[ANNOUNCEMENT] PHP_CodeSniffer-2.8.1 (stable) Released.

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[ANNOUNCEMENT] PHP_CodeSniffer-2.8.1 (stable) Released.

PEAR Announce
The new PEAR package PHP_CodeSniffer-2.8.1 (stable) has been released at http://pear.php.net/.

Release notes
- This release contains a fix for a security advisory related to the improper handling of shell commands
  -- Uses of shell_exec() and exec() were not escaping filenames and configuration settings in most cases
  -- A properly crafted filename or configuration option would allow for arbitrary code execution when using some features
  -- All users are encouraged to upgrade to this version, especially if you are checking 3rd-party code
     --- e.g., you run PHPCS over libraries that you did not write
     --- e.g., you provide a web service that runs PHPCS over user-uploaded files or 3rd-party repositories
     --- e.g., you allow external tool paths to be set by user-defined values
  -- If you are unable to upgrade but you check 3rd-party code, ensure you are not using the following features:
     --- The diff report
     --- The notify-send report
     --- The Generic.PHP.Syntax sniff
     --- The Generic.Debug.CSSLint sniff
     --- The Generic.Debug.ClosureLinter sniff
     --- The Generic.Debug.JSHint sniff
     --- The Squiz.Debug.JSLint sniff
     --- The Squiz.Debug.JavaScriptLint sniff
     --- The Zend.Debug.CodeAnalyzer sniff
  -- Thanks to Klaus Purer for the report

- The PHP-supplied T_COALESCE_EQUAL token has been replicated for PHP versions before 7.2
- PEAR.Functions.FunctionDeclaration now reports an error for blank lines found inside a function declaration
- PEAR.Functions.FunctionDeclaration no longer reports indent errors for blank lines in a function declaration
- Squiz.Functions.MultiLineFunctionDeclaration no longer reports errors for blank lines in a function declaration
  -- It would previously report that only one argument is allowed per line
- Squiz.Commenting.FunctionComment now corrects multi-line param comment padding more accurately
- Squiz.Commenting.FunctionComment now properly fixes pipe-separated param types
- Squiz.Commenting.FunctionComment now works correctly when function return types also contain a comment
  -- Thanks to Juliette Reinders Folmer for the patch
- Squiz.ControlStructures.InlineIfDeclaration now supports the elvis operator
  -- As this is not a real PHP operator, it enforces no spaces between ? and : when the THEN statement is empty
- Squiz.ControlStructures.InlineIfDeclaration is now able to fix the spacing errors it reports
- Fixed bug #1340 : STDIN file contents not being populated in some cases
  -- Thanks to David Biňovec for the patch
- Fixed bug #1344 : PEAR.Functions.FunctionCallSignatureSniff throws error for blank comment lines
- Fixed bug #1347 : PSR2.Methods.FunctionCallSignature strips some comments during fixing
  -- Thanks to Algirdas Gurevicius for the patch
- Fixed bug #1349 : Squiz.Strings.DoubleQuoteUsage.NotRequired message is badly formatted when string contains a CR newline char
  -- Thanks to Algirdas Gurevicius for the patch
- Fixed bug #1350 : Invalid Squiz.Formatting.OperatorBracket error when using namespaces
- Fixed bug #1369 : Empty line in multi-line function declaration cause infinite loop

Package Info
PHP_CodeSniffer is a set of two PHP scripts; the main phpcs script that tokenizes PHP, JavaScript and CSS files to detect violations of a defined coding standard, and a second phpcbf script to automatically correct coding standard violations. PHP_CodeSniffer is an essential development tool that ensures your code remains clean and consistent.

Related Links
Package home: http://pear.php.net/package/PHP_CodeSniffer
   Changelog: http://pear.php.net/package/PHP_CodeSniffer/download/2.8.1
    Download: http://download.pear.php.net/package/PHP_CodeSniffer-2.8.1.tgz

Greg Sherwood (lead)

PEAR General Mailing List (http://pear.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php