You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
The key has expired.
Added
Native sniffs
WPThemeReview.CoreFunctionality.FileInclude: checks if a theme uses include(_once) or require(_once) when get_template_part() should be used. Handbook rule.
WPThemeReview.CoreFunctionality.NoDeregisterCoreScript: checks if a theme deregisters core scripts (javascript). Handbook rule.
WPThemeReview.CoreFunctionality.NoFavicon: checks if a theme is hard coding favicons instead of using core implementation. Handbook rule.
WPThemeReview.CoreFunctionality.NoTitleTag: checks if a theme is using a <title> tag instead of add_theme_support( 'title-tag' ). <svg> tag can use a <title> tag. Handbook rule.
WPThemeReview.PluginTerritory.AdminBarRemoval: checks if a theme is removing the WP admin bar. This sniff was originally part of WordPressCS. Handbook rule.
WPThemeReview.PluginTerritory.ForbiddenFunctions: checks if a theme is using functions that fall under plugin territory. Handbook rule.
WPThemeReview.PluginTerritory.NoAddAdminPages: checks if a theme is using add_..._page() functions, with the exception of add_theme_page(). Handbook rule.
WPThemeReview.PluginTerritory.SessionFunctionsUsage: Prevents the usage of the session functions in themes. This sniff was originally part of WordPressCS.
WPThemeReview.PluginTerritory.SessionVariableUsage: Prevents the usage of the session variables in themes. This sniff was originally part of WordPressCS.
WPThemeReview.Plugins.CorrectTGMPAVersion: verifies that if the TGM Plugin Activation library is included, the correct version is used. Handbook rule.
WPThemeReview.ThouShallNotUse.ForbiddenIframe: checks if a theme is using <iframe>. Handbook rule.
WPThemeReview.ThouShallNotUse.NoAutoGenerate: checks if a theme has been generated using theme generators.
Other sniffs in the ruleset
PHPCompatibilityWP: added as an entire ruleset, checking that the theme is compatible with PHP 5.2 and above.
Generic.PHP.DisallowShortOpenTag: prohibits the usage of the PHP short open tags. Handbook rule.
Generic.PHP.DisallowAlternativePHPTags: disallows the usage of alternative PHP open tags (<% and similar).
Squiz.WhiteSpace.SuperfluousWhitespace.StartFile: files starting with a PHP open tag shouldn't have a whitespace preceding it, to prevent possible headers already sent errors.
PSR2.Files.ClosingTag.NotAllowed: files should omit the closing PHP tag at the end of a file, to prevent possible headers already sent errors.
Internal.LineEndings.Mixed: mixed line endings are not allowed. Handbook rule.
Internal.Tokenizer.Exception: minified scripts or files should have original files included. Handbook rule.
Generic.Files.ByteOrderMark: no ByteOrderMark allowed - important to prevent issues with content being sent before headers.
Generic.CodeAnalysis.EmptyStatement: prohibits empty statements in the code (empty conditionals for instance).
WordPress.CodeAnalysis.EmptyStatement: prohibits empty PHP statements (empty PHP tags with no content or double semi-colons).
WordPress.WP.I18n: check that the I18N functions are used correctly. This sniff can also check the text domain, provided it's passed to PHPCS. See the documentation for more details.
WordPress.WP.EnqueuedResources: hard coding of scripts and styles is prohibited. They should be enqueued.
WordPress.Security.PluginMenuSlug: prevent path disclosure when using add_theme_page().
Generic.PHP.NoSilencedErrors: usage of Error Control Operator @ is forbidden in a theme.
WordPress.DB.RestrictedClasses: the WP abstraction layer should be used to query database if needed.
WordPress.DB.RestrictedFunctions: the WP abstraction layer should be used to query database if needed.
WordPress.DB.PreparedSQL: all SQL queries should be prepared as close to the time of querying the database as possible.
WordPress.DB.PreparedSQLPlaceholders: verify that placeholders in prepared queries are used correctly.
WordPress.Security.ValidatedSanitizedInput: validate and/or sanitize untrusted data before using it.
WordPress.Security.EscapeOutput: all untrusted data should be escaped before output - warning, since translations don't have to be escaped.
Generic.PHP.BacktickOperator: prohibit the use of the backtick operator.
WordPress.WP.GlobalVariablesOverride: prohibit overwriting of WordPress global variables.
Squiz.PHP.Eval.Discouraged: prohibit the use of the eval() PHP language construct.
Generic.PHP.DiscourageGoto.Found: prohibit the use of the goto PHP language construct.
WordPress.WP.DeprecatedClasses: check for use of deprecated WordPress classes.
WordPress.WP.DeprecatedFunctions: check for use of deprecated WordPress functions.
WordPress.WP.DeprecatedParameters: check for use of deprecated WordPress function parameters.
WordPress.WP.DiscouragedConstants: check for deprecated WordPress constants.
WordPress.NamingConventions.PrefixAllGlobals: verify that everything in the global namespace is prefixed. Handbook rule. This rule will only work if a prefix is passed. See the documentation for more details.
WordPress.WP.CapitalPDangit: check for correct spelling of WordPress. Handbook rule
WordPress.WP.TimezoneChange: themes should never touch the timezone.
