Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Leveraging the WordPress Coding Standards to re...

Leveraging the WordPress Coding Standards to review plugins and themes

Presented on March 24, 2018 at WordCamp Rotterdam, The Netherlands.
https://2018.rotterdam.wordcamp.org/
---------------------------------------------------------------
Ever been hesitant to upgrade to a newer WP version as you weren’t sure whether the theme and the plugins you use would be compatible ?
Or wondered whether installing a certain plugin would open your site up to security risks ?
Or maybe whether you would be able to present your customer with an interface in their language for a certain plugin ?

No matter whether you are a developer or you can’t tell divs from eval’s, PHP Codesniffer and the WordPress Coding Standards can help you. Let me tell you how…

------------------------------------
Relevant links:

* https://github.com/jrfnl/QA-WP-Projects/
* https://github.com/squizlabs/PHP_CodeSniffer
* https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards
* https://github.com/wimg/PHPCompatibility/

* http://php.net/download
* http://getcomposer.org/
* https://packagist.org/packages/jrfnl/qawpprojects

* https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/issues/1157
* https://github.com/squizlabs/PHP_CodeSniffer/pull/1948

Juliette Reinders Folmer

March 24, 2018
Tweet

More Decks by Juliette Reinders Folmer

Other Decks in Programming

Transcript

  1. Before Running the QA Analysis [1]  Download a copy

    of the plugin/theme  Check the minimum supported WP version
  2. Before Running the QA Analysis [1]  Download a copy

    of the plugin/theme  Check the minimum supported WP version  Check the PHP version of the deployment environment Jack Moreh
  3. Before Running the QA Analysis [2]  Check main plugin/theme

    file for the text-domain  "Guess" the plugin/theme prefixes
  4. PHP • http://php.net/download Composer • https://getcomposer.org/download/ QA-WP- Projects • Install

    via Composer: composer global require jrfnl/qawpprojects Install https://github.com/squizlabs/PHP_CodeSniffer/pull/1948
  5. Running the checks > phpcs ./path/to/project-root/ --standard=WP-QA-Basic --runtime-set testVersion 5.6-

    --runtime-set minimum_supported_wp_version 4.5 --runtime-set prefixes plugin_prefix,theme_acronym --runtime-set text_domain slug WP-QA-Strict
  6. Dangerous Code  Use of eval()  Use of PCRE

    /e modifier  Use of backtick operator
  7. Messy Code  Use of extract()  Duplicate classes 

    Duplicate function arguments  Assignments in conditions  Jumbled incrementors
  8. Incompatible Code - PHP  Use of Deprecated Syntaxes 

    Use of Deprecated or Removed Functions / Classes / Extensions etc  Use of (too) new Syntaxes
  9. Incompatible Code - WP Use of Deprecated:  WP Functions

     WP Function Parameters  WP Classes
  10. Insecure Code  Input not Validated/Sanitized  Output not Escaped

     Using User Input without Nonce Verification  Open to SQL Injection
  11. Discouraged Code  PHP Functions for which WP has a

    Better Alternative  Debug code