Merge branch 'trunk' into 756-required-functions-param

.github/workflows/behat-test.yml

@@ -60,8 +60,6 @@ jobs:
       fail-fast: true
       matrix:
         php:
-        - '7.2'
-        - '7.3'
         - '7.4'
         - '8.0'
         - '8.1'
@@ -70,7 +68,7 @@ jobs:
           - php: '8.2'
             wordpress: 'latest'
             coverage: true
-          - php: '7.2'
+          - php: '7.4'
             wordpress: '6.3'
           - php: '8.3'
             wordpress: 'trunk'
@@ -157,7 +155,7 @@ jobs:
 
       - name: Upload code coverage report
         if: ${{ matrix.coverage }}
-        uses: codecov/codecov-action@v4.6.0
+        uses: codecov/codecov-action@v5.0.2
         with:
           files: ${{ steps.coverage_files.outputs.files }}
           flags: feature

.github/workflows/php-test.yml

@@ -48,13 +48,12 @@ jobs:
       fail-fast: true
       matrix:
         php:
-        - '7.3'
         - '7.4'
         - '8.0'
         - '8.1'
         wordpress: [ 'latest' ]
         include:
-          - php: '7.2'
+          - php: '7.4'
             wordpress: '6.3'
           - php: '8.2'
             wordpress: 'latest'
@@ -101,7 +100,7 @@ jobs:
 
       - name: Upload code coverage report
         if: ${{ matrix.coverage }}
-        uses: codecov/codecov-action@68708a9f7a6b6b5fe33673f782f93725c5eff3c6
+        uses: codecov/codecov-action@5c47607acb93fed5485fdbf7232e8a31425f672a
         with:
           file: build/logs/*.xml
           flags: unit
@@ -115,8 +114,6 @@ jobs:
       fail-fast: true
       matrix:
         php:
-        - '7.2'
-        - '7.3'
         - '7.4'
         - '8.0'
         - '8.1'
@@ -149,7 +146,7 @@ jobs:
 
       - name: Upload code coverage report
         if: ${{ matrix.coverage }}
-        uses: codecov/codecov-action@68708a9f7a6b6b5fe33673f782f93725c5eff3c6
+        uses: codecov/codecov-action@5c47607acb93fed5485fdbf7232e8a31425f672a
         with:
           file: build/logs/*.xml
           flags: phpcs-sniffs

CONTRIBUTING.md

@@ -7,7 +7,7 @@ Thank you for your interest in contributing to the Plugin Check plugin!
 In general, all code must follow the [WordPress Coding Standards and best practices](https://developer.wordpress.org/coding-standards/). All code in the Plugin Check plugin must follow these requirements:
 
 - **WordPress**: The plugin's minimum WordPress version requirement is 6.3.
-- **PHP**: Always match the latest WordPress version. The minimum required version right now is 7.2.24.
+- **PHP**: The minimum required version right now is 7.4.
 
 ## Guidelines
 

composer.json

@@ -4,7 +4,7 @@
   "license": "GPL-2.0-or-later",
   "type": "wordpress-plugin",
   "require": {
-    "php": ">=7.2.24",
+    "php": ">=7.4",
     "ext-json": "*",
     "afragen/wordpress-plugin-readme-parser": "dev-master#67fba498d0b112acf84386b95e4905c539a33f0b",
     "automattic/vipwpcs": "^3.0.0",
@@ -56,7 +56,7 @@
       "phpstan/extension-installer": true
     },
     "platform": {
-      "php": "7.2.24"
+      "php": "7.4"
     }
   },
   "scripts": {

includes/Checker/Checks/Plugin_Repo/Trademarks_Check.php

@@ -137,7 +137,8 @@ class Trademarks_Check extends Abstract_File_Check {
 		'wordpress',
 		'wordpess',
 		'wpress',
-		'wp-',
+		'wp', // it's allowed, but shows a warning.
+		'wc', // it's allowed, but shows a warning.
 		'wp-mail-smtp-',
 		'yandex-',
 		'yahoo-',
@@ -146,6 +147,18 @@ class Trademarks_Check extends Abstract_File_Check {
 		'you-tube-',
 	);
 
+	/**
+	 * Lists of allowed acronyms of trademarks.
+	 *
+	 * @since 1.3.0
+	 *
+	 * @var string[]
+	 */
+	const ALLOWED_ACRONYMS = array(
+		'wp',
+		'wc',
+	);
+
 	/**
 	 * Lists of trademarks that are allowed as 'for-whatever' ONLY.
 	 *
@@ -348,6 +361,17 @@ private function validate_name_has_no_trademarks( $plugin_name ) {
 				esc_html( $plugin_name ),
 				esc_html( trim( $check, '-' ) )
 			);
+		} elseif (
+			trim( $check, '-' ) === $check
+			&& in_array( $check, self::ALLOWED_ACRONYMS, true )
+		) {
+			// Trademarks that are allowed to use as an acronym.
+			$message = sprintf(
+				/* translators: 1: plugin slug, 2: found trademarked term */
+				__( 'The plugin name includes a restricted term. Your plugin name - "%1$s" - contains the restricted term "%2$s" which can be used , as long as you don\'t change it to the full name. For example: You can use WP but not WordPress.', 'plugin-check' ),
+				esc_html( $plugin_name ),
+				esc_html( trim( $check, '-' ) )
+			);
 		} elseif ( trim( $check, '-' ) === $check ) {
 			// Trademarks that do NOT end in "-" indicate slug cannot contain term at all.
 			$message = sprintf(
@@ -395,6 +419,17 @@ private function validate_slug_has_no_trademarks( $plugin_slug ) {
 				esc_html( $plugin_slug ),
 				esc_html( trim( $check, '-' ) )
 			);
+		} elseif (
+			trim( $check, '-' ) === $check
+			&& in_array( $check, self::ALLOWED_ACRONYMS, true )
+		) {
+			// Trademarks that are allowed to use with Acronym.
+			$message = sprintf(
+				/* translators: 1: plugin slug, 2: found trademarked term */
+				__( 'The plugin slug includes a restricted term. Your plugin slug - "%1$s" - contains the restricted term "%2$s" which can be used within the plugin slug, as long as you don\'t use the full name in the plugin name. For example: You can use WP but not WordPress.', 'plugin-check' ),
+				esc_html( $plugin_slug ),
+				esc_html( trim( $check, '-' ) )
+			);
 		} elseif ( trim( $check, '-' ) === $check ) {
 			// Trademarks that do NOT end in "-" indicate slug cannot contain term at all.
 			$message = sprintf(

includes/Checker/Checks/Security/Late_Escaping_Check.php

@@ -78,4 +78,41 @@ public function get_description(): string {
 	public function get_documentation_url(): string {
 		return __( 'https://developer.wordpress.org/apis/security/escaping/', 'plugin-check' );
 	}
+
+	/**
+	 * Amends the given result with a message for the specified file, including error information.
+	 *
+	 * @since 1.3.0
+	 *
+	 * @param Check_Result $result   The check result to amend, including the plugin context to check.
+	 * @param bool         $error    Whether it is an error or notice.
+	 * @param string       $message  Error message.
+	 * @param string       $code     Error code.
+	 * @param string       $file     Absolute path to the file where the issue was found.
+	 * @param int          $line     The line on which the message occurred. Default is 0 (unknown line).
+	 * @param int          $column   The column on which the message occurred. Default is 0 (unknown column).
+	 * @param string       $docs     URL for further information about the message.
+	 * @param int          $severity Severity level. Default is 5.
+	 */
+	protected function add_result_message_for_file( Check_Result $result, $error, $message, $code, $file, $line = 0, $column = 0, string $docs = '', $severity = 5 ) {
+		switch ( $code ) {
+			case 'WordPress.Security.EscapeOutput.OutputNotEscaped':
+				$docs = __( 'https://developer.wordpress.org/apis/security/escaping/#escaping-functions', 'plugin-check' );
+				break;
+
+			case 'WordPress.Security.EscapeOutput.UnsafePrintingFunction':
+				$docs = __( 'https://developer.wordpress.org/apis/security/escaping/#escaping-with-localization', 'plugin-check' );
+				break;
+
+			case 'WordPress.Security.EscapeOutput.UnsafeSearchQuery':
+				$docs = __( 'https://developer.wordpress.org/reference/functions/get_search_query/', 'plugin-check' );
+				break;
+
+			default:
+				$docs = __( 'https://developer.wordpress.org/apis/security/escaping/', 'plugin-check' );
+				break;
+		}
+
+		parent::add_result_message_for_file( $result, $error, $message, $code, $file, $line, $column, $docs, $severity );
+	}
 }