Merge pull request #2271 from WordPress/feature/contexthelper-make-sa…

…fe-casts-prop-private

ContextHelper::$safe_casts: make `private`

WordPress/Helpers/ContextHelper.php

@@ -34,11 +34,11 @@ final class ContextHelper {
 	 *
 	 * @since 1.1.0
 	 * @since 3.0.0 - Moved from the Sniff class to this class.
-	 *              - The property visibility was changed from `protected` to `public static`.
+	 *              - The property visibility was changed from `protected` to `private static`.
 	 *
 	 * @var array
 	 */
-	public static $safe_casts = array(
+	private static $safe_casts = array(
 		\T_INT_CAST    => true,
 		\T_DOUBLE_CAST => true,
 		\T_BOOL_CAST   => true,
@@ -306,6 +306,17 @@ public static function is_in_isset_or_empty( File $phpcsFile, $stackPtr ) {
 		return false;
 	}
 
+	/**
+	 * Retrieve a list of the tokens which are regarded as "safe casts".
+	 *
+	 * @since 3.0.0
+	 *
+	 * @return array<string, bool>
+	 */
+	public static function get_safe_cast_tokens() {
+		return self::$safe_casts;
+	}
+
 	/**
 	 * Check if something is being casted to a safe value.
 	 *

WordPress/Sniffs/Security/EscapeOutputSniff.php

@@ -340,7 +340,7 @@ public function process_token( $stackPtr ) {
 			$watch = false;
 
 			// Allow int/double/bool casted variables.
-			if ( isset( ContextHelper::$safe_casts[ $this->tokens[ $i ]['code'] ] ) ) {
+			if ( isset( ContextHelper::get_safe_cast_tokens()[ $this->tokens[ $i ]['code'] ] ) ) {
 				$in_cast = true;
 				continue;
 			}

WordPress/Tests/Security/EscapeOutputUnitTest.php

@@ -21,6 +21,7 @@
  * @since   1.0.0      This sniff has been moved from the `XSS` category to the `Security` category.
  *
  * @covers \WordPressCS\WordPress\Helpers\ArrayWalkingFunctionsHelper
+ * @covers \WordPressCS\WordPress\Helpers\ContextHelper::get_safe_cast_tokens
  * @covers \WordPressCS\WordPress\Helpers\ConstantsHelper::is_use_of_global_constant
  * @covers \WordPressCS\WordPress\Helpers\EscapingFunctionsTrait
  * @covers \WordPressCS\WordPress\Helpers\PrintingFunctionsTrait