From 1ec76fd0dcd514ba6d494d35853432ab5a70e0f7 Mon Sep 17 00:00:00 2001 From: Arafat Zahan Date: Mon, 3 Oct 2022 23:47:22 +0600 Subject: [PATCH 01/11] Refactor usage of `FILTER_SANITIZE_STRING`. --- includes/Core/Admin/Screens.php | 2 +- includes/Core/Admin/Standalone.php | 2 +- includes/Core/Assets/Assets.php | 8 ++----- .../Core/Authentication/Authentication.php | 2 +- .../Authentication/Clients/OAuth_Client.php | 6 ++--- includes/Core/Authentication/Setup.php | 22 +++++++++---------- includes/Modules/Analytics.php | 10 ++++----- tests/phpunit/integration/ContextTest.php | 2 +- 8 files changed, 25 insertions(+), 29 deletions(-) diff --git a/includes/Core/Admin/Screens.php b/includes/Core/Admin/Screens.php index 5b795c69c54..92bd0b16430 100644 --- a/includes/Core/Admin/Screens.php +++ b/includes/Core/Admin/Screens.php @@ -367,7 +367,7 @@ private function get_screens() { 'render_callback' => function( Context $context ) { $is_view_only = ! $this->authentication->is_authenticated(); - $setup_slug = $context->input()->filter( INPUT_GET, 'slug', FILTER_SANITIZE_STRING ); + $setup_slug = htmlspecialchars( $context->input()->filter( INPUT_GET, 'slug' ) ); $reauth = $context->input()->filter( INPUT_GET, 'reAuth', FILTER_VALIDATE_BOOLEAN ); if ( $context->input()->filter( INPUT_GET, 'permaLink' ) ) { ?> diff --git a/includes/Core/Admin/Standalone.php b/includes/Core/Admin/Standalone.php index c4ffb76a8f8..4de9ea61a7c 100644 --- a/includes/Core/Admin/Standalone.php +++ b/includes/Core/Admin/Standalone.php @@ -92,7 +92,7 @@ function() { public function is_standalone() { global $pagenow; - $page = $this->context->input()->filter( INPUT_GET, 'page', FILTER_SANITIZE_STRING ); + $page = htmlspecialchars( $this->context->input()->filter( INPUT_GET, 'page' ) ); $standalone = $this->context->input()->filter( INPUT_GET, 'googlesitekit-standalone', FILTER_VALIDATE_BOOLEAN ); return ( 'admin.php' === $pagenow && false !== strpos( $page, 'googlesitekit' ) && $standalone ); diff --git a/includes/Core/Assets/Assets.php b/includes/Core/Assets/Assets.php index 34541fd496a..a18bfcb5159 100644 --- a/includes/Core/Assets/Assets.php +++ b/includes/Core/Assets/Assets.php @@ -911,18 +911,14 @@ private function get_inline_tracking_data() { * @return array The inline data to be output. */ private function get_inline_data() { - $current_user = wp_get_current_user(); - $site_url = $this->context->get_reference_site_url(); - $input = $this->context->input(); - $page = $input->filter( INPUT_GET, 'page', FILTER_SANITIZE_STRING ); + $site_url = $this->context->get_reference_site_url(); + $input = $this->context->input(); $admin_data = array( 'siteURL' => esc_url_raw( $site_url ), 'resetSession' => $input->filter( INPUT_GET, 'googlesitekit_reset_session', FILTER_VALIDATE_BOOLEAN ), ); - $current_entity = $this->context->get_reference_entity(); - return array( /** diff --git a/includes/Core/Authentication/Authentication.php b/includes/Core/Authentication/Authentication.php index dca8b8a1c5e..0c8723971a5 100644 --- a/includes/Core/Authentication/Authentication.php +++ b/includes/Core/Authentication/Authentication.php @@ -305,7 +305,7 @@ public function register() { 'admin_init', function() { if ( - 'googlesitekit-dashboard' === $this->context->input()->filter( INPUT_GET, 'page', FILTER_SANITIZE_STRING ) + 'googlesitekit-dashboard' === htmlspecialchars( $this->context->input()->filter( INPUT_GET, 'page' ) ) && User_Input_State::VALUE_REQUIRED === $this->user_input_state->get() ) { wp_safe_redirect( $this->context->admin_url( 'user-input' ) ); diff --git a/includes/Core/Authentication/Clients/OAuth_Client.php b/includes/Core/Authentication/Clients/OAuth_Client.php index e7ca5c9c573..0f6880b6dc8 100644 --- a/includes/Core/Authentication/Clients/OAuth_Client.php +++ b/includes/Core/Authentication/Clients/OAuth_Client.php @@ -399,8 +399,8 @@ function ( $scope ) { * @since 1.49.0 Uses the new `Google_Proxy::setup_url_v2` method when the `serviceSetupV2` feature flag is enabled. */ public function authorize_user() { - $code = $this->context->input()->filter( INPUT_GET, 'code', FILTER_SANITIZE_STRING ); - $error_code = $this->context->input()->filter( INPUT_GET, 'error', FILTER_SANITIZE_STRING ); + $code = htmlspecialchars( $this->context->input()->filter( INPUT_GET, 'code' ) ); + $error_code = htmlspecialchars( $this->context->input()->filter( INPUT_GET, 'error' ) ); // If the OAuth redirects with an error code, handle it. if ( ! empty( $error_code ) ) { $this->user_options->set( self::OPTION_ERROR_CODE, $error_code ); @@ -450,7 +450,7 @@ public function authorize_user() { if ( isset( $token_response['scope'] ) ) { $scopes = explode( ' ', sanitize_text_field( $token_response['scope'] ) ); } elseif ( $this->context->input()->filter( INPUT_GET, 'scope' ) ) { - $scope = $this->context->input()->filter( INPUT_GET, 'scope', FILTER_SANITIZE_STRING ); + $scope = htmlspecialchars( $this->context->input()->filter( INPUT_GET, 'scope' ) ); $scopes = explode( ' ', $scope ); } else { $scopes = $this->get_required_scopes(); diff --git a/includes/Core/Authentication/Setup.php b/includes/Core/Authentication/Setup.php index fdc3b234265..9374b1167b6 100644 --- a/includes/Core/Authentication/Setup.php +++ b/includes/Core/Authentication/Setup.php @@ -127,7 +127,7 @@ private function get_oauth_proxy_failed_help_link() { * @since 1.48.0 */ public function handle_action_setup_start() { - $nonce = $this->context->input()->filter( INPUT_GET, 'nonce', FILTER_SANITIZE_STRING ); + $nonce = htmlspecialchars( $this->context->input()->filter( INPUT_GET, 'nonce' ) ); $redirect_url = $this->context->input()->filter( INPUT_GET, 'redirect', FILTER_SANITIZE_URL ); $this->verify_nonce( $nonce, Google_Proxy::ACTION_SETUP_START ); @@ -207,12 +207,12 @@ public function handle_action_setup_start() { */ public function handle_action_verify() { $input = $this->context->input(); - $step = $input->filter( INPUT_GET, 'step', FILTER_SANITIZE_STRING ); - $nonce = $input->filter( INPUT_GET, 'nonce', FILTER_SANITIZE_STRING ); - $code = $input->filter( INPUT_GET, 'googlesitekit_code', FILTER_SANITIZE_STRING ); - $site_code = $input->filter( INPUT_GET, 'googlesitekit_site_code', FILTER_SANITIZE_STRING ); - $verification_token = $input->filter( INPUT_GET, 'googlesitekit_verification_token', FILTER_SANITIZE_STRING ); - $verification_method = $input->filter( INPUT_GET, 'googlesitekit_verification_token_type', FILTER_SANITIZE_STRING ); + $step = htmlspecialchars( $input->filter( INPUT_GET, 'step' ) ); + $nonce = htmlspecialchars( $input->filter( INPUT_GET, 'nonce' ) ); + $code = htmlspecialchars( $input->filter( INPUT_GET, 'googlesitekit_code' ) ); + $site_code = htmlspecialchars( $input->filter( INPUT_GET, 'googlesitekit_site_code' ) ); + $verification_token = htmlspecialchars( $input->filter( INPUT_GET, 'googlesitekit_verification_token' ) ); + $verification_method = htmlspecialchars( $input->filter( INPUT_GET, 'googlesitekit_verification_token_type' ) ); $this->verify_nonce( $nonce ); @@ -266,10 +266,10 @@ public function handle_action_verify() { */ public function handle_action_exchange_site_code() { $input = $this->context->input(); - $step = $input->filter( INPUT_GET, 'step', FILTER_SANITIZE_STRING ); - $nonce = $input->filter( INPUT_GET, 'nonce', FILTER_SANITIZE_STRING ); - $code = $input->filter( INPUT_GET, 'googlesitekit_code', FILTER_SANITIZE_STRING ); - $site_code = $input->filter( INPUT_GET, 'googlesitekit_site_code', FILTER_SANITIZE_STRING ); + $step = htmlspecialchars( $input->filter( INPUT_GET, 'step' ) ); + $nonce = htmlspecialchars( $input->filter( INPUT_GET, 'nonce' ) ); + $code = htmlspecialchars( $input->filter( INPUT_GET, 'googlesitekit_code' ) ); + $site_code = htmlspecialchars( $input->filter( INPUT_GET, 'googlesitekit_site_code' ) ); $this->verify_nonce( $nonce ); diff --git a/includes/Modules/Analytics.php b/includes/Modules/Analytics.php index 19acbbd01fb..7d7234db83e 100644 --- a/includes/Modules/Analytics.php +++ b/includes/Modules/Analytics.php @@ -265,7 +265,7 @@ protected function handle_provisioning_callback() { } // The handler should check the received Account Ticket id parameter against the id stored in the provisioning step. - $account_ticket_id = $input->filter( INPUT_GET, 'accountTicketId', FILTER_SANITIZE_STRING ); + $account_ticket_id = htmlspecialchars( $input->filter( INPUT_GET, 'accountTicketId' ) ); $stored_account_ticket_id = get_transient( self::PROVISION_ACCOUNT_TICKET_ID . '::' . get_current_user_id() ); delete_transient( self::PROVISION_ACCOUNT_TICKET_ID . '::' . get_current_user_id() ); @@ -277,7 +277,7 @@ protected function handle_provisioning_callback() { } // Check for a returned error. - $error = $input->filter( INPUT_GET, 'error', FILTER_SANITIZE_STRING ); + $error = htmlspecialchars( $input->filter( INPUT_GET, 'error' ) ); if ( ! empty( $error ) ) { wp_safe_redirect( $this->context->admin_url( 'module-analytics', array( 'error_code' => $error ) ) @@ -285,9 +285,9 @@ protected function handle_provisioning_callback() { exit; } - $account_id = $input->filter( INPUT_GET, 'accountId', FILTER_SANITIZE_STRING ); - $web_property_id = $input->filter( INPUT_GET, 'webPropertyId', FILTER_SANITIZE_STRING ); - $profile_id = $input->filter( INPUT_GET, 'profileId', FILTER_SANITIZE_STRING ); + $account_id = htmlspecialchars( $input->filter( INPUT_GET, 'accountId' ) ); + $web_property_id = htmlspecialchars( $input->filter( INPUT_GET, 'webPropertyId' ) ); + $profile_id = htmlspecialchars( $input->filter( INPUT_GET, 'profileId' ) ); if ( empty( $account_id ) || empty( $web_property_id ) || empty( $profile_id ) ) { wp_safe_redirect( diff --git a/tests/phpunit/integration/ContextTest.php b/tests/phpunit/integration/ContextTest.php index 8a4f32047c7..056e2b541a8 100644 --- a/tests/phpunit/integration/ContextTest.php +++ b/tests/phpunit/integration/ContextTest.php @@ -71,7 +71,7 @@ public function