Merge pull request #358 from abrain/phpcs-more-wp-rules

Add more rules for phpcs

.phpcs.xml

@@ -113,4 +113,49 @@
     <rule ref="Universal.CodeAnalysis.StaticInFinalClass"/>
     <rule ref="Universal.ControlStructures.DisallowLonelyIf"/>
     <rule ref="Universal.Files.SeparateFunctionsFromOO"/>
+
+    <rule ref="WordPress.CodeAnalysis.EscapedNotTranslated"/>
+    <rule ref="WordPress.NamingConventions.ValidPostTypeSlug"/>
+
+    <rule ref="WordPress.PHP.DevelopmentFunctions"/>
+    <rule ref="WordPress.PHP.DiscouragedPHPFunctions"/>
+    <rule ref="WordPress.PHP.IniSet"/>
+    <rule ref="WordPress.PHP.PregQuoteDelimiter"/>
+
+    <rule ref="WordPress.Security.SafeRedirect"/>
+    <rule ref="WordPress.Security.PluginMenuSlug"/>
+
+    <rule ref="WordPress.WP.DeprecatedFunctions"/>
+    <rule ref="WordPress.WP.DeprecatedClasses"/>
+    <rule ref="WordPress.WP.DeprecatedParameters"/>
+    <rule ref="WordPress.WP.DeprecatedParameterValues"/>
+    <rule ref="WordPress.WP.AlternativeFunctions"/>
+    <rule ref="WordPress.WP.DiscouragedConstants"/>
+    <rule ref="WordPress.WP.DiscouragedFunctions"/>
+    <rule ref="WordPress.WP.EnqueuedResourceParameters"/>
+    <rule ref="WordPress.WP.CronInterval"/>
+    <rule ref="WordPress.WP.PostsPerPage"/>
+    <rule ref="WordPress.WP.EnqueuedResources"/>
+    <rule ref="WordPress.WP.GlobalVariablesOverride">
+        <exclude-pattern>tests/</exclude-pattern>
+    </rule>
+    <rule ref="WordPress.WP.Capabilities">
+        <properties>
+            <property name="custom_capabilities" type="array">
+                <element value="edit_einsatzbericht"/>
+                <element value="read_einsatzbericht"/>
+                <element value="delete_einsatzbericht"/>
+                <element value="edit_einsatzberichte"/>
+                <element value="edit_others_einsatzberichte"/>
+                <element value="publish_einsatzberichte"/>
+                <element value="read_private_einsatzberichte"/>
+                <element value="delete_einsatzberichte"/>
+                <element value="delete_private_einsatzberichte"/>
+                <element value="delete_published_einsatzberichte"/>
+                <element value="delete_others_einsatzberichte"/>
+                <element value="edit_private_einsatzberichte"/>
+                <element value="edit_published_einsatzbericht"/>
+            </property>
+        </properties>
+    </rule>
 </ruleset>

src/includes/Admin/Initializer.php

@@ -107,7 +107,8 @@ public function enqueueEditScripts($hook)
                 'einsatzverwaltung-edit-script',
                 Core::$scriptUrl . 'einsatzverwaltung-edit.js',
                 array('jquery', 'jquery-ui-autocomplete', 'wp-i18n'),
-                Core::VERSION
+                Core::VERSION,
+                true
             );
             wp_localize_script(
                 'einsatzverwaltung-edit-script',
@@ -126,7 +127,8 @@ public function enqueueEditScripts($hook)
                 'einsatzverwaltung-settings-script',
                 Core::$scriptUrl . 'einsatzverwaltung-settings.js',
                 array('jquery-ui-draggable', 'jquery-ui-droppable', 'jquery-ui-sortable'),
-                Core::VERSION
+                Core::VERSION,
+                true
             );
         } elseif ('edit.php' == $hook) {
             $screen = get_current_screen();
@@ -135,7 +137,7 @@ public function enqueueEditScripts($hook)
                     'einsatzverwaltung-report-list-table',
                     Core::$scriptUrl . 'report-list-table.js',
                     false,
-                    null,
+                    Core::VERSION,
                     true
                 );
             }
@@ -169,7 +171,8 @@ public function enqueueEditScripts($hook)
             'einsatzverwaltung-admin-script',
             Core::$scriptUrl . 'einsatzverwaltung-admin.js',
             array('wp-color-picker'),
-            Core::VERSION
+            Core::VERSION,
+            true
         );
         wp_enqueue_style('wp-color-picker');
     }

src/includes/Core.php

@@ -7,7 +7,6 @@
 use abrain\Einsatzverwaltung\Util\Formatter;
 use function add_action;
 use function add_option;
-use function error_log;
 use function get_option;
 use function plugin_basename;
 use function plugin_dir_url;
@@ -107,7 +106,7 @@ private function __construct()
     public function addHooks()
     {
         if (empty($this->pluginFile)) {
-            error_log('einsatzverwaltung: Plugin file has not been set via setPluginFile()');
+            wp_trigger_error(__FUNCTION__, 'Plugin file has not been set via setPluginFile()', E_USER_WARNING);
             return;
         }
 
