Bug Description
It seems the bug was introduced with #675. The PR adds \WordPressVIPMinimum\Sniffs\Security\ProperEscapingFunctionSniff::$in_short_echo property which is set in the \WordPressVIPMinimum\Sniffs\Security\ProperEscapingFunctionSniff::process_token method. The problem is the property is never reset while the sniff object is cached - https://github.com/squizlabs/PHP_CodeSniffer/blob/master/src/Files/File.php#L498.
So if the property was set once it has been never reset.
Minimal Code Snippet
https://github.com/shvlv/vipwpcs-bug
vendor/bin/phpcs f1.php f2.php and vendor/bin/phpcs f2.php f1.php provides the different results.
Error Code
I stumbled upon WordPressVIPMinimum.Security.ProperEscapingFunction.notAttrEscAttr.
Environment
Use php -v and composer show to get versions.
| Question |
Answer |
| PHP version |
8.1.13 |
| PHP_CodeSniffer version |
3.6.2 |
| VIPCS version |
2.3.3 |
Additional Context (optional)
I believe in_short_echo should be set to false at the start of every process_token invocation.
Tested Against master branch?
Bug Description
It seems the bug was introduced with #675. The PR adds
\WordPressVIPMinimum\Sniffs\Security\ProperEscapingFunctionSniff::$in_short_echoproperty which is set in the\WordPressVIPMinimum\Sniffs\Security\ProperEscapingFunctionSniff::process_tokenmethod. The problem is the property is never reset while the sniff object is cached - https://github.com/squizlabs/PHP_CodeSniffer/blob/master/src/Files/File.php#L498.So if the property was set once it has been never reset.
Minimal Code Snippet
https://github.com/shvlv/vipwpcs-bug
vendor/bin/phpcs f1.php f2.phpandvendor/bin/phpcs f2.php f1.phpprovides the different results.Error Code
I stumbled upon
WordPressVIPMinimum.Security.ProperEscapingFunction.notAttrEscAttr.Environment
Use
php -vandcomposer showto get versions.Additional Context (optional)
I believe
in_short_echoshould be set to false at the start of everyprocess_tokeninvocation.Tested Against
masterbranch?masterbranch of VIPCS.developbranch of VIPCS.