Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

\ before global namespace functions causes an escaping function error. #933

Closed
GaryJones opened this issue Apr 16, 2017 · 0 comments · Fixed by #1097
Closed

\ before global namespace functions causes an escaping function error. #933

GaryJones opened this issue Apr 16, 2017 · 0 comments · Fixed by #1097
Labels
Focus: Modern PHP Focus: Security Type: Bug
Milestone
0.14.0

Comments

@GaryJones
Copy link
Member

Related to #764.

This method is in a namespaced class:

public function do_footer_nav() {
	echo \wp_kses_post(
		\genesis_get_nav_menu(
			[
				'menu_class'     => 'menu genesis-nav-menu menu-footer',
				'theme_location' => 'footer',
			]
		)
	);
}

The presence of the \ before the function calls from the global namespace, means that an error of Expected next thing to be an escaping function, ... not "\" appears.

I've not looked into the change needed, but if the sniff could allow an optional \ before those function checks, that would be great :-)

Using fully-qualified function calls is faster. Details and benchmarks are here. This is from an inspection from the PHP Inspections extension for PhpStorm.
jrfnl added a commit that referenced this issue Aug 7, 2017
@jrfnl
XSS.EscapeOutput sniff: Fix issue #933 - namespace separators.
c1d43bf 
This simple change means that namespace separators will be be ignored completely by the check for output escaping which fixes the immediate issue.

For a more thorough fix, the logic of the function would need to be refactored to take namespaced functions into account as well, but that's for another day.
@jrfnl jrfnl mentioned this issue Aug 7, 2017
Merged
@jrfnl jrfnl added this to the 0.14.0 milestone Aug 7, 2017
GaryJones added a commit that referenced this issue Aug 8, 2017
@GaryJones
Merge pull request #1097 from WordPress-Coding-Standards/feature/issu…
6d98f36 
…e-933-namespaced-functions

XSS.EscapeOutput sniff: Fix issue #933 - namespace separators.
@GaryJones GaryJones mentioned this issue Oct 5, 2017
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Focus: Modern PHP Focus: Security Type: Bug
Projects
None yet
Milestone
0.14.0
Development

Successfully merging a pull request may close this issue.

XSS.EscapeOutput sniff: Fix issue #933 - namespace separators. WordPress/WordPress-Coding-Standards
2 participants
@GaryJones @jrfnl