PHPCS code formatting fixes #1534
Conversation
jom
changed the title
- Strict logic fixes - Some stricter output escaping - Yoda
| @@ -253,17 +270,27 @@ public static function input_file( $key, $field ) { | |||
| } | |||
| ?> | |||
| <p class="form-field"> | |||
| <label for="<?php echo esc_attr( $key ); ?>"><?php echo esc_html( wp_strip_all_tags( $field['label'] ) ) ; ?>: <?php if ( ! empty( $field['description'] ) ) : ?><span class="tips" data-tip="<?php echo esc_attr( $field['description'] ); ?>">[?]</span><?php endif; ?></label> | |||
| <label for="<?php echo esc_attr( $key ); ?>"><?php echo esc_html( wp_strip_all_tags( $field['label'] ) ); ?>: | |||
| <?php | |||
There was a problem hiding this comment.
Auto-fixes in this file look odd.
jom
changed the title
Per Alex and I's convo
Seems like these should just be echo'd as is
| ) | ||
| ); | ||
|
|
||
| if ( is_wp_error( $response ) || empty( $response['body'] ) ) { |
There was a problem hiding this comment.
This logic is no longer correct. A non-JSON error will not return a WP_Error here.
| <a href="<?php echo esc_url( admin_url( 'edit.php?post_type=job_listing&page=job-manager-addons' ) ); ?>" class="nav-tab | ||
| <?php | ||
| if ( ! isset( $_GET['section'] ) || 'helper' !== $_GET['section'] ) { | ||
| echo ' nav-tab-active'; } |
There was a problem hiding this comment.
Does this really make it through linting? I would think that the } on the same line would be a no-no.
There was a problem hiding this comment.
It does, somehow... fixed in a3b335e.
| 'date_format' => _x( 'yy-mm-dd', 'Date format for jQuery datepicker.', 'wp-job-manager' ) | ||
| ) ); | ||
| wp_localize_script( | ||
| 'job_manager_datepicker_js', 'job_manager_datepicker', |
There was a problem hiding this comment.
These should probably be on separate lines.
|
|
||
| if ( ! $terms ) { | ||
| return; | ||
| } | ||
|
|
||
| echo "<select name='job_listing_category' id='dropdown_job_listing_category'>"; | ||
| echo '<option value="" ' . selected( isset( $_GET['job_listing_category'] ) ? $_GET['job_listing_category'] : '', '', false ) . '>' . esc_html__( 'Select category', 'wp-job-manager' ) . '</option>'; | ||
| echo $walker->walk( $terms, 0, $r ); | ||
| echo "</select>"; | ||
| echo wp_kses_post( $walker->walk( $terms, 0, $r ) ); |
There was a problem hiding this comment.
I don't know much about what the Walker does. Should we be worried about breaking people's sites because of this sanitization?
There was a problem hiding this comment.
Walker, hilariously, just outputs <option> tags. I thought there was a core function for this that we might want to replace this with.
| ); | ||
|
|
||
| echo str_replace(' id=', " data-placeholder='" . __( 'Select a page…', 'wp-job-manager' ) . "' id=", wp_dropdown_pages( $args ) ); | ||
| echo str_replace( ' id=', " data-placeholder='" . __( 'Select a page…', 'wp-job-manager' ) . "' id=", wp_dropdown_pages( $args ) ); // WPCS: XSS ok. |
There was a problem hiding this comment.
XSS is not ok! 😉
We should escape the translated string.
| $response = $this->get_plugin_version( $plugin_data['_filename'] ); | ||
| if ( $response ) { | ||
| // If there is a new version, modify the transient to reflect an update is available. | ||
| if ( false !== $response |
There was a problem hiding this comment.
This check is redundant.
| 'search_keywords' => '', | ||
| 'job_types' => array( 'potato' ), | ||
| ) | ||
| ), | ||
| ); | ||
| $results['potato_coffee'] = array( |
There was a problem hiding this comment.
Potato Coffee is not a thing.
wp-job-manager-functions.php
Outdated
| @@ -492,7 +507,7 @@ function wp_job_manager_notify_new_user( $user_id, $password ) { | |||
| global $wp_version; | |||
|
|
|||
| if ( version_compare( $wp_version, '4.3.1', '<' ) ) { | |||
| wp_new_user_notification( $user_id, $password ); | |||
| wp_new_user_notification( $user_id, $password ); // phpcs:ignore | |||
There was a problem hiding this comment.
What's going on here? What are we ignoring?
There was a problem hiding this comment.
Added the explicit rule. We're skipping the error because the version check catches the change of signature in this function.
| */ | ||
| function get_job_manager_template( $template_name, $args = array(), $template_path = 'job_manager', $default_path = '' ) { | ||
| if ( $args && is_array( $args ) ) { | ||
| extract( $args ); | ||
| // Please, forgive us. | ||
| extract( $args ); // phpcs:ignore WordPress.Functions.DontExtract.extract_extract |
| if( ! empty( $video ) ){ | ||
| // FV Wordpress Flowplayer Support for advanced video formats | ||
| if ( ! empty( $video ) ) { | ||
| // FV WordPress Flowplayer Support for advanced video formats. |
There was a problem hiding this comment.
Most important linter rule...
| @@ -237,10 +237,10 @@ public function get_fields( $key ) { | |||
| * @return int | |||
| */ | |||
| protected function sort_by_priority( $a, $b ) { | |||
| if ( $a['priority'] == $b['priority'] ) { | |||
| if ( intval( $a['priority'] ) === intval( $b['priority'] ) ) { | |||
There was a problem hiding this comment.
This breaks priority sorting when using decimals (which is very popular), think we should change this back or switch to floatval instead of intval
| return 0; | ||
| } | ||
| return ( $a['priority'] < $b['priority'] ) ? -1 : 1; | ||
| return ( intval( $a['priority'] ) < intval( $b['priority'] ) ) ? -1 : 1; |
There was a problem hiding this comment.
Same as above, breaks priority sorting with decimals
1.31.1 (possibly bumping to 1.32.0) has many input/string escaping changes already from #1495. Ideally, none of these will change/break functionality. However, it does require us to do pretty thorough testing for this release. Because of that, I'm proposing these code formatting changes to get things cleaned up.
The vast majority of this PR fixes these common PHPCS errors:
translators:when placeholders are used in strings.<?php ... ?>blocks.Additionally, the PHPCS errors that might change some behavior:
extract()wherever possible. All uses have been removed except forget_job_manager_template(), where it is difficult to remove.[jobs]shortcode. I'm now using/passing along the cleaned up version of all the attributes. If attributes were mixed/strings before but then are normalized to arrays within the function, those new values are always passed.This cleans up all errors using the rules in
phpcs.xml.distconfig file. We are, however, ignoring three rules that will involve more significant code (WordPress.CSRF.NonceVerification.NoNonceVerification) and documentation (Squiz.Commenting.FileComment.MissingandSquiz.Commenting.FunctionComment.MissingParamComment) changes. I'll be removing those from the config post-merge so that new issues are caught in a pre-commit hook (to be added soon).