Releases: PHPCSStandards/PHP_CodeSniffer
3.3.0 - 2018-06-07
Deprecations
Squiz.WhiteSpace.LanguageConstructSpacing Sniff
The Squiz.WhiteSpace.LanguageConstructSpacing
sniff has been deprecated and will be removed in version 4.
The sniff has been moved to the Generic standard, with a new code of Generic.WhiteSpace.LanguageConstructSpacing
. The new Generic sniff now also checks many more language constructs to enforce additional spacing rules. The existing Squiz sniff will continue to work until version 4 has been released. Thanks to Mponos George for the contribution.
As soon as possible, replace all instances of the old sniff code with the new sniff code in your ruleset.xml files.
Setting Array Properties
The current method for setting array properties in ruleset files has been deprecated and will be removed in version 4.
Currently, setting an array value uses the string syntax print=>echo,create_function=>null
. Now, individual array elements are specified using a new element
tag with key
and value
attributes.
For example, the following array of forbidden functions:
<property name="forbiddenFunctions" type="array" value="sizeof=>count,delete=>unset,print=>echo,is_null=>null,create_function=>null"/>
Will be rewritten using this format:
<property name="forbiddenFunctions" type="array">
<element key="sizeof" value="count"/>
<element key="delete" value="unset"/>
<element key="print" value="echo"/>
<element key="is_null" value="null"/>
<element key="create_function" value="null"/>
</property>
Thanks to Michał Bundyra for the patch.
T_ARRAY_HINT Token
The T_ARRAY_HINT
token has been deprecated and will be removed in version 4.
The token was used to ensure array type hints were not tokenized as T_ARRAY
, but no other type hints were given a special token. Array type hints now use the standard T_STRING
token instead.
Sniffs referencing this token type will continue to run without error until version 4, but will not find any T_ARRAY_HINT
tokens.
T_RETURN_TYPE Token
The T_RETURN_TYPE token has been deprecated and will be removed in version 4.
The token was used to ensure array/self/parent/callable return types were tokenized consistently. But for namespaced return types, only the last part of the string (the class name) was tokenized as T_RETURN_TYPE
. This was not consistent and so return types are now left using their original token types so they are not skipped by sniffs. The exception are array return types, which are tokenized as T_STRING
instead of T_ARRAY
, as they are used for type hints.
Sniffs referencing this token type will continue to run without error until version 4, but will not find any T_RETUTN_TYPE
tokens.
To get the return type of a function, use the File::getMethodProperties()
method, which now contains a return_type
array index. This index contains the return type of the function or closer, or a blank string if not specified. If the return type is nullable, the return type will contain the leading ?
and a nullable_return_type
array index in the return value will also be set to true
. If the return type contains namespace information, it will be cleaned of whitespace and comments. To access the original return value string, use the main tokens array.
PSR-12 Standard In-Progress
This release contains an incomplete version of the PSR-12 coding standard. Errors found using this standard should be valid, but it will miss a lot of violations until it is complete. If you'd like to test and help, you can use the standard by running PHPCS with --standard=PSR12
Other Changes
- Config values set using --runtime-set now override any config values set in rulesets or the CodeSniffer.conf file
- You can now apply include-pattern rules to individual message codes in a ruleset like you can with exclude-pattern rules
- Previously, include-pattern rules only applied to entire sniffs
- If a message code has both include and exclude patterns, the exclude patterns will be ignored
- Using PHPCS annotations to selectively re-enable sniffs is now more flexible
- Previously, you could only re-enable a sniff/category/standard using the exact same code that was disabled
- Now, you can disable a standard and only re-enable a specific category or sniff
- Or, you can disable a specific sniff and have it re-enable when you re-enable the category or standard
- The value of array sniff properties can now be set using phpcs:set annotations
- e.g., phpcs:set Standard.Category.SniffName property[] key=>value,key2=>value2
- Thanks to Michał Bundyra for the patch
- PHPCS annotations now remain as T_PHPCS_* tokens instead of reverting to comment tokens when --ignore-annotations is used
- This stops sniffs (especially commenting sniffs) from generating a large number of false errors when ignoring
- Any custom sniffs that are using the T_PHPCS_* tokens to detect annotations may need to be changed to ignore them
- Check $phpcsFile->config->annotations to see if annotations are enabled and ignore when false
- You can now use fully or partially qualified class names for custom reports instead of absolute file paths
- To support this, you must specify an autoload file in your ruleset.xml file and use it to register an autoloader
- Your autoloader will need to load your custom report class when requested
- Thanks to Juliette Reinders Folmer for the patch
- The JSON report format now does escaping in error source codes as well as error messages
- Thanks to Martin Vasel for the patch
- Invalid installed_paths values are now ignored instead of causing a fatal error
- Improved testability of custom rulesets by allowing the installed standards to be overridden
- Thanks to Timo Schinkel for the patch
- The key used for caching PHPCS runs now includes all set config values
- This fixes a problem where changing config values (e.g., via --runtime-set) used an incorrect cache file
- The "Function opening brace placement" metric has been separated into function and closure metrics in the info report
- Closures are no longer included in the "Function opening brace placement" metric
- A new "Closure opening brace placement" metric now shows information for closures
- Multi-line T_YIELD_FROM statements are now replicated properly for older PHP versions
- The PSR2 standard no longer produces 2 error messages when the AS keyword in a foreach loop is not lowercase
- Specifying a path to a non-existent dir when using the --report-[reportType]=/path/to/report CLI option no longer throws an exception
- This now prints a readable error message, as it does when using --report-file
- The File::getMethodParamaters() method now includes a type_hint_token array index in the return value
- Provides the position in the token stack of the first token in the type hint
- The File::getMethodProperties() method now includes a return_type_token array index in the return value
- Provides the position in the token stack of the first token in the return type
- The File::getTokensAsString() method can now optionally return original (non tab-replaced) content
- Thanks to Juliette Reinders Folmer for the patch
- Removed Squiz.PHP.DisallowObEndFlush from the Squiz standard
- If you use this sniff and want to continue banning ob_end_flush(), use Generic.PHP.ForbiddenFunctions instead
- You will need to set the forbiddenFunctions property in your ruleset.xml file
- Removed Squiz.PHP.ForbiddenFunctions from the Squiz standard
- Replaced by using the forbiddenFunctions property of Generic.PHP.ForbiddenFunctions in the Squiz ruleset.xml
- Functionality of the Squiz standard remains the same, but the error codes are now different
- Previously, Squiz.PHP.ForbiddenFunctions.Found and Squiz.PHP.ForbiddenFunctions.FoundWithAlternative
- Now, Generic.PHP.ForbiddenFunctions.Found and Generic.PHP.ForbiddenFunctions.FoundWithAlternative
- Added new Generic.PHP.LowerCaseType sniff
- Ensures PHP types used for type hints, return types, and type casting are lowercase
- Thanks to Juliette Reinders Folmer for the contribution
- Added new Generic.WhiteSpace.ArbitraryParenthesesSpacing sniff
- Generates an error for whitespace inside parenthesis that don't belong to a function call/declaration or control structure
- Generates a warning for any empty parenthesis found
- Allows the required spacing to be set using the spacing sniff property (default is 0)
- Allows newlines to be used by setting the ignoreNewlines sniff property (default is false)
- Thanks to Juliette Reinders Folmer for the contribution
- Added new PSR12.Classes.ClassInstantiation sniff
- Ensures parenthesis are used when instantiating a new class
- Added new PSR12.Keywords.ShortFormTypeKeywords sniff
- Ensures the short form of PHP types is used when type casting
- Added new PSR12.Namespaces.CompundNamespaceDepth sniff
- Ensures compound namespace use statements have a max depth of 2 levels
- The max depth can be changed by setting the 'maxDepth' sniff property in a ruleset.xml file
- Added new PSR12.Operators.OperatorSpacing sniff
- Ensures operators are preceded and followed by at least 1 space
- Improved core support for grouped property declarations
- Also improves support in Squiz.WhiteSpace.ScopeKeywordSpacing and Squiz.WhiteSpace.MemberVarSpacing
- Thanks to Juliette Reinders Folmer for the patch
- Generic.Commenting.DocComment now produces a NonParamGroup error when tags are mixed in with the
@param
tag group- It would previously throw either a NonParamGroup or ParamGroup error depending on the order of tags
- This change allows the NonParamGroup error to be suppressed in a ruleset to allow the
@param
group to contain other tags - Thanks to Phil Davis f...
3.2.3 - 2018-02-20
- The new
phpcs:
comment syntax can now be prefixed with an at symbol (@phpcs:
)- This restores the behaviour of the previous syntax where these comments are ignored by doc generators
- The current PHP version ID is now used to generate cache files
- This ensures that only cache files generated by the current PHP version are selected
- This change fixes caching issues when using sniffs that produce errors based on the current PHP version
- A new
Tokens::$phpcsCommentTokens
array is now available for sniff developers to detectphpcs:
comment syntax- Thanks to Juliette Reinders Folmer for the patch
- Error message codes generated by
Generic.CodeAnalysis.EmptyStatement
are no longer all-uppercase- For example
Generic.CodeAnalysis.EmptyStatement.DetectedCATCH
becomesGeneric.CodeAnalysis.EmptyStatement.DetectedCatch
- For example
- The
PEAR.Commenting.FunctionComment.Missing
error message now includes the name of the function- Thanks to Yorman Arias for the patch
- The
PEAR.Commenting.ClassComment.Missing
andSquiz.Commenting.ClassComment.Missing
error messages now include the name of the class- Thanks to Yorman Arias for the patch
PEAR.Functions.FunctionCallSignature
now only forces alignment at a specific tab stop while fixing- It was enforcing this during checking, but this meant invalid errors if the OpeningIndent message was being muted
- This fixes incorrect errors when using the PSR2 standard with some code blocks
Generic.Files.LineLength
now ignores lines that only containphpcs:
annotation comments- Thanks to Juliette Reinders Folmer for the patch
Generic.Formatting.MultipleStatementAlignment
now skips over arrays containing comments- Thanks to Juliette Reinders Folmer for the patch
Generic.PHP.Syntax
now forcesdisplay_errors
toON
when linting- Thanks to Raúl Arellano for the patch
PSR2.Namespaces.UseDeclaration
has improved syntax error handling and closure detection- Thanks to Juliette Reinders Folmer for the patch
Squiz.PHP.CommentedOutCode
now has improved comment block detection for improved accuracy- Thanks to Juliette Reinders Folmer for the patch
Squiz.PHP.NonExecutableCode
could fatal error while fixing file with syntax errorSquiz.PHP.NonExecutableCode
now detects unreachable code after a goto statement- Thanks to Juliette Reinders Folmer for the patch
Squiz.WhiteSpace.LanguageConstructSpacing
has improved syntax error handling while fixing- Thanks to Juliette Reinders Folmer for the patch
- Improved
phpcs:
annotation syntax handling for a number of sniffs- Thanks to Juliette Reinders Folmer for the patch
- Improved auto-fixing of files with incomplete comment blocks for various commenting sniffs
- Thanks to Juliette Reinders Folmer for the patch
- Fixed test suite compatibility with PHPUnit 7
- Fixed bug #1793 : PSR2 forcing exact indent for function call opening statements
- Fixed bug #1803 : Squiz.WhiteSpace.ScopeKeywordSpacing removes member var name while fixing if no space after scope keyword
- Fixed bug #1817 : Blank line not enforced after control structure if comment on same line as closing brace
- Fixed bug #1827 : A phpcs:enable comment is not tokenized correctly if it is outside a phpcs:disable block
- Thanks to Juliette Reinders Folmer for the patch
- Fixed bug #1828 : Squiz.WhiteSpace.SuperfluousWhiteSpace ignoreBlankLines property ignores whitespace after single line comments
- Thanks to Juliette Reinders Folmer for the patch
- Fixed bug #1840 : When a comment has too many asterisks, phpcbf gives FAILED TO FIX error
- Fixed bug #1867 : Cant use phpcs:ignore where the next line is HTML
- Fixed bug #1870 : Invalid warning in multiple assignments alignment with closure or anon class
- Fixed bug #1890 : Incorrect Squiz.WhiteSpace.ControlStructureSpacing.NoLineAfterClose error between catch and finally statements
- Fixed bug #1891 : Comment on last USE statement causes false positive for PSR2.Namespaces.UseDeclaration.SpaceAfterLastUse
- Thanks to Matt Coleman, Daniel Hensby, and Juliette Reinders Folmer for the patch
- Fixed bug #1901 : Fixed PHPCS annotations in multi-line tab-indented comments + not ignoring whole line for phpcs:set
- Thanks to Juliette Reinders Folmer for the patch
3.2.2 - 2017-12-19
- Disabled STDIN detection on Windows
- This fixes a problem with IDE plugins (e.g., PHPStorm) hanging on Windows
3.2.1 - 2017-12-18
- Fixed problems with some scripts and plugins waiting for STDIN
- This was a notable problem with IDE plugins (e.g., PHPStorm) and build systems
- Empty diffs are no longer followed by a newline character (request #1781)
Generic.Functions.OpeningFunctionBraceKernighanRitchie
no longer complains when the open brace is followed by a close tag- This makes the sniff more useful when used in templates
- Thanks to Joseph Zidell for the patch
- Fixed bug #1782 : Incorrect detection of operator in ternary + anonymous function
3.2.0 - 2017-12-12
Comment Syntax Changes
This release deprecates the @codingStandards
comment syntax used for sending commands to PHP_CodeSniffer. The existing syntax will continue to work in all version 3 releases, but will be removed in version 4
The comment formats have been replaced by a shorter syntax:
@codingStandardsIgnoreFile
becomesphpcs:ignoreFile
@codingStandardsIgnoreStart
becomesphpcs:disable
@codingStandardsIgnoreEnd
becomesphpcs:enable
@codingStandardsIgnoreLine
becomesphpcs:ignore
@codingStandardsChangeSetting
becomesphpcs:set
The new syntax allows for additional developer comments to be added after a --
separator. This is useful for describing why a code block is being ignored, or why a setting is being changed. E.g., // phpcs:disable -- This code block must be left as-is.
Comments using the new syntax are assigned new comment token types to allow them to be detected:
phpcs:ignoreFile
has the tokenT_PHPCS_IGNORE_FILE
phpcs:disable
has the tokenT_PHPCS_DISABLE
phpcs:enable
has the tokenT_PHPCS_ENABLE
phpcs:ignore
has the tokenT_PHPCS_IGNORE
phpcs:set
has the tokenT_PHPCS_SET
Other Changes
- The
phpcs:disable
andphpcs:ignore
comments can now selectively ignore specific sniffs (request #604)- E.g.,
// phpcs:disable Generic.Commenting.Todo.Found
for a specific message - E.g.,
// phpcs:disable Generic.Commenting.Todo
for a whole sniff - E.g.,
// phpcs:disable Generic.Commenting
for a whole category of sniffs - E.g.,
// phpcs:disable Generic
for a whole standard - Multiple sniff codes can be specified by comma separating them
- E.g.,
// phpcs:disable Generic.Commenting.Todo,PSR1.Files
- E.g.,
- E.g.,
@codingStandardsIgnoreLine
comments now only ignore the following line if they are on a line by themselves- If they are at the end of an existing line, they will only ignore the line they are on
- Stops some lines from accidentally being ignored
- Same rule applies for the new phpcs:ignore comment syntax
PSR1.Files.SideEffects
now respects the newphpcs:disable
comment syntax- The sniff will no longer check any code that is between
phpcs:disable
andphpcs:enable
comments - The sniff does not support
phpcs:ignore
; you must wrap code structures with disable/enable comments - Previously, there was no way to have this sniff ignore parts of a file
- The sniff will no longer check any code that is between
- Fixed a problem where PHPCS would sometimes hang waiting for STDIN, or read incomplete versions of large files
- Thanks to Arne Jørgensen for the patch
- Array properties specified in ruleset files now have their keys and values trimmed
- This saves having to do this in individual sniffs and stops errors introduced by whitespace in rulesets
- Thanks to Juliette Reinders Folmer for the patch
- Added
phpcs.xsd
to allow validation of ruleset XML files- Thanks to Renaat De Muynck for the contribution
- File paths specified using
--stdin-path
can now point to fake file locations (request #1488)- Previously, STDIN files using fake file paths were excluded from checking
- Setting an empty basepath (
--basepath=
) on the CLI will now clear a basepath set directly in a ruleset- Thanks to Xaver Loppenstedt for the patch
- Ignore patterns are now checked on symlink target paths instead of symlink source paths
- Restores previous behaviour of this feature
- Metrics were being double counted when multiple sniffs were recording the same metric
- Added support for bash process substitution
- Thanks to Scott Dutton for the contribution
- Files included in the cache file code hash are now sorted to aid in cache file reuse across servers
- Windows BAT files can now be used outside a PEAR install
- You must have the path to PHP set in your PATH environment variable
- Thanks to Joris Debonnet for the patch
- The JS unsigned right shift assignment operator is now properly classified as an assignment operator
- Thanks to Juliette Reinders Folmer for the patch
- The
AbstractVariableSniff
abstract sniff now supports anonymous classes and nested functions- Also fixes an issue with
Squiz.Scope.MemberVarScope
where member vars of anonymous classes were not being checked
- Also fixes an issue with
- Added
AbstractArraySniff
to make it easier to create sniffs that check array formatting- Allows for checking of single and multi line arrays easily
- Provides a parsed structure of the array including positions of keys, values, and double arrows
- Added
Generic.Arrays.ArrayIndent
to enforce a single tab stop indent for array keys in multi-line arrays- Also ensures the close brace is on a new line and indented to the same level as the original statement
- Allows for the indent size to be set using an
indent
property of the sniff
- Added
Generic.PHP.DiscourageGoto
to warn about the use of the GOTO language construct- Thanks to Juliette Reinders Folmer for the contribution
Generic.Debug.ClosureLinter
was not running thegjslint
command- Thanks to Michał Bundyra for the patch
Generic.WhiteSpace.DisallowSpaceIndent
now fixes space indents in multi-line block comments- Thanks to Juliette Reinders Folmer for the patch
Generic.WhiteSpace.DisallowSpaceIndent
now fixes mixed space/tab indents more accurately- Thanks to Juliette Reinders Folmer for the patch
Generic.WhiteSpace.DisallowTabIndent
now fixes tab indents in multi-line block comments- Thanks to Juliette Reinders Folmer for the patch
PEAR.Functions.FunctionDeclaration
no longer errors when a function declaration is the first content in a JS file- Thanks to Juliette Reinders Folmer for the patch
PEAR.Functions.FunctionCallSignature
now requires the function name to be indented to an exact tab stop- If the function name is not the start of the statement, the opening statement must be indented correctly instead
- Added a new fixable error code
PEAR.Functions.FunctionCallSignature.OpeningIndent
for this error
Squiz.Functions.FunctionDeclarationArgumentSpacing
is no longer confused about comments in function declarations- Thanks to Juliette Reinders Folmer for the patch
Squiz.PHP.NonExecutableCode
error messages now indicate which line the code block ending is on- Makes it easier to identify where the code block exited or returned
- Thanks to Juliette Reinders Folmer for the patch
Squiz.Commenting.FunctionComment
now supports nullable type hintsSquiz.Commenting.FunctionCommentThrowTag
no longer assigns throw tags inside anon classes to the enclosing functionSquiz.WhiteSpace.SemicolonSpacing
now ignores semicolons used for empty statements inside FOR conditions- Thanks to Juliette Reinders Folmer for the patch
Squiz.ControlStructures.ControlSignature
now allows configuring the number of spaces before the colon in alternative syntax- Override the
requiredSpacesBeforeColon
setting in a ruleset.xml file to change - Default remains at
1
- Thanks to Nikola Kovacs for the patch
- Override the
- The Squiz standard now ensures array keys are indented 4 spaces from the main statement
- Previously, this standard aligned keys 1 space from the start of the array keyword
- The Squiz standard now ensures array end braces are aligned with the main statement
- Previously, this standard aligned the close brace with the start of the array keyword
- The standard for PHP_CodeSniffer itself now enforces short array syntax
- The standard for PHP_CodeSniffer itself now uses the Generic.Arrays/ArrayIndent sniff rules
- Improved fixer conflicts and syntax error handling for a number of sniffs
- Thanks to Juliette Reinders Folmer for the patch
- Fixed bug #1462 : Error processing cyrillic strings in Tokenizer
- Fixed bug #1573 : Squiz.WhiteSpace.LanguageConstructSpacing does not properly check for tabs and newlines
- Thanks to Michał Bundyra for the patch
- Fixed bug #1590 : InlineControlStructure CBF issue while adding braces to an if thats returning a nested function
- Fixed bug #1718 : Unclosed strings at EOF sometimes tokenized as T_WHITESPACE by the JS tokenizer
- Fixed bug #1731 : Directory exclusions do not work as expected when a single file name is passed to phpcs
- Fixed bug #1737 : Squiz.CSS.EmptyStyleDefinition sees comment as style definition and fails to report error
- Fixed bug #1746 : Very large reports can sometimes become garbled when using the parallel option
- Fixed bug #1747 : Squiz.Scope.StaticThisUsage incorrectly looking inside closures
- Fixed bug #1757 : Unknown type hint "object" in Squiz.Commenting.FunctionComment
- Fixed bug #1758 : PHPCS gets stuck creating file list when processing circular symlinks
- Fixed bug #1761 : Generic.WhiteSpace.ScopeIndent error on multi-line function call with static closure argument
- Fixed bug #1762 : Generic.WhiteSpace.Disallow[Space/Tab]Indent not inspecting content before open tag
- Thanks to Juliette Reinders Folmer for the patch
- Fixe...
3.1.1 - 2017-10-17
- Restored preference of non-dist files over dist files for
phpcs.xml
andphpcs.xml.dist
- The order that the files are searched is now:
.phpcs.xml
,phpcs.xml
,.phpcs.xml.dist
,phpcs.xml.dist
- Thanks to Juliette Reinders Folmer for the patch
- The order that the files are searched is now:
- Progress output now correctly shows skipped files
- Progress output now shows 100% when the file list has finished processing (request #1697)
- Stopped some IDEs complaining about testing class aliases
- Thanks to Vytautas Stankus for the patch
Squiz.Commenting.InlineComment
incorrectly identified comment blocks in some cases, muting some errors- Thanks to Juliette Reinders Folmer for the patch
- Fixed bug #1512 : PEAR.Functions.FunctionCallSignature enforces spaces when no arguments if required spaces is not 0
- Fixed bug #1522 : Squiz Arrays.ArrayDeclaration and Strings.ConcatenationSpacing fixers causing parse errors with here/nowdocs
- Fixed bug #1570 : Squiz.Arrays.ArrayDeclaration fixer removes comments between array keyword and open parentheses
- Fixed bug #1604 : File::isReference has problems with some bitwise operators and class property references
- Thanks to Juliette Reinders Folmer for the patch
- Fixed bug #1645 : Squiz.Commenting.InlineComment will fail to fix comments at the end of the file
- Thanks to Juliette Reinders Folmer for the patch
- Fixed bug #1656 : Using the --sniffs argument has a problem with case sensitivity
- Fixed bug #1657 : Uninitialized string offset: 0 when sniffing CSS
- Fixed bug #1669 : Temporary expression proceeded by curly brace is detected as function call
- Fixed bug #1681 : Huge arrays are super slow to scan with Squiz.Arrays.ArrayDeclaration sniff
- Fixed bug #1694 : Squiz.Arrays.ArrayBracketSpacing is removing some comments during fixing
- Thanks to Juliette Reinders Folmer for the patch
- Fixed bug #1702 : Generic.WhiteSpaceDisallowSpaceIndent fixer bug when line only contains superfluous whitespace
3.1.0 - 2017-09-20
Unit Test Changes
- This release includes a change to support newer versions of PHPUnit (versions 4, 5, and 6 are now supported)
- The custom PHP_CodeSniffer test runner now requires a bootstrap file
- Developers with custom standards using the PHP_CodeSniffer test runner will need to do one of the following:
- run your unit tests from the PHP_CodeSniffer root dir so the bootstrap file is included
- specify the PHP_CodeSniffer bootstrap file on the command line:
phpunit --bootstrap=/path/to/phpcs/tests/bootstrap.php
- require the PHP_CodeSniffer bootstrap file from your own bootstrap file
- If you don't run PHP_CodeSniffer unit tests, this change will not affect you
- Thanks to Juliette Reinders Folmer for the patch
Other Changes
- A
phpcs.xml
orphpcs.xml.dist
file now takes precedence over the default_standard config setting- Thanks to Björn Fischer for the patch
- Both
phpcs.xml
andphpcs.xml.dist
files can now be prefixed with a dot (request #1566)- The order that the files are searched is:
.phpcs.xml
,.phpcs.xml.dist
,phpcs.xml
,phpcs.xml.dist
- The order that the files are searched is:
- The autoloader will now search for files during unit tests runs from the same locations as during normal phpcs runs
- Allows for easier unit testing of custom standards that use helper classes or custom namespaces
- Include patterns for sniffs now use
OR
logic instead ofAND
logic- Previously, a file had to be in each of the include patterns to be processed by a sniff
- Now, a file has to only be in at least one of the patterns
- This change reflects the original intention of the feature
- PHPCS will now follow symlinks under the list of checked directories
- This previously only worked if you specified the path to a symlink on the command line
- Output from
--config-show
,--config-set
, and--config-delete
now includes the path to the loaded config file - PHPCS now cleanly exits if its config file is not readable
- Previously, a combination of PHP notices and PHPCS errors would be generated
- Comment tokens that start with
/**
are now always tokenized as docblocks- Thanks to Michał Bundyra for the patch
- The PHP-supplied
T_YIELD
andT_YIELD_FROM
tokens have been replicated for older PHP versions- Thanks to Michał Bundyra for the patch
- Added new
Generic.CodeAnalysis.AssignmentInCondition
sniff to warn about variable assignments inside conditions- Thanks to Juliette Reinders Folmer for the contribution
- Added
Generic.Files.OneObjectStructurePerFile
sniff to ensure there is a single class/interface/trait per file- Thanks to Mponos George for the contribution
- Function call sniffs now check variable function names and self/static object creation
- Specific sniffs are
Generic.Functions.FunctionCallArgumentSpacing
,PEAR.Functions.FunctionCallSignature
, andPSR2.Methods.FunctionCallSignature
- Thanks to Michał Bundyra for the patch
- Specific sniffs are
Generic.Files.LineLength
can now be configured to ignore all comment lines, no matter their length- Set the
ignoreComments
property toTRUE
(default isFALSE
) in yourruleset.xml
file to enable this - Thanks to Juliette Reinders Folmer for the patch
- Set the
Generic.PHP.LowerCaseKeyword
now checks self, parent, yield, yield from, and closure (function) keywords- Thanks to Michał Bundyra for the patch
PEAR.Functions.FunctionDeclaration
now removes a blank line if it creates one by moving the curly brace during fixingSquiz.Commenting.FunctionCommentThrowTag
now supports PHP 7.1 multi catch exceptionsSquiz.Formatting.OperatorBracket
no longer throws errors for PHP 7.1 multi catch exceptionsSquiz.Commenting.LongConditionClosingComment
now supports finally statementsSquiz.Formatting.OperatorBracket
now correctly fixes pipe separated flagsSquiz.Formatting.OperatorBracket
now correctly fixes statements containing short array syntaxSquiz.PHP.EmbeddedPhp
now properly fixes cases where the only content in an embedded PHP block is a comment- Thanks to Juliette Reinders Folmer for the patch
Squiz.WhiteSpace.ControlStructureSpacing
now ignores comments when checking blank lines at the top of control structuresSquiz.WhiteSpace.ObjectOperatorSpacing
now detects and fixes spaces around double colons- Thanks to Julius Šmatavičius for the patch
Squiz.WhiteSpace.MemberVarSpacing
can now be configured to check any number of blank lines between member vars- Set the
spacing
property (default is1
) in yourruleset.xml
file to set the spacing
- Set the
Squiz.WhiteSpace.MemberVarSpacing
can now be configured to check a different number of blank lines before the first member var- Set the
spacingBeforeFirst
property (default is1
) in yourruleset.xml
file to set the spacing
- Set the
- Added a new
PHP_CodeSniffer\Util\Tokens::$ooScopeTokens
static member var for quickly checking object scope- Includes
T_CLASS
,T_ANON_CLASS
,T_INTERFACE
, andT_TRAIT
- Thanks to Juliette Reinders Folmer for the patch
- Includes
PHP_CodeSniffer\Files\File::findExtendedClassName()
now supports extended interfaces- Thanks to Martin Hujer for the patch
- Fixed bug #1550 : Squiz.Commenting.FunctionComment false positive when function contains closure
- Fixed bug #1577 : Generic.InlineControlStructureSniff breaks with a comment between body and condition in do while loops
- Fixed bug #1581 : Sniffs not loaded when one-standard directories are being registered in installed_paths
- Fixed bug #1591 : Autoloader failing to load arbitrary files when installed_paths only set via a custom ruleset
- Fixed bug #1605 : Squiz.WhiteSpace.OperatorSpacing false positive on unary minus after comment
- Thanks to Juliette Reinders Folmer for the patch
- Fixed bug #1615 : Uncaught RuntimeException when phpcbf fails to fix files
- Fixed bug #1637 : Generic.WhiteSpaceScopeIndent closure argument indenting incorrect with multi-line strings
- Fixed bug #1638 : Squiz.WhiteSpace.ScopeClosingBrace closure argument indenting incorrect with multi-line strings
- Fixed bug #1640 : Squiz.Strings.DoubleQuoteUsage replaces tabs with spaces when fixing
- Thanks to Juliette Reinders Folmer for the patch
3.0.2 - 2017-07-18
- Fixed a problem where the source report was not printing the correct number of errors found
- Fixed a problem where the
--cache=/path/to/cachefile
CLI argument was not working - The code report now gracefully handles tokenizer exceptions
- The phpcs and phpcbf scripts are now the only places that exit() in the code
- This allows for easier usage of core PHPCS functions from external scripts
- If you are calling
Runner::runPHPCS()
orRunner::runPHPCBF()
directly, you will get back the full range of exit codes - If not, catch the new
DeepExitException
to get the error message ($e->getMessage()
) and exit code ($e->getCode()
)
- NOWDOC tokens are now considered conditions, just as HEREDOC tokens are
- This makes it easier to find the start and end of a NOWDOC from any token within it
- Thanks to Michał Bundyra for the patch
- Custom autoloaders are now only included once in case multiple standards are using the same one
- Thanks to Juliette Reinders Folmer for the patch
- Improved tokenizing of fallthrough CASE and DEFAULT statements that share a closing statement and use curly braces
- Improved the error message when Squiz.ControlStructures.ControlSignature detects a newline after the closing parenthesis
- Fixed bug #1465 : Generic.WhiteSpace.ScopeIndent reports incorrect errors when indenting double arrows in short arrays
- Fixed bug #1478 : Indentation in fallthrough CASE that contains a closure
- Fixed bug #1497 : Fatal error if composer prepend-autoloader is set to false
- Thanks to Kunal Mehta for the patch
- Fixed bug #1503 : Alternative control structure syntax not always recognized as scoped
- Fixed bug #1523 : Fatal error when using the
--suffix
argument- Thanks to Juliette Reinders Folmer for the patch
- Fixed bug #1526 : Use of basepath setting can stop PHPCBF being able to write fixed files
- Fixed bug #1530 : Generic.WhiteSpace.ScopeIndent can increase indent too much for lines within code blocks
- Fixed bug #1547 : Wrong token type for backslash in use function
- Thanks to Michał Bundyra for the patch
- Fixed bug #1549 : Squiz.PHP.EmbeddedPhp fixer conflict with
// comment
before PHP close tag- Thanks to Juliette Reinders Folmer for the patch
- Fixed bug #1560 : Squiz.Commenting.FunctionComment fatal error when fixing additional param comment lines that have no indent
3.0.1 - 2017-06-14
Security Advisory
- This release contains a fix for a security advisory related to the improper handling of a shell command
- A properly crafted filename would allow for arbitrary code execution when using the
--filter=gitmodified
command line option - All version 3 users are encouraged to upgrade to this version, especially if you are checking 3rd-party code
- e.g., you run PHPCS over libraries that you did not write
- e.g., you provide a web service that runs PHPCS over user-uploaded files or 3rd-party repositories
- e.g., you allow external tool paths to be set by user-defined values
- If you are unable to upgrade but you check 3rd-party code, ensure you are not using the Git modified filter
- This advisory does not affect PHP_CodeSniffer version 2.
- Thanks to Sergei Morozov for the report and patch
- A properly crafted filename would allow for arbitrary code execution when using the
Other Changes
- Arguments on the command line now override or merge with those specified in a ruleset.xml file in all cases
- PHPCS now stops looking for a phpcs.xml file as soon as one is found, favoring the closest one to the current dir
- Added missing help text for the
--stdin-path
CLI option to--help
- Re-added missing help text for the
--file-list
and--bootstrap
CLI options to--help
Runner::runPHPCS()
andRunner::runPHPCBF()
now return an exit code instead of exiting directly (request #1484)- The Squiz standard now enforces short array syntax by default
- The autoloader is now working correctly with classes created with
class_alias()
- The autoloader will now search for files inside all directories in the installed_paths config var
- This allows autoloading of files inside included custom coding standards without manually requiring them
- You can now specify a namespace for a custom coding standard, used by the autoloader to load non-sniff helper files
- Also used by the autoloader to help other standards directly include sniffs for your standard
- Set the value to the namespace prefix you are using for sniff files (everything up to
\Sniffs\
) - e.g., if your namespace format is
MyProject\CS\Standard\Sniffs\Category
set the namespace toMyProject\CS\Standard
- If omitted, the namespace is assumed to be the same as the directory name containing the ruleset.xml file
- The namespace is set in the ruleset tag of the ruleset.xml file
- e.g.,
<ruleset name="My Coding Standard" namespace="MyProject\CS\Standard">
- Rulesets can now specify custom autoloaders using the new autoload tag
- Autoloaders are included while the ruleset is being processed and before any custom sniffs are included
- Allows for very custom autoloading of helper classes well before the bootstrap files are included
- The PEAR standard now includes Squiz.Commenting.DocCommentAlignment
- It previously broke comments onto multiple lines, but didn't align them
- Fixed a problem where excluding a message from a custom standard's own sniff would exclude the whole sniff
- This caused some PSR2 errors to be under-reported
- Fixed bug #1442 : T_NULLABLE detection not working for nullable parameters and return type hints in some cases
- Fixed bug #1447 : Running the unit tests with a phpunit config file breaks the test suite
- Unknown arguments were not being handled correctly, but are now stored in
$config->unknown
- Unknown arguments were not being handled correctly, but are now stored in
- Fixed bug #1449 : Generic.Classes.OpeningBraceSameLine doesn't detect comment before opening brace
- Thanks to Juliette Reinders Folmer for the patch
- Fixed bug #1450 : Coding standard located under an installed_path with the same directory name throws an error
- Thanks to Juliette Reinders Folmer for the patch
- Fixed bug #1451 : Sniff exclusions/restrictions dont work with custom sniffs unless they use the PHP_CodeSniffer NS
- Fixed bug #1454 : Squiz.WhiteSpace.OperatorSpacing is not checking spacing on either side of a short ternary operator
- Thanks to Mponos George for the patch
- Fixed bug #1495 : Setting an invalid installed path breaks all commands
- Fixed bug #1496 : Squiz.Strings.DoubleQuoteUsage not unescaping dollar sign when fixing
- Thanks to Michał Bundyra for the patch
- Fixed bug #1501 : Interactive mode is broken
- Fixed bug #1504 : PSR2.Namespaces.UseDeclaration hangs fixing use statement with no trailing code