[wp-trac] [WordPress Trac] #44058: Include security sniffs in PHPCS ruleset

WordPress Trac noreply at wordpress.org
Wed May 16 18:31:10 UTC 2018


#44058: Include security sniffs in PHPCS ruleset
-------------------------+-------------------------------
 Reporter:  iandunn      |       Owner:  (none)
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Future Release
Component:  Security     |     Version:
 Severity:  normal       |  Resolution:
 Keywords:               |     Focuses:  coding-standards
-------------------------+-------------------------------
Changes (by iandunn):

 * keywords:  needs-patch =>


Comment:

 Thanks for the background info Juliette! I agree on both !#1 and !#2.

 Assuming !#2 doesn't change, though, I'm guessing it'd be relatively easy
 to make the XSS sniff ignore translated strings? That should cut the
 `5500` number down quite a bit. If it ''does'' change, then I'm assuming
 `phpcbf` could fix them automatically.

 I don't think adding a bunch of new errors is necessarily a big deal,
 though, since it's easy to [https://make.wordpress.org/core/handbook/best-
 practices/commit-messages/#before-a-commit filter the phpcs report  to
 only the lines that were modified] while working on a patch. Then, we
 could clean up errors in old code as a dedicated task, without it getting
 in the way of new work.

 What do you think?

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/44058#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list