-
Notifications
You must be signed in to change notification settings - Fork 0
/
tyche-phpcs.xml
116 lines (97 loc) · 4.61 KB
/
tyche-phpcs.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
<?xml version="1.0"?>
<ruleset xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="PHP_CodeSniffer" xsi:noNamespaceSchemaLocation="phpcs.xsd">
<description>PHPCS Rules for Tyche Softwares WP Plugins</description>
<!--
Prevent errors caused by WordPress Coding Standards not supporting PHP 8.0+.
See https://github.com/WordPress/WordPress-Coding-Standards/issues/2035
-->
<ini name="error_reporting" value="E_ALL & ~E_DEPRECATED" />
<arg name="report" value="code"/>
<arg value="s"/>
<arg name="extensions" value="php" />
<!-- Plugins should be compatible with PHP 5.2 and higher. -->
<config name="testVersion" value="5.2-"/>
<exclude-pattern>*/tgm-plugin-activation/*</exclude-pattern>
<exclude-pattern>*/freemius/*</exclude-pattern>
<exclude-pattern>*/dompdf/*</exclude-pattern>
<exclude-pattern>*/cmb2/*</exclude-pattern>
<exclude-pattern>*/redux-framework/*</exclude-pattern>
<exclude-pattern>*/cherry-framework/*</exclude-pattern>
<exclude-pattern>*/titan-framework/*</exclude-pattern>
<exclude-pattern>*/vendor/*</exclude-pattern>
<exclude-pattern>*/guzzlehttp/*</exclude-pattern>
<exclude-pattern>*/vendors/*</exclude-pattern>
<exclude-pattern>*/plugin-update-checker/*</exclude-pattern>
<exclude-pattern>*/composer_directory/*</exclude-pattern>
<exclude-pattern>*/node_modules/*</exclude-pattern>
<exclude-pattern>*/dev-lib/*</exclude-pattern>
<exclude-pattern>.github/</exclude-pattern>
<exclude-pattern>inc/*</exclude-pattern>
<exclude-pattern>danger/*</exclude-pattern>
<exclude-pattern>*.min.js</exclude-pattern>
<exclude-pattern>*.min.css</exclude-pattern>
<exclude-pattern>*.js</exclude-pattern>
<exclude-pattern>*.css</exclude-pattern>
<exclude-pattern>*.json</exclude-pattern>
<exclude-pattern>*.sh</exclude-pattern>
<exclude-pattern>*.xml</exclude-pattern>
<exclude-pattern>*.yml</exclude-pattern>
<!-- All SQL queries should be prepared as close to the time of querying the database as possible. -->
<rule ref="WordPress.DB.PreparedSQL"/>
<rule ref="WordPress.DB.PreparedSQL.InterpolatedNotPrepared">
<!-- Ideally this wouldn't trigger on "safe" items, but it's triggered on any variable in the SQL. -->
<type>warning</type>
</rule>
<!-- Verify that placeholders in prepared queries are used correctly. -->
<rule ref="WordPress.DB.PreparedSQLPlaceholders"/>
<!-- Nonces. These are triggered on any GET/POST access items. -->
<rule ref="WordPress.Security.NonceVerification">
<!-- This is triggered on all GET/POST access, it can't be an error. -->
<type>warning</type>
</rule>
<!-- Prohibit the use of the backtick operator. -->
<rule ref="Generic.PHP.BacktickOperator"/>
<!-- Prohibit the use of the `goto` PHP language construct. -->
<rule ref="Generic.PHP.DiscourageGoto.Found">
<type>error</type>
<message>The "goto" language construct should not be used.</message>
</rule>
<!-- No PHP short open tags allowed. -->
<rule ref="Generic.PHP.DisallowShortOpenTag"/>
<!-- Alternative PHP open tags not allowed. -->
<rule ref="Generic.PHP.DisallowAlternativePHPTags"/>
<!-- Prevent path disclosure when using add_theme_page(). -->
<rule ref="WordPress.Security.PluginMenuSlug"/>
<!-- While most plugins shouldn't query the database directly, if they do, it should be done correctly. -->
<!-- Don't use the PHP database functions and classes, use the WP abstraction layer instead. -->
<rule ref="WordPress.DB.RestrictedClasses"/>
<rule ref="WordPress.DB.RestrictedFunctions"/>
<!-- Check for code WP does better -->
<rule ref="WordPress.WP.AlternativeFunctions">
<type>error</type>
<exclude name="WordPress.WP.AlternativeFunctions.json_encode"/>
</rule>
<rule ref="Generic.PHP.ForbiddenFunctions">
<properties>
<property name="forbiddenFunctions" type="array">
<element key="move_uploaded_file" value="null"/>
<element key="passthru" value="null"/>
<element key="proc_open" value="null"/>
<element key="create_function" value="null"/>
<element key="eval" value="null"/>
<element key="str_rot13" value="null"/>
</property>
</properties>
</rule>
<!-- Check for use of deprecated WordPress classes, functions and function parameters. -->
<rule ref="WordPress.WP.DeprecatedClasses"/>
<rule ref="WordPress.WP.DeprecatedFunctions"/>
<rule ref="WordPress.WP.DeprecatedParameters"/>
<rule ref="WordPress.DateTime.RestrictedFunctions"/>
<!-- Check for deprecated WordPress constants. -->
<rule ref="WordPress.WP.DiscouragedConstants">
<type>error</type>
</rule>
<!-- Check for usage of deprecated parameter values in WP functions and provide alternative based on the parameter passed. -->
<rule ref="WordPress.WP.DeprecatedParameterValues"/>
</ruleset>