WIP DB/PreparedSQLPlaceholders: fix a potential bug and add more tests

rodrigoprimo · rodrigoprimo · commit 60d8d6e8a174 · 2025-11-06T18:31:52.000-03:00
I first need to discuss if this is indeed a potential bug
diff --git a/WordPress/Sniffs/DB/PreparedSQLPlaceholdersSniff.php b/WordPress/Sniffs/DB/PreparedSQLPlaceholdersSniff.php
@@ -14,6 +14,7 @@
 use PHPCSUtils\Utils\Arrays;
 use PHPCSUtils\Utils\PassedParameters;
 use PHPCSUtils\Utils\TextStrings;
+use WordPressCS\WordPress\Helpers\ContextHelper;
 use WordPressCS\WordPress\Helpers\MinimumWPVersionTrait;
 use WordPressCS\WordPress\Helpers\WPDBTrait;
 use WordPressCS\WordPress\Sniff;
@@ -226,7 +227,7 @@ public function process_token( $stackPtr ) {
 				// Detect a specific pattern for variable replacements in combination with `IN`.
 				if ( \T_STRING === $this->tokens[ $i ]['code'] ) {
 
-					if ( 'sprintf' === strtolower( $this->tokens[ $i ]['content'] ) ) {
+					if ( $this->is_global_function_call( $i, 'sprintf' ) ) {
 						$sprintf_parameters = PassedParameters::getParameters( $this->phpcsFile, $i );
 
 						if ( ! empty( $sprintf_parameters ) ) {
@@ -265,7 +266,7 @@ public function process_token( $stackPtr ) {
 						}
 						unset( $sprintf_parameters, $valid_sprintf, $last_param );
 
-					} elseif ( 'implode' === strtolower( $this->tokens[ $i ]['content'] ) ) {
+					} elseif ( $this->is_global_function_call( $i, 'implode' ) ) {
 						$ignore_tokens = Tokens::$emptyTokens + array(
 							\T_STRING_CONCAT => \T_STRING_CONCAT,
 							\T_NS_SEPARATOR  => \T_NS_SEPARATOR,
@@ -679,9 +680,7 @@ protected function analyse_sprintf( $sprintf_params ) {
 				$sprintf_param['end'],
 				true
 			);
-			if ( \T_STRING === $this->tokens[ $implode ]['code']
-				&& 'implode' === strtolower( $this->tokens[ $implode ]['content'] )
-			) {
+			if ( $this->is_global_function_call( $implode, 'implode' ) ) {
 				if ( $this->analyse_implode( $implode ) === true ) {
 					++$found;
 				}
@@ -737,9 +736,7 @@ protected function analyse_implode( $implode_token ) {
 			true
 		);
 
-		if ( \T_STRING !== $this->tokens[ $array_fill ]['code']
-			|| 'array_fill' !== strtolower( $this->tokens[ $array_fill ]['content'] )
-		) {
+		if ( ! $this->is_global_function_call( $array_fill, 'array_fill' ) ) {
 			return false;
 		}
 
@@ -763,4 +760,50 @@ protected function analyse_implode( $implode_token ) {
 
 		return (bool) preg_match( '`^(["\'])%[dfFs]\1$`', $array_fill_value_param['clean'] );
 	}
+
+	/**
+	 * Check if a token represents a call to a global function with the specified name.
+	 *
+	 * This method verifies that:
+	 * - The token is a T_STRING.
+	 * - The token content matches the function name (case-insensitive).
+	 * - It's followed by an opening parenthesis.
+	 * - It's not a method call (no object operator before it).
+	 * - It's not a namespaced function call.
+	 *
+	 * Note: This is not a comprehensive global function call check. It was designed specifically
+	 * for this sniff's needs and may not handle all edge cases such as first-class callables or
+	 * `use function` imports.
+	 *
+	 * @since 3.3.0
+	 *
+	 * @param int    $functionPtr   The position of the token to check.
+	 * @param string $function_name The function name to check for (case-insensitive).
+	 *
+	 * @return bool True if it's a call to the global function, false otherwise.
+	 */
+	protected function is_global_function_call( $functionPtr, $function_name ) {
+		if ( \T_STRING !== $this->tokens[ $functionPtr ]['code'] ) {
+			return false;
+		}
+
+		if ( strtolower( $this->tokens[ $functionPtr ]['content'] ) !== $function_name ) {
+			return false;
+		}
+
+		$next = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $functionPtr + 1 ), null, true );
+		if ( false === $next || \T_OPEN_PARENTHESIS !== $this->tokens[ $next ]['code'] ) {
+			return false;
+		}
+
+		if ( ContextHelper::has_object_operator_before( $this->phpcsFile, $functionPtr ) === true ) {
+			return false;
+		}
+
+		if ( ContextHelper::is_token_namespaced( $this->phpcsFile, $functionPtr ) === true ) {
+			return false;
+		}
+
+		return true;
+	}
 }
diff --git a/WordPress/Tests/DB/PreparedSQLPlaceholdersUnitTest.inc b/WordPress/Tests/DB/PreparedSQLPlaceholdersUnitTest.inc
@@ -519,15 +519,124 @@ $where = $wpdb->prepare(
 $callback = $wpdb->prepare(...); // OK.
 
 /*
- * Safeguard correct handling of namespaced function calls.
+ * Safeguard correct handling of all types of namespaced calls to the WPDB::prepare() method.
+ *
+ * Note that calling wpdb::prepare() statically will result in an error. Still, the tests are included here since the
+ * sniff handles those calls.
  */
-//$sql = MyNamespace\WPDB::prepare( "SELECT * FROM $wpdb->users WHERE id = %d AND user_login = %s" );
-//$sql = \MyNamespace\WPDB::prepare( "SELECT * FROM $wpdb->users WHERE id = %d AND user_login = %s" );
-//$sql = namespace\WPDB::prepare( "SELECT * FROM $wpdb->users WHERE id = %d AND user_login = %s" ); // The sniff should start flagging this once it can resolve relative namespaces.
-//$where = $wpdb->prepare(
-//    MyNamespace\sprintf(
-//        "{$wpdb->posts}.post_type IN (%s)",
-//        MyNamespace\implode( ',', MyNamespace\array_fill( 0, count($post_types), '%s' ) )
-//    ),
-//    $post_types
-//);
+$sql = \WPDB::prepare( "SELECT * FROM $wpdb->users WHERE id = %d AND user_login = %s" );
+$sql = MyNamespace\WPDB::prepare( "SELECT * FROM $wpdb->users WHERE id = %d AND user_login = %s" );
+$sql = \MyNamespace\WPDB::prepare( "SELECT * FROM $wpdb->users WHERE id = %d AND user_login = %s" );
+$sql = namespace\WPDB::prepare( "SELECT * FROM $wpdb->users WHERE id = %d AND user_login = %s" ); // The sniff should start flagging this once it can resolve relative namespaces.
+
+/*
+ * Safeguard correct handling of all types of namespaced calls to sprintf() except fully qualified calls to the
+ * global sprintf() function, which is already handled above.
+ */
+$where = $wpdb->prepare(
+	MyNamespace\sprintf(
+		"{$wpdb->posts}.post_type IN (%s)",
+		implode( ',', array_fill( 0, count($post_types), '%s' ) )
+	),
+	$post_types
+);
+$where = $wpdb->prepare(
+	\MyNamespace\sprintf(
+		"{$wpdb->posts}.post_type IN (%s)",
+		implode( ',', array_fill( 0, count($post_types), '%s' ) )
+	),
+	$post_types
+);
+$where = $wpdb->prepare(
+	namespace\sprintf( // This should be flagged in the future once the sniff is able to resolve relative namespaces.
+		"{$wpdb->posts}.post_type IN (%s)",
+		implode( ',', array_fill( 0, count($post_types), '%s' ) )
+	),
+	$post_types
+);
+
+/*
+ * Safeguard correct handling of all types of namespaced calls to implode() except fully qualified calls to the
+ * global implode() function, which is already handled above.
+ */
+$where = $wpdb->prepare(
+	sprintf(
+		"{$wpdb->posts}.post_type IN (%s)",
+		MyNamespace\implode( ',', array_fill( 0, count($post_types), '%s' ) )
+	),
+	$post_types
+);
+$where = $wpdb->prepare(
+	sprintf(
+		"{$wpdb->posts}.post_type IN (%s)",
+		\MyNamespace\implode( ',', array_fill( 0, count($post_types), '%s' ) )
+	),
+	$post_types
+);
+$where = $wpdb->prepare(
+	sprintf(
+		"{$wpdb->posts}.post_type IN (%s)",
+		namespace\implode( ',', array_fill( 0, count($post_types), '%s' ) ) // This should be flagged in the future once the sniff is able to resolve relative namespaces.
+	),
+	$post_types
+);
+
+/*
+ * Safeguard correct handling of all types of namespaced calls to array_fill() except fully qualified calls to the
+ * global array_fill() function, which is already handled above.
+ */
+$where = $wpdb->prepare(
+	sprintf(
+		"{$wpdb->posts}.post_type IN (%s)",
+		implode( ',', MyNamespace\array_fill( 0, count($post_types), '%s' ) )
+	),
+	$post_types
+);
+$where = $wpdb->prepare(
+	sprintf(
+		"{$wpdb->posts}.post_type IN (%s)",
+		implode( ',', \MyNamespace\array_fill( 0, count($post_types), '%s' ) )
+	),
+	$post_types
+);
+$where = $wpdb->prepare(
+	sprintf(
+		"{$wpdb->posts}.post_type IN (%s)",
+		implode( ',', namespace\array_fill( 0, count($post_types), '%s' ) ) // This should be flagged in the future once the sniff is able to resolve relative namespaces.
+	),
+	$post_types
+);
+
+/*
+ * Safeguard correct handling of namespaced implode() calls detected in the main loop (preceded by IN ()).
+ * These test the implode detection at line 269 in the sniff.
+ */
+$where = $wpdb->prepare(
+	"SELECT * FROM {$wpdb->posts} WHERE post_status = %s AND post_type IN (" . MyNamespace\implode( ',', array_fill( 0, count($post_types), '%s' ) ) . ")",
+	'publish'
+);
+$where = $wpdb->prepare(
+	"SELECT * FROM {$wpdb->posts} WHERE post_status = %s AND post_type IN (" . \MyNamespace\implode( ',', array_fill( 0, count($post_types), '%s' ) ) . ")",
+	'publish'
+);
+$where = $wpdb->prepare(
+	"SELECT * FROM {$wpdb->posts} WHERE post_status = %s AND post_type IN (" . namespace\implode( ',', array_fill( 0, count($post_types), '%s' ) ) . ")",
+	'publish'
+);
+
+/*
+ * Safeguard correct handling of namespaced array_fill() calls detected via main loop implode detection.
+ * These test the array_fill detection at line 739 called from main loop's implode at line 269.
+ */
+$where = $wpdb->prepare(
+	"SELECT * FROM {$wpdb->posts} WHERE post_status = %s AND post_type IN (" . implode( ',', MyNamespace\array_fill( 0, count($post_types), '%s' ) ) . ")",
+	'publish'
+);
+$where = $wpdb->prepare(
+	"SELECT * FROM {$wpdb->posts} WHERE post_status = %s AND post_type IN (" . implode( ',', \MyNamespace\array_fill( 0, count($post_types), '%s' ) ) . ")",
+	'publish'
+);
+$where = $wpdb->prepare(
+	"SELECT * FROM {$wpdb->posts} WHERE post_status = %s AND post_type IN (" . implode( ',', namespace\array_fill( 0, count($post_types), '%s' ) ) . ")",
+	'publish'
+);
diff --git a/WordPress/Tests/DB/PreparedSQLPlaceholdersUnitTest.php b/WordPress/Tests/DB/PreparedSQLPlaceholdersUnitTest.php
@@ -107,6 +107,9 @@ public function getErrorList() {
 
 			// Named parameter support.
 			418 => 1,
+
+			// Fully qualified \WPDB::prepare() call.
+			527 => 1,
 		);
 	}
 
@@ -162,6 +165,23 @@ public function getWarningList() {
 			482 => 1,
 			490 => 1,
 			498 => 1,
+
+			// Namespaced sprintf/implode/array_fill calls.
+			536 => 1, // MyNamespace\sprintf in sprintf/implode pattern.
+			543 => 1, // \MyNamespace\sprintf in sprintf/implode pattern.
+			550 => 1, // namespace\sprintf in sprintf/implode pattern.
+			562 => 1, // MyNamespace\implode inside sprintf parameter.
+			569 => 1, // \MyNamespace\implode inside sprintf parameter.
+			576 => 1, // namespace\implode inside sprintf parameter.
+			588 => 1, // MyNamespace\array_fill inside sprintf->implode.
+			595 => 1, // \MyNamespace\array_fill inside sprintf->implode.
+			602 => 1, // namespace\array_fill inside sprintf->implode.
+			614 => 1, // MyNamespace\implode in main loop (preceded by IN).
+			618 => 1, // \MyNamespace\implode in main loop (preceded by IN).
+			622 => 1, // namespace\implode in main loop (preceded by IN).
+			631 => 1, // MyNamespace\array_fill via main loop implode.
+			635 => 1, // \MyNamespace\array_fill via main loop implode.
+			639 => 1, // namespace\array_fill via main loop implode.
 		);
 	}
 }
