site-kit-wp icon indicating copy to clipboard operation
site-kit-wp copied to clipboard
verified publisher icon google

Upgrade PHPCS standards and fix issues, excluding ExceptionNotEscaped.

Open benbowler opened this issue 1 year ago • 1 comments

Summary

Addresses issue:

  • #8724

Relevant technical choices

I updated the suggested packages and their dependencies, then worked through many new fixes and addressed them using lint-fix and manually.

The only rule that I suggest we address in a follow up issue is WordPress.Security.EscapeOutput.ExceptionNotEscaped, which I've disabled here for now. There are many examples where we return variables in our error response strings. As mentioned in this thread, the security impact here is for uncaught/handled errors for:

people having display_errors on (which is PHP's default) and html_errors off (which is not the default)

In our usage we may be able to skip many of these where the errors are part of REST endpoints where the response won't be rendered in the users site/plugin dashboard. Other core plugin exceptions should perhaps be escaped incase they are left uncaught and could return unescaped html on the plugin dashboard. Generally creating a new ticket will allow us to evaluate the possible impact through the AC/IB process.

Alternatively if we are clear that each error is correctly handled by the plugin we can permanently disable this rule.

PR Author Checklist

  • [x] My code is tested and passes existing unit tests.
  • [ ] My code has an appropriate set of unit tests which all pass.
  • [x] My code is backward-compatible with WordPress 5.2 and PHP 7.4.
  • [x] My code follows the WordPress coding standards.
  • [x] My code has proper inline documentation.
  • [x] I have added a QA Brief on the issue linked above.
  • [x] I have signed the Contributor License Agreement (see https://cla.developers.google.com/).

Do not alter or remove anything below. The following sections will be managed by moderators only.

Code Reviewer Checklist

  • [ ] Run the code.
  • [ ] Ensure the acceptance criteria are satisfied.
  • [ ] Reassess the implementation with the IB.
  • [ ] Ensure no unrelated changes are included.
  • [ ] Ensure CI checks pass.
  • [ ] Check Storybook where applicable.
  • [ ] Ensure there is a QA Brief.

Merge Reviewer Checklist

  • [ ] Ensure the PR has the correct target branch.
  • [ ] Double-check that the PR is okay to be merged.
  • [ ] Ensure the corresponding issue has a ZenHub release assigned.
  • [ ] Add a changelog message to the issue.

benbowler avatar Jul 01 '24 09:07 benbowler

Build files for e5e78355e1b55dead49b4c15a575427446f3a03b have been deleted.

github-actions[bot] avatar Jul 01 '24 10:07 github-actions[bot]