EscapeOutput: add sanitize_key() to escaping functions

jrfnl · jrfnl · commit a8ad67192760 · 2019-08-01T17:30:39.000+02:00
`sanitize_key()` only allows for lowercase characters, numbers, underscore and dash characters. So a variable run through `sanitize_key()` can be considered just as safe, if not more so, than a variable run through one of the escaping functions. Ref: * https://developer.wordpress.org/reference/functions/sanitize_key/
diff --git a/WordPress/Sniff.php b/WordPress/Sniff.php
@@ -155,6 +155,7 @@ abstract class Sniff implements PHPCS_Sniff {
 		'number_format'        => true,
 		'rawurlencode'         => true,
 		'sanitize_html_class'  => true,
+		'sanitize_key'         => true,
 		'sanitize_user_field'  => true,
 		'tag_escape'           => true,
 		'urlencode_deep'       => true,
