Unsupervised/unsupervised-scheduler
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
aea731c2f89e45230538946ebaceead927365fad
unsupervised-scheduler/phpcs.xml.dist
T
thatguygriff 1d6ac46ba3
CI / No Debug Code (pull_request) Successful in 3s
Details
CI / Tests (PHP 8.2) (pull_request) Successful in 48s
Details
CI / Tests (PHP 8.3) (pull_request) Successful in 52s
Details
CI / Coding Standards (pull_request) Successful in 57s
Details
CI / Tests (PHP 8.1) (pull_request) Successful in 1m1s
Details
CI / PHPStan (pull_request) Successful in 1m11s
Details
CI / Build Plugin Zip (pull_request) Has been skipped
Details
Upgrade PHPStan to 2.x and raise analysis level from 6 to 10 
- Bump phpstan/phpstan ^2.0 and szepeviktor/phpstan-wordpress ^2.0
- Move the analysis level into phpstan.neon (single source) and raise it to 10
- Add Val, a runtime coercion helper that narrows untyped WordPress boundary
  values (wpdb rows, REST params, superglobals, options) with explicit checks
  instead of blind casts, plus unit tests
- Type value-object fromRow() params as stdClass (what wpdb returns) and map
  columns through Val so unexpected shapes degrade safely
- Use %i identifier placeholders for table names in all wpdb::prepare() calls
  so every query string is a literal and identifiers are escaped by WordPress;
  raises the minimum WordPress version to 6.2 where %i was introduced
- Guard wpdb::prepare() null result before wpdb::query() in updateTax()
- Fix nullable get_permalink()/strtotime() handling, list types at REST and
  capability call sites, dead null-coalescing on checked superglobals, and
  narrow get_users() results before mapping
- Register Val method names with the ValidatedSanitizedInput sniff so it
  validates the real sanitizer around each superglobal read
- Update repository unit tests for the %i placeholder arguments

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-12 13:42:50 -03:00

76 lines
3.0 KiB
XML
Raw Blame History

<?xml version="1.0"?>
<ruleset name="Unsupervised Scheduler">
<description>WordPress coding standards with PSR-4 naming accommodations.</description>
<file>src</file>
<rule ref="WordPress">
<!--
PSR-4 requires PascalCase filenames. WordPress expects lowercase-hyphenated.
We follow PSR-4 because Composer autoloading depends on it.
-->
<exclude name="WordPress.Files.FileName"/>
<!--
We use camelCase for class method names and property names per PSR-1.
WordPress snake_case naming is excluded for class-based OOP code.
-->
<exclude name="WordPress.NamingConventions.ValidFunctionName"/>
<exclude name="WordPress.NamingConventions.ValidVariableName"/>
<!--
Short array syntax [] is preferred in modern PHP and is now accepted
in the WordPress handbook for code targeting PHP 5.4+.
-->
<exclude name="Universal.Arrays.DisallowShortArraySyntax"/>
<!--
PHP 8.1 typed properties, constructor promotion, and return types make
per-property and per-method docblocks largely redundant. We document
non-obvious behaviour in method docblocks where it adds real value.
-->
<exclude name="Squiz.Commenting.FunctionComment"/>
<exclude name="Squiz.Commenting.VariableComment"/>
<exclude name="Squiz.Commenting.FileComment"/>
<exclude name="Squiz.Commenting.ClassComment"/>
</rule>
<!-- Enforce our text domain. -->
<rule ref="WordPress.WP.I18n">
<properties>
<property name="text_domain" type="array">
<element value="unsupervised-schedular"/>
</property>
</properties>
</rule>
<!--
Val::* type-narrowing helpers (src/Val.php) wrap superglobal reads so
PHPStan level 10 sees a typed value, e.g.
`absint( Val::int( $_GET['id'] ?? 0 ) )`. The sniff walks wrapping
calls innermost-out and aborts at the first unrecognised function
name, so the Val method names must be registered for it to look past
them. Because they are static calls (`::`), the sniff never credits
them as sanitizers themselves — it skips them and still requires a
real sanitizing function around the read.
-->
<rule ref="WordPress.Security.ValidatedSanitizedInput">
<properties>
<property name="customUnslashingSanitizingFunctions" type="array">
<element value="int"/>
<element value="intOrNull"/>
<element value="float"/>
<element value="bool"/>
</property>
<property name="customSanitizingFunctions" type="array">
<element value="string"/>
<element value="stringOrNull"/>
</property>
</properties>
</rule>
<!-- PHP 8.1+ minimum — allow modern syntax. -->
<config name="minimum_supported_wp_version" value="6.2"/>
<config name="testVersion" value="8.1-"/>
</ruleset>
Reference in New Issue View Git Blame Copy Permalink