[wp-trac] [WordPress Trac] #61694: Ensure compat functions do not rely on external functions

WordPress Trac noreply at wordpress.org
Thu Jul 18 21:56:46 UTC 2024 

#61694: Ensure compat functions do not rely on external functions
----------------------------+---------------------
 Reporter:  jorbin          |       Owner:  (none)
     Type:  enhancement     |      Status:  new
 Priority:  normal          |   Milestone:  6.7
Component:  Bootstrap/Load  |     Version:
 Severity:  normal          |  Resolution:
 Keywords:                  |     Focuses:
----------------------------+---------------------

Comment (by dmsnell):

 I'm not proficient in writing Github Actions, but this code reasonably
 guesses if there's a call to a function not-yet-defined in `compat.php`.
 It could be expanded without much work to capture `function_exists()`
 checks.

 {{{#!php
 <?php
 $compat_path = __DIR__ . '/src/wp-includes/compat.php';
 require_once $compat_path;

 $functions = get_defined_functions();
 $tokens    = token_get_all( file_get_contents( $compat_path ) );
 $last_i    = count( $tokens ) -  1

 foreach ( $tokens as $i => $token ) {
         // A function call looks like [ T_STRING function_name, '(' ]
         if ( is_string( $token ) || $i === $last_i || 'T_STRING' !==
 token_name( $token[0] ) || '(' !== $tokens[ $i + 1 ] ) {
                 continue;
         }

         $name = $token[1];
         if ( ! in_array( $name, $functions['internal'], true ) && !
 in_array( $name, $functions['user'], true ) ) {
                 echo "Possible call to undefined function '{$name}' on
 line {$token[2]}\n";
         }
 }
 }}}

 When run against the existing `compat.php` it shows

 {{{
 Possible call to undefined function 'get_option' on line 124
 Possible call to undefined function 'get_option' on line 209
 }}}

 For checking more cases we could pull in `Nikic/parser` but I think this
 could be enough to help. We could create a comment on a PR that changes
 this file with possible calls.

 I'm not worried about malicious intent here; and I wouldn't want to
 propose blatantly rejecting code based on naive parsing and understanding
 of it, but a comment on my PR automatically generated which could have
 said "did you realize this?" would have prevented this from happening.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/61694#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list