-
Notifications
You must be signed in to change notification settings - Fork 188
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
require/import vs require/include in PHP Coding Standards Documentation. - Fix for #143 #144
base: master
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||||
---|---|---|---|---|---|---|---|---|
|
@@ -78,11 +78,11 @@ echo "<a href='{$escaped_link}'>text with a ' single quote</a>"; | |||||||
|
||||||||
Text that goes into HTML or XML attributes should be escaped so that single or double quotes do not end the attribute value and invalidate the HTML, causing a security issue. See [Data Validation](https://developer.wordpress.org/plugins/security/data-validation/) in the Plugin Handbook for further details. | ||||||||
|
||||||||
### Writing include/require statements | ||||||||
### Writing require/include statements | ||||||||
|
||||||||
Because `include[_once]` and `require[_once]` are language constructs, they do not need parentheses around the path, so those shouldn't be used. There should only be one space between the path and the include/require keywords. | ||||||||
Because `require[_once]` and `include[_once]` are language constructs, they do not need parentheses around the path, so those shouldn't be used. There should only be one space between the path and the require/include keywords. | ||||||||
|
||||||||
It is _strongly recommended_ to use `require[_once]` for unconditional includes. When using `include[_once]`, PHP will throw a warning when the file is not found but will continue execution, which will almost certainly lead to other errors/warnings/notices being thrown if your application depends on the file loaded, potentially leading to security leaks. For that reason, `require[_once]` is generally the better choice as it will throw a `Fatal Error` if the file cannot be found. | ||||||||
It is _strongly recommended_ to use `require[_once]` for unconditional includes. When using `include[_once]`, PHP will throw a warning when the file is not found but will continue execution, which will almost certainly lead to other errors/warnings/notices being thrown if your application depends on the file loaded, potentially leading to security leaks, or result in silent malfunctions which are hard to track down. For that reason, `require[_once]` is generally the better choice as it will throw a `Fatal Error` if the file cannot be found. | ||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'm not sure the addition adds value in this way and it distracts from/downplays the point about the risk of security leaks. Errors are already mentioned earlier in the sentence. I'm open to rephrasing that part, but the way it is phrased now, the "For that reason" at the start of the next sentence would predominantly apply to the "silent malfunctions", while it is - predominantly - about the risk of security leaks. |
||||||||
|
||||||||
```php | ||||||||
// Correct. | ||||||||
|
@@ -605,7 +605,7 @@ Group `use` statements are available from PHP 7.0, and trailing commas in group | |||||||
[/alert] | ||||||||
|
||||||||
[info] | ||||||||
Note that, unless you have implemented [autoloading](https://www.php.net/manual/en/language.oop5.autoload.php), the `use` statement won't automatically load whatever is being imported. You'll either need to set up autoloading or load the file containing the class/function/constant using a `require/import` statement, for the imported constructs to be loaded when used. | ||||||||
Note that, unless you have implemented [autoloading](https://www.php.net/manual/en/language.oop5.autoload.php), the `use` statement won't automatically load referenced classes. You'll either need to set up autoloading or load the file containing the class using `require[_once]` or `include[_once]` statement, for the imported classes to be loaded when used. Autoloading is only applicable to classes; for functions and constants, you must always use `require[_once]` or `include[_once]`. | ||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. There seems to be some confusion in this sentence between singular and plural - "load referenced classes" versus "the file containing the class". I think this still needs some finetuning. Also, while I understand the change from "whatever is being imported" to "referenced classes", it disregards that more can be imported via a
Suggested change
This may need a check how OO constructs are referred to elsewhere in the document - I'm not sure we make it explicit that this means "classes, interfaces, traits and enums" and/or whether that needs to be repeated. Also, the above is still confusing if read strictly with a technical mindset, as autoloading === loading the file containing the OO declarations using |
||||||||
[/info] | ||||||||
|
||||||||
**Note about WordPress Core usage** | ||||||||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think the order needs to change here as the paragraph directly below it points out that
require
should be preferred overinclude
.Not a blocker though.