test_filter_input() { $this->assertTrue( $context->input()->filter( INPUT_GET, 'foo', FILTER_VALIDATE_BOOLEAN ) ); $_GET['dirty'] = ''; - $this->assertEquals( 'dirt', $context->input()->filter( INPUT_GET, 'dirty', FILTER_SANITIZE_STRING ) ); + $this->assertEquals( 'dirt', htmlspecialchars( $context->input()->filter( INPUT_GET, 'dirty' ) ) ); } public function test_admin_url() { From e8f99a9e4c6173252281cd73bdd1af24fcbe8d21 Mon Sep 17 00:00:00 2001 From: Arafat Zahan Date: Mon, 3 Oct 2022 23:55:59 +0600 Subject: [PATCH 02/11] Fix failing phpunit test. --- tests/phpunit/integration/ContextTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/phpunit/integration/ContextTest.php b/tests/phpunit/integration/ContextTest.php index 056e2b541a8..d4abadc9382 100644 --- a/tests/phpunit/integration/ContextTest.php +++ b/tests/phpunit/integration/ContextTest.php @@ -71,7 +71,7 @@ public function test_filter_input() { $this->assertTrue( $context->input()->filter( INPUT_GET, 'foo', FILTER_VALIDATE_BOOLEAN ) ); $_GET['dirty'] = ''; - $this->assertEquals( 'dirt', htmlspecialchars( $context->input()->filter( INPUT_GET, 'dirty' ) ) ); + $this->assertEquals( '<script>dirt</script>', htmlspecialchars( $context->input()->filter( INPUT_GET, 'dirty' ) ) ); } public function test_admin_url() { From 36f70401f9e04e43c09597ae654f2274ac7c3492 Mon Sep 17 00:00:00 2001 From: Arafat Zahan Date: Wed, 5 Oct 2022 06:18:27 +0600 Subject: [PATCH 03/11] Change default value of `filter_input`'s `options` param to 0. --- includes/Core/Util/Input.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/includes/Core/Util/Input.php b/includes/Core/Util/Input.php index b44119cc84e..0119b5ab809 100644 --- a/includes/Core/Util/Input.php +++ b/includes/Core/Util/Input.php @@ -45,6 +45,7 @@ public function __construct() { * Gets a specific external variable by name and optionally filters it. * * @since 1.1.2 + * @since n.e.x.t Changed default value of $options parameter to 0. * * @link https://php.net/manual/en/function.filter-input.php * @@ -60,7 +61,7 @@ public function __construct() { * If the flag FILTER_NULL_ON_FAILURE is used, it returns FALSE if the variable is not set * and NULL if the filter fails. */ - public function filter( $type, $variable_name, $filter = FILTER_DEFAULT, $options = null ) { + public function filter( $type, $variable_name, $filter = FILTER_DEFAULT, $options = 0 ) { $value = filter_input( $type, $variable_name, $filter, $options ); // Fallback for environments where filter_input may not work with specific types. From fc51d2abdec8baa071c207365e9310756c30e9e7 Mon Sep 17 00:00:00 2001 From: Arafat Zahan Date: Wed, 5 Oct 2022 07:56:51 +0600 Subject: [PATCH 04/11] Fix `htmlspecialchars` null warnings. --- includes/Core/Admin/Standalone.php | 2 +- includes/Core/Authentication/Authentication.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/includes/Core/Admin/Standalone.php b/includes/Core/Admin/Standalone.php index 4de9ea61a7c..a5d78a303fb 100644 --- a/includes/Core/Admin/Standalone.php +++ b/includes/Core/Admin/Standalone.php @@ -92,7 +92,7 @@ function() { public function is_standalone() { global $pagenow; - $page = htmlspecialchars( $this->context->input()->filter( INPUT_GET, 'page' ) ); + $page = htmlspecialchars( $this->context->input()->filter( INPUT_GET, 'page' ) ?: '' ); $standalone = $this->context->input()->filter( INPUT_GET, 'googlesitekit-standalone', FILTER_VALIDATE_BOOLEAN ); return ( 'admin.php' === $pagenow && false !