Sniff(s) to detect proper usage of preg_quote()

[jrfnl]

Originally suggested in https://github.com/WordPress/WordPress-Coding-Standards/issues/1371:

I'd like to suggest adding two new sniffs around the usage of preg_quote().

• Verify the $regex parameter of any PCRE function calls to make sure that if the regex is being build up by concatenating parts together, that any $variable parts are wrapped in a call to preg_quote().

  preg_match( '`http[s]?://[^\s<>\'"()]*' . preg_quote( $match_data[0], '`' ) . '`', $content ); // OK.
  preg_match( '`http[s]?://[^\s<>\'"()]*' . $match_data[0] . '`', $content ); // Warning.
  preg_match( $regex, $content ); // OK, ignore as impossible to check reliably.
  

• Verify that the optional second parameter $delimiter of preg_quote() is always passed. Too often I come across code where it is missing and unless it is passed, the default / delimiters are presumed, which is often wrong.

Initially these sniffs would go into Extra, but I'd encourage the WP Core team to consider accepting them into the Core ruleset.

Opinions ?