Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Custom IniSet Sniff to allow for certain safelisted options #687

Open
rebeccahum opened this issue May 26, 2021 · 1 comment
Open

Custom IniSet Sniff to allow for certain safelisted options #687

rebeccahum opened this issue May 26, 2021 · 1 comment

Comments

@rebeccahum
Copy link
Contributor

Describe the solution you'd like

VIPCS could benefit from having a custom IniSet sniff...similar to https://github.com/WordPress/WordPress-Coding-Standards/blob/41f5a9c66ff814863bc479fb52fd6cd1abc87e28/WordPress/Sniffs/PHP/IniSetSniff.php#L55-L65, but we want to be able to customize the whitelist property for the below values:

  • session.cookie_httponly
  • session.cookie_secure
  • session.use_only_cookies

WP already manages sessions but we have some clients that want to control PHP sessions via custom code.

What code should not be reported as a violation?

ini_set('session.cookie_httponly', true);
ini_set('session.cookie_secure', true);
ini_set('session.use_only_cookies', true);

Additional context

WordPress/WordPress-Coding-Standards#1993

@jrfnl
Copy link
Collaborator

jrfnl commented May 26, 2021

As the WPCS property which controls the "allow list" is protected, I think we can simply extend the WPCS sniff and add those extra ini settings to the property from the sniff constructor.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants