xarxaprod-wp-theme/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/DB/DirectDatabaseQuerySniff.php

<?php
/**
 * WordPress Coding Standard.
 *
 * @package WPCS\WordPressCodingStandards
 * @link    https://github.com/WordPress/WordPress-Coding-Standards
 * @license https://opensource.org/licenses/MIT MIT
 */

namespace WordPressCS\WordPress\Sniffs\DB;

use WordPressCS\WordPress\Sniff;
use PHP_CodeSniffer\Util\Tokens;

/**
 * Flag Database direct queries.
 *
 * @link    https://vip.wordpress.com/documentation/vip-go/code-review-blockers-warnings-notices/#direct-database-queries
 *
 * @package WPCS\WordPressCodingStandards
 *
 * @since   0.3.0
 * @since   0.6.0  Removed the add_unique_message() function as it is no longer needed.
 * @since   0.11.0 This class now extends the WordPressCS native `Sniff` class.
 * @since   0.13.0 Class name changed: this class is now namespaced.
 * @since   1.0.0  This sniff has been moved from the `VIP` category to the `DB` category.
 */
class DirectDatabaseQuerySniff extends Sniff {

	/**
	 * List of custom cache get functions.
	 *
	 * @since 0.6.0
	 *
	 * @var string|string[]
	 */
	public $customCacheGetFunctions = array();

	/**
	 * List of custom cache set functions.
	 *
	 * @since 0.6.0
	 *
	 * @var string|string[]
	 */
	public $customCacheSetFunctions = array();

	/**
	 * List of custom cache delete functions.
	 *
	 * @since 0.6.0
	 *
	 * @var string|string[]
	 */
	public $customCacheDeleteFunctions = array();

	/**
	 * Cache of previously added custom functions.
	 *
	 * Prevents having to do the same merges over and over again.
	 *
	 * @since 0.11.0
	 *
	 * @var array
	 */
	protected $addedCustomFunctions = array(
		'cacheget'    => array(),
		'cacheset'    => array(),
		'cachedelete' => array(),
	);

	/**
	 * The lists of $wpdb methods.
	 *
	 * @since 0.6.0
	 * @since 0.11.0 Changed from static to non-static.
	 *
	 * @var array[]
	 */
	protected $methods = array(
		'cachable' => array(
			'delete'      => true,
			'get_var'     => true,
			'get_col'     => true,
			'get_row'     => true,
			'get_results' => true,
			'query'       => true,
			'replace'     => true,
			'update'      => true,
		),
		'noncachable' => array(
			'insert' => true,
		),
	);

	/**
	 * Returns an array of tokens this test wants to listen for.
	 *
	 * @return array
	 */
	public function register() {
		return array(
			\T_VARIABLE,
		);
	}

	/**
	 * Processes this test, when one of its tokens is encountered.
	 *
	 * @param int $stackPtr The position of the current token in the stack.
	 *
	 * @return int|void Integer stack pointer to skip forward or void to continue
	 *                  normal file processing.
	 */
	public function process_token( $stackPtr ) {

		// Check for $wpdb variable.
		if ( '$wpdb' !== $this->tokens[ $stackPtr ]['content'] ) {
			return;
		}

		$is_object_call = $this->phpcsFile->findNext( \T_OBJECT_OPERATOR, ( $stackPtr + 1 ), null, false, null, true );
		if ( false === $is_object_call ) {
			return; // This is not a call to the wpdb object.
		}

		$methodPtr = $this->phpcsFile->findNext( array( \T_WHITESPACE ), ( $is_object_call + 1 ), null, true, null, true );
		$method    = $this->tokens[ $methodPtr ]['content'];

		$this->mergeFunctionLists();

		if ( ! isset( $this->methods['all'][ $method ] ) ) {
			return;
		}

		$endOfStatement   = $this->phpcsFile->findNext( \T_SEMICOLON, ( $stackPtr + 1 ), null, false, null, true );
		$endOfLineComment = '';
		for ( $i = ( $endOfStatement + 1 ); $i < $this->phpcsFile->numTokens; $i++ ) {

			if ( $this->tokens[ $i ]['line'] !== $this->tokens[ $endOfStatement ]['line'] ) {
				break;
			}

			if ( \T_COMMENT === $this->tokens[ $i ]['code'] ) {
				$endOfLineComment .= $this->tokens[ $i ]['content'];
			}
		}

		$whitelisted_db_call = false;
		if ( preg_match( '/db call\W*(?:ok|pass|clear|whitelist)/i', $endOfLineComment ) ) {
			$whitelisted_db_call = true;
		}

		// Check for Database Schema Changes.
		for ( $_pos = ( $stackPtr + 1 ); $_pos < $endOfStatement; $_pos++ ) {
			$_pos = $this->phpcsFile->findNext( Tokens::$textStringTokens, $_pos, $endOfStatement, false, null, true );
			if ( false === $_pos ) {
				break;
			}

			if ( preg_match( '#\b(?:ALTER|CREATE|DROP)\b#i', $this->tokens[ $_pos ]['content'] ) > 0 ) {
				$this->phpcsFile->addWarning( 'Attempting a database schema change is discouraged.', $_pos, 'SchemaChange' );
			}
		}

		// Flag instance if not whitelisted.
		if ( ! $whitelisted_db_call ) {
			$this->phpcsFile->addWarning( 'Usage of a direct database call is discouraged.', $stackPtr, 'DirectQuery' );
		}

		if ( ! isset( $this->methods['cachable'][ $method ] ) ) {
			return $endOfStatement;
		}

		$whitelisted_cache = false;
		$cached            = false;
		$wp_cache_get      = false;
		if ( preg_match( '/cache\s+(?:ok|pass|clear|whitelist)/i', $endOfLineComment ) ) {
			$whitelisted_cache = true;
		}
		if ( ! $whitelisted_cache && ! empty( $this->tokens[ $stackPtr ]['conditions'] ) ) {
			$scope_function = $this->phpcsFile->getCondition( $stackPtr, \T_FUNCTION );

			if ( false === $scope_function ) {
				$scope_function = $this->phpcsFile->getCondition( $stackPtr, \T_CLOSURE );
			}

			if ( false !== $scope_function ) {
				$scopeStart = $this->tokens[ $scope_function ]['scope_opener'];
				$scopeEnd   = $this->tokens[ $scope_function ]['scope_closer'];

				for ( $i = ( $scopeStart + 1 ); $i < $scopeEnd; $i++ ) {
					if ( \T_STRING === $this->tokens[ $i ]['code'] ) {

						if ( isset( $this->cacheDeleteFunctions[ $this->tokens[ $i ]['content'] ] ) ) {

							if ( \in_array( $method, array( 'query', 'update', 'replace', 'delete' ), true ) ) {
								$cached = true;
								break;
							}
						} elseif ( isset( $this->cacheGetFunctions[ $this->tokens[ $i ]['content'] ] ) ) {

							$wp_cache_get = true;

						} elseif ( isset( $this->cacheSetFunctions[ $this->tokens[ $i ]['content'] ] ) ) {

							if ( $wp_cache_get ) {
								$cached = true;
								break;
							}
						}
					}
				}
			}
		}

		if ( ! $cached && ! $whitelisted_cache ) {
			$message = 'Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().';
			$this->phpcsFile->addWarning( $message, $stackPtr, 'NoCaching' );
		}

		return $endOfStatement;
	}

	/**
	 * Merge custom functions provided via a custom ruleset with the defaults, if we haven't already.
	 *
	 * @since 0.11.0 Split out from the `process()` method.
	 *
	 * @return void
	 */
	protected function mergeFunctionLists() {
		if ( ! isset( $this->methods['all'] ) ) {
			$this->methods['all'] = array_merge( $this->methods['cachable'], $this->methods['noncachable'] );
		}

		if ( $this->customCacheGetFunctions !== $this->addedCustomFunctions['cacheget'] ) {
			$this->cacheGetFunctions = $this->merge_custom_array(
				$this->customCacheGetFunctions,
				$this->cacheGetFunctions
			);

			$this->addedCustomFunctions['cacheget'] = $this->customCacheGetFunctions;
		}

		if ( $this->customCacheSetFunctions !== $this->addedCustomFunctions['cacheset'] ) {
			$this->cacheSetFunctions = $this->merge_custom_array(
				$this->customCacheSetFunctions,
				$this->cacheSetFunctions
			);

			$this->addedCustomFunctions['cacheset'] = $this->customCacheSetFunctions;
		}

		if ( $this->customCacheDeleteFunctions !== $this->addedCustomFunctions['cachedelete'] ) {
			$this->cacheDeleteFunctions = $this->merge_custom_array(
				$this->customCacheDeleteFunctions,
				$this->cacheDeleteFunctions
			);

			$this->addedCustomFunctions['cachedelete'] = $this->customCacheDeleteFunctions;
		}
	}

}
first commit 2024-01-09 16:13:20 +01:00			`<?php`
			`/**`
			`* WordPress Coding Standard.`
			`*`
			`* @package WPCS\WordPressCodingStandards`
			`* @link https://github.com/WordPress/WordPress-Coding-Standards`
			`* @license https://opensource.org/licenses/MIT MIT`
			`*/`

			`namespace WordPressCS\WordPress\Sniffs\DB;`

			`use WordPressCS\WordPress\Sniff;`
			`use PHP_CodeSniffer\Util\Tokens;`

			`/**`
			`* Flag Database direct queries.`
			`*`
			`* @link https://vip.wordpress.com/documentation/vip-go/code-review-blockers-warnings-notices/#direct-database-queries`
			`*`
			`* @package WPCS\WordPressCodingStandards`
			`*`
			`* @since 0.3.0`
			`* @since 0.6.0 Removed the add_unique_message() function as it is no longer needed.`
			* @since 0.11.0 This class now extends the WordPressCS native `Sniff` class.
			`* @since 0.13.0 Class name changed: this class is now namespaced.`
			* @since 1.0.0 This sniff has been moved from the `VIP` category to the `DB` category.
			`*/`
			`class DirectDatabaseQuerySniff extends Sniff {`

			`/**`
			`* List of custom cache get functions.`
			`*`
			`* @since 0.6.0`
			`*`
			`* @var string\|string[]`
			`*/`
			`public $customCacheGetFunctions = array();`

			`/**`
			`* List of custom cache set functions.`
			`*`
			`* @since 0.6.0`
			`*`
			`* @var string\|string[]`
			`*/`
			`public $customCacheSetFunctions = array();`

			`/**`
			`* List of custom cache delete functions.`
			`*`
			`* @since 0.6.0`
			`*`
			`* @var string\|string[]`
			`*/`
			`public $customCacheDeleteFunctions = array();`

			`/**`
			`* Cache of previously added custom functions.`
			`*`
			`* Prevents having to do the same merges over and over again.`
			`*`
			`* @since 0.11.0`
			`*`
			`* @var array`
			`*/`
			`protected $addedCustomFunctions = array(`
			`'cacheget' => array(),`
			`'cacheset' => array(),`
			`'cachedelete' => array(),`
			`);`

			`/**`
			`* The lists of $wpdb methods.`
			`*`
			`* @since 0.6.0`
			`* @since 0.11.0 Changed from static to non-static.`
			`*`
			`* @var array[]`
			`*/`
			`protected $methods = array(`
			`'cachable' => array(`
			`'delete' => true,`
			`'get_var' => true,`
			`'get_col' => true,`
			`'get_row' => true,`
			`'get_results' => true,`
			`'query' => true,`
			`'replace' => true,`
			`'update' => true,`
			`),`
			`'noncachable' => array(`
			`'insert' => true,`
			`),`
			`);`

			`/**`
			`* Returns an array of tokens this test wants to listen for.`
			`*`
			`* @return array`
			`*/`
			`public function register() {`
			`return array(`
			`\T_VARIABLE,`
			`);`
			`}`

			`/**`
			`* Processes this test, when one of its tokens is encountered.`
			`*`
			`* @param int $stackPtr The position of the current token in the stack.`
			`*`
			`* @return int\|void Integer stack pointer to skip forward or void to continue`
			`* normal file processing.`
			`*/`
			`public function process_token( $stackPtr ) {`

			`// Check for $wpdb variable.`
			`if ( '$wpdb' !== $this->tokens[ $stackPtr ]['content'] ) {`
			`return;`
			`}`

			`$is_object_call = $this->phpcsFile->findNext( \T_OBJECT_OPERATOR, ( $stackPtr + 1 ), null, false, null, true );`
			`if ( false === $is_object_call ) {`
			`return; // This is not a call to the wpdb object.`
			`}`

			`$methodPtr = $this->phpcsFile->findNext( array( \T_WHITESPACE ), ( $is_object_call + 1 ), null, true, null, true );`
			`$method = $this->tokens[ $methodPtr ]['content'];`

			`$this->mergeFunctionLists();`

			`if ( ! isset( $this->methods['all'][ $method ] ) ) {`
			`return;`
			`}`

			`$endOfStatement = $this->phpcsFile->findNext( \T_SEMICOLON, ( $stackPtr + 1 ), null, false, null, true );`
			`$endOfLineComment = '';`
			`for ( $i = ( $endOfStatement + 1 ); $i < $this->phpcsFile->numTokens; $i++ ) {`

			`if ( $this->tokens[ $i ]['line'] !== $this->tokens[ $endOfStatement ]['line'] ) {`
			`break;`
			`}`

			`if ( \T_COMMENT === $this->tokens[ $i ]['code'] ) {`
			`$endOfLineComment .= $this->tokens[ $i ]['content'];`
			`}`
			`}`

			`$whitelisted_db_call = false;`
			`if ( preg_match( '/db call\W*(?:ok\|pass\|clear\|whitelist)/i', $endOfLineComment ) ) {`
			`$whitelisted_db_call = true;`
			`}`

			`// Check for Database Schema Changes.`
			`for ( $_pos = ( $stackPtr + 1 ); $_pos < $endOfStatement; $_pos++ ) {`
			`$_pos = $this->phpcsFile->findNext( Tokens::$textStringTokens, $_pos, $endOfStatement, false, null, true );`
			`if ( false === $_pos ) {`
			`break;`
			`}`

			`if ( preg_match( '#\b(?:ALTER\|CREATE\|DROP)\b#i', $this->tokens[ $_pos ]['content'] ) > 0 ) {`
			`$this->phpcsFile->addWarning( 'Attempting a database schema change is discouraged.', $_pos, 'SchemaChange' );`
			`}`
			`}`

			`// Flag instance if not whitelisted.`
			`if ( ! $whitelisted_db_call ) {`
			`$this->phpcsFile->addWarning( 'Usage of a direct database call is discouraged.', $stackPtr, 'DirectQuery' );`
			`}`

			`if ( ! isset( $this->methods['cachable'][ $method ] ) ) {`
			`return $endOfStatement;`
			`}`

			`$whitelisted_cache = false;`
			`$cached = false;`
			`$wp_cache_get = false;`
			`if ( preg_match( '/cache\s+(?:ok\|pass\|clear\|whitelist)/i', $endOfLineComment ) ) {`
			`$whitelisted_cache = true;`
			`}`
			`if ( ! $whitelisted_cache && ! empty( $this->tokens[ $stackPtr ]['conditions'] ) ) {`
			`$scope_function = $this->phpcsFile->getCondition( $stackPtr, \T_FUNCTION );`

			`if ( false === $scope_function ) {`
			`$scope_function = $this->phpcsFile->getCondition( $stackPtr, \T_CLOSURE );`
			`}`

			`if ( false !== $scope_function ) {`
			`$scopeStart = $this->tokens[ $scope_function ]['scope_opener'];`
			`$scopeEnd = $this->tokens[ $scope_function ]['scope_closer'];`

			`for ( $i = ( $scopeStart + 1 ); $i < $scopeEnd; $i++ ) {`
			`if ( \T_STRING === $this->tokens[ $i ]['code'] ) {`

			`if ( isset( $this->cacheDeleteFunctions[ $this->tokens[ $i ]['content'] ] ) ) {`

			`if ( \in_array( $method, array( 'query', 'update', 'replace', 'delete' ), true ) ) {`
			`$cached = true;`
			`break;`
			`}`
			`} elseif ( isset( $this->cacheGetFunctions[ $this->tokens[ $i ]['content'] ] ) ) {`

			`$wp_cache_get = true;`

			`} elseif ( isset( $this->cacheSetFunctions[ $this->tokens[ $i ]['content'] ] ) ) {`

			`if ( $wp_cache_get ) {`
			`$cached = true;`
			`break;`
			`}`
			`}`
			`}`
			`}`
			`}`
			`}`

			`if ( ! $cached && ! $whitelisted_cache ) {`
			`$message = 'Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().';`
			`$this->phpcsFile->addWarning( $message, $stackPtr, 'NoCaching' );`
			`}`

			`return $endOfStatement;`
			`}`

			`/**`
			`* Merge custom functions provided via a custom ruleset with the defaults, if we haven't already.`
			`*`
			* @since 0.11.0 Split out from the `process()` method.
			`*`
			`* @return void`
			`*/`
			`protected function mergeFunctionLists() {`
			`if ( ! isset( $this->methods['all'] ) ) {`
			`$this->methods['all'] = array_merge( $this->methods['cachable'], $this->methods['noncachable'] );`
			`}`

			`if ( $this->customCacheGetFunctions !== $this->addedCustomFunctions['cacheget'] ) {`
			`$this->cacheGetFunctions = $this->merge_custom_array(`
			`$this->customCacheGetFunctions,`
			`$this->cacheGetFunctions`
			`);`

			`$this->addedCustomFunctions['cacheget'] = $this->customCacheGetFunctions;`
			`}`

			`if ( $this->customCacheSetFunctions !== $this->addedCustomFunctions['cacheset'] ) {`
			`$this->cacheSetFunctions = $this->merge_custom_array(`
			`$this->customCacheSetFunctions,`
			`$this->cacheSetFunctions`
			`);`

			`$this->addedCustomFunctions['cacheset'] = $this->customCacheSetFunctions;`
			`}`

			`if ( $this->customCacheDeleteFunctions !== $this->addedCustomFunctions['cachedelete'] ) {`
			`$this->cacheDeleteFunctions = $this->merge_custom_array(`
			`$this->customCacheDeleteFunctions,`
			`$this->cacheDeleteFunctions`
			`);`

			`$this->addedCustomFunctions['cachedelete'] = $this->customCacheDeleteFunctions;`
			`}`
			`}`

			`}`