Workflows

PDowney · web-flow · commit 770663e0ce34 · 2025-05-06T19:18:40.000-04:00
diff --git a/.github/workflows/php-code-quality.yml b/.github/workflows/php-code-quality.yml
@@ -98,7 +98,7 @@ jobs:
           
           # Run the actual compatibility check
           vendor/bin/phpcs --standard=PHPCompatibilityWP --extensions=php --ignore=vendor/,node_modules/ --runtime-set testVersion 7.4-8.4 .
-          
+
       - name: Fix text argument escaping issues
         run: |
           echo "Checking for text argument escaping issues..."
@@ -117,7 +117,13 @@ jobs:
               # Replace direct echo of strings with variables to use esc_html
               sed -i 's/echo "\(.*\)\$\([a-zA-Z0-9_]*\)\(.*\)";/if (function_exists('\''esc_html'\'')) { echo esc_html("\1$\2\3"); } else { echo "\1$\2\3"; }/g' "$FILE" || true
               
-              echo "Applied basic fixes to $FILE"
+              # Also fix single quoted strings
+              sed -i 's/echo '\''\(.*\)\$\([a-zA-Z0-9_]*\)\(.*\)'\'';/if (function_exists('\''esc_html'\'')) { echo esc_html('\''\1$\2\3'\''); } else { echo '\''\1$\2\3'\''; }/g' "$FILE" || true
+              
+              # Fix multi-line echo statements
+              sed -i 's/echo \("\|\x27\)\(.*\)\$\([a-zA-Z0-9_]*\)\(.*\)\("\|\x27\) \. \("\|\x27\)\(.*\)\("\|\x27\);/if (function_exists('\''esc_html'\'')) { echo esc_html(\1\2$\3\4\5 . \6\7\8); } else { echo \1\2$\3\4\5 . \6\7\8; }/g' "$FILE" || true
+              
+              echo "Applied escaping fixes to $FILE"
             done
           else
             echo "No obvious text argument escaping issues found."
@@ -155,5 +161,3 @@ jobs:
           # Commit and push changes
           git commit -m "Auto-fix code style issues with PHPCBF [standard: $STANDARD] [skip ci]" || true
           git push || echo "Failed to push changes, but workflow will continue"
-          git commit -m "Auto-fix code style issues with PHPCBF [standard: $STANDARD] [skip ci]" || true
-          git push || echo "Failed to push changes, but workflow will continue"
diff --git a/phpcs.xml b/phpcs.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0"?>
+<ruleset name="WordPress Plugin Coding Standards">
+    <description>WordPress Plugin Coding Standards for Simple WP Optimizer</description>
+    
+    <!-- Include WordPress Core -->
+    <rule ref="WordPress-Core">
+        <!-- Exclude specific rules if needed -->
+    </rule>
+    
+    <!-- Include WordPress Security rules -->
+    <rule ref="WordPress.Security.EscapeOutput">
+        <properties>
+            <property name="customEscapingFunctions" type="array">
+                <element value="wp_kses_post" />
+                <element value="esc_html" />
+                <element value="esc_attr" />
+                <element value="esc_url" />
+            </property>
+        </properties>
+    </rule>
+    
+    <!-- Include WordPress Sanitization rules -->
+    <rule ref="WordPress.Security.ValidatedSanitizedInput" />
+    
+    <!-- PHP compatibility checks -->
+    <rule ref="PHPCompatibilityWP" />
+    
+    <!-- Files to check -->
+    <arg name="extensions" value="php" />
+    <arg name="basepath" value="./" />
+    <arg name="colors" />
+    <arg value="sp" />
+    
+    <!-- Paths to check -->
+    <file>.</file>
+    
+    <!-- Exclude directories -->
+    <exclude-pattern>/vendor/*</exclude-pattern>
+    <exclude-pattern>/node_modules/*</exclude-pattern>
+    <exclude-pattern>/tests/bootstrap.php</exclude-pattern>
+</ruleset>
diff --git a/run-phpunit.php b/run-phpunit.php
@@ -65,7 +65,7 @@
     }
     
     // For PHP 8.3 and 8.4, use PHPUnit 10+ with specific settings
-    if ($php_major_version == 8 && ($php_minor_version >= 3)) {
+    if (8 === $php_major_version && ($php_minor_version >= 3)) {
         if (function_exists('esc_html')) {
             echo esc_html("Using PHP 8.3+ with PHPUnit requires special handling") . "\n";
         } else {
@@ -91,6 +91,7 @@
             }
         }
     }
+    
     // For PHP 8.0-8.2 (using PHPUnit 9.x typically)
     elseif ($php_minor_version >= 0 && $php_minor_version <= 2) {
         if (function_exists('esc_html')) {
@@ -130,7 +131,7 @@
 }
 
 // Build the command
-$command = escapeshellcmd($phpunit_path);
+$command  = escapeshellcmd($phpunit_path);
 $command .= ' ' . implode(' ', array_map('escapeshellarg', array_merge($default_args, $args)));
 
 if (function_exists('esc_html')) {
@@ -145,4 +146,4 @@
 passthru($command, $return_var);
 
