3.3.1

HHVM Support Dropped

Support for HHVM has been dropped due to recent unfixed bugs and HHVM's refocus on Hack only. Thanks to Walt Sorensen and Juliette Reinders Folmer for helping to remove all HHVM exceptions from the core.

Other Changes

• The full report (the default report) now has improved word wrapping for multi-line messages and sniff codes
  • Thanks to Juliette Reinders Folmer for the patch
• The summary report now sorts files based on their directory location instead of just a basic string sort
  • Thanks to Juliette Reinders Folmer for the patch
• The source report now orders error codes by name when they have the same number of errors
  • Thanks to Juliette Reinders Folmer for the patch
• The junit report no longer generates validation errors with the Jenkins xUnit plugin
  • Thanks to Nikolay Geo for the patch
• Generic.Commenting.DocComment no longer generates the SpacingBeforeTags error if tags are the first content in the docblock
  • The sniff will still generate a MissingShort error if there is no short comment
  • This allows the MissingShort error to be suppressed in a ruleset to make short descriptions optional
• Generic.Functions.FunctionCallArgumentSpacing now properly fixes multi-line function calls with leading commas
  • Previously, newlines between function arguments would be removed
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.PHP.Syntax will now use PHP_BINARY instead of trying to discover the executable path
  • This ensures that the sniff will always syntax check files using the PHP version that PHPCS is running under
  • Setting the php_path config var will still override this value as normal
  • Thanks to Willem Stuursma-Ruwen for the patch
• PSR2.Namespaces.UseDeclaration now supports commas at the end of group use declarations
  • Also improves checking and fixing for use statements containing parse errors
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.Arrays.ArrayDeclaration no longer removes the array opening brace while fixing
  • This could occur when the opening brace was on a new line and the first array key directly followed
  • This change also stops the KeyNotAligned error message being incorrectly reported in these cases
• Squiz.Arrays.ArrayDeclaration no longer tries to change multi-line arrays to single line when they contain comments
  • Fixes a conflict between this sniff and some indentation sniffs
• Squiz.Classes.ClassDeclaration no longer enforces spacing rules when a class is followed by a function
  • Fixes a conflict between this sniff and the Squiz.WhiteSpace.FunctionSpacing sniff
• The Squiz.Classes.ValidClassName.NotCamelCaps message now references PascalCase instead of CamelCase
  • The CamelCase class name metric produced by the sniff has been changed to PascalCase class name
  • This reflects the fact that the class name check is actually a Pascal Case check and not really Camel Case
  • Thanks to Tom H Anderson for the patch
• Squiz.Commenting.InlineComment no longer enforces spacing rules when an inline comment is followed by a docblock
  • Fixes a conflict between this sniff and the Squiz.WhiteSpace.FunctionSpacing sniff
• Squiz.WhiteSpace.OperatorSpacing no longer tries to fix operator spacing if the next content is a comment on a new line
  • Fixes a conflict between this sniff and the Squiz.Commenting.PostStatementComment sniff
  • Also stops PHPCS annotations from being moved to a different line, potentially changing their meaning
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.WhiteSpace.FunctionSpacing no longer checks spacing of functions at the top of an embedded PHP block
  • Fixes a conflict between this sniff and the Squiz.PHP.EmbeddedPHP sniff
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.WhiteSpace.MemberVarSpacing no longer checks spacing before member vars that come directly after methods
  • Fixes a conflict between this sniff and the Squiz.WhiteSpace.FunctionSpacing sniff
• Squiz.WhiteSpace.SuperfluousWhitespace now recognizes unicode whitespace at the start and end of a file
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #2029 : Squiz.Scope.MemberVarScope throws fatal error when a property is found in an interface
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #2047 : PSR12.Classes.ClassInstantiation false positive when instantiating class from array index
• Fixed bug #2048 : GenericFormatting.MultipleStatementAlignment false positive when assigning values inside an array
• Fixed bug #2053 : PSR12.Classes.ClassInstantiation incorrectly fix when using member vars and some variable formats
• Fixed bug #2065 : Generic.ControlStructures.InlineControlStructure fixing fails when inline control structure contains closure
• Fixed bug #2072 : Squiz.Arrays.ArrayDeclaration throws NoComma error when array value is a shorthand IF statement
• Fixed bug #2082 : File with "defined() or define()" syntax triggers PSR1.Files.SideEffects.FoundWithSymbols
• Fixed bug #2095 : PSR2.Namespaces.NamespaceDeclaration does not handle namespaces defined over multiple lines

3.3.0

Deprecations

Squiz.WhiteSpace.LanguageConstructSpacing Sniff

The Squiz.WhiteSpace.LanguageConstructSpacing sniff has been deprecated and will be removed in version 4.

The sniff has been moved to the Generic standard, with a new code of Generic.WhiteSpace.LanguageConstructSpacing. The new Generic sniff now also checks many more language constructs to enforce additional spacing rules. The existing Squiz sniff will continue to work until version 4 has been released. Thanks to Mponos George for the contribution.

As soon as possible, replace all instances of the old sniff code with the new sniff code in your ruleset.xml files.

Setting Array Properties

The current method for setting array properties in ruleset files has been deprecated and will be removed in version 4.

Currently, setting an array value uses the string syntax print=>echo,create_function=>null. Now, individual array elements are specified using a new element tag with key and value attributes.

For example, the following array of forbidden functions:

<property name="forbiddenFunctions" type="array" value="sizeof=>count,delete=>unset,print=>echo,is_null=>null,create_function=>null"/>

Will be rewritten using this format:

<property name="forbiddenFunctions" type="array">
    <element key="sizeof" value="count"/>
    <element key="delete" value="unset"/>
    <element key="print" value="echo"/>
    <element key="is_null" value="null"/>
    <element key="create_function" value="null"/>
</property>

Thanks to Michał Bundyra for the patch.

T_ARRAY_HINT Token

The T_ARRAY_HINT token has been deprecated and will be removed in version 4.

The token was used to ensure array type hints were not tokenized as T_ARRAY, but no other type hints were given a special token. Array type hints now use the standard T_STRING token instead.

Sniffs referencing this token type will continue to run without error until version 4, but will not find any T_ARRAY_HINT tokens.

T_RETURN_TYPE Token

The T_RETURN_TYPE token has been deprecated and will be removed in version 4.

The token was used to ensure array/self/parent/callable return types were tokenized consistently. But for namespaced return types, only the last part of the string (the class name) was tokenized as T_RETURN_TYPE. This was not consistent and so return types are now left using their original token types so they are not skipped by sniffs. The exception are array return types, which are tokenized as T_STRING instead of T_ARRAY, as they are used for type hints.

Sniffs referencing this token type will continue to run without error until version 4, but will not find any T_RETUTN_TYPE tokens.

To get the return type of a function, use the File::getMethodProperties() method, which now contains a return_type array index. This index contains the return type of the function or closer, or a blank string if not specified. If the return type is nullable, the return type will contain the leading ? and a nullable_return_type array index in the return value will also be set to true. If the return type contains namespace information, it will be cleaned of whitespace and comments. To access the original return value string, use the main tokens array.

PSR-12 Standard In-Progress

This release contains an incomplete version of the PSR-12 coding standard. Errors found using this standard should be valid, but it will miss a lot of violations until it is complete. If you'd like to test and help, you can use the standard by running PHPCS with --standard=PSR12

