Leveraging the WordPress Coding Standards to review plugins and themes

Transcript

1. Leveraging the WordPress Coding Standards to Review Plugins and Themes

2. Hello! Juliette Reinders Folmer @jrf_nl @jrfnl

3. Coding Standards ?

4. Code Style Documentation Code Smells Code Metrics Best Practices Code

   Compatibility

5. QA WP Projects PHP Compatibility Standard WordPress Coding Standards PHP

   Codesniffer

6. nerminhuski Before you start

7. Choosing a plugin/theme Plugin A Plugin B Plugin C Plugin

   D Plugin E

8. Before Running the QA Analysis [1]  Download a copy

   of the plugin/theme

9. Before Running the QA Analysis [1]  Download a copy

   of the plugin/theme  Check the minimum supported WP version

10. Before Running the QA Analysis [1]  Download a copy

    of the plugin/theme  Check the minimum supported WP version  Check the PHP version of the deployment environment Jack Moreh

11. Before Running the QA Analysis [2]  Check main plugin/theme

    file for the text-domain

12. Before Running the QA Analysis [2]  Check main plugin/theme

    file for the text-domain  "Guess" the plugin/theme prefixes

13. svklimkin Reviewing with PHP_CodeSniffer

14. PHP • http://php.net/download Composer • https://getcomposer.org/download/ QA-WP- Projects • Install

    via Composer: composer global require jrfnl/qawpprojects Install https://github.com/squizlabs/PHP_CodeSniffer/pull/1948

15. Choose Your Standard WP-QA-Basic 95 checks WP-QA-Strict 118 checks

16. Running the checks > phpcs ./path/to/project-root/ --standard=WP-QA-Basic --runtime-set testVersion 5.6-

    --runtime-set minimum_supported_wp_version 4.5 --runtime-set prefixes plugin_prefix,theme_acronym --runtime-set text_domain slug WP-QA-Strict
17. None

18. ainsliejoon Interpreting the Results

19. Hard Errors

20. Dawn Armfield Dangerous Code

21. Dangerous Code  Use of eval()  Use of PCRE

    /e modifier  Use of backtick operator

22. pelican Untestable Code

23. Untestable Code  High Code Complexity  Deep Code Nesting

24. Outdated Code Benjamin Earwicker

25. Outdated Code  Globals Functions instead of OO  Use

    of PHP 4 Style code

26. Ashim D'Silva Messy Code

27. Messy Code  Use of extract()  Duplicate classes 

    Duplicate function arguments  Assignments in conditions  Jumbled incrementors

28. Incompatible Code – PHP

29. Incompatible Code - PHP  Use of Deprecated Syntaxes 

    Use of Deprecated or Removed Functions / Classes / Extensions etc  Use of (too) new Syntaxes

30. Jenn Vargas Incompatible Code - WP

31. Incompatible Code - WP Use of Deprecated:  WP Functions

     WP Function Parameters  WP Classes

32. Play4smee Conflicting Code (Strict)

33. Conflicting Code  Overwriting WP Global Variables  Non-enqueued Scripts

    & Styles  Non-prefixed code

34. Lyn Belisle Potentially Insecure Code (Strict)

35. Insecure Code  Input not Validated/Sanitized  Output not Escaped

     Using User Input without Nonce Verification  Open to SQL Injection

36. Vera Kratochvil Internationalization Issues (Strict)

37. Baydog64 Potentially Buggy Code (Strict)

38. Potentially Buggy Code  Non-strict Comparisons  WP SQL best

    practices

39. jschumacher Sloppy Code (Strict)

40. Sloppy Code  Empty Statements  Unconditional If statements 

    Function calls in loop condition

41. Discouraged Code (Strict)

42. Discouraged Code  PHP Functions for which WP has a

    Better Alternative  Debug code

43. StuartMiles

44. No issues found ? --ignore-annotations

45. What About Tide ?

46. https://github.com/ WordPress-Coding-Standards/ WordPress-Coding-Standards/ issues/1157 WPCS native support

47. Thanks! Any questions ? Slides: https://speakerdeck.com/jrf Code: https://github.com/jrfnl/ qa-wp-projects @jrf_nl

    @jrfnl @jrf