== strpos( $page, 'googlesitekit' ) && $standalone ); diff --git a/includes/Core/Authentication/Authentication.php b/includes/Core/Authentication/Authentication.php index 0c8723971a5..84232ddcf2c 100644 --- a/includes/Core/Authentication/Authentication.php +++ b/includes/Core/Authentication/Authentication.php @@ -305,7 +305,7 @@ public function register() { 'admin_init', function() { if ( - 'googlesitekit-dashboard' === htmlspecialchars( $this->context->input()->filter( INPUT_GET, 'page' ) ) + 'googlesitekit-dashboard' === htmlspecialchars( $this->context->input()->filter( INPUT_GET, 'page' ) ?: '' ) && User_Input_State::VALUE_REQUIRED === $this->user_input_state->get() ) { wp_safe_redirect( $this->context->admin_url( 'user-input' ) ); From 025242330c7a32407816dd108f692e6bd9959b3c Mon Sep 17 00:00:00 2001 From: Arafat Zahan Date: Thu, 13 Oct 2022 06:36:02 +0600 Subject: [PATCH 05/11] Do not call htmlspecialchars with null setup_slug. --- includes/Core/Admin/Screens.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/includes/Core/Admin/Screens.php b/includes/Core/Admin/Screens.php index 92bd0b16430..745c23fce33 100644 --- a/includes/Core/Admin/Screens.php +++ b/includes/Core/Admin/Screens.php @@ -367,7 +367,10 @@ private function get_screens() { 'render_callback' => function( Context $context ) { $is_view_only = ! $this->authentication->is_authenticated(); - $setup_slug = htmlspecialchars( $context->input()->filter( INPUT_GET, 'slug' ) ); + $setup_slug = $context->input()->filter( INPUT_GET, 'slug' ); + if ( $setup_slug ) { + $setup_slug = htmlspecialchars( $setup_slug ); + } $reauth = $context->input()->filter( INPUT_GET, 'reAuth', FILTER_VALIDATE_BOOLEAN ); if ( $context->input()->filter( INPUT_GET, 'permaLink' ) ) { ?> From 0533f2b65a37c6145244a5d34c0f9fe2af0ec0bd Mon Sep 17 00:00:00 2001 From: Arafat Zahan Date: Fri, 14 Oct 2022 10:56:15 +0600 Subject: [PATCH 06/11] Check $error to be not empty before running `htmlspecialchars`. --- includes/Modules/Analytics.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/includes/Modules/Analytics.php b/includes/Modules/Analytics.php index 7d7234db83e..ba187480b37 100644 --- a/includes/Modules/Analytics.php +++ b/includes/Modules/Analytics.php @@ -277,10 +277,10 @@ protected function handle_provisioning_callback() { } // Check for a returned error. - $error = htmlspecialchars( $input->filter( INPUT_GET, 'error' ) ); + $error = $input->filter( INPUT_GET, 'error' ); if ( ! empty( $error ) ) { wp_safe_redirect( - $this->context->admin_url( 'module-analytics', array( 'error_code' => $error ) ) + $this->context->admin_url( 'module-analytics', array( 'error_code' => htmlspecialchars( $error ) ) ) ); exit; } From 6930f15427476d9cca7597e9776a229b090f9e83 Mon Sep 17 00:00:00 2001 From: Arafat Zahan Date: Tue, 1 Nov 2022 16:46:38 +0600 Subject: [PATCH 07/11] Use Elvis operator. --- includes/Core/Admin/Screens.php | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/includes/Core/Admin/Screens.php b/includes/Core/Admin/Screens.php index 745c23fce33..9d9ef00cc08 100644 --- a/includes/Core/Admin/Screens.php +++ b/includes/Core/Admin/Screens.php @@ -367,10 +367,7 @@ private function get_screens() { 'render_callback' => function( Context $context ) { $is_view_only = ! $this->authentication->is_authenticated(); - $setup_slug = $context->input()->filter( INPUT_GET, 'slug' ); - if ( $setup_slug ) { - $setup_slug = htmlspecialchars( $setup_slug ); - } + $setup_slug = htmlspecialchars( $context->input()->filter( INPUT_GET, 'slug' ) ?: '' ); $reauth = $context->input()->filter( INPUT_GET, 'reAuth', FILTER_VALIDATE_BOOLEAN ); if ( $context->input()->filter( INPUT_GET, 'permaLink' ) ) { ?> From 575cc70169441ce76ddd9c8c9e0ea3584fe72723 Mon Sep 17 00:00:00 2001 From: Arafat Zahan Date: Tue, 1 Nov 2022 18:41:37 +0600 Subject: [PATCH 08/11] Add `ReturnTypeWillChange` attribute to supress warnings. --- includes/Core/REST_API/Data_Request.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/includes/Core/REST_API/Data_Request.php b/includes/Core/REST_API/Data_Request.php index 4e8746a95b5..7ce5e7daeb1 100644 --- a/includes/Core/REST_API/Data_Request.php +++ b/includes/Core/REST_API/Data_Request.php @@ -121,6 +121,8 @@ public function __isset( $name ) { * * @return bool */ + // phpcs:disable Squiz.Commenting.InlineComment.WrongStyle,Squiz.Commenting.FunctionComment.WrongStyle, Squiz.PHP.CommentedOutCode.Found + #[\ReturnTypeWillChange] public function offsetExists( $key ) { return array_key_exists( $key, $this->data ); } @@ -132,6 +134,8 @@ public function offsetExists( $key ) { * * @return mixed */ + // phpcs:disable Squiz.Commenting.InlineComment.WrongStyle,Squiz.Commenting.FunctionComment.WrongStyle, Squiz.PHP.CommentedOutCode.Found + #[\ReturnTypeWillChange] public function offsetGet( $key ) { if ( $this->offsetExists( $key ) ) { return $this->data[ $key ]; @@ -146,6 +150,8 @@ public function offsetGet( $key ) { * @param string|int $key Key to set the value for. * @param mixed $value New value for the given key. */ + // phpcs:disable Squiz.Commenting.InlineComment.WrongStyle,Squiz.Commenting.FunctionComment.WrongStyle, Squiz.PHP.CommentedOutCode.Found + #[\ReturnTypeWillChange] public function offsetSet( $key, $value ) { // Data is immutable. } @@ -155,6 +161,8 @@ public function offsetSet( $key, $value ) { * * @param string|int $key Key to unset. */ + // phpcs:disable Squiz.Commenting.InlineComment.WrongStyle,Squiz.Commenting.FunctionComment.WrongStyle, Squiz.PHP.CommentedOutCode.Found + #[\ReturnTypeWillChange] public function offsetUnset( $key ) { // Data is immutable. } From 0493f607f4fe9ad6e5063dadda91b69c8623d3b7 Mon Sep 17 00:00:00 2001 From: Arafat Zahan Date: Tue, 1 Nov 2022 18:43:51 +0600 Subject: [PATCH 09/11] Add spaces in phpcs multiple ignores. --- includes/Core/REST_API/Data_Request.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/includes/Core/REST_API/Data_Request.php b/includes/Core/REST_API/Data_Request.php index 7ce5e7daeb1..ab8a46764fb 100644 --- a/includes/Core/REST_API/Data_Request.php +++ b/includes/Core/REST_API/Data_Request.php @@ -134,7 +134,7 @@ public function offsetExists( $key ) { * * @return mixed */ - // phpcs:disable Squiz.Commenting.InlineComment.WrongStyle,Squiz.Commenting.FunctionComment.WrongStyle, Squiz.PHP.CommentedOutCode.Found + // phpcs:disable Squiz.Commenting.InlineComment.WrongStyle, Squiz.Commenting.FunctionComment.WrongStyle, Squiz.PHP.CommentedOutCode.Found #[\ReturnTypeWillChange] public function offsetGet( $key ) { if ( $this->offsetExists( $key ) ) { @@ -150,7 +150,7 @@ public function offsetGet( $key ) { * @param string|int $key Key to set the value for. * @param mixed $value New value for the given key. */ - // phpcs:disable Squiz.Commenting.InlineComment.WrongStyle,Squiz.Commenting.FunctionComment.WrongStyle, Squiz.PHP.CommentedOutCode.Found + // phpcs:disable Squiz.Commenting.InlineComment.WrongStyle, Squiz.Commenting.FunctionComment.WrongStyle, Squiz.PHP.CommentedOutCode.Found #[\ReturnTypeWillChange] public function offsetSet( $key, $value ) { // Data is immutable. @@ -161,7 +161,7 @@ public function offsetSet( $key, $value ) { * * @param string|int $key Key to unset. */ - // phpcs:disable Squiz.Commenting.InlineComment.WrongStyle,Squiz.Commenting.FunctionComment.WrongStyle, Squiz.PHP.CommentedOutCode.Found + // phpcs:disable Squiz.Commenting.InlineComment.WrongStyle, Squiz.Commenting.FunctionComment.WrongStyle, Squiz.PHP.CommentedOutCode.Found #[\ReturnTypeWillChange] public function offsetUnset( $key ) { // Data is immutable. From d6d889bbba40b419d22c08f00acbea232924cdc6 Mon Sep 17 00:00:00 2001 From: Arafat Zahan Date: Wed, 30 Nov 2022 16:23:04 +0600 Subject: [PATCH 10/11] Replace phpcs disables with inline ignores. --- includes/Core/REST_API/Data_Request.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/includes/Core/REST_API/Data_Request.php b/includes/Core/REST_API/Data_Request.php index ab8a46764fb..060c085e450 100644 --- a/includes/Core/REST_API/Data_Request.php +++ b/includes/Core/REST_API/Data_Request.php @@ -121,9 +121,9 @@ public function __isset( $name ) { * * @return bool */ - // phpcs:disable Squiz.Commenting.InlineComment.WrongStyle,Squiz.Commenting.FunctionComment.WrongStyle, Squiz.PHP.CommentedOutCode.Found + // phpcs:ignore Squiz.Commenting.InlineComment.WrongStyle,Squiz.PHP.CommentedOutCode.Found #[\ReturnTypeWillChange] - public function offsetExists( $key ) { + public function offsetExists( $key ) { // phpcs:ignore Squiz.Commenting.FunctionComment.WrongStyle return array_key_exists( $key, $this->data ); } @@ -134,9 +134,9 @@ public function offsetExists( $key ) { * * @return mixed */ - // phpcs:disable Squiz.Commenting.InlineComment.WrongStyle, Squiz.Commenting.FunctionComment.WrongStyle, Squiz.PHP.CommentedOutCode.Found + // phpcs:ignore Squiz.Commenting.InlineComment.WrongStyle,Squiz.PHP.CommentedOutCode.Found #[\ReturnTypeWillChange] - public function offsetGet( $key ) { + public function offsetGet( $key ) { // phpcs:ignore Squiz.Commenting.FunctionComment.WrongStyle if ( $this->offsetExists( $key ) ) { return $this->data[ $key ]; } @@ -150,9 +150,9 @@ public function offsetGet( $key ) { * @param string|int $key Key to set the value for. * @param mixed $value New value for the given key. */ - // phpcs:disable Squiz.Commenting.InlineComment.WrongStyle, Squiz.Commenting.FunctionComment.WrongStyle, Squiz.PHP.CommentedOutCode.Found + // phpcs:ignore Squiz.Commenting.InlineComment.WrongStyle,Squiz.PHP.CommentedOutCode.Found #[\ReturnTypeWillChange] - public function offsetSet( $key, $value ) { + public function offsetSet( $key, $value ) { // phpcs:ignore Squiz.Commenting.FunctionComment.WrongStyle // Data is immutable. } @@ -161,9 +161,9 @@ public function offsetSet( $key, $value ) { * * @param string|int $key Key to unset. */ - // phpcs:disable Squiz.Commenting.InlineComment.WrongStyle, Squiz.Commenting.FunctionComment.WrongStyle, Squiz.PHP.CommentedOutCode.Found + // phpcs:ignore Squiz.Commenting.InlineComment.WrongStyle,Squiz.PHP.CommentedOutCode.Found #[\ReturnTypeWillChange] - public function offsetUnset( $key ) { + public function offsetUnset( $key ) { // phpcs:ignore Squiz.Commenting.FunctionComment.WrongStyle // Data is immutable. } } From 9197ff708b64d22524ddb969d568d2d72f2c36d8 Mon Sep 17 00:00:00 2001 From: Arafat Zahan Date: Fri, 16 Dec 2022 06:14:49 +0600 Subject: [PATCH 11/11] Address CR feedback. --- includes/Core/REST_API/Data_Request.php | 8 ++++---- tests/phpunit/integration/ContextTest.php | 3 --- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/includes/Core/REST_API/Data_Request.php b/includes/Core/REST_API/Data_Request.php index 060c085e450..e333c72fd25 100644 --- a/includes/Core/REST_API/Data_Request.php +++ b/includes/Core/REST_API/Data_Request.php @@ -123,7 +123,7 @@ public function __isset( $name ) { */ // phpcs:ignore Squiz.Commenting.InlineComment.WrongStyle,Squiz.PHP.CommentedOutCode.Found #[\ReturnTypeWillChange] - public function offsetExists( $key ) { // phpcs:ignore Squiz.Commenting.FunctionComment.WrongStyle + public function offsetExists( $key ) { // phpcs:ignore Squiz.Commenting.FunctionComment return array_key_exists( $key, $this->data ); } @@ -136,7 +136,7 @@ public function offsetExists( $key ) { // phpcs:ignore Squiz.Commenting.Function */ // phpcs:ignore Squiz.Commenting.InlineComment.WrongStyle,Squiz.PHP.CommentedOutCode.Found #[\ReturnTypeWillChange] - public function offsetGet( $key ) { // phpcs:ignore Squiz.Commenting.FunctionComment.WrongStyle + public function offsetGet( $key ) { // phpcs:ignore Squiz.Commenting.FunctionComment if ( $this->offsetExists( $key ) ) { return $this->data[ $key ]; } @@ -152,7 +152,7 @@ public function offsetGet( $key ) { // phpcs:ignore Squiz.Commenting.FunctionCom */ // phpcs:ignore Squiz.Commenting.InlineComment.WrongStyle,Squiz.PHP.CommentedOutCode.Found #[\ReturnTypeWillChange] - public function offsetSet( $key, $value ) { // phpcs:ignore Squiz.Commenting.FunctionComment.WrongStyle + public function offsetSet( $key, $value ) { // phpcs:ignore Squiz.Commenting.FunctionComment // Data is immutable. } @@ -163,7 +163,7 @@ public function offsetSet( $key, $value ) { // phpcs:ignore Squiz.Commenting.Fun */ // phpcs:ignore Squiz.Commenting.InlineComment.WrongStyle,Squiz.PHP.CommentedOutCode.Found #[\ReturnTypeWillChange] - public function offsetUnset( $key ) { // phpcs:ignore Squiz.Commenting.FunctionComment.WrongStyle + public function offsetUnset( $key ) { // phpcs:ignore Squiz.Commenting.FunctionComment // Data is immutable. } } diff --git a/tests/phpunit/integration/ContextTest.php b/tests/phpunit/integration/ContextTest.php index d4abadc9382..b3111b308b5 100644 --- a/tests/phpunit/integration/ContextTest.php +++ b/tests/phpunit/integration/ContextTest.php @@ -69,9 +69,6 @@ public function test_filter_input() { $_GET['foo'] = true; $this->assertTrue( $context->input()->filter( INPUT_GET, 'foo', FILTER_VALIDATE_BOOLEAN ) ); - - $_GET['dirty'] = ''; - $this->assertEquals( '<script>dirt</script>', htmlspecialchars( $context->input()->filter( INPUT_GET, 'dirty' ) ) ); } public function test_admin_url() {