2.2.0
Note: The repository has moved. The new URL is https://github.com/WordPress/WordPress-Coding-Standards.
The move does not affect the package name for Packagist. This remains the same: wp-coding-standards/wpcs
.
Added
- New
WordPress.DateTime.CurrentTimeTimestamp
sniff to theWordPress-Core
ruleset, which checks against the use of the WP nativecurrent_time()
function to retrieve a timestamp as this won't be a real timestamp. Includes an auto-fixer. - New
WordPress.DateTime.RestrictedFunctions
sniff to theWordPress-Core
ruleset, which checks for the use of certain date/time related functions. Initially this sniff forbids the use of the PHP nativedate_default_timezone_set()
anddate()
functions. - New
WordPress.PHP.DisallowShortTernary
sniff to theWordPress-Core
ruleset, which, as the name implies, disallows the use of short ternaries. - New
WordPress.CodeAnalysis.EscapedNotTranslated
sniff to theWordPress-Extra
ruleset which will warn when a text string is escaped for output, but not being translated, while the arguments passed to the function call give the impression that translation is intended. - New
WordPress.NamingConventions.ValidPostTypeSlug
sniff to theWordPress-Extra
ruleset which will examine calls toregister_post_type()
and throw errors when an invalid post type slug is used. Generic.Arrays.DisallowShortArraySyntax
to theWordPress-Core
ruleset.WordPress.NamingConventions.PrefixAllGlobals
: thePHP
prefix has been added to the prefix blacklist as it is reserved by PHP itself.- The
wp_sanitize_redirect()
function to thesanitizingFunctions
list used by theWordPress.Security.NonceVerification
,WordPress.Security.ValidatedSanitizedInput
andWordPress.Security.EscapeOutput
sniffs. - The
sanitize_key()
and thehighlight_string()
functions to theescapingFunctions
list used by theWordPress.Security.EscapeOutput
sniff. - The
RECOVERY_MODE_COOKIE
constant to the list of WP Core constants which may be defined by plugins and themes and therefore don't need to be prefixed (WordPress.NamingConventions.PrefixAllGlobals
). $content_width
,$plugin
,$mu_plugin
and$network_plugin
to the list of WP globals which is used by both theWordPress.Variables.GlobalVariables
and theWordPress.NamingConventions.PrefixAllGlobals
sniffs.Sniff::is_short_list()
utility method to determine whether a short array open/close token actually represents a PHP 7.1+ short list.Sniff::find_list_open_close()
utility method to find the opener and closer forlist()
constructs, including short lists.Sniff::get_list_variables()
utility method which will retrieve an array with the token pointers to the variables which are being assigned to in alist()
construct. Includes support for short lists.Sniff::is_function_deprecated()
static utility method to determine whether a declared function has been marked as deprecated in the function DocBlock.- End-user documentation to the following existing sniffs:
WordPress.Arrays.ArrayIndentation
,WordPress.Arrays.ArrayKeySpacingRestrictions
,WordPress.Arrays.MultipleStatementAlignment
,WordPress.Classes.ClassInstantiation
,WordPress.NamingConventions.ValidHookName
,WordPress.PHP.IniSet
,WordPress.Security.SafeRedirect
,WordPress.WhiteSpace.CastStructureSpacing
,WordPress.WhiteSpace.DisallowInlineTabs
,WordPress.WhiteSpace.PrecisionAlignment
,WordPress.WP.CronInterval
,WordPress.WP.DeprecatedClasses
,WordPress.WP.DeprecatedFunctions
,WordPress.WP.DeprecatedParameters
,WordPress.WP.DeprecatedParameterValues
,WordPress.WP.EnqueuedResources
,WordPress.WP.PostsPerPage
.
This documentation can be exposed via thePHP_CodeSniffer
--generator=...
command-line argument.
Changed
- The default value for
minimum_supported_wp_version
, as used by a number of sniffs detecting usage of deprecated WP features, has been updated to5.0
. - The
WordPress.Arrays.ArrayKeySpacingRestrictions
sniff has two new error codes:TooMuchSpaceBeforeKey
andTooMuchSpaceAfterKey
. Both auto-fixable.
The sniff will now check that there is exactly one space on the inside of the square brackets around the array key for non-string, non-numeric array keys. Previously, it only checked that there was whitespace, not how much whitespace. WordPress.Arrays.ArrayKeySpacingRestrictions
: the fixers have been made more efficient and less fixer-conflict prone.WordPress.NamingConventions.PrefixAllGlobals
: plugin/theme prefixes should be at least three characters long. A newShortPrefixPassed
error has been added for when the prefix passed does not comply with this rule.WordPress.WhiteSpace.CastStructureSpacing
now allows for no whitespace before a cast when the cast is preceded by the spread...
operator. This pre-empts a fixer conflict for when the spacing around the spread operator will start to get checked.- The
WordPress.WP.DeprecatedClasses
sniff will now detect classes deprecated in WP 4.9 and WP 5.3. - The
WordPress.WP.DeprecatedFunctions
sniff will now detect functions deprecated in WP 5.3. WordPress.NamingConventions.ValidHookName
now has "cleaner" error messages and higher precision for the line on which an error is thrown.WordPress.Security.EscapeOutput
: if an error refers to array access via a variable, the array index key will now be included in the error message.- The processing of the
WordPress
ruleset byPHP_CodeSniffer
will now be faster. - Various minor code tweaks and clean up.
- Various minor documentation fixes.
- Documentation: updated the repo URL in all relevant places.
Deprecated
- The
WordPress.WP.TimezoneChange
sniff. Use theWordPress.DateTime.RestrictedFunctions
instead.
The deprecated sniff will be removed in WPCS 3.0.0.
Fixed
- All sniffs in the
WordPress.Arrays
category will no longer treat short lists as if they were a short array. - The
WordPress.NamingConventions.ValidFunctionName
and theWordPress.NamingConventions.PrefixAllGlobals
sniff will now ignore functions marked as@deprecated
. - Both the
WordPress.NamingConventions.PrefixAllGlobals
sniff as well as theWordPress.WP.GlobalVariablesOverride
sniff have been updated to recognize variables being declared via (long/short)list()
constructs and handle them correctly. - Both the
WordPress.NamingConventions.PrefixAllGlobals
sniff as well as theWordPress.WP.GlobalVariablesOverride
sniff will now take a limited list of WP global variables which are intended to be overwritten by plugins/themes into account.
Initially this list contains the$content_width
and the$wp_cockneyreplace
variables. WordPress.NamingConventions.ValidHookName
: will no longer examine a string array access index key as if it were a part of the hook name.WordPress.Security.EscapeOutput
: will no longer trigger on the typicalbasename( __FILE__ )
pattern if found as the first parameter passed to a call to_deprecated_file()
.WordPress.WP.CapitalPDangit
: now allows for the.test
TLD in URLs.- WPCS is now fully compatible with PHP 7.4.
Note:PHP_CodeSniffer
itself is only compatible with PHP 7.4 from PHPCS 3.5.0 onwards.