@@ -225,7 +224,11 @@ private function maybeUpdate()
         $update = new Update();
         $updateResult = $update->doUpdate($currentDbVersion, self::DB_VERSION);
         if (is_wp_error($updateResult)) {
-            error_log("Das Datenbank-Upgrade wurde mit folgendem Fehler beendet: {$updateResult->get_error_message()}");
+            wp_trigger_error(
+                __FUNCTION__,
+                'The database upgrade was terminated with the following error: ' . $updateResult->get_error_message(),
+                E_USER_WARNING
+            );
         }
     }
 

src/includes/Data.php

@@ -15,7 +15,6 @@
 use function current_user_can;
 use function defined;
 use function delete_post_meta;
-use function error_log;
 use function filter_input;
 use function get_post_meta;
 use function get_post_type;
@@ -286,7 +285,7 @@ private function adjustPostDate(WP_Post $post)
         $updateArgs['post_date_gmt'] = get_gmt_from_date($updateArgs['post_date']);
         $updateResult = wp_update_post($updateArgs);
         if (is_wp_error($updateResult)) {
-            error_log($updateResult->get_error_message());
+            wp_trigger_error(__FUNCTION__, 'Error updating post date: ' . $updateResult->get_error_message(), E_USER_WARNING);
         }
 
         // Zwischenspeicher wird nur in der Entwurfsphase benötigt

src/includes/Export/Formats/Csv.php

@@ -1,6 +1,8 @@
 <?php
 namespace abrain\Einsatzverwaltung\Export\Formats;
 
+// phpcs:disable WordPress.WP.AlternativeFunctions
+
 /**
  * Exportiert Einsatzberichte in eine CSV-Datei.
  *

src/includes/Export/Formats/Json.php

@@ -1,6 +1,8 @@
 <?php
 namespace abrain\Einsatzverwaltung\Export\Formats;
 
+// phpcs:disable WordPress.WP.AlternativeFunctions
+
 /**
  * Exportiert Einsatzberichte in eine JSON-Datei.
  *

src/includes/Export/Page.php

@@ -48,7 +48,8 @@ public function enqueueAdminScripts($hook)
             'einsatzverwaltung-export',
             Core::$scriptUrl . 'export.js',
             array('jquery'),
-            Core::VERSION
+            Core::VERSION,
+            true
         );
     }
 

src/includes/Frontend.php

@@ -100,7 +100,7 @@ public function enqueueStyleAndScripts()
             Core::VERSION
         );
         wp_add_inline_style('einsatzverwaltung-frontend', ReportListRenderer::getDynamicCss());
-        wp_enqueue_script('einsatzverwaltung-reportlist', Core::$scriptUrl . 'reportlist.js');
+        wp_enqueue_script('einsatzverwaltung-reportlist', Core::$scriptUrl . 'reportlist.js', [], Core::VERSION, true);
     }
 
     /**

src/includes/Import/Sources/Csv.php

@@ -3,6 +3,8 @@
 
 use abrain\Einsatzverwaltung\Utilities;
 
+// phpcs:disable WordPress.WP.AlternativeFunctions
+
 /**
  * Importiert Einsatzberichte aus einer CSV-Datei
  */

src/includes/Model/IncidentReport.php

@@ -7,6 +7,7 @@
 use abrain\Einsatzverwaltung\Types\Vehicle;
 use abrain\Einsatzverwaltung\Utilities;
 use DateTime;
+use Exception;
 use WP_Post;
 use WP_Term;
 use function array_filter;
@@ -15,7 +16,6 @@
 use function array_map;
 use function get_post;
 use function get_post_type;
-use function error_log;
 use function get_the_terms;
 use function in_array;
 use function intval;
@@ -42,6 +42,7 @@ class IncidentReport
      * IncidentReport constructor.
      *
      * @param int|WP_Post $post
+     * @throws Exception
      */
     public function __construct($post = null)
     {
@@ -50,8 +51,7 @@ public function __construct($post = null)
         }
 
         if (get_post_type($post) !== 'einsatz') {
-            error_log('The given post object is not an incident report'); // TODO throw exception
-            return;
+            throw new Exception('The given post object is not an incident report');
         }
 
         $this->post = get_post($post);

src/includes/Options.php

@@ -35,7 +35,7 @@ public function getOption(string $key)
 
         // Fehlenden Standardwert beklagen, außer es handelt sich um eine Rechteeinstellung
         if (strpos($key, 'einsatzvw_cap_roles_') !== 0) {
-            error_log(sprintf('Kein Standardwert für %s gefunden!', $key));
+            wp_trigger_error(__FUNCTION__, sprintf('Did not find default value for option %s', $key), E_USER_WARNING);
         }
 
         return get_option($key, false);

src/includes/Settings/MainPage.php

@@ -20,9 +20,9 @@
 use function get_permalink;
 use function get_post_type_archive_link;
 use function home_url;
-use function parse_url;
 use function str_replace;
 use function strpos;
+use function wp_parse_url;
 use const PHP_URL_PATH;
 
 /**
@@ -93,27 +93,22 @@ public function addToSettingsMenu()
     public function echoSettingsPage()
     {
         if (!current_user_can('manage_options')) {
-            wp_die(__('You do not have sufficient permissions to manage options for this site.', 'einsatzverwaltung'));
+            wp_die(esc_html__('You do not have sufficient permissions to manage options for this site.', 'einsatzverwaltung'));
         }
 
-        echo '<div class="wrap">';
-        printf('<h1>%s &rsaquo; Einsatzverwaltung</h1>', __('Settings', 'einsatzverwaltung'));
+        $heading = sprintf('%s &rsaquo; Einsatzverwaltung', __('Settings', 'einsatzverwaltung'));
+        echo '<div class="wrap"><h1>' . esc_html($heading) . '</h1>';
 
         // Check if any page uses the same permalink as the archive
         $conflictingPage = $this->getConflictingPage();
         if ($conflictingPage instanceof WP_Post) {
-            $pageEditLink = sprintf(
-                '<a href="%1$s">%2$s</a>',
-                esc_url(get_edit_post_link($conflictingPage->ID)),
-                esc_html($conflictingPage->post_title)
-            );
             $message = sprintf(
-                // translators: 1: title of the page, 2: URL
-                esc_html__('The page %1$s uses the same permalink as the archive (%2$s). Please change the permalink of the page.', 'einsatzverwaltung'),
-                $pageEditLink,
-                sprintf('<code>%s</code>', esc_html(get_permalink($conflictingPage)))
+                // translators: 1: title of the page, 2: page ID, 3: URL
+                __('The page "%1$s" uses the same permalink as the archive (%2$s). Please change the permalink of the page.', 'einsatzverwaltung'),
+                $conflictingPage->post_title,
+                get_permalink($conflictingPage)
             );
-            printf('<div class="error"><p>%s</p></div>', $message);
+            printf('<div class="error"><p>%s</p></div>', esc_html($message));
         }
 
         $currentSubPage = $this->getCurrentSubPage();
@@ -127,17 +122,20 @@ public function echoSettingsPage()
         );
         foreach ($this->subPages as $subPage) {
             if ($this->isCurrentSubPage($subPage)) {
-                $format = '<a href="?page=%s&tab=%s" class="%s" aria-current="page">%s</a>';
+                printf(
+                    '<a href="%s" class="%s" aria-current="page">%s</a>',
+                    esc_url(sprintf("?page=%s&tab=%s", self::EVW_SETTINGS_SLUG, $subPage->identifier)),
+                    "nav-tab nav-tab-active",
+                    esc_html($subPage->title)
+                );
             } else {
-                $format = '<a href="?page=%s&tab=%s" class="%s">%s</a>';
+                printf(
+                    '<a href="%s" class="%s">%s</a>',
+                    esc_url(sprintf("?page=%s&tab=%s", self::EVW_SETTINGS_SLUG, $subPage->identifier)),
+                    "nav-tab",
+                    esc_html($subPage->title)
+                );
             }
-            printf(
-                $format,
-                self::EVW_SETTINGS_SLUG,
-                $subPage->identifier,
-                $this->isCurrentSubPage($subPage) ? "nav-tab nav-tab-active" : "nav-tab",
-                esc_html($subPage->title)
-            );
         }
         echo '</nav>';
 
@@ -167,7 +165,7 @@ private function getConflictingPage(): ?WP_Post
         if (strpos($reportArchiveUrl, $homeUrl) === 0) {
             $reportArchivePath = str_replace($homeUrl, '', $reportArchiveUrl);
         } else {
-            $reportArchivePath = parse_url($reportArchiveUrl, PHP_URL_PATH);
+            $reportArchivePath = wp_parse_url($reportArchiveUrl, PHP_URL_PATH);
         }
 
         return get_page_by_path($reportArchivePath);

src/includes/Settings/Pages/About.php

@@ -46,7 +46,7 @@ public function echoStaticContent()
         <p>
             Bei Problembeschreibungen helfen mir die folgenden Angaben bei der Eingrenzung der Ursache:
             <code>
-                <?php printf('Plugin: %s, WordPress: %s, PHP: %s', Core::VERSION, get_bloginfo('version'), phpversion()); ?>
+                <?php printf('Plugin: %s, WordPress: %s, PHP: %s', esc_html(Core::VERSION), esc_html(get_bloginfo('version')), esc_html(phpversion())); ?>
             </code>
         </p>
 

src/includes/Settings/Pages/Advanced.php

@@ -93,17 +93,8 @@ public function addSettingsSections()
             function () {
                 global $wp_rewrite;
                 if ($wp_rewrite->using_permalinks() === false) {
-                    echo '<p style="">';
-                    printf('<strong>%s</strong> ', esc_html(__('Note:', 'einsatzverwaltung')));
-                    printf(
-                        // Translators: %s: permalinks
-                        __('These settings currently have no effect, as WordPress uses plain %s', 'einsatzverwaltung'),
-                        sprintf(
-                            '<a href="%s">%s</a>',
-                            admin_url('options-permalink.php'),
-                            __('permalinks', 'einsatzverwaltung')
-                        )
-                    );
+                    printf('<p class="notice notice-warning"><strong>%s</strong> ', esc_html__('Note:', 'einsatzverwaltung'));
+                    esc_html_e('These settings currently have no effect, as WordPress uses plain permalinks', 'einsatzverwaltung');
                     echo '</p>';
                 }
                 printf(
@@ -187,7 +178,7 @@ public function echoFieldCoreFeatures()
         );
         printf(
             '<p class="description">%s</p>',
-            __('You can activate these features of Posts also for Incident Reports.', 'einsatzverwaltung')
+            esc_html__('You can activate these features of Posts also for Incident Reports.', 'einsatzverwaltung')
         );
         echo '</fieldset>';
     }

src/includes/Settings/Pages/Numbers.php

@@ -69,7 +69,7 @@ public function echoFieldAuto()
         );
         printf(
             '<p class="description">%s</p>',
-            __('If deactivated, incident numbers can be maintained manually.', 'einsatzverwaltung')
+            esc_html__('If deactivated, incident numbers can be maintained manually.', 'einsatzverwaltung')
         );
     }
 
@@ -84,7 +84,7 @@ public function echoFieldDigits()
         echo '</fieldset>';
         printf(
             '<p class="description">%s</p>',
-            __('The sequential number gets padded with leading zeros until it has this length.', 'einsatzverwaltung')
+            esc_html__('The sequential number gets padded with leading zeros until it has this length.', 'einsatzverwaltung')
         );
     }
 
@@ -96,7 +96,7 @@ public function echoFieldOrder()
         );
         printf(
             '<p class="description">%s</p>',
-            __('By default, the year comes before the sequential number. Activate this option to reverse the order.', 'einsatzverwaltung')
+            esc_html__('By default, the year comes before the sequential number. Activate this option to reverse the order.', 'einsatzverwaltung')
         );
     }
 
@@ -111,7 +111,7 @@ public function echoFieldSeparator()
         echo '</fieldset>';
         printf(
             '<p class="description">%s</p>',
-            __('This character separates the year and the sequential number.', 'einsatzverwaltung')
+            esc_html__('This character separates the year and the sequential number.', 'einsatzverwaltung')
         );
     }
 

src/includes/Settings/Pages/Report.php

@@ -173,7 +173,7 @@ public function echoFieldReportTemplate()
         echo '<fieldset>';
         $this->echoRadioButtons('einsatzverwaltung_use_reporttemplate', $this->useReportTemplateOptions, 'no');
         echo '<p class="description">';
-        printf('Die Option &quot;%s&quot; wird nicht empfohlen, ist aber bei manchen Themes die einzige M&ouml;glichkeit, das Template in &Uuml;bersichten nutzen zu k&ouml;nnen.', $this->useReportTemplateOptions['everywhere']['label']);
+        printf('Die Option &quot;%s&quot; wird nicht empfohlen, ist aber bei manchen Themes die einzige M&ouml;glichkeit, das Template in &Uuml;bersichten nutzen zu k&ouml;nnen.', esc_html($this->useReportTemplateOptions['everywhere']['label']));
         echo '</p>';
         $this->echoTextarea('einsatzverwaltung_reporttemplate');
         echo '<p class="description">Es kann sein, dass das Theme in &Uuml;bersichten nur den Auszug anzeigt. Dessen Aussehen kann mit einem eigenen Template festgelegt werden (siehe unten).</p>';