Before using this tool, ensure the following software is installed:
-
Git (Distributed version-control system)
-
Composer (PHP Dependency Manager)
Follow these steps to set up and use the PHP CodeSniffer ruleset:
Run the following command to clone the repository:
git clone https://github.com/elegantthemes/marketplace-phpcs/Navigate to the marketplace-phpcs directory and run:
cd marketplace-phpcs
composer installTip: Ensure Composer is installed and available in your system's PATH. If not, refer to the Composer Installation Guide.
Use the following command to scan your product code for issues:
./vendor/bin/phpcs --standard=ruleset.xml /full/path/to/your/productExample Output:
FILE: .../path/to/your/project/file.php
--------------------------------------------------------------------------------
FOUND 5 ISSUES AFFECTING 5 LINES
--------------------------------------------------------------------------------
32 | ERROR | Missing nonce verification when processing form data.
45 | ERROR | Data from user input is not sanitized before use.
58 | WARNING | The function 'processData' is defined but never used.
72 | WARNING | Variable $temp is assigned a value but never used.
85 | WARNING | Missing doc comment for function.
--------------------------------------------------------------------------------
To exclude warnings and show only errors, add the -n flag:
./vendor/bin/phpcs --standard=ruleset.xml /full/path/to/your/product -nExample Output:
FILE: .../path/to/your/project/file.php
--------------------------------------------------------------------------------
FOUND 4 ERRORS AFFECTING 4 LINES
--------------------------------------------------------------------------------
32 | ERROR | Missing nonce verification when processing form data.
45 | ERROR | Data from user input is not sanitized before use.
58 | ERROR | Missing capability check before performing action.
72 | ERROR | Data output is not escaped before displaying to user.
--------------------------------------------------------------------------------To display only errors and include error codes for easier debugging, you can combine both the -n and -s flags:
./vendor/bin/phpcs --standard=ruleset.xml /full/path/to/your/product -n -sNote: The
-nflag excludes warnings, showing only errors. Note: The-sflag displays error codes, making it easier to identify and suppress specific issues.
Example Output:
FILE: .../path/to/your/project/file.php
--------------------------------------------------------------------------------
FOUND 4 ERRORS AFFECTING 4 LINES
--------------------------------------------------------------------------------
32 | ERROR | Missing nonce verification when processing form data. (WordPress.Security.NonceVerification.Missing)
45 | ERROR | Data from user input is not sanitized before use. (ET.Sniffs.ValidatedSanitizedInput.InputNotSanitized)
58 | ERROR | Missing capability check before performing action. (WordPress.Security.CapabilityCheck.Missing)
72 | ERROR | Data output is not escaped before displaying to user. (WordPress.Security.EscapeOutput.Missing)
--------------------------------------------------------------------------------Sometimes, you may want to ignore certain errors. Use the following guidelines to suppress them:
-
Before the line:
// phpcs:ignore Error.Code.Here process_data();
-
Before the line, with a reason:
// phpcs:ignore Error.Code.Here -- The reason why this is being ignored. process_data();
-
At the end of the same line:
process_data(); // phpcs:ignore Error.Code.Here
-
At the end of the same line, with a reason:
process_data(); // phpcs:ignore Error.Code.Here -- The reason why this is being ignored.
Use phpcs:disable and phpcs:enable to suppress errors for a block of code:
// phpcs:disable Error.Code.Here
process_data();
another_function();
// phpcs:enable Error.Code.HereTip: Always specify the error code (e.g.,
WordPress.Security.NonceVerification.Missing) to avoid unintentionally suppressing unrelated issues.
-
Spacing and Case Sensitivity:
- Ensure there’s a space after
//in comments (e.g.,// phpcs:ignorenot//phpcs:ignore). phpcsdirectives are case-sensitive.
- Ensure there’s a space after
-
Composer Not Found:
- If you encounter a "command not found" error for Composer, ensure it’s installed and available in your PATH.
-
Error Code Mismatch:
- Verify the exact error code using the
-sflag. Typos or incorrect casing will causephpcs:ignoreto fail.
- Verify the exact error code using the
-
Make sure not to ingore everything!:
- Don't merely do this:
// phpcs:ignore(Note the lack of an error code) - Always specify the error code (e.g.,
WordPress.Security.NonceVerification.Missing) to avoid unintentionally suppressing unrelated issues.
- Don't merely do this:
PHP CodeSniffer is a tool that detects violations of coding standards in PHP files. It ensures your code adheres to best practices and marketplace requirements.
The ruleset.xml file defines the coding standards and rules specific to Elegant Themes. It’s automatically used when you run phpcs with this repository.
The tool enforces strict coding standards. Most issues are minor (e.g., formatting). To focus only on critical errors, use the -n flag.
Use phpcs:ignore comments as described above, but only after ensuring the issue isn’t critical.
Focus on errors flagged as "ERROR" first. Warnings are typically less critical and may relate to formatting or recommendations.
If you encounter issues, refer to the official PHP CodeSniffer Documentation or contact the Elegant Themes support team for assistance.