ProperEscapingFunction: account for T_OPEN_TAG_WITH_ECHO

[rebeccahum]

Bug Description

Introduced in #668, we should also account for T_OPEN_TAG_WITH_ECHO:

<?= '<h2>' , esc_attr( $test ) , '</h2>'; // Warning.

However, it's not as simple as just adding it in an OR statement to:

VIP-Coding-Standards/WordPressVIPMinimum/Sniffs/Security/ProperEscapingFunctionSniff.php

Line 111 in 7decb5b

if ( $this->tokens[ $start_of_statement ]['code'] === T_ECHO ) {

This is because findStartOfStatement() will not recognize <?= as the start of the statement if there is inline HTML before it, e.g.

<h1>TEST</h1>

<?= '<h2>' , esc_attr( $test ) , '</h2>'; // Warning.

However, using just the below will return the expected $start_of_statement:

<?= '<h2>' , esc_attr( $test ) , '</h2>'; // Warning.

Error Code

WordPressVIPMinimum.Security.ProperEscapingFunction.notAttrEscAttr