Bug 217774 - devel/pear-PHP_CodeSniffer: Update to 2.8.1
Summary: devel/pear-PHP_CodeSniffer: Update to 2.8.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Torsten Zuehlsdorff
Depends on:
Reported: 2017-03-13 23:40 UTC by Jochen Neumeister
Modified: 2017-03-14 09:28 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (tz)

Patch (818 bytes, patch)
2017-03-13 23:40 UTC, Jochen Neumeister
joneum: maintainer-approval? (tz)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jochen Neumeister freebsd_committer 2017-03-13 23:40:03 UTC
Created attachment 180798 [details]



- This release contains a fix for a security advisory related to the improper handling of shell commands
-- Uses of shell_exec() and exec() were not escaping filenames and configuration settings in most cases
-- A properly crafted filename or configuration option would allow for arbitrary code execution when using some features
-- All users are encouraged to upgrade to this version, especially if you are checking 3rd-party code
--- e.g., you run PHPCS over libraries that you did not write
--- e.g., you provide a web service that runs PHPCS over user-uploaded files or 3rd-party repositories
--- e.g., you allow external tool paths to be set by user-defined values
-- If you are unable to upgrade but you check 3rd-party code, ensure you are not using the following features:
--- The diff report
--- The notify-send report
--- The Generic.PHP.Syntax sniff
--- The Generic.Debug.CSSLint sniff
--- The Generic.Debug.ClosureLinter sniff
--- The Generic.Debug.JSHint sniff
--- The Squiz.Debug.JSLint sniff
--- The Squiz.Debug.JavaScriptLint sniff
--- The Zend.Debug.CodeAnalyzer sniff
-- Thanks to Klaus Purer for the report

- The PHP-supplied T_COALESCE_EQUAL token has been replicated for PHP versions before 7.2
- PEAR.Functions.FunctionDeclaration now reports an error for blank lines found inside a function declaration
- PEAR.Functions.FunctionDeclaration no longer reports indent errors for blank lines in a function declaration
- Squiz.Functions.MultiLineFunctionDeclaration no longer reports errors for blank lines in a function declaration
-- It would previously report that only one argument is allowed per line
- Squiz.Commenting.FunctionComment now corrects multi-line param comment padding more accurately
- Squiz.Commenting.FunctionComment now properly fixes pipe-separated param types
- Squiz.Commenting.FunctionComment now works correctly when function return types also contain a comment
-- Thanks to Juliette Reinders Folmer for the patch
- Squiz.ControlStructures.InlineIfDeclaration now supports the elvis operator
-- As this is not a real PHP operator, it enforces no spaces between ? and : when the THEN statement is empty
- Squiz.ControlStructures.InlineIfDeclaration is now able to fix the spacing errors it reports
- Fixed bug #1340 : STDIN file contents not being populated in some cases
-- Thanks to David Bi?ovec for the patch
- Fixed bug #1344 : PEAR.Functions.FunctionCallSignatureSniff throws error for blank comment lines
- Fixed bug #1347 : PSR2.Methods.FunctionCallSignature strips some comments during fixing
-- Thanks to Algirdas Gurevicius for the patch
- Fixed bug #1349 : Squiz.Strings.DoubleQuoteUsage.NotRequired message is badly formatted when string contains a CR newline char
-- Thanks to Algirdas Gurevicius for the patch
- Fixed bug #1350 : Invalid Squiz.Formatting.OperatorBracket error when using namespaces
- Fixed bug #1369 : Empty line in multi-line function declaration cause infinite loop

Make test is fine.

poudriere build fine for:

10.3 amd + i386
11.0 amd + i386
12-current amd + i386 (r314826)

portlint is also fine.

Comment 1 commit-hook freebsd_committer 2017-03-14 09:27:30 UTC
A commit references this bug:

Author: tz
Date: Tue Mar 14 09:27:18 UTC 2017
New revision: 436139
URL: https://svnweb.freebsd.org/changeset/ports/436139

  devel/pear-PHP_CodeSniffer: Update from 2.7.1 to 2.8.1

  Changelog: https://pear.php.net/package/PHP_CodeSniffer/download/2.8.1

  PR:           217774
  Submitted by: Jochen Neumeister <joneum@bsdproject.de>

Comment 2 Torsten Zuehlsdorff freebsd_committer 2017-03-14 09:28:32 UTC
Committed, thanks! :)