Functions/StripTags: various sniff improvements #854
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Test against false positives for calls to methods or namespaced function calls.
* Test against false positives for attribute class using the same name as the function.
* Ensure function import `use` statements are not flagged. We're not interested in those.
* Add some more variations to the pre-existing tests:
- Non-lowercase function call(s).
- Fully qualified function calls.
- Use PHP 7.3+ trailing comma's in a few function calls.
Includes cleaning up some "Warning" comments which contained irrelevant information as the sniff isn't looking for the things which were previously mentioned.
This function should never be used, so should always be flagged, no matter whether the code is (not yet) valid. Realistically, the existing `StripTagsOneParameter` error code should be replaced with the new `Used` error code, but that would be a breaking change, which would have to wait for the next major (if deemed worth it). I checked via a code search and the error code as-is, is [referenced in various code bases](https://github.com/search?q=StripTagsOneParameter&type=code), so I'm maintaining BC for now.
This is flagged under the `StripTagsOneParameter` error code.
… using named parameters This does change the logic of the sniff a little as well, as if there are parameters, but all of those would use incorrect parameter names, we should still want the function call to be flagged. Includes tests.
…lables
First class callables are basically syntax sugar for closures.
So:
```php
add_action('my_action', strip_tags(...));
```
... could also be written as:
```php
add_action('my_action', function(...$args) {
return strip_tags(...$args);
});
```
Example: https://3v4l.org/cra8s#veol
As the code would be flagged when used in a closure, it is my opinion, it should also be flagged when used as a first class callable.
This commit implements this in a WPCS cross-version compatible manner.
Prior to WPCS 3.2.0, first class callables would be send to the `process_no_parameters()` method.
As of WPCS 3.2.0, they will be send to the dedicated `process_first_class_callable()` method. See WordPress/WordPress-Coding-Standards#2544
jrfnl
added
Type: Enhancement
Type: Maintenance
PHPCSUtils
GaryJones
approved these changes
Jul 23, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Functions/StripTags: improve the tests
usestatements are not flagged. We're not interested in those.Includes cleaning up some "Warning" comments which contained irrelevant information as the sniff isn't looking for the things which were previously mentioned.
Functions/StripTags: always flag use of the function
This function should never be used, so should always be flagged, no matter whether the code is (not yet) valid.
Realistically, the existing
StripTagsOneParametererror code should be replaced with the newUsederror code, but that would be a breaking change, which would have to wait for the next major (if deemed worth it).I checked via a code search and the error code as-is, is referenced in various code bases, so I'm maintaining BC for now.
Functions/StripTags: document handling of PHP 5.6 argument unpacking
This is flagged under the
StripTagsOneParametererror code.Functions/StripTags: add support for handling PHP 8.0+ function calls using named parameters
This does change the logic of the sniff a little as well, as if there are parameters, but all of those would use incorrect parameter names, we should still want the function call to be flagged.
Includes tests.
Functions/StripTags: add support for handling PHP 8.1 first class callables
First class callables are basically syntax sugar for closures.
So:
... could also be written as:
Example: https://3v4l.org/cra8s#veol
As the code would be flagged when used in a closure, it is my opinion, it should also be flagged when used as a first class callable.
This commit implements this in a WPCS cross-version compatible manner.
Prior to WPCS 3.2.0, first class callables would be send to the
process_no_parameters()method.As of WPCS 3.2.0, they will be send to the dedicated
process_first_class_callable()method. See WordPress/WordPress-Coding-Standards#2544Closes #519