Skip to content

DB/DirectDatabaseQuery: fix false negatives when cache function names are not a function call #2615

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dingo-d merged 1 commit into from
Sep 17, 2025
Merged

DB/DirectDatabaseQuery: fix false negatives when cache function names are not a function call #2615

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions WordPress/Sniffs/DB/DirectDatabaseQuerySniff.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,12 @@ public function process_token( $stackPtr ) {

for ( $i = ( $scopeStart + 1 ); $i < $scopeEnd; $i++ ) {
if ( \T_STRING === $this->tokens[ $i ]['code'] ) {
$nextNonEmpty = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $i + 1 ), null, true );

if ( \T_OPEN_PARENTHESIS !== $this->tokens[ $nextNonEmpty ]['code'] ) {
continue;
}

$content = strtolower( $this->tokens[ $i ]['content'] );

if ( isset( $this->cacheDeleteFunctions[ $content ] ) ) {
Expand Down
25 changes: 25 additions & 0 deletions WordPress/Tests/DB/DirectDatabaseQueryUnitTest.1.inc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -354,3 +354,28 @@ function cache_custom_mixed_case_B() {
// phpcs:set WordPress.DB.DirectDatabaseQuery customCacheGetFunctions[]
// phpcs:set WordPress.DB.DirectDatabaseQuery customCacheSetFunctions[]
// phpcs:set WordPress.DB.DirectDatabaseQuery customCacheDeleteFunctions[]

// Protect against false negatives where the cache function names are used as the content
// of a T_STRING token that is not a function call.
function notCacheFunctionCalls() {
global $wpdb;

$bar->wp_cache_get = 'something';
$listofthings = $wpdb->get_col( 'SELECT something FROM somewhere WHERE someotherthing = 1' ); // Warning x 2.
$foo = wp_cache_set;

return $listofthings;
}

// The sniff deliberately does not distinguish between calls to cache functions and calls to methods with the same name as the functions,
// as those method calls are likely custom cache functions.
function methodNamesSameAsCacheFunctions() {
global $wpdb, $bar;

if ( ! ( $listofthings = $bar->wp_cache_get( 'foo' ) ) ) {
$listofthings = $wpdb->get_col( 'SELECT something FROM somewhere WHERE someotherthing = 1' ); // Warning direct DB call.
$bar->wp_cache_set( 'foo', $listofthings );
}

return $listofthings;
}
2 changes: 2 additions & 0 deletions WordPress/Tests/DB/DirectDatabaseQueryUnitTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,8 @@ public function getWarningList( $testFile = '' ) {
333 => 2,
343 => 1,
350 => 1,
364 => 2,
376 => 1,
);
default:
return array();
Expand Down
Loading