Skip to content

Commit 64f1bfd

Browse files
rodrigoprimorodrigoprimo
committed
WIP DB/PreparedSQL: the sniff currently doesn't handle well the added cases both in PHPCS 3 and 4
In 3 there is only one error because it treats MyNamespace as T_STRING and generates an error and then thinks `esc_sql()` as a valid call to the global function which is incorrect.
1 parent 966f4d9 commit 64f1bfd

File tree

2 files changed

+26
-0
lines changed

2 files changed

+26
-0
lines changed

WordPress/Tests/DB/PreparedSQLUnitTest.1.inc

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -155,3 +155,19 @@ $wpdb->query( "SELECT * FROM $wpdb->posts WHERE ID = " . \MyNamespace\absint( $f
155155
$wpdb->query( "SELECT * FROM $wpdb->posts WHERE ID = " . namespace\absint( $foo ) ); // This should NOT be flagged in the future once the sniff is able to resolve relative namespaces.
156156

157157
// TODO: add similar namespace tests as the ones above for PreparedSQLSniff::$SQLAutoEscapedFunctions and FormattingFunctionsHelper::$formattingFunctions.
158+
159+
/**
160+
$wpdb->query( "SELECT * FROM $wpdb->posts WHERE post_title LIKE '" . namespace\esc_sql( $foo ) . "';" ); // TODO: should the sniff code be updated to handle this case? Currently it is an error, but it shouldn't as this is a call to the global esc_sql() function.
161+
$wpdb->query( "SELECT * FROM $wpdb->posts WHERE post_title LIKE '" . \MyNamespace\esc_sql( $foo ) . "';" ); // Bad.
162+
163+
$sql = $wpdb->prepare( namespace\sprintf(
164+
'SELECT `post_id`, `meta_value` FROM `%s` WHERE `meta_key` = "sort_order" AND `post_id` IN (%s)',
165+
$wpdb->postmeta,
166+
implode( ',', array_fill( 0, count( $post_ids ), '%d' ) )
167+
), $post_ids ); // Bad, but maybe it shouldn't be (check TODO above).
168+
$sql = $wpdb->prepare( \MyNamespace\sprintf(
169+
'SELECT `post_id`, `meta_value` FROM `%s` WHERE `meta_key` = "sort_order" AND `post_id` IN (%s)',
170+
$wpdb->postmeta,
171+
implode( ',', array_fill( 0, count( $post_ids ), '%d' ) )
172+
), $post_ids ); // Bad.
173+
*/

WordPress/Tests/DB/PreparedSQLUnitTest.php

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,16 @@ public function getErrorList( $testFile = '' ) {
6969
153 => 1,
7070
154 => 1,
7171
155 => 1,
72+
73+
// phpcs:disable Squiz.PHP.CommentedOutCode.Found
74+
75+
/*
76+
147 => 1,
77+
148 => 1,
78+
155 => 1,
79+
160 => 1,
80+
*/
81+
// phpcs:enable Squiz.PHP.CommentedOutCode.Found
7282
);
7383

7484
case 'PreparedSQLUnitTest.2.inc':

0 commit comments

Comments
 (0)