Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Leveraging the WordPress Coding Standards to review plugins and themes

Juliette Reinders Folmer
March 24, 2018
Programming
1
500

Leveraging the WordPress Coding Standards to review plugins and themes

Presented on March 24, 2018 at WordCamp Rotterdam, The Netherlands.
https://2018.rotterdam.wordcamp.org/
---------------------------------------------------------------
Ever been hesitant to upgrade to a newer WP version as you weren’t sure whether the theme and the plugins you use would be compatible ?
Or wondered whether installing a certain plugin would open your site up to security risks ?
Or maybe whether you would be able to present your customer with an interface in their language for a certain plugin ?

No matter whether you are a developer or you can’t tell divs from eval’s, PHP Codesniffer and the WordPress Coding Standards can help you. Let me tell you how…

------------------------------------
Relevant links:

* https://github.com/jrfnl/QA-WP-Projects/
* https://github.com/squizlabs/PHP_CodeSniffer
* https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards
* https://github.com/wimg/PHPCompatibility/

* http://php.net/download
* http://getcomposer.org/
* https://packagist.org/packages/jrfnl/qawpprojects

* https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/issues/1157
* https://github.com/squizlabs/PHP_CodeSniffer/pull/1948

Juliette Reinders Folmer

March 24, 2018
Tweet

More Decks by Juliette Reinders Folmer

See All by Juliette Reinders Folmer
Your Code Can be Poetry Too
jrf
0
130
Tackling the ElePHPant in the Room
jrf
2
18
Your Code Can be Poetry Too
jrf
0
75
Managing Code Quality and Code Consistency
jrf
0
55
Gitting Things Done
jrf
1
180
Gitting Things Done
jrf
0
85
PHP Dynamic Properties
jrf
0
120
Managing Code Quality and Code Consistency
jrf
1
120
WP Core Tests vs PHP 8.1
jrf
0
140

Other Decks in Programming

See All in Programming
Jakarta EE 10 - Simplicity for Modern and Lightweight Cloud
ivargrimstad
0
430
The Unyielding Spirit Of Android - Droidcon NYC '23
adammc331
1
170
Vitestを使った型テストの始め方
mascii
5
1.1k
Rich UI implementation examples using Jetpack Compose (Jetpack Composeを活用した強力なUI表現の実装実例)
iimokoy
0
1.4k
Jetpack Media3로 좋은 콘텐츠 소비 경험 구현하기
workspace93
0
130
ユニットテスト並行化の導入と運用:Goでの事例紹介
shohata
1
450
Migrating From Spring Boot 2 To Spring Boot 3 - What's Jakarta EE Got To Do with It?
ivargrimstad
0
470
Build Backwards-Compatible REST APIs with Rolling Versions
subomi
0
140
Flutter CustomPaint @Flutter MeetUp(In Songdo) - 박제창
itsmedreamwalker
0
170
第6回 AWSとGitHub勉強会 - AWS ECS Fargate環境の構築 -
ogiwarat
0
140
NSSpain 2023: An overview of different approaches to share code across platforms
terhechte
0
110
EbitengineでGUIツール作ってみた
aethiopicuschan
0
270

Featured

See All Featured
Building Effective Engineering Teams - LeadDev
addyosmani
21
950
Being A Developer After 40
akosma
52
580k
Web development in the modern age
philhawksworth
200
9.8k
GraphQLとの向き合い方2022年版
quramy
25
11k
Happy Clients
brianwarren
92
6.1k
Build your cross-platform service in a week with App Engine
jlugia
223
17k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.2k
Why You Should Never Use an ORM
jnunemaker
PRO
49
8.2k
Building Your Own Lightsaber
phodgson
97
5.2k
How GitHub Uses GitHub to Build GitHub
holman
466
280k
Writing Fast Ruby
sferik
615
59k
Practical Orchestrator
shlominoach
179
9.3k

Transcript

  1. Leveraging the WordPress
    Coding Standards to Review
    Plugins and Themes

    View Slide

  2. Hello!
    Juliette
    Reinders Folmer
    @jrf_nl @jrfnl

    View Slide

  3. Coding Standards ?

    View Slide

  4. Code Style
    Documentation
    Code Smells
    Code Metrics
    Best
    Practices
    Code
    Compatibility

    View Slide

  5. QA WP Projects
    PHP
    Compatibility
    Standard
    WordPress
    Coding
    Standards
    PHP
    Codesniffer

    View Slide

  6. nerminhuski
    Before you start

    View Slide

  7. Choosing a plugin/theme
    Plugin A
    Plugin B Plugin C
    Plugin D
    Plugin E

    View Slide

  8. Before Running the
    QA Analysis [1]
     Download a copy of the
    plugin/theme

    View Slide

  9. Before Running the
    QA Analysis [1]
     Download a copy of the
    plugin/theme
     Check the minimum supported
    WP version