 // Return the same exit code as PHPUnit
-exit($return_var);
+exit((int) $return_var);
diff --git a/simple-wp-optimizer.php b/simple-wp-optimizer.php
@@ -269,9 +269,8 @@ function es_optimizer_render_checkbox_option($options, $option_name, $title, $de
     ?>
     <tr valign="top">
         <th scope="row"><?php 
-            // Using esc_html_e for internationalization and secure output of titles
-            // This properly escapes the output while also supporting translations
-            esc_html_e($title, 'simple-wp-optimizer-enginescript'); 
+            // Using esc_html for secure output of titles
+            echo esc_html( $title );
         ?></th>
         <td>
             <label>
@@ -286,9 +285,8 @@ function es_optimizer_render_checkbox_option($options, $option_name, $title, $de
                 ?>" value="1" 
                     <?php checked(1, isset($options[$option_name]) ? $options[$option_name] : 0); ?> />
                 <?php 
-                    // Using esc_html_e for internationalization and secure output of descriptions
-                    // This ensures the text is properly escaped while supporting translations
-                    esc_html_e($description, 'simple-wp-optimizer-enginescript'); 
+                    // Using esc_html for secure output of descriptions
+                    echo esc_html( $description );
                 ?>
             </label>
         </td>
@@ -313,15 +311,13 @@ function es_optimizer_render_textarea_option($options, $option_name, $title, $de
     ?>
     <tr valign="top">
         <th scope="row"><?php 
-            // Using esc_html_e for internationalization and secure output of titles
-            // This properly escapes the output while also supporting translations
-            esc_html_e($title, 'simple-wp-optimizer-enginescript'); 
+            // Using esc_html for secure output of titles
+            echo esc_html( $title );
         ?></th>
         <td>
             <p><small><?php 
-                // Using esc_html_e for internationalization and secure output of descriptions
-                // This ensures the text is properly escaped while supporting translations
-                esc_html_e($description, 'simple-wp-optimizer-enginescript'); 
+                // Using esc_html for secure output of descriptions
+                echo esc_html( $description );
             ?></small></p>
             <textarea name="<?php 
                 // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
@@ -475,7 +471,7 @@ function disable_emojis_tinymce($plugins) {
  * @return array Difference betwen the two arrays.
  */
 function disable_emojis_remove_dns_prefetch($urls, $relation_type) {
-    if ('dns-prefetch' == $relation_type) {
+    if ('dns-prefetch' === $relation_type) {
         $emoji_svg_url = apply_filters('emoji_svg_url', 'https://s.w.org/images/core/emoji/2/svg/');
         $urls = array_diff($urls, array($emoji_svg_url));
     }
@@ -500,7 +496,7 @@ function remove_jquery_migrate($scripts) {
     }
     
     if (!is_admin() && isset($scripts->registered['jquery'])) {
-        $script = $scripts->registered['jquery'];
+        $script          = $scripts->registered['jquery'];
         
         // Remove jquery-migrate from jquery dependencies
         if ($script->deps) {
diff --git a/tests/php8-compatibility.php b/tests/php8-compatibility.php
@@ -9,7 +9,7 @@
  */
 
 // Detect PHP version
-$php_version = phpversion();
+$php_version       = phpversion();
 $php_major_version = (int)explode('.', $php_version)[0];
 
 // Only apply fixes for PHP 8.x
@@ -18,7 +18,7 @@
     
     // Check if we're running PHPUnit 7.x on PHP 8.x (problematic combination)
     if (class_exists('\PHPUnit\Runner\Version')) {
-        $phpunit_version = \PHPUnit\Runner\Version::id();
+        $phpunit_version       = \PHPUnit\Runner\Version::id();
         $phpunit_major_version = (int)explode('.', $phpunit_version)[0];
         
         // PHPUnit 7.x with PHP 8.x needs special handling

Original file line number	Diff line number	Diff line change
`@@ -65,7 +65,7 @@`
`65`	`65`	`}`
`66`	`66`
`67`	`67`	`// For PHP 8.3 and 8.4, use PHPUnit 10+ with specific settings`
`68`		`- if ($php_major_version == 8 && ($php_minor_version >= 3)) {`
	`68`	`+ if (8 === $php_major_version && ($php_minor_version >= 3)) {`
`69`	`69`	`if (function_exists('esc_html')) {`
`70`	`70`	`echo esc_html("Using PHP 8.3+ with PHPUnit requires special handling") . "\n";`
`71`	`71`	`} else {`
`@@ -91,6 +91,7 @@`
`91`	`91`	`}`
`92`	`92`	`}`
`93`	`93`	`}`
	`94`	`+`
`94`	`95`	`// For PHP 8.0-8.2 (using PHPUnit 9.x typically)`
`95`	`96`	`elseif ($php_minor_version >= 0 && $php_minor_version <= 2) {`
`96`	`97`	`if (function_exists('esc_html')) {`
`@@ -130,7 +131,7 @@`
`130`	`131`	`}`
`131`	`132`
`132`	`133`	`// Build the command`
`133`		`-$command = escapeshellcmd($phpunit_path);`
	`134`	`+$command = escapeshellcmd($phpunit_path);`
`134`	`135`	`$command .= ' ' . implode(' ', array_map('escapeshellarg', array_merge($default_args, $args)));`
`135`	`136`
`136`	`137`	`if (function_exists('esc_html')) {`
`@@ -145,4 +146,4 @@`
`145`	`146`	`passthru($command, $return_var);`
`146`	`147`
`147`	`148`	`// Return the same exit code as PHPUnit`
`148`		`-exit($return_var);`
	`149`	`+exit((int) $return_var);`