* update squizlabs/php_codesniffer and WP coding standards to latest
* revamp phpcs sniffer rulesets:
- update to php-compatibility (wimg is defunct)
- add version for woocommerce-sniffs
* streamline phpcs config (get it working at all):
- update min WP version to 5.3
- remove references to rules we don't have installed
- WordPress.VIP
- WordPress.XSS
* fix 2x phpcs errors (automatically via phpcbf)
* update phps ignore unescaped output comment to current format
* add npm scripts for php linter and linter autofixer
* auto-fix PHP linter errors using phpcbf :
Before phpcbf:
[x] PEAR Functions Function call signature multiple arguments 127
[x] Generic White space Disallow space indent spaces used 10
[ ] WordPres WP Enqueued resource parameters missing version 6
[ ] PHPCompa Language construct New language constructs t_ns_separator found 4
[ ] WordPres Security Escape output output not escaped 4
[ ] PHPCompa Parameter values New HTMLEntities encoding default not set 2
[ ] WordPres Date time Restricted functions date_date 2
[x] Generic Files End file newline not found 1
[x] PEAR Functions Function call signature close bracket line 1
[x] PEAR Functions Function call signature content after open bracket 1
[x] Squiz White space Superfluous whitespace end line 1
[x] WordPres Arrays Comma after array item no comma 1
phpcbf fixed all [x] violations, all whitespace/formatting
After phpcbf:
WordPres WP Enqueued resource parameters missing version 6
PHPCompa Language construct New language constructs t_ns_separator found 4
WordPres Security Escape output output not escaped 4
PHPCompa Parameter values New HTMLEntities encoding default not set 2
WordPres Date time Restricted functions date_date 2
Note - this commit does not include auto-fixed files with other
violations. These will follow in separate commit (after fixing!)
* fix phpcs violations:
- numerous formatting issues fixed automatically
- manually fix missing version param in calls to wp_enqueue_style
* fix phpcs violations:
- numerous formatting issues fixed automatically
- fix missing deps param in call to wp_enqueue_style
* update phpcs test php version to match min requirement (5.6)
* fix phpcs violations including some missing escaping:
- numerous formatting issues fixed automatically
- prefer gmdate() over potentially ambiguous date()
- escape output (a real issue!) of comment dates
* fix violations (all automated formatting fixes)
* reinstate WordPress rule/standard in phpcs.xml (minimise PR changes)
* exclude build (pre-zip) ./storefront & tighten excludes for dep folders
* bulk-update Security.EscapeOutput.OutputNotEscaped ignore comment:
- the previous comment format is no longer supported
- bulk replacing these to reduce phpcs warning overhead
- Static strings (as in `echo 'hey';`) or numbers do not need to be
escaped, as there is no possibility to change them without changing the
code.
- When escaping numbers passed to query functions, `absint()` should be
used instead of `intval()`, to make sure to obtain positive integers.
- Strings that are output in HTML should be escaped with `esc_html()`
instead of `esc_attr()`.
- `esc_attr( __() )` can be written as `esc_attr__()`, same for
`esc_html( __() )`.
- Translations should always be escaped.
