diff --git a/WordPressVIPMinimum/Sniffs/Security/ProperEscapingFunctionSniff.php b/WordPressVIPMinimum/Sniffs/Security/ProperEscapingFunctionSniff.php
index 9db2983e..7c2db497 100644
--- a/WordPressVIPMinimum/Sniffs/Security/ProperEscapingFunctionSniff.php
+++ b/WordPressVIPMinimum/Sniffs/Security/ProperEscapingFunctionSniff.php
@@ -46,7 +46,6 @@ class ProperEscapingFunctionSniff extends Sniff {
T_OPEN_TAG => T_OPEN_TAG,
T_OPEN_TAG_WITH_ECHO => T_OPEN_TAG_WITH_ECHO,
T_STRING_CONCAT => T_STRING_CONCAT,
- T_COMMA => T_COMMA,
T_NS_SEPARATOR => T_NS_SEPARATOR,
];
@@ -107,7 +106,13 @@ public function process_token( $stackPtr ) {
return;
}
- $html = $this->phpcsFile->findPrevious( $this->echo_or_concat_tokens, $stackPtr - 1, null, true );
+ $ignore = $this->echo_or_concat_tokens;
+ $start_of_statement = $this->phpcsFile->findStartOfStatement( $stackPtr, T_COMMA );
+ if ( $this->tokens[ $start_of_statement ]['code'] === T_ECHO ) {
+ $ignore[ T_COMMA ] = T_COMMA;
+ }
+
+ $html = $this->phpcsFile->findPrevious( $ignore, $stackPtr - 1, null, true );
// Use $textStringTokens b/c heredoc and nowdoc tokens will never be encountered in this context anyways..
if ( $html === false || isset( Tokens::$textStringTokens[ $this->tokens[ $html ]['code'] ] ) === false ) {
diff --git a/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.inc b/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.inc
index a0ff39cc..bd5523d7 100644
--- a/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.inc
+++ b/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.inc
@@ -82,3 +82,6 @@ echo ''; // Error.
echo ''; // Error.
echo 'data-param-url="' . Esc_HTML::static_method( $share_url ) . '"'; // OK.
+
+// Not a target for this sniff (yet).
+printf( '', esc_attr( $content ) ); // OK.