/Automattic/VIP-Coding-Standards/compare/2.3.0...2.3.1
 [2.3.0]: https://github.com/Automattic/VIP-Coding-Standards/compare/2.2.0...2.3.0

WordPress-VIP-Go/ruleset-test.inc

@@ -111,8 +111,8 @@ filter_var_array( $array, FILTER_SANITIZE_STRING ); // Ok.
 filter_input_array( $array,FILTER_SANITIZE_STRING      ); // Ok.
 filter_input( INPUT_GET, 'foo', FILTER_DEFAULT ); // Warning.
 
-// WordPressVIPMinimum.Functions.RestrictedFunctions.dbDelta_dbdelta
-dbDelta( $query, true ); // Warning.
+
+
 
 // WordPressVIPMinimum.Functions.RestrictedFunctions.wp_mail_wp_mail
 wp_mail(); // Warning.

WordPress-VIP-Go/ruleset-test.php

@@ -147,7 +147,6 @@
 		108 => 1,
 		109 => 1,
 		112 => 1,
-		115 => 1,
 		118 => 1,
 		119 => 1,
 		123 => 1,

WordPress-VIP-Go/ruleset.xml

@@ -132,10 +132,6 @@
 	<rule ref="WordPressVIPMinimum.Security.PHPFilterFunctions">
 		<severity>10</severity>
 	</rule>
-	<rule ref="WordPressVIPMinimum.Functions.RestrictedFunctions.dbDelta_dbdelta">
-		<type>warning</type>
-		<severity>7</severity>
-	</rule>
 	<rule ref="WordPressVIPMinimum.Functions.RestrictedFunctions.wp_mail_wp_mail">
 		<severity>7</severity>
 	</rule>
@@ -233,10 +229,6 @@
 	<rule ref="Generic.PHP.NoSilencedErrors">
 		<severity>1</severity>
 	</rule>
-	<rule ref="WordPressVIPMinimum.Security.ProperEscapingFunction.htmlAttrNotByEscHTML">
-		<!-- This is still safe, just sub-optimal-->
-		<severity>3</severity>
-	</rule>
 	<rule ref="WordPressVIPMinimum.Functions.RestrictedFunctions.is_multi_author_is_multi_author">
 		<severity>1</severity>
 	</rule>
@@ -251,6 +243,15 @@
 	<rule ref="VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable">
 		<severity>0</severity>
 	</rule>
+
+	<!-- Do not report on undefined variables before require nor in file scope. -->
+	<rule ref="VariableAnalysis.CodeAnalysis.VariableAnalysis">
+		<properties>
+			<property name="allowUnusedVariablesBeforeRequire" value="true"/>
+			<property name="allowUndefinedVariablesInFileScope" value="true"/>
+		</properties>
+	</rule>
+
 	<rule ref="WordPress.DB.SlowDBQuery.slow_db_query_meta_key">
 		<!-- We are silencing this one because VIP Go has a combined index on meta_key, meta_value-->
 		<severity>0</severity>

WordPressVIPMinimum/Sniffs/Functions/RestrictedFunctionsSniff.php

@@ -74,13 +74,6 @@ public function getGroups() {
 					'attachment_url_to_postid',
 				],
 			],
-			'dbDelta' => [
-				'type'      => 'error',
-				'message'   => 'All database modifications have to approved by the WordPress.com VIP team.',
-				'functions' => [
-					'dbDelta',
-				],
-			],
 			// @link https://docs.wpvip.com/technical-references/code-review/vip-notices/#h-switch_to_blog
 			'switch_to_blog' => [
 				'type'      => 'warning',

WordPressVIPMinimum/Tests/Functions/RestrictedFunctionsUnitTest.inc

@@ -49,8 +49,8 @@ flush_rules(); // Ok - not in global class.
 $wp_write->flush_rules(); // Ok - not in global class $wp_rewrite.
 $wp_rewrite->flush_rules(); // Error.
 
-db_delta(); // Ok - similarly-named function to dbDelta().
-dbDelta(); // Error.
+
+
 
 switch_blog(); // Ok - similarly-named function to switch_to_blog().
 switch_to_blog( $blogid ); // Warning.

WordPressVIPMinimum/Tests/Functions/RestrictedFunctionsUnitTest.php

@@ -37,7 +37,6 @@ public function getErrorList() {
 			43  => 1,
 			46  => 1,
 			50  => 1,
-			53  => 1,
 			59  => 1,
 			62  => 1,
 			75  => 1,

WordPressVIPMinimum/ruleset-test.inc

@@ -320,7 +320,7 @@ wpcom_vip_irc(); // Error.
 flush_rewrite_rules(); // Error.
 $wp_rewrite->flush_rules(); // Error.
 attachment_url_to_postid( $url ); // Error.
-dbDelta(); // Error.
+
 switch_to_blog( $blogid ); // Warning.
 get_page_by_title( $page_title ); // Error.
 url_to_postid( $url ); // Error.

WordPressVIPMinimum/ruleset-test.php

@@ -92,7 +92,6 @@
 		320 => 1,
 		321 => 1,
 		322 => 1,
-		323 => 1,
 		325 => 1,
 		326 => 1,
 		327 => 1,

composer.json

@@ -17,7 +17,7 @@
 	"require": {
 		"php": ">=5.4",
 		"dealerdirect/phpcodesniffer-composer-installer": "^0.4.1 || ^0.5 || ^0.6.2 || ^0.7",
-		"sirbrillig/phpcs-variable-analysis": "^2.8.3",
+		"sirbrillig/phpcs-variable-analysis": "^2.11.1",
 		"squizlabs/php_codesniffer": "^3.5.5",
 		"wp-coding-standards/wpcs": "^2.3"
 	},