Other Changes

• Config values set using --runtime-set now override any config values set in rulesets or the CodeSniffer.conf file
• You can now apply include-pattern rules to individual message codes in a ruleset like you can with exclude-pattern rules
  • Previously, include-pattern rules only applied to entire sniffs
  • If a message code has both include and exclude patterns, the exclude patterns will be ignored
• Using PHPCS annotations to selectively re-enable sniffs is now more flexible
  • Previously, you could only re-enable a sniff/category/standard using the exact same code that was disabled
  • Now, you can disable a standard and only re-enable a specific category or sniff
  • Or, you can disable a specific sniff and have it re-enable when you re-enable the category or standard
• The value of array sniff properties can now be set using phpcs:set annotations
  • e.g., phpcs:set Standard.Category.SniffName property[] key=>value,key2=>value2
  • Thanks to Michał Bundyra for the patch
• PHPCS annotations now remain as T_PHPCS_* tokens instead of reverting to comment tokens when --ignore-annotations is used
  • This stops sniffs (especially commenting sniffs) from generating a large number of false errors when ignoring
  • Any custom sniffs that are using the T_PHPCS_* tokens to detect annotations may need to be changed to ignore them
    • Check $phpcsFile->config->annotations to see if annotations are enabled and ignore when false
• You can now use fully or partially qualified class names for custom reports instead of absolute file paths
  • To support this, you must specify an autoload file in your ruleset.xml file and use it to register an autoloader
  • Your autoloader will need to load your custom report class when requested
  • Thanks to Juliette Reinders Folmer for the patch
• The JSON report format now does escaping in error source codes as well as error messages
  • Thanks to Martin Vasel for the patch
• Invalid installed_paths values are now ignored instead of causing a fatal error
• Improved testability of custom rulesets by allowing the installed standards to be overridden
  • Thanks to Timo Schinkel for the patch
• The key used for caching PHPCS runs now includes all set config values
  • This fixes a problem where changing config values (e.g., via --runtime-set) used an incorrect cache file
• The "Function opening brace placement" metric has been separated into function and closure metrics in the info report
  • Closures are no longer included in the "Function opening brace placement" metric
  • A new "Closure opening brace placement" metric now shows information for closures
• Multi-line T_YIELD_FROM statements are now replicated properly for older PHP versions
• The PSR2 standard no longer produces 2 error messages when the AS keyword in a foreach loop is not lowercase
• Specifying a path to a non-existent dir when using the --report-[reportType]=/path/to/report CLI option no longer throws an exception
  • This now prints a readable error message, as it does when using --report-file
• The File::getMethodParamaters() method now includes a type_hint_token array index in the return value
  • Provides the position in the token stack of the first token in the type hint
• The File::getMethodProperties() method now includes a return_type_token array index in the return value
  • Provides the position in the token stack of the first token in the return type
• The File::getTokensAsString() method can now optionally return original (non tab-replaced) content
  • Thanks to Juliette Reinders Folmer for the patch
• Removed Squiz.PHP.DisallowObEndFlush from the Squiz standard
  • If you use this sniff and want to continue banning ob_end_flush(), use Generic.PHP.ForbiddenFunctions instead
  • You will need to set the forbiddenFunctions property in your ruleset.xml file
• Removed Squiz.PHP.ForbiddenFunctions from the Squiz standard
  • Replaced by using the forbiddenFunctions property of Generic.PHP.ForbiddenFunctions in the Squiz ruleset.xml
  • Functionality of the Squiz standard remains the same, but the error codes are now different
  • Previously, Squiz.PHP.ForbiddenFunctions.Found and Squiz.PHP.ForbiddenFunctions.FoundWithAlternative
  • Now, Generic.PHP.ForbiddenFunctions.Found and Generic.PHP.ForbiddenFunctions.FoundWithAlternative
• Added new Generic.PHP.LowerCaseType sniff
  • Ensures PHP types used for type hints, return types, and type casting are lowercase
  • Thanks to Juliette Reinders Folmer for the contribution
• Added new Generic.WhiteSpace.ArbitraryParenthesesSpacing sniff
  • Generates an error for whitespace inside parenthesis that don't belong to a function call/declaration or control structure
  • Generates a warning for any empty parenthesis found
  • Allows the required spacing to be set using the spacing sniff property (default is 0)
  • Allows newlines to be used by setting the ignoreNewlines sniff property (default is false)
  • Thanks to Juliette Reinders Folmer for the contribution
• Added new PSR12.Classes.ClassInstantiation sniff
  • Ensures parenthesis are used when instantiating a new class
• Added new PSR12.Keywords.ShortFormTypeKeywords sniff
  • Ensures the short form of PHP types is used when type casting
• Added new PSR12.Namespaces.CompundNamespaceDepth sniff
  • Ensures compound namespace use statements have a max depth of 2 levels
  • The max depth can be changed by setting the 'maxDepth' sniff property in a ruleset.xml file
• Added new PSR12.Operators.OperatorSpacing sniff
  • Ensures operators are preceded and followed by at least 1 space
• Improved core support for grouped property declarations
  • Also improves support in Squiz.WhiteSpace.ScopeKeywordSpacing and Squiz.WhiteSpace.MemberVarSpacing
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.Commenting.DocComment now produces a NonParamGroup error when tags are mixed in with the @param tag group
  • It would previously throw either a NonParamGroup or ParamGroup error depending on the order of tags
  • This change allows the NonParamGroup error to be suppressed in a ruleset to allow the @param group to contain other tags
  • Thanks to Phil Davis for t...

3.2.3

• The new phpcs: comment syntax can now be prefixed with an at symbol ( @phpcs: )
  • This restores the behaviour of the previous syntax where these comments are ignored by doc generators
• The current PHP version ID is now used to generate cache files
  • This ensures that only cache files generated by the current PHP version are selected
  • This change fixes caching issues when using sniffs that produce errors based on the current PHP version
• A new Tokens::$phpcsCommentTokens array is now available for sniff developers to detect phpcs: comment syntax
  • Thanks to Juliette Reinders Folmer for the patch
• Error message codes generated by Generic.CodeAnalysis.EmptyStatement are no longer all-uppercase
  • For example Generic.CodeAnalysis.EmptyStatement.DetectedCATCH becomes Generic.CodeAnalysis.EmptyStatement.DetectedCatch
• The PEAR.Commenting.FunctionComment.Missing error message now includes the name of the function
  • Thanks to Yorman Arias for the patch
• The PEAR.Commenting.ClassComment.Missing and Squiz.Commenting.ClassComment.Missing error messages now include the name of the class
  • Thanks to Yorman Arias for the patch
• PEAR.Functions.FunctionCallSignature now only forces alignment at a specific tab stop while fixing
  • It was enforcing this during checking, but this meant invalid errors if the OpeningIndent message was being muted
  • This fixes incorrect errors when using the PSR2 standard with some code blocks
• Generic.Files.LineLength now ignores lines that only contain phpcs: annotation comments
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.Formatting.MultipleStatementAlignment now skips over arrays containing comments
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.PHP.Syntax now forces display_errors to ON when linting
  • Thanks to Raúl Arellano for the patch
• PSR2.Namespaces.UseDeclaration has improved syntax error handling and closure detection
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.PHP.CommentedOutCode now has improved comment block detection for improved accuracy
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.PHP.NonExecutableCode could fatal error while fixing file with syntax error
• Squiz.PHP.NonExecutableCode now detects unreachable code after a goto statement
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.WhiteSpace.LanguageConstructSpacing has improved syntax error handling while fixing
  • Thanks to Juliette Reinders Folmer for the patch
• Improved phpcs: annotation syntax handling for a number of sniffs
  • Thanks to Juliette Reinders Folmer for the patch
• Improved auto-fixing of files with incomplete comment blocks for various commenting sniffs
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed test suite compatibility with PHPUnit 7
• Fixed bug #1793 : PSR2 forcing exact indent for function call opening statements
• Fixed bug #1803 : Squiz.WhiteSpace.ScopeKeywordSpacing removes member var name while fixing if no space after scope keyword
• Fixed bug #1817 : Blank line not enforced after control structure if comment on same line as closing brace
• Fixed bug #1827 : A phpcs:enable comment is not tokenized correctly if it is outside a phpcs:disable block
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #1828 : Squiz.WhiteSpace.SuperfluousWhiteSpace ignoreBlankLines property ignores whitespace after single line comments
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #1840 : When a comment has too many asterisks, phpcbf gives FAILED TO FIX error
• Fixed bug #1867 : Cant use phpcs:ignore where the next line is HTML
• Fixed bug #1870 : Invalid warning in multiple assignments alignment with closure or anon class
• Fixed bug #1890 : Incorrect Squiz.WhiteSpace.ControlStructureSpacing.NoLineAfterClose error between catch and finally statements
• Fixed bug #1891 : Comment on last USE statement causes false positive for PSR2.Namespaces.UseDeclaration.SpaceAfterLastUse
  • Thanks to Matt Coleman, Daniel Hensby, and Juliette Reinders Folmer for the patch
• Fixed bug #1901 : Fixed PHPCS annotations in multi-line tab-indented comments + not ignoring whole line for phpcs:set
  • Thanks to Juliette Reinders Folmer for the patch

3.2.2

• Disabled STDIN detection on Windows
  • This fixes a problem with IDE plugins (e.g., PHPStorm) hanging on Windows

3.2.1

• Fixed problems with some scripts and plugins waiting for STDIN
  • This was a notable problem with IDE plugins (e.g., PHPStorm) and build systems
• Empty diffs are no longer followed by a newline character (request #1781)
• Generic.Functions.OpeningFunctionBraceKernighanRitchie no longer complains when the open brace is followed by a close tag
  • This makes the sniff more useful when used in templates
  • Thanks to Joseph Zidell for the patch
• Fixed bug #1782 : Incorrect detection of operator in ternary + anonymous function

3.2.0

Comment Syntax Changes

This release deprecates the @codingStandards comment syntax used for sending commands to PHP_CodeSniffer. The existing syntax will continue to work in all version 3 releases, but will be removed in version 4

The comment formats have been replaced by a shorter syntax:

• @codingStandardsIgnoreFile becomes phpcs:ignoreFile
• @codingStandardsIgnoreStart becomes phpcs:disable
• @codingStandardsIgnoreEnd becomes phpcs:enable
• @codingStandardsIgnoreLine becomes phpcs:ignore
• @codingStandardsChangeSetting becomes phpcs:set

The new syntax allows for additional developer comments to be added after a -- separator. This is useful for describing why a code block is being ignored, or why a setting is being changed. E.g., // phpcs:disable -- This code block must be left as-is.

Comments using the new syntax are assigned new comment token types to allow them to be detected:

• phpcs:ignoreFile has the token T_PHPCS_IGNORE_FILE
• phpcs:disable has the token T_PHPCS_DISABLE
• phpcs:enable has the token T_PHPCS_ENABLE
• phpcs:ignore has the token T_PHPCS_IGNORE
• phpcs:set has the token T_PHPCS_SET

Other Changes

• The phpcs:disable and phpcs:ignore comments can now selectively ignore specific sniffs (request #604)
  • E.g., // phpcs:disable Generic.Commenting.Todo.Found for a specific message
  • E.g., // phpcs:disable Generic.Commenting.Todo for a whole sniff
  • E.g., // phpcs:disable Generic.Commenting for a whole category of sniffs
  • E.g., // phpcs:disable Generic for a whole standard
  • Multiple sniff codes can be specified by comma separating them
    • E.g., // phpcs:disable Generic.Commenting.Todo,PSR1.Files
• @codingStandardsIgnoreLine comments now only ignore the following line if they are on a line by themselves
  • If they are at the end of an existing line, they will only ignore the line they are on
  • Stops some lines from accidentally being ignored
  • Same rule applies for the new phpcs:ignore comment syntax
• PSR1.Files.SideEffects now respects the new phpcs:disable comment syntax
  • The sniff will no longer check any code that is between phpcs:disable and phpcs:enable comments
  • The sniff does not support phpcs:ignore; you must wrap code structures with disable/enable comments
  • Previously, there was no way to have this sniff ignore parts of a file
• Fixed a problem where PHPCS would sometimes hang waiting for STDIN, or read incomplete versions of large files
  • Thanks to Arne Jørgensen for the patch
• Array properties specified in ruleset files now have their keys and values trimmed
  • This saves having to do this in individual sniffs and stops errors introduced by whitespace in rulesets
  • Thanks to Juliette Reinders Folmer for the patch
• Added phpcs.xsd to allow validation of ruleset XML files
  • Thanks to Renaat De Muynck for the contribution
• File paths specified using --stdin-path can now point to fake file locations (request #1488)
  • Previously, STDIN files using fake file paths were excluded from checking
• Setting an empty basepath (--basepath=) on the CLI will now clear a basepath set directly in a ruleset
  • Thanks to Xaver Loppenstedt for the patch
• Ignore patterns are now checked on symlink target paths instead of symlink source paths
  • Restores previous behaviour of this feature
• Metrics were being double counted when multiple sniffs were recording the same metric
• Added support for bash process substitution
  • Thanks to Scott Dutton for the contribution
• Files included in the cache file code hash are now sorted to aid in cache file reuse across servers
• Windows BAT files can now be used outside a PEAR install
  • You must have the path to PHP set in your PATH environment variable
  • Thanks to Joris Debonnet for the patch
• The JS unsigned right shift assignment operator is now properly classified as an assignment operator
  • Thanks to Juliette Reinders Folmer for the patch
• The AbstractVariableSniff abstract sniff now supports anonymous classes and nested functions
  • Also fixes an issue with Squiz.Scope.MemberVarScope where member vars of anonymous classes were not being checked
• Added AbstractArraySniff to make it easier to create sniffs that check array formatting
  • Allows for checking of single and multi line arrays easily
  • Provides a parsed structure of the array including positions of keys, values, and double arrows
• Added Generic.Arrays.ArrayIndent to enforce a single tab stop indent for array keys in multi-line arrays
