Upload
topher1kenobe
View
376
Download
1
Embed Size (px)
Citation preview
Increasing Code Quality and Security
With PHPCS
Increasing Code Quality and Security With PHPCS
Topher DeRosia@topher1kenobe
Developer and Documenter from
Increasing Code Quality and Security With PHPCS
Topher DeRosia@topher1kenobe
Why Coding Standards?● They make it so that a very large codebase can appear
to be built by a single person
● They make it easy to return to a project and pick up where you left off
● They can enforce pre-determined security standards
WordPress Coding StandardsWordPress has coding standards for
PHP: https://make.wordpress.org/core/handbook/best-practices/coding-standards/php/
HTML: https://make.wordpress.org/core/handbook/best-practices/coding-standards/html/
CSS: https://make.wordpress.org/core/handbook/best-practices/coding-standards/css/
Javascript: https://make.wordpress.org/core/handbook/best-practices/coding-standards/javascript/
What is PHPCS?
● PHP Code Sniffer examines PHP code and compares it to a standards file
● Each project (WordPress, Drupal, Joomla, etc.) has its own standards file
● PHPCS is a Pear package found at http://pear.php.net/package/PHP_CodeSniffer/
Installing PHPCS
The docs for installing the WordPress standards file include instructions on installing PHPCS
https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards
PHPCS can then be run from the command line or installed to an IDE like PHPStorm, Sublime Text, or Atom
What does it do for us?Warnings:
$customer_id = (int)$args['customer_id'];
$customer_id = ( int )$args['customer_id'];
if ( isset( $_GET['edd_notice'] ) && 'customer-contacted' == $_GET['edd_notice'] ) {
if ( isset( $_GET['edd_notice'] ) && 'customer-contacted' == $_GET['edd_notice'] ) { // WPCS: XSS ok.
What does it do for us?
Errors:
if ( is_admin() )require_once WPCF7_PLUGIN_DIR . '/admin/admin.php';
elserequire_once WPCF7_PLUGIN_DIR . '/includes/controller.php';
Reflections on Curly Braces – Apple’s SSL Bug and What We Should Learn From It
What does it do for us?
Security:
<section id="footer-1" class="widget-area <?php echo $sidebar_id; ?>
Should be
<section id="footer-1" class="widget-area <?php echo esc_attr( $sidebar_id ); ?>”>
Make it a habit
Test every file
Test every time
Don’t release code that has errors and warnings
It’s good for your resume
THANKS FOR
LISTENING
Increasing Code Quality and Security With PHPCSTopher DeRosia
http://topher1kenobe.comhttp://heropress.com
Follow me @topher1kenobe
@topher1kenobe