Security/ValidatedSanitizedInput: add extra test for PHP 7.4+ null coalesce equals

jrfnl · jrfnl · commit 57db689fe5bb · 2023-08-19T01:42:45.000+02:00
PR 1684 (WPCS 2.1.0) already took care of the handling of validation via the null coalesce equals assignment operator, but there was one test case missing.

This adds that extra test as an additional safeguard.
diff --git a/WordPress/Tests/Security/ValidatedSanitizedInputUnitTest.1.inc b/WordPress/Tests/Security/ValidatedSanitizedInputUnitTest.1.inc
@@ -475,3 +475,8 @@ function test_examine_additional_superglobals_as_vars() {
 	do_something( $_ENV['key'] );
 	do_something( $_FILES['key'] );
 }
+
+function test_null_coalesce_equals_validation_extra_safeguard() {
+	$_POST['key'] ??= 'default'; // OK, assignment.
+	$key            = $_POST['key']; // Bad, missing unslash + sanitization, validation okay.
+}
diff --git a/WordPress/Tests/Security/ValidatedSanitizedInputUnitTest.php b/WordPress/Tests/Security/ValidatedSanitizedInputUnitTest.php
@@ -110,6 +110,7 @@ public function getErrorList( $testFile = '' ) {
 					474 => 1,
 					475 => 1,
 					476 => 1,
+					481 => 2,
 				);
 
 			case 'ValidatedSanitizedInputUnitTest.2.inc':

Original file line number	Diff line number	Diff line change
`@@ -475,3 +475,8 @@ function test_examine_additional_superglobals_as_vars() {`
`475`	`475`	`do_something( $_ENV['key'] );`
`476`	`476`	`do_something( $_FILES['key'] );`
`477`	`477`	`}`
	`478`	`+`
	`479`	`+function test_null_coalesce_equals_validation_extra_safeguard() {`
	`480`	`+ $_POST['key'] ??= 'default'; // OK, assignment.`
	`481`	`+ $key = $_POST['key']; // Bad, missing unslash + sanitization, validation okay.`
	`482`	`+}`