2.0.0-RC1
Pre-release
Pre-release
Important information about this release:
This is the first release candidate for WordPressCS 2.0.0.
WordPressCS 2.0.0 contains breaking changes, both for people using custom rulesets as well as for sniff developers who maintain a custom PHPCS standard based on WordPressCS.
Support for PHP_CodeSniffer
2.x has been dropped, the new minimum PHP_CodeSniffer
version is 3.3.1.
Also, all previously deprecated sniffs, properties and methods have been removed.
Please read the complete changelog carefully before you upgrade.
If you are a maintainer of an external standard based on WordPressCS and any of your custom sniffs are based on or extend WPCS sniffs, please read the Developers Upgrade Guide to WordPressCS 2.0.0.
Added
Generic.PHP.DiscourageGoto
,Generic.PHP.LowerCaseType
,Generic.WhiteSpace.ArbitraryParenthesesSpacing
andPSR12.Keywords.ShortFormTypeKeywords
to theWordPress-Core
ruleset.- Checking the spacing around the
instanceof
operator to theWordPress.WhiteSpace.OperatorSpacing
sniff.
Changed
- The minimum required
PHP_CodeSniffer
version to 3.3.1 (was 2.9.0). - The namespace used by WordPressCS has been changed from
WordPress
toWordPressCS\WordPress
.
This was not possible whilePHP_CodeSniffer
2.x was still supported, but WordPressCS, as a good Open Source citizen, does not want to occupy theWordPress
namespace and is releasing its use of it now this is viable. - The
WordPress.DB.PreparedSQL
sniff used the same error code for two different errors.
TheNotPrepared
error code remains, however an additionalInterpolatedNotPrepared
error code has been added for the second error.
If you are referencing the old error code in a ruleset XML file or in inline annotations, you may need to update it. - The
WordPress.NamingConventions.PrefixAllGlobals
sniff used the same error code for some errors as well as warnings.
TheNonPrefixedConstantFound
error code remains for the related error, but the warning will now use the newVariableConstantNameFound
error code.
TheNonPrefixedHooknameFound
error code remains for the related error, but the warning will now use the newDynamicHooknameFound
error code.
If you are referencing the old error codes in a ruleset XML file or in inline annotations, you may need to update these to use the new codes instead. WordPress.NamingConventions.ValidVariableName
: the error messages and error codes used by this sniff have been changed for improved usability and consistency.- The error messages will now show a suggestion for a valid alternative name for the variable.
- The
NotSnakeCaseMemberVar
error code has been renamed toUsedPropertyNotSnakeCase
. - The
NotSnakeCase
error code has been renamed toVariableNotSnakeCase
. - The
MemberNotSnakeCase
error code has been renamed toPropertyNotSnakeCase
. - The
StringNotSnakeCase
error code has been renamed toInterpolatedVariableNotSnakeCase
.
If you are referencing the old error codes in a ruleset XML file or in inline annotations, you may need to update these to use the new codes instead.
- The
WordPress.Security.NonceVerification
sniff used the same error code for both an error as well as a warning.
The old error codeNoNonceVerification
is no longer used.
Theerror
now uses theMissing
error code, while thewarning
now uses theRecommended
error code.
If you are referencing the old error code in a ruleset XML file or in inline annotations, please update these to use the new codes instead. - The
WordPress.WP.DiscouragedConstants
sniff used to have two error codesUsageFound
andDeclarationFound
.
These error codes will now be prefixed by the name of the constant found to allow for more fine-grained excluding/ignoring of warnings generated by this sniff.
If you are referencing the old error codes in a ruleset XML file or in inline annotations, you may need to update these to use the new codes instead. - The
WordPress.WP.GlobalVariablesOverride.OverrideProhibited
error code has been replaced by theWordPress.WP.GlobalVariablesOverride.Prohibited
error code.
If you are referencing the old error code in a ruleset XML file or in inline annotations, you may need to update it. WordPress-Extra
: Replaced the inclusion of theGeneric.Files.OneClassPerFile
,Generic.Files.OneInterfacePerFile
and theGeneric.Files.OneTraitPerFile
sniffs with the newGeneric.Files.OneObjectStructurePerFile
sniff.WordPress-Extra
: Replaced the inclusion of theSquiz.WhiteSpace.LanguageConstructSpacing
sniff with the newGeneric.WhiteSpace.LanguageConstructSpacing
sniff.WordPress-Extra
: Replaced the inclusion of theSquiz.Scope.MemberVarScope
sniff with the more comprehensivePSR2.Classes.PropertyDeclaration
sniff.WordPress.NamingConventions.ValidFunctionName
: Added a unit test confirming support for interfaces extending multiple interfaces.WordPress.NamingConventions.ValidVariableName
: Added unit tests confirming support for multi-variable/property declarations.- The
get_name_suggestion()
method has been moved from theWordPress.NamingConventions.ValidFunctionName
sniff to the baseSniff
class, renamed toget_snake_case_name_suggestion()
and made static. - The rulesets are now validated against the
PHP_CodeSniffer
XSD schema. - Updated the custom ruleset example to use the recommended ruleset syntax for
PHP_CodeSniffer
3.3.1+, including using the new array property format which is now supported. - Dev: The command to run the unit tests has changed. Please see the updated instructions in the CONTRIBUTING.md file.
Thebin/pre-commit
example git hook has been updated to match. Additionally arun-tests
script has been added to thecomposer.json
file for your convenience.
To facilitate this, PHPUnit has been added torequire-dev
, even though it is strictly speaking a dependency of PHPCS, not of WPCS. - Dev: The DealerDirect PHPCS Composer plugin has been added to
require-dev
. - Various code tweaks and clean up.
- User facing documentation, including the wiki, as well as inline documentation has been updated for all the changes contained in WordPressCS 2.0 and other recommended best practices for
PHP_CodeSniffer
3.3.1+.
Deprecated
- The use of the WordPressCS native whitelist comments, which were introduced in WPCS 0.4.0, have been deprecated and support will be removed in WPCS 3.0.0.
The WordPressCS native whitelist comments will continue to work for now, but a deprecation warning will be thrown when they are encountered.
You are encouraged to upgrade our whitelist comment to use the PHPCS native selective ignore annotations as introduced inPHP_CodeSniffer
3.2.0, as soon as possible.
Removed
- Support for PHP 5.3. PHP 5.4 is the minimum requirement for
PHP_CodeSniffer
3.x.
Includes removing any and all workarounds which were in place to still support PHP 5.3. - Support for
PHP_CodeSniffer
< 3.3.1.
Includes removing any and all workarounds which were in place for supporting olderPHP_CodeSniffer
versions. - The
WordPress-VIP
standard which was deprecated since WordPressCS 1.0.0.
For checking a theme/plugin for hosting on the WordPress.com VIP platform, please use the Automattic VIP coding standards instead. - Support for array properties set in a custom ruleset without the
type="array"
attribute.
Support for this was deprecated in WPCS 1.0.0.
If in doubt about how properties should be set in your custom ruleset, please refer to the Customizable sniff properties wiki page which contains XML code examples for setting each and every WPCS native sniff property.
As the minimumPHP_CodeSniffer
version is now 3.3.1, you can now also use the new format for setting array properties, so this would be a great moment to review and update your custom ruleset.
Note: the ability to set select properties from the command-line as comma-delimited strings is not affected by this change. - The following sniffs have been removed outright without deprecation.
If you are referencing these sniffs in a ruleset XML file or in inline annotations, please update these to reference the replacement sniffs instead.WordPress.Functions.FunctionCallSignatureNoParams
- superseded by a bug fix in the upstreamPEAR.Functions.FunctionCallSignature
sniff.WordPress.PHP.DiscourageGoto
- replaced by the same sniff which is now available upstream:Generic.PHP.DiscourageGoto
.WordPress.WhiteSpace.SemicolonSpacing
- superseded by a bug fix in the upstreamSquiz.WhiteSpace.SemicolonSpacing
sniff.WordPress.WhiteSpace.ArbitraryParenthesesSpacing
- replaced by the same sniff which is now available upstream:Generic.WhiteSpace.ArbitraryParenthesesSpacing
.
- The following "base" sniffs which were previously already deprecated and turned into abstract base classes, have been removed:
WordPress.Arrays.ArrayAssignmentRestrictions
- use theAbstractArrayAssignmentRestrictionsSniff
class instead.WordPress.Functions.FunctionRestrictions
- use theAbstractFunctionRestrictionsSniff
class instead.WordPress.Variables.VariableRestrictions
without replacement.
- The following sniffs which were previously deprecated, have been removed:
WordPress.Arrays.ArrayDeclaration
- use the other sniffs in theWordPress.Arrays
category instead.WordPress.CSRF.NonceVerification
- useWordPress.Security.NonceVerification
instead.WordPress.Functions.DontExtract
- useWordPress.PHP.DontExtract
instead.WordPress.Variables.GlobalVariables
- useWordPress.WP.GlobalVariablesOverride
instead.WordPress.VIP.CronInterval
- useWordPress.WP.CronInterval
instead.WordPress.VIP.DirectDatabaseQuery
- useWordPress.DB.DirectDatabaseQuery
instead.WordPress.VIP.PluginMenuSlug
- useWordPress.Security.PluginMenuSlug
instead.WordPress.VIP.SlowDBQuery
- useWordPress.DB.SlowDBQuery
instead.WordPress.VIP.TimezoneChange
- useWordPress.WP.TimezoneChange
instead.WordPress.VIP.ValidatedSanitizedInput
- useWordPress.Security.ValidatedSanitizedInput
instead.WordPress.WP.PreparedSQL
- useWordPress.DB.PreparedSQL
instead.WordPress.XSS.EscapeOutput
- useWordPress.Security.EscapeOutput
instead.WordPress.PHP.DiscouragedFunctions
without direct replacement.
The checks previously contained in this sniff were moved to separate sniffs in WPCS 0.11.0.WordPress.Variables.VariableRestrictions
without replacement.WordPress.VIP.AdminBarRemoval
without replacement.WordPress.VIP.FileSystemWritesDisallow
without replacement.WordPress.VIP.OrderByRand
without replacement.WordPress.VIP.PostsPerPage
without replacement.
Part of the previous functionality was split off in WPCS 1.0.0 to theWordPress.WP.PostsPerPage
sniff.WordPress.VIP.RestrictedFunctions
without replacement.WordPress.VIP.RestrictedVariables
without replacement.WordPress.VIP.SessionFunctionsUsage
without replacement.WordPress.VIP.SessionVariableUsage
without replacement.WordPress.VIP.SuperGlobalInputUsage
without replacement.
- The
WordPress.DB.SlowDBQuery.DeprecatedWhitelistFlagFound
error code which is superseded by the blanket deprecation warning for using the now deprecated WPCS native whitelist comments. - The
WordPress.PHP.TypeCasts.NonLowercaseFound
error code which has been replaced by the upstreamGeneric.PHP.LowerCaseType
sniff. - The
WordPress.PHP.TypeCasts.LongBoolFound
andWordPress.PHP.TypeCasts.LongIntFound
error codes which has been replaced by the new upstreamPSR12.Keywords.ShortFormTypeKeywords
sniff. - The
WordPress.Security.EscapeOutput.OutputNotEscapedShortEcho
error code which was only ever used if WPCS was run on PHP 5.3 with theshort_open_tag
ini directive set tooff
. - The following sniff categories which were previously deprecated, have been removed, though select categories may be reinstated in the future:
CSRF
Functions
Variables
VIP
XSS
WordPress.NamingConventions.ValidVariableName
: ThecustomVariableWhitelist
property, which had been deprecated since WordPressCS 0.11.0. Use thecustomPropertiesWhitelist
property instead.WordPress.Security.EscapeOutput
: ThecustomSanitizingFunctions
property, which had been deprecated since WordPressCS 0.5.0. Use thecustomEscapingFunctions
property instead.WordPress.Security.NonceVerification
: TheerrorForSuperGlobals
andwarnForSuperGlobals
properties, which had been deprecated since WordPressCS 0.12.0.- The
vip_powered_wpcom
function from theSniff::$autoEscapedFunctions
list which is used by theWordPress.Security.EscapeOutput
sniff. - The
AbstractVariableRestrictionsSniff
class, which was deprecated since WordPressCS 1.0.0. - The
Sniff::has_html_open_tag()
utility method, which was deprecated since WordPressCS 1.0.0. - The internal
$php_reserved_vars
property from theWordPress.NamingConventions.ValidVariableName
sniff in favour of using a PHPCS native property which is now available. - The class aliases and WPCS native autoloader used for PHPCS cross-version support.
- The unit test framework workarounds for PHPCS cross-version unit testing.
- Support for the
@codingStandardsChangeSetting
annotation, which is generally only used in unit tests. - The old generic GitHub issue template which was replaced by more specific issue templates in WPCS 1.2.0.
Fixed
- Support for PHP 7.3.
PHP_CodeSniffer
< 3.3.1 was not fully compatible with PHP 7.3. Now the minimum required PHPCS has been upped toPHP_CodeSniffer
3.3.1, WordPressCS will run on PHP 7.3 without issue. WordPress.Arrays.ArrayDeclarationSpacing
: improved fixing of the placement of array items following an array item with a trailing multi-line comment.WordPress.NamingConventions.ValidFunctionName
: the sniff will no longer throw false positives nor duplicate errors for methods declared in nested anonymous classes.
The error message has also been improved for methods in anonymous classes.WordPress.NamingConventions.ValidFunctionName
: the sniff will no longer throw false positives for PHP 4-style class constructors/destructors where the name of the constructor/destructor method did not use the same case as the class name.