Move unslashing-only functions related functionality to dedicated UnslashingFunctionsHelper

WordPress/Helpers/UnslashingFunctionsHelper.php

@@ -0,0 +1,59 @@
+<?php
+/**
+ * WordPress Coding Standard.
+ *
+ * @package WPCS\WordPressCodingStandards
+ * @link    https://github.com/WordPress/WordPress-Coding-Standards
+ * @license https://opensource.org/licenses/MIT MIT
+ */
+
+namespace WordPressCS\WordPress\Helpers;
+
+/**
+ * Helper functions and function lists for checking whether a function is an unslashing function.
+ *
+ * @package WPCS\WordPressCodingStandards
+ * @since   3.0.0 The property in this class was previously contained in the
+ *                `WordPressCS\WordPress\Sniff` class and has been moved here.
+ */
+final class UnslashingFunctionsHelper {
+
+	/**
+	 * Functions which unslash the data passed to them.
+	 *
+	 * @since 2.1.0
+	 * @since 3.0.0 - Moved from the Sniff class to this class.
+	 *              - Visibility changed from protected to private and property made static.
+	 *
+	 * @var array<string, bool>
+	 */
+	private static $unslashingFunctions = array(
+		'stripslashes_deep'              => true,
+		'stripslashes_from_strings_only' => true,
+		'wp_unslash'                     => true,
+	);
+
+	/**
+	 * Retrieve a list of the unslashing functions.
+	 *
+	 * @since 3.0.0
+	 *
+	 * @return array<string, bool>
+	 */
+	public static function get_unslashing_functions() {
+		return self::$unslashingFunctions;
+	}
+
+	/**
+	 * Check if a particular function is regarded as a unslashing function.
+	 *
+	 * @since 3.0.0
+	 *
+	 * @param string $functionName The name of the function to check.
+	 *
+	 * @return bool
+	 */
+	public static function is_unslashing_function( $functionName ) {
+		return isset( self::$unslashingFunctions[ $functionName ] );
+	}
+}

WordPress/Sniff.php

@@ -17,6 +17,7 @@
 use WordPressCS\WordPress\Helpers\ArrayWalkingFunctionsHelper;
 use WordPressCS\WordPress\Helpers\ContextHelper;
 use WordPressCS\WordPress\Helpers\SanitizingFunctionsTrait;
+use WordPressCS\WordPress\Helpers\UnslashingFunctionsHelper;
 use WordPressCS\WordPress\Helpers\VariableHelper;
 
 /**
@@ -26,35 +27,11 @@
  *
  * @package WPCS\WordPressCodingStandards
  * @since   0.4.0
- *
- * {@internal This class contains numerous properties where the array format looks
- *            like `'string' => true`, i.e. the array item is set as the array key.
- *            This allows for sniffs to verify whether something is in one of these
- *            lists using `isset()` rather than `in_array()` which is a much more
- *            efficient (faster) check to execute and therefore improves the
- *            performance of the sniffs.
- *            The `true` value in those cases is used as a placeholder and has no
- *            meaning in and of itself.
- *            In the rare few cases where the array values *do* have meaning, this
- *            is documented in the property documentation.}}
  */
 abstract class Sniff implements PHPCS_Sniff {
 
 	use SanitizingFunctionsTrait;
 
-	/**
-	 * Functions which unslash the data passed to them.
-	 *
-	 * @since 2.1.0
-	 *
-	 * @var array
-	 */
-	protected $unslashingFunctions = array(
-		'stripslashes_deep'              => true,
-		'stripslashes_from_strings_only' => true,
-		'wp_unslash'                     => true,
-	);
-
 	/**
 	 * A list of superglobals that incorporate user input.
 	 *
@@ -207,7 +184,7 @@ protected function is_sanitized( $stackPtr, $require_unslash = false ) {
 
 		$valid_functions  = $this->get_sanitizing_functions();
 		$valid_functions += $this->get_sanitizing_and_unslashing_functions();
-		$valid_functions += $this->unslashingFunctions;
+		$valid_functions += UnslashingFunctionsHelper::get_unslashing_functions();
 		$valid_functions += ArrayWalkingFunctionsHelper::get_array_walking_functions();
 
 		$functionPtr = ContextHelper::is_in_function_call( $this->phpcsFile, $stackPtr, $valid_functions );
@@ -224,12 +201,12 @@ protected function is_sanitized( $stackPtr, $require_unslash = false ) {
 		$functionName = $this->tokens[ $functionPtr ]['content'];
 
 		// Check if an unslashing function is being used.
-		if ( isset( $this->unslashingFunctions[ $functionName ] ) ) {
+		if ( UnslashingFunctionsHelper::is_unslashing_function( $functionName ) ) {
 
 			$is_unslashed = true;
 
 			// Remove the unslashing functions.
-			$valid_functions = array_diff_key( $valid_functions, $this->unslashingFunctions );
+			$valid_functions = array_diff_key( $valid_functions, UnslashingFunctionsHelper::get_unslashing_functions() );
 
 			// Check is any of the remaining (sanitizing) functions is used.
 			$higherFunctionPtr = ContextHelper::is_in_function_call( $this->phpcsFile, $functionPtr, $valid_functions );

WordPress/Sniffs/Security/NonceVerificationSniff.php

@@ -13,6 +13,7 @@
 use PHPCSUtils\Utils\MessageHelper;
 use WordPressCS\WordPress\Helpers\ContextHelper;
 use WordPressCS\WordPress\Helpers\RulesetPropertyHelper;
+use WordPressCS\WordPress\Helpers\UnslashingFunctionsHelper;
 use WordPressCS\WordPress\Helpers\VariableHelper;
 use WordPressCS\WordPress\Sniff;
 
@@ -184,7 +185,7 @@ private function has_nonce_check( $stackPtr ) {
 			|| ContextHelper::is_in_type_test( $this->phpcsFile, $stackPtr )
 			|| VariableHelper::is_comparison( $this->phpcsFile, $stackPtr )
 			|| ContextHelper::is_in_array_comparison( $this->phpcsFile, $stackPtr )
-			|| ContextHelper::is_in_function_call( $this->phpcsFile, $stackPtr, $this->unslashingFunctions ) !== false
+			|| ContextHelper::is_in_function_call( $this->phpcsFile, $stackPtr, UnslashingFunctionsHelper::get_unslashing_functions() ) !== false
 			|| $this->is_only_sanitized( $stackPtr )
 		) {
 			$allow_nonce_after = true;

WordPress/Tests/Security/ValidatedSanitizedInputUnitTest.php

@@ -22,6 +22,7 @@
  *
  * @covers \WordPressCS\WordPress\Helpers\ArrayWalkingFunctionsHelper
  * @covers \WordPressCS\WordPress\Helpers\SanitizingFunctionsTrait
+ * @covers \WordPressCS\WordPress\Helpers\UnslashingFunctionsHelper
  * @covers \WordPressCS\WordPress\Helpers\VariableHelper
  * @covers \WordPressCS\WordPress\Sniffs\Security\ValidatedSanitizedInputSniff
  */