WordPress.Security.NonceVerification.Missing not reported when using filter_input

## Bug Description
When using filter_input with INPUT_GET or INPUT_POST or INPUT_COOKIE, it's like accessing the $_GET/$_POST superglobals.
Therefore a nonce validation is required.

## Minimal Code Snippet
The issue happens when running this command:
```bash
./bin/phpcs --config-set installed_paths ../wpcs
```

... over a file containing this code:
```php
// should report an error
$foo = filter_input( INPUT_POST, 'email', FILTER_SANITIZE_EMAIL );
update_option( 'abc', $foo, false );

// correctly reports an error:
$foo = $_POST['email'];
update_option( 'def', $foo, false );
```

## Error Code
WordPress.Security.NonceVerification.Missing

## Environment

| Question               | Answer
| ------------------------| -------
| PHP version             | 7.4
| PHP_CodeSniffer version | 3.7.2
| WPCS version            | 2.3.0
| WPCS install type       | https://github.com/WordPress/WordPress-Coding-Standards#standalone

## Tested Against `develop` branch?
- [ ] I have verified the issue still exists in the `develop` branch of WPCS.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WordPress.Security.NonceVerification.Missing not reported when using filter_input #2299

kkmuffme
openedon Jul 10, 2023

Bug Description

Minimal Code Snippet

Error Code

Environment

Tested Against `develop` branch?

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Question	Answer
PHP version	7.4
PHP_CodeSniffer version	3.7.2
WPCS version	2.3.0
WPCS install type	https://github.com/WordPress/WordPress-Coding-Standards#standalone