mirror of
https://gh.wpcy.net/https://github.com/WordPress/WordPress-Coding-Standards.git
synced 2026-04-24 23:58:18 +08:00
2676dd4d7a
As the whole `Core` ruleset is included in `VIP`, there is no need for these sniffs to be included twice.
85 lines
4.9 KiB
XML
85 lines
4.9 KiB
XML
<?xml version="1.0"?>
|
|
<ruleset name="WordPress VIP">
|
|
<description>WordPress VIP Coding Standards</description>
|
|
|
|
<autoload>./../WordPress/PHPCSAliases.php</autoload>
|
|
|
|
<rule ref="WordPress-Core"/>
|
|
|
|
<!-- Covers:
|
|
https://vip.wordpress.com/documentation/code-review-what-we-look-for/#removing-the-admin-bar
|
|
https://vip.wordpress.com/documentation/code-review-what-we-look-for/#cron-schedules-less-than-15-minutes-or-expensive-events
|
|
https://vip.wordpress.com/documentation/code-review-what-we-look-for/#direct-database-queries
|
|
https://vip.wordpress.com/documentation/code-review-what-we-look-for/#filesystem-writes
|
|
https://vip.wordpress.com/documentation/code-review-what-we-look-for/#order-by-rand
|
|
https://vip.wordpress.com/documentation/code-review-what-we-look-for/#using-__file__-for-page-registration
|
|
https://vip.wordpress.com/documentation/code-review-what-we-look-for/#uncached-functions
|
|
https://vip.wordpress.com/documentation/code-review-what-we-look-for/#flush_rewrite_rules
|
|
https://vip.wordpress.com/documentation/code-review-what-we-look-for/#session_start-and-other-session-related-functions
|
|
https://vip.wordpress.com/documentation/code-review-what-we-look-for/#functions-that-use-joins-taxonomy-relation-queries-cat-tax-queries-subselects-or-api-calls
|
|
https://vip.wordpress.com/documentation/code-review-what-we-look-for/#querying-on-meta_value
|
|
https://vip.wordpress.com/documentation/code-review-what-we-look-for/#manipulating-the-timezone-server-side
|
|
https://vip.wordpress.com/documentation/code-review-what-we-look-for/#validation-sanitization-and-escaping
|
|
-->
|
|
<rule ref="WordPress.VIP"/>
|
|
|
|
<!-- https://vip.wordpress.com/documentation/code-review-what-we-look-for/#validation-sanitization-and-escaping -->
|
|
<!-- https://vip.wordpress.com/documentation/best-practices/security/validating-sanitizing-escaping/ -->
|
|
<rule ref="WordPress.XSS.EscapeOutput"/>
|
|
<rule ref="WordPress.CSRF.NonceVerification"/>
|
|
|
|
<!-- https://vip.wordpress.com/documentation/code-review-what-we-look-for/#using-instead-of -->
|
|
<rule ref="WordPress.PHP.StrictComparisons"/>
|
|
|
|
<!-- https://vip.wordpress.com/documentation/code-review-what-we-look-for/#commented-out-code-debug-code-or-output -->
|
|
<rule ref="Squiz.PHP.CommentedOutCode">
|
|
<properties>
|
|
<property name="maxPercentage" value="45"/>
|
|
</properties>
|
|
</rule>
|
|
|
|
<!-- https://vip.wordpress.com/documentation/vip/code-review-what-we-look-for/#eval-and-create_function -->
|
|
<!-- https://vip.wordpress.com/documentation/vip/code-review-what-we-look-for/#serializing-data -->
|
|
<!-- https://vip.wordpress.com/documentation/vip/code-review-what-we-look-for/#encoding-values-used-when-creating-a-url-or-passed-to-add_query_arg -->
|
|
<!-- https://github.com/Automattic/vip-scanner/blob/master/vip-scanner/checks/ForbiddenPHPFunctionsCheck.php -->
|
|
<rule ref="WordPress.PHP.DiscouragedPHPFunctions">
|
|
<!-- https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/pull/633#issuecomment-266634811 -->
|
|
<properties>
|
|
<property name="exclude" value="obfuscation"/>
|
|
</properties>
|
|
</rule>
|
|
<!-- https://vip.wordpress.com/documentation/vip/code-review-what-we-look-for/#settings-alteration -->
|
|
<rule ref="WordPress.PHP.DiscouragedPHPFunctions.runtime_configuration">
|
|
<type>error</type>
|
|
</rule>
|
|
|
|
<!-- https://vip.wordpress.com/documentation/code-review-what-we-look-for/#commented-out-code-debug-code-or-output -->
|
|
<rule ref="WordPress.PHP.DevelopmentFunctions"/>
|
|
<rule ref="WordPress.PHP.DevelopmentFunctions.error_log">
|
|
<type>error</type>
|
|
</rule>
|
|
<!-- https://vip.wordpress.com/documentation/vip/code-review-what-we-look-for/#settings-alteration -->
|
|
<rule ref="WordPress.PHP.DevelopmentFunctions.prevent_path_disclosure">
|
|
<type>error</type>
|
|
</rule>
|
|
|
|
<!-- https://vip.wordpress.com/documentation/code-review-what-we-look-for/#using-in_array-without-strict-parameter -->
|
|
<rule ref="WordPress.PHP.StrictInArray"/>
|
|
|
|
<!-- https://vip.wordpress.com/documentation/vip/code-review-what-we-look-for/#use-wp_parse_url-instead-of-parse_url -->
|
|
<!-- https://vip.wordpress.com/documentation/vip/code-review-what-we-look-for/#use-wp_json_encode-over-json_encode -->
|
|
<!-- https://vip.wordpress.com/documentation/vip/code-review-what-we-look-for/#filesystem-writes -->
|
|
<!-- https://vip.wordpress.com/documentation/vip/code-review-what-we-look-for/#remote-calls -->
|
|
<rule ref="WordPress.WP.AlternativeFunctions"/>
|
|
<!-- VIP recommends other functions -->
|
|
<rule ref="WordPress.WP.AlternativeFunctions.curl">
|
|
<message>Using cURL functions is highly discouraged within VIP context. Check (Fetching Remote Data) on VIP Documentation.</message>
|
|
</rule>
|
|
<rule ref="WordPress.WP.AlternativeFunctions.file_get_contents">
|
|
<message>%s() is highly discouraged, please use vip_safe_wp_remote_get() instead.</message>
|
|
</rule>
|
|
|
|
<!-- https://vip.wordpress.com/documentation/code-review-what-we-look-for/#using-theme-constants -->
|
|
<rule ref="WordPress.WP.DiscouragedConstants"/>
|
|
|
|
</ruleset>
|