    View Slide

  10. Before Running the
    QA Analysis [1]
     Download a copy of the
    plugin/theme
     Check the minimum supported
    WP version
     Check the PHP version of the
    deployment environment
    Jack Moreh

    View Slide

  11. Before Running the
    QA Analysis [2]
     Check main plugin/theme file
    for the text-domain

    View Slide

  12. Before Running the
    QA Analysis [2]
     Check main plugin/theme file
    for the text-domain
     "Guess" the plugin/theme
    prefixes

    View Slide

  13. svklimkin
    Reviewing with
    PHP_CodeSniffer

    View Slide

  14. PHP
    • http://php.net/download
    Composer
    • https://getcomposer.org/download/
    QA-WP-
    Projects
    • Install via Composer:
    composer global require
    jrfnl/qawpprojects
    Install
    https://github.com/squizlabs/PHP_CodeSniffer/pull/1948

    View Slide

  15. Choose Your Standard
    WP-QA-Basic
    95 checks
    WP-QA-Strict
    118 checks

    View Slide

  16. Running the checks
    > phpcs
    ./path/to/project-root/
    --standard=WP-QA-Basic
    --runtime-set testVersion 5.6-
    --runtime-set minimum_supported_wp_version 4.5
    --runtime-set prefixes plugin_prefix,theme_acronym
    --runtime-set text_domain slug
    WP-QA-Strict

    View Slide

  17. View Slide

  18. ainsliejoon
    Interpreting the
    Results

    View Slide

  19. Hard Errors

    View Slide

  20. Dawn Armfield
    Dangerous Code

    View Slide

  21. Dangerous
    Code
     Use of eval()
     Use of PCRE /e modifier
     Use of backtick operator

    View Slide

  22. pelican
    Untestable Code

    View Slide

  23. Untestable
    Code
     High Code Complexity
     Deep Code Nesting

    View Slide

  24. Outdated Code Benjamin Earwicker

    View Slide

  25. Outdated
    Code
     Globals Functions instead of OO
     Use of PHP 4 Style code

    View Slide

  26. Ashim D'Silva
    Messy Code

    View Slide

  27. Messy
    Code
     Use of extract()
     Duplicate classes
     Duplicate function arguments
     Assignments in conditions
     Jumbled incrementors

    View Slide

  28. Incompatible Code – PHP

    View Slide

  29. Incompatible
    Code - PHP
     Use of Deprecated Syntaxes
     Use of Deprecated or Removed
    Functions / Classes / Extensions
    etc
     Use of (too) new Syntaxes

    View Slide

  30. Jenn Vargas
    Incompatible Code - WP

    View Slide

  31. Incompatible
    Code - WP
    Use of Deprecated:
     WP Functions
     WP Function Parameters
     WP Classes

    View Slide

  32. Play4smee
    Conflicting Code (Strict)

    View Slide

  33. Conflicting
    Code
     Overwriting WP Global Variables
     Non-enqueued Scripts & Styles
     Non-prefixed code

    View Slide

  34. Lyn Belisle
    Potentially Insecure Code (Strict)

    View Slide

  35. Insecure
    Code
     Input not Validated/Sanitized
     Output not Escaped
     Using User Input without Nonce
    Verification
     Open to SQL Injection

    View Slide

  36. Vera Kratochvil
    Internationalization Issues (Strict)

    View Slide

  37. Baydog64
    Potentially Buggy Code (Strict)

    View Slide

  38. Potentially
    Buggy Code
     Non-strict Comparisons
     WP SQL best practices

    View Slide

  39. jschumacher
    Sloppy Code (Strict)

    View Slide

  40. Sloppy Code
     Empty Statements
     Unconditional If statements
     Function calls in loop condition

    View Slide

  41. Discouraged Code (Strict)

    View Slide

  42. Discouraged
    Code
     PHP Functions for which WP has a
    Better Alternative
     Debug code

    View Slide

  43. StuartMiles

    View Slide

  44. No issues found ?
    --ignore-annotations

    View Slide

  45. What About
    Tide ?

    View Slide

  46. https://github.com/
    WordPress-Coding-Standards/
    WordPress-Coding-Standards/
    issues/1157
    WPCS native support

    View Slide

  47. Thanks!
    Any
    questions ?
    Slides: https://speakerdeck.com/jrf
    Code: https://github.com/jrfnl/
    qa-wp-projects
    @jrf_nl @jrfnl @jrf

    View Slide