VIP-Coding-Standards icon indicating copy to clipboard operation
VIP-Coding-Standards copied to clipboard

Published 20 hours ago verified publisher icon Automattic

Custom IniSet Sniff to allow for certain safelisted options

Open rebeccahum opened this issue 4 years ago • 1 comments
trafficstars

Describe the solution you'd like

VIPCS could benefit from having a custom IniSet sniff...similar to https://github.com/WordPress/WordPress-Coding-Standards/blob/41f5a9c66ff814863bc479fb52fd6cd1abc87e28/WordPress/Sniffs/PHP/IniSetSniff.php#L55-L65, but we want to be able to customize the whitelist property for the below values:

  • session.cookie_httponly
  • session.cookie_secure
  • session.use_only_cookies

WP already manages sessions but we have some clients that want to control PHP sessions via custom code.

What code should not be reported as a violation?

ini_set('session.cookie_httponly', true);
ini_set('session.cookie_secure', true);
ini_set('session.use_only_cookies', true);

Additional context

https://github.com/WordPress/WordPress-Coding-Standards/issues/1993

rebeccahum avatar May 26 '21 14:05 rebeccahum

As the WPCS property which controls the "allow list" is protected, I think we can simply extend the WPCS sniff and add those extra ini settings to the property from the sniff constructor.

jrfnl avatar May 26 '21 15:05 jrfnl