WPDBTrait::is_wpdb_method_call(): improve code-style independence and…

… support PHP 8.0+ nullsafe object operators The `WPDBTrait::is_wpdb_method_call()` did not properly ignore unexpected whitespace and/or comments. As the check for object operators is now being switched to use the `Collections::objectOperators()` token collection, this automatically also adds support for the PHP 8.0 nullsafe object operator when used with `$wpdb`. Includes unit test via the `PreparedSQL` sniff.
WordPress · Dec 17, 2022 · 8fc7d45 · 8fc7d45
1 parent b7a7fd6
commit 8fc7d45
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 12 deletions.
diff --git a/WordPress/Helpers/WPDBTrait.php b/WordPress/Helpers/WPDBTrait.php
@@ -10,7 +10,9 @@
 namespace WordPressCS\WordPress\Helpers;
 
 use PHP_CodeSniffer\Files\File;
+use PHP_CodeSniffer\Util\Tokens;
 use PHPCSUtils\BackCompat\BCFile;
+use PHPCSUtils\Tokens\Collections;
 
 /**
  * Helper utilities for sniffs which examine WPDB method calls.
@@ -59,19 +61,14 @@ protected function is_wpdb_method_call( File $phpcsFile, $stackPtr, $target_meth
 		}
 
 		// Check that this is a method call.
-		$is_object_call = $phpcsFile->findNext(
-			array( \T_OBJECT_OPERATOR, \T_DOUBLE_COLON ),
-			( $stackPtr + 1 ),
-			null,
-			false,
-			null,
-			true
-		);
-		if ( false === $is_object_call ) {
+		$is_object_call = $phpcsFile->findNext( Tokens::$emptyTokens, ( $stackPtr + 1 ), null, true );
+		if ( false === $is_object_call
+			|| isset( Collections::objectOperators()[ $tokens[ $is_object_call ]['code'] ] ) === false
+		) {
 			return false;
 		}
 
-		$methodPtr = $phpcsFile->findNext( \T_WHITESPACE, ( $is_object_call + 1 ), null, true, null, true );
+		$methodPtr = $phpcsFile->findNext( Tokens::$emptyTokens, ( $is_object_call + 1 ), null, true, null, true );
 		if ( false === $methodPtr ) {
 			return false;
 		}
@@ -81,7 +78,7 @@ protected function is_wpdb_method_call( File $phpcsFile, $stackPtr, $target_meth
 		}
 
 		// Find the opening parenthesis.
-		$opening_paren = $phpcsFile->findNext( \T_WHITESPACE, ( $methodPtr + 1 ), null, true, null, true );
+		$opening_paren = $phpcsFile->findNext( Tokens::$emptyTokens, ( $methodPtr + 1 ), null, true, null, true );
 
 		if ( false === $opening_paren ) {
 			return false;

diff --git a/WordPress/Tests/DB/PreparedSQLUnitTest.inc b/WordPress/Tests/DB/PreparedSQLUnitTest.inc
@@ -111,5 +111,11 @@ $wpdb->query( "SELECT * FROM ${wpdb->{${'a'}}} WHERE post_title LIKE '${title->{
 // More defensive variable checking
 $wpdb->query( "SELECT * FROM $wpdb" ); // Bad x 1, $wpdb on its own is not valid.
 
+$wpdb
+	-> /*comment*/ query( "SELECT * FROM $wpdb->posts WHERE post_title LIKE '" . $_GET['title'] . "';" ); // Bad.
+
+$wpdb?->query( "SELECT * FROM $wpdb->posts WHERE post_title LIKE '" . (int) $foo . "';" ); // OK.
+$wpdb?->query( "SELECT * FROM $wpdb->posts WHERE post_title LIKE '" . foo() . "';" ); // Bad.
+
 // Don't throw an error during live coding.
 wpdb::prepare( "SELECT * FROM $wpdb->posts
diff --git a/WordPress/Tests/DB/PreparedSQLUnitTest.php b/WordPress/Tests/DB/PreparedSQLUnitTest.php
@@ -53,6 +53,8 @@ public function getErrorList() {
 			108 => 1,
 			109 => 1,
 			112 => 1,
+			115 => 1,
+			118 => 1,
 		);
 	}
 
@@ -66,5 +68,4 @@ public function getErrorList() {
 	public function getWarningList() {
 		return array();
 	}
-
 }