Do not flag localhost usage in comments
#278
Conversation
|
Thank you @nielslange, the code you are creating your Pull Request against is the new Codebase, and it wont be released on the plugin for a little bit so we cannot close the #267 using this PR unless the code you base your PR is from the Sorry for the confusion there. Now talking about the code, I wonder how much of a performance difference this particular approach has compared to the existing one? We need to consider that, since checks will run on plugins that are 10MB big. |
|
|
||
| foreach ( $php_files as $file ) { | ||
| $code = file_get_contents( $file ); | ||
| $tokens = token_get_all( $code ); |
There was a problem hiding this comment.
I think this would be the first sniff using token_get_all(). While it's probably fine, I wonder whether this could be covered by a dedicated PHPCS sniff that can detect disallowed strings more precisely. Maybe such a sniff already exists?
There was a problem hiding this comment.
Such dedicated PHPCS sniff does not exist. I suggested for such sniff here PHPCSStandards/PHPCSExtra#302 but it has been closed as this would too generalized and very difficult to maintain and support. So I believe PHPCS approach is no go this scenario.
There was a problem hiding this comment.
Thank you, @nielslange, for the pull request. I apologize for the delayed review. I have provided some feedback for your consideration.
In response to @swissspidy's feedback, I invested some time in attempting to identify the issue. However, rather than utilizing a "sniff", we can readily achieve the desired result through the code.
| } | ||
| } | ||
|
|
There was a problem hiding this comment.
Remove extra line.
| @@ -43,16 +43,31 @@ public function get_categories() { | |||
| */ | |||
| protected function check_files( Check_Result $result, array $files ) { | |||
There was a problem hiding this comment.
IMO we should update the code like below:
- Find all the files which have localhost/127.0.0.1 in code base.
- Run
token_get_allone filter files. - Check localhost/127.0.0.1 in tokens.
Code:
protected function check_files( Check_Result $result, array $files ) {
$php_files = self::filter_files_by_extension( $files, 'php' );
$file = self::file_preg_match( '#https?://(localhost|127.0.0.1)#', $php_files );
if ( $file ) {
$code = file_get_contents( $file );
$tokens = token_get_all( $code );
foreach ( $tokens as $token ) {
if ( is_array( $token ) ) {
if ( in_array( $token[0], array( T_COMMENT, T_DOC_COMMENT ), true ) ) {
continue;
}
if ( preg_match( '#https?://(localhost|127.0.0.1)#', $token[1] ) ) {
$result->add_message(
true,
__( 'Do not use Localhost/127.0.0.1 in your code.', 'plugin-check' ),
array(
'code' => 'localhost_code_detected',
'file' => $file,
)
);
break;
}
}
}
}
}
|
I used Before PR:
After PR:
|
|
While checking this PR, I found another issue. #362 |
swissspidy
changed the title
localhost usage in comments
|
I previously suggested using a dedicated PHPCS sniff for this, and I think https://github.com/WPTT/WPThemeReview/blob/15684d0852fe90d807c2ae7746dea1302b74b4bd/WPThemeReview/Sniffs/Privacy/ShortenedURLsSniff.php could be a great inspiration here. |
|
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message. To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
|
Since we are now adding custom sniff in PCP itself, I would also recommend to create custom sniff for this issue. Check will be more robust with sniff I believe. |
|
Yes, I'm agree with @ernilambar |
|
@nielslange Thanks for the PR and contribution. Closing this now as sniff approach looked more appropriate now. Closing in favor of #743 |
Description of the Change
In #267, @leoloso reported that the error "Do not use Localhost in your code" also gets triggered when the string "localhost" is used within a comment. This PR updates the corresponding regex to ignore the string "localhost" within comments.
Closes #267
How to test the Change
/wp-admin/tools.php?page=plugin-checkand check the helper plugin before applying this fix.Changelog Entry
Credits
Props @nielslange
Checklist: