From e9aea8ff2754a48cb27a1b493f71e3bd4dd1408d Mon Sep 17 00:00:00 2001 From: jrfnl Date: Tue, 2 Mar 2021 14:39:38 +0100 Subject: [PATCH 1/2] RestrictedFunctions: remove user_meta related errors Includes: * Removing severity changes related to these from the VIP Go ruleset. * Removing the sniff tests related to these. * Removing the ruleset tests related to these. Partially fixes 614 Note: "removed" test lines have replaced with blank lines to prevent having to adjust the line numbers for all test after it in the "expected errors/warnings" arrays. --- WordPress-VIP-Go/ruleset-test.inc | 16 ++++++++-------- WordPress-VIP-Go/ruleset.xml | 12 ------------ .../Functions/RestrictedFunctionsSniff.php | 10 ---------- .../Functions/RestrictedFunctionsUnitTest.inc | 16 ++++++++-------- .../Functions/RestrictedFunctionsUnitTest.php | 4 ---- WordPressVIPMinimum/ruleset-test.inc | 8 ++++---- WordPressVIPMinimum/ruleset-test.php | 4 ---- 7 files changed, 20 insertions(+), 50 deletions(-) diff --git a/WordPress-VIP-Go/ruleset-test.inc b/WordPress-VIP-Go/ruleset-test.inc index 6867c45e..4fba1761 100644 --- a/WordPress-VIP-Go/ruleset-test.inc +++ b/WordPress-VIP-Go/ruleset-test.inc @@ -284,17 +284,17 @@ if ( isset( $_GET['migSource'] ) && wp_verify_nonce( sanitize_text_field( $_GET[ $test = sanitize_text_field( $_GET['migSource'] ); // Ok. } -// WordPressVIPMinimum.Functions.RestrictedFunctions.user_meta_add_user_meta -add_user_meta( 123, $foo, $bar ); // Ok. -// WordPressVIPMinimum.Functions.RestrictedFunctions.user_meta_delete_user_meta -delete_user_meta( $foo, $bar, '123' ); // Ok. -// WordPressVIPMinimum.Functions.RestrictedFunctions.user_meta_get_user_meta -get_user_meta(); // Ok. -// WordPressVIPMinimum.Functions.RestrictedFunctions.user_meta_update_user_meta -update_user_meta( $bar, '123', $foo ); // Ok. + + + + + + + + // WordPressVIPMinimum.Variables.RestrictedVariables.user_meta__wpdb__usermeta $query = "SELECT * FROM $wpdb->usermeta"; // Ok. diff --git a/WordPress-VIP-Go/ruleset.xml b/WordPress-VIP-Go/ruleset.xml index 338a5164..e28d77eb 100644 --- a/WordPress-VIP-Go/ruleset.xml +++ b/WordPress-VIP-Go/ruleset.xml @@ -261,18 +261,6 @@ 0 - - 0 - - - 0 - - - 0 - - - 0 - 0 diff --git a/WordPressVIPMinimum/Sniffs/Functions/RestrictedFunctionsSniff.php b/WordPressVIPMinimum/Sniffs/Functions/RestrictedFunctionsSniff.php index 2e56de02..2c5027d1 100644 --- a/WordPressVIPMinimum/Sniffs/Functions/RestrictedFunctionsSniff.php +++ b/WordPressVIPMinimum/Sniffs/Functions/RestrictedFunctionsSniff.php @@ -111,16 +111,6 @@ public function getGroups() { 'add_role', ], ], - 'user_meta' => [ - 'type' => 'error', - 'message' => '%s() usage is highly discouraged on WordPress.com VIP due to it being a multisite, please see https://lobby.vip.wordpress.com/wordpress-com-documentation/code-review-what-we-look-for/#wp_users-and-user_meta.', - 'functions' => [ - 'get_user_meta', - 'update_user_meta', - 'delete_user_meta', - 'add_user_meta', - ], - ], 'term_exists' => [ 'type' => 'error', 'message' => '%s() is highly discouraged due to not being cached; please use wpcom_vip_term_exists() instead.', diff --git a/WordPressVIPMinimum/Tests/Functions/RestrictedFunctionsUnitTest.inc b/WordPressVIPMinimum/Tests/Functions/RestrictedFunctionsUnitTest.inc index 27132b5a..a4c2f45f 100644 --- a/WordPressVIPMinimum/Tests/Functions/RestrictedFunctionsUnitTest.inc +++ b/WordPressVIPMinimum/Tests/Functions/RestrictedFunctionsUnitTest.inc @@ -75,14 +75,14 @@ $y = Bar::add_role(); // Ok - calling static function of another class and not a add_role( 'test' ); // Error. \add_role(); // Error. -get_post_meta( 123, 'test' ); // Ok - not using get_user_meta(). -update_post_meta( 1234, 'test', $test ); // Ok - not using update_user_meta(). -delete_post_meta( $int, $test ); // Ok - not using delete_user_meta(). -add_post_meta( $int, $test, $test ); // Ok - not using add_user_meta(). -get_user_meta(); // Error. -update_user_meta(); // Error. -delete_user_meta(); // Error. -add_user_meta(); // Error. + + + + + + + + wpcom_vip_term_exists(); // Ok - VIP recommended version of term_exists(). term_exists(); // Error. diff --git a/WordPressVIPMinimum/Tests/Functions/RestrictedFunctionsUnitTest.php b/WordPressVIPMinimum/Tests/Functions/RestrictedFunctionsUnitTest.php index 8841c31a..1e484780 100644 --- a/WordPressVIPMinimum/Tests/Functions/RestrictedFunctionsUnitTest.php +++ b/WordPressVIPMinimum/Tests/Functions/RestrictedFunctionsUnitTest.php @@ -43,10 +43,6 @@ public function getErrorList() { 62 => 1, 75 => 1, 76 => 1, - 82 => 1, - 83 => 1, - 84 => 1, - 85 => 1, 88 => 1, 91 => 1, 94 => 1, diff --git a/WordPressVIPMinimum/ruleset-test.inc b/WordPressVIPMinimum/ruleset-test.inc index 955cd506..38097200 100644 --- a/WordPressVIPMinimum/ruleset-test.inc +++ b/WordPressVIPMinimum/ruleset-test.inc @@ -325,10 +325,10 @@ switch_to_blog( $blogid ); // Error. get_page_by_title( $page_title ); // Error. url_to_postid( $url ); // Error. \add_role(); // Error. -get_user_meta(); // Error. -update_user_meta(); // Error. -delete_user_meta(); // Error. -add_user_meta(); // Error. + + + + term_exists(); // Error. count_user_posts(); // Error. wp_old_slug_redirect(); // Error. diff --git a/WordPressVIPMinimum/ruleset-test.php b/WordPressVIPMinimum/ruleset-test.php index 601e1dc4..730c9e2e 100644 --- a/WordPressVIPMinimum/ruleset-test.php +++ b/WordPressVIPMinimum/ruleset-test.php @@ -97,10 +97,6 @@ 325 => 1, 326 => 1, 327 => 1, - 328 => 1, - 329 => 1, - 330 => 1, - 331 => 1, 332 => 1, 333 => 1, 334 => 1, From fda46561a57570530c68bba799fad55787d91a69 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Tue, 2 Mar 2021 15:27:52 +0100 Subject: [PATCH 2/2] RestrictedVariables: remove usermeta related errors Includes: * Removing severity change related to this from the VIP Go ruleset. * Removing the sniff tests related to these. * Removing the ruleset tests related to these. Partially fixes 614 Note: "removed" test lines have replaced with blank lines to prevent having to adjust the line numbers for all test after it in the "expected errors/warnings" arrays. --- WordPress-VIP-Go/ruleset-test.inc | 4 ++-- WordPress-VIP-Go/ruleset.xml | 3 --- .../Sniffs/Variables/RestrictedVariablesSniff.php | 3 +-- .../Tests/Variables/RestrictedVariablesUnitTest.inc | 8 ++++---- .../Tests/Variables/RestrictedVariablesUnitTest.php | 2 -- 5 files changed, 7 insertions(+), 13 deletions(-) diff --git a/WordPress-VIP-Go/ruleset-test.inc b/WordPress-VIP-Go/ruleset-test.inc index 4fba1761..876a9c6d 100644 --- a/WordPress-VIP-Go/ruleset-test.inc +++ b/WordPress-VIP-Go/ruleset-test.inc @@ -296,8 +296,8 @@ if ( isset( $_GET['migSource'] ) && wp_verify_nonce( sanitize_text_field( $_GET[ -// WordPressVIPMinimum.Variables.RestrictedVariables.user_meta__wpdb__usermeta -$query = "SELECT * FROM $wpdb->usermeta"; // Ok. + + // WordPressVIPMinimum.Functions.RestrictedFunctions.site_option_delete_site_option delete_site_option( $foo ); // Ok. diff --git a/WordPress-VIP-Go/ruleset.xml b/WordPress-VIP-Go/ruleset.xml index e28d77eb..f42e136c 100644 --- a/WordPress-VIP-Go/ruleset.xml +++ b/WordPress-VIP-Go/ruleset.xml @@ -261,9 +261,6 @@ 0 - - 0 - 0 diff --git a/WordPressVIPMinimum/Sniffs/Variables/RestrictedVariablesSniff.php b/WordPressVIPMinimum/Sniffs/Variables/RestrictedVariablesSniff.php index 13000249..fe19452d 100644 --- a/WordPressVIPMinimum/Sniffs/Variables/RestrictedVariablesSniff.php +++ b/WordPressVIPMinimum/Sniffs/Variables/RestrictedVariablesSniff.php @@ -39,10 +39,9 @@ public function getGroups() { return [ 'user_meta' => [ 'type' => 'error', - 'message' => 'Usage of users/usermeta tables is highly discouraged in VIP context, For storing user additional user metadata, you should look at User Attributes.', + 'message' => 'Usage of users tables is highly discouraged in VIP context', 'object_vars' => [ '$wpdb->users', - '$wpdb->usermeta', ], ], 'session' => [ diff --git a/WordPressVIPMinimum/Tests/Variables/RestrictedVariablesUnitTest.inc b/WordPressVIPMinimum/Tests/Variables/RestrictedVariablesUnitTest.inc index 2126a037..39abb1bb 100644 --- a/WordPressVIPMinimum/Tests/Variables/RestrictedVariablesUnitTest.inc +++ b/WordPressVIPMinimum/Tests/Variables/RestrictedVariablesUnitTest.inc @@ -4,9 +4,9 @@ $query = "SELECT * FROM $wpdb->users"; // Error. $wp_db->update( $wpdb->users, array( 'displayname' => 'Kanobe!' ), array( 'ID' => 1 ) ); // Error. -$query = "SELECT * FROM $wpdb->usermeta"; // Error. -$wp_db->update( $wpdb->usermeta, array( 'meta_value' => 'bar!' ), array( 'user_id' => 1, 'meta_key' => 'foo' ) ); // Error. + + $query = "SELECT * FROM $wpdb->posts"; // Ok. @@ -20,7 +20,7 @@ $y = $_SERVER['REQUEST_URI']; // Ok. // Error. $query = <<usermeta +SELECT * FROM $wpdb->users EOD; // Warning @@ -29,7 +29,7 @@ Your user-agent is {$_SERVER['HTTP_USER_AGENT']} EOD; // phpcs:set WordPressVIPMinimum.Variables.RestrictedVariables exclude[] user_meta -$query = "SELECT * FROM $wpdb->usermeta"; // Ok, excluded. +$query = "SELECT * FROM $wpdb->users"; // Ok, excluded. // phpcs:set WordPressVIPMinimum.Functions.RestrictedFunctions exclude[] diff --git a/WordPressVIPMinimum/Tests/Variables/RestrictedVariablesUnitTest.php b/WordPressVIPMinimum/Tests/Variables/RestrictedVariablesUnitTest.php index 487c1ee0..78b19a60 100644 --- a/WordPressVIPMinimum/Tests/Variables/RestrictedVariablesUnitTest.php +++ b/WordPressVIPMinimum/Tests/Variables/RestrictedVariablesUnitTest.php @@ -30,8 +30,6 @@ public function getErrorList() { return [ 3 => 1, 5 => 1, - 7 => 1, - 9 => 1, 23 => 1, 36 => 1, 37 => 1,