Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ProperEscapingFunction: Fix short tag detection #748

Merged
merged 2 commits into from
Feb 9, 2023
Merged

ProperEscapingFunction: Fix short tag detection #748

merged 2 commits into from
Feb 9, 2023

Conversation

GaryJones
Copy link
Contributor

Suggested fix for #739. Includes unit tests. First commit is separate just to keep the noise down for the actual fix in the second commit.

Applying the suggested fix (reset tracking variable to false in process_token() method) from #739 caused a failure of an existing unit test - presumably because this meant it would get reset when processing a T_STRING token, and not just a T_OPEN_TAG_WITH_ECHO token (both are returned from register()), leading to a case where the tracking variable was incorrect.

I've also made an assumption, that numbered .inc files are always processed in the same logical order (1, then 2, then 3). I tested alternative versions, and could successfully NOT trigger the bug when the new unit test files were numbered in the reverse order (and 1.inc was temporarily moved to 4.inc, as that seemed to trigger the bug as well coincidentally).

ProperEscapingFunction: Prep for multi-file tests

Renames the singular test .inc file to include a number, to allow for more incoming test files.

ProperEscapingFunction: Fix short tag detection

The tracking variable $in_short_echo was never reset when checking different files, meaning that the property would carry over and provide the wrong context to the next file.

By adding a process() method to the ProperEscapingFunctionSniff, we can reset the tracking variable at the start of each file by comparing the currently processing file to the last one stored in a static variable.

Includes two unit test files, numbered in the order needed to trigger the bug if the fix wasn't present.

Fixes #739.

@GaryJones
ProperEscapingFunction: Prep for multi-file tests
3c5a8bb 
Renames the singular test `.inc` file to include a number, to allow for more incoming test files.
@GaryJones GaryJones added this to the 2.3.4 milestone Feb 5, 2023
@GaryJones GaryJones self-assigned this Feb 5, 2023
@GaryJones GaryJones requested a review from a team as a code owner February 5, 2023 17:36
jrfnl
jrfnl requested changes Feb 5, 2023
View reviewed changes
Copy link
Collaborator

@jrfnl jrfnl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@GaryJones Thanks for getting this set-up.

Applying the suggested fix (reset tracking variable to false in process_token() method) from #739 caused a failure of an existing unit test - presumably because this meant it would get reset when processing a T_STRING token, and not just a T_OPEN_TAG_WITH_ECHO token (both are returned from register()), leading to a case where the tracking variable was incorrect.

IMO, we don't actually need the process() method, this snippet can just as easily be added at the top of the process_token() method.
The parent process() method only assigns the $phpcsFile and $tokens properties, it doesn't do anything else.

I have a feeling that if you apply the two suggested fixes (inline comments), the failure of the existing tests will disappear.
I suspect that failure was due to the object comparison instead of comparing the file name.

I've also made an assumption, that numbered .inc files are always processed in the same logical order (1, then 2, then 3)

That's a correct assumption as long as the number of test files stays below 10.
See:

WordPressVIPMinimum/Sniffs/Security/ProperEscapingFunctionSniff.php Outdated Show resolved Hide resolved
WordPressVIPMinimum/Sniffs/Security/ProperEscapingFunctionSniff.php Outdated
* normal file processing.
*/
public function process( File $phpcsFile, $stackPtr ) {
static $current_file;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd suggest assigning the $current_file to a private property in the sniff (with a default of an empty string), rather than using a static variable.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For what reason?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Handled in f1cd93c (#748).

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reason: consistency (the $in_short_echo tracker is also a property) and reducing "magic".

@GaryJones
Copy link
Contributor Author

GaryJones commented Feb 6, 2023
edited
Loading

IMO, we don't actually need the process() method, this snippet can just as easily be added at the top of the process_token() method.
The parent process() method only assigns the $phpcsFile and $tokens properties, it doesn't do anything else.

@jrfnl I was under the impression, probably wrongly, that process() ran once per file, and process_token() ran once per registered token, and therefore less work would be done by adding the reset logic to process().

@GaryJones GaryJones force-pushed the fix/short-tag-detection branch from db63bd8 to f1cd93c Compare February 6, 2023 13:43
@jrfnl
Copy link
Collaborator

jrfnl commented Feb 7, 2023
edited
Loading

IMO, we don't actually need the process() method, this snippet can just as easily be added at the top of the process_token() method.
The parent process() method only assigns the $phpcsFile and $tokens properties, it doesn't do anything else.

@jrfnl I was under the impression, probably wrongly, that process() ran once per file, and process_token() ran once per registered token, and therefore less work would be done by adding the reset logic to process().

It's the register() method which is only called once per sniff.
The process() method is called for each token register-ed to be listened to. Also see: https://github.com/WordPress/WordPress-Coding-Standards/blob/546f59c67854589bb8f6b49a30e642e75ff419ad/WordPress/Sniff.php#L418-L433

jrfnl
jrfnl previously approved these changes Feb 7, 2023
View reviewed changes
@GaryJones
ProperEscapingFunction: Fix short tag detection
f94a92d 
The tracking variable `$in_short_echo` was never reset when checking different files, meaning that the property would carry over and provide the wrong context to the next file.

By adding logic to the `process_token()` method of the ProperEscapingFunctionSniff, we can reset the tracking variable at the start of each file by comparing the currently processing file to the last one stored in a static variable.

Includes two unit test files, numbered in the order needed to trigger the bug if the fix wasn't present.

Fixes #739.
@GaryJones GaryJones force-pushed the fix/short-tag-detection branch from f1cd93c to f94a92d Compare February 9, 2023 11:47
@GaryJones GaryJones merged commit 2ae2a51 into develop Feb 9, 2023
@GaryJones GaryJones deleted the fix/short-tag-detection branch February 9, 2023 11:47
@jrfnl
Copy link
Collaborator

jrfnl commented Mar 5, 2023

Follow up on my earlier remark about the test case file sorting: squizlabs/PHP_CodeSniffer#3775

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jrfnl jrfnl jrfnl left review comments

Assignees

@GaryJones GaryJones

Labels
Type: Bug
Projects
None yet
Milestone
2.3.4
Development

Successfully merging this pull request may close these issues.

Wrong short tag detection
2 participants
@GaryJones @jrfnl