  • Also ensures the close brace is on a new line and indented to the same level as the original statement
  • Allows for the indent size to be set using an indent property of the sniff
• Added Generic.PHP.DiscourageGoto to warn about the use of the GOTO language construct
  • Thanks to Juliette Reinders Folmer for the contribution
• Generic.Debug.ClosureLinter was not running the gjslint command
  • Thanks to Michał Bundyra for the patch
• Generic.WhiteSpace.DisallowSpaceIndent now fixes space indents in multi-line block comments
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.WhiteSpace.DisallowSpaceIndent now fixes mixed space/tab indents more accurately
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.WhiteSpace.DisallowTabIndent now fixes tab indents in multi-line block comments
  • Thanks to Juliette Reinders Folmer for the patch
• PEAR.Functions.FunctionDeclaration no longer errors when a function declaration is the first content in a JS file
  • Thanks to Juliette Reinders Folmer for the patch
• PEAR.Functions.FunctionCallSignature now requires the function name to be indented to an exact tab stop
  • If the function name is not the start of the statement, the opening statement must be indented correctly instead
  • Added a new fixable error code PEAR.Functions.FunctionCallSignature.OpeningIndent for this error
• Squiz.Functions.FunctionDeclarationArgumentSpacing is no longer confused about comments in function declarations
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.PHP.NonExecutableCode error messages now indicate which line the code block ending is on
  • Makes it easier to identify where the code block exited or returned
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.Commenting.FunctionComment now supports nullable type hints
• Squiz.Commenting.FunctionCommentThrowTag no longer assigns throw tags inside anon classes to the enclosing function
• Squiz.WhiteSpace.SemicolonSpacing now ignores semicolons used for empty statements inside FOR conditions
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.ControlStructures.ControlSignature now allows configuring the number of spaces before the colon in alternative syntax
  • Override the requiredSpacesBeforeColon setting in a ruleset.xml file to change
  • Default remains at 1
  • Thanks to Nikola Kovacs for the patch
• The Squiz standard now ensures array keys are indented 4 spaces from the main statement
  • Previously, this standard aligned keys 1 space from the start of the array keyword
• The Squiz standard now ensures array end braces are aligned with the main statement
  • Previously, this standard aligned the close brace with the start of the array keyword
• The standard for PHP_CodeSniffer itself now enforces short array syntax
• The standard for PHP_CodeSniffer itself now uses the Generic.Arrays/ArrayIndent sniff rules
• Improved fixer conflicts and syntax error handling for a number of sniffs
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #1462 : Error processing cyrillic strings in Tokenizer
• Fixed bug #1573 : Squiz.WhiteSpace.LanguageConstructSpacing does not properly check for tabs and newlines
  • Thanks to Michał Bundyra for the patch
• Fixed bug #1590 : InlineControlStructure CBF issue while adding braces to an if thats returning a nested function
• Fixed bug #1718 : Unclosed strings at EOF sometimes tokenized as T_WHITESPACE by the JS tokenizer
• Fixed bug #1731 : Directory exclusions do not work as expected when a single file name is passed to phpcs
• Fixed bug #1737 : Squiz.CSS.EmptyStyleDefinition sees comment as style definition and fails to report error
• Fixed bug #1746 : Very large reports can sometimes become garbled when using the parallel option
• Fixed bug #1747 : Squiz.Scope.StaticThisUsage incorrectly looking inside closures
• Fixed bug #1757 : Unknown type hint "object" in Squiz.Commenting.FunctionComment
• Fixed bug #1758 : PHPCS gets stuck creating file list when processing circular symlinks
• Fixed bug #1761 : Generic.WhiteSpace.ScopeIndent error on multi-line function call with static closure argument
• Fixed bug #1762 : Generic.WhiteSpace.Disallow[Space/Tab]Indent not inspecting content before open tag
  • Thanks to Juliette Reinders Folmer for the patch
• Fixe...

3.1.1

• Restored preference of non-dist files over dist files for phpcs.xml and phpcs.xml.dist
  • The order that the files are searched is now: .phpcs.xml, phpcs.xml, .phpcs.xml.dist, phpcs.xml.dist
  • Thanks to Juliette Reinders Folmer for the patch
• Progress output now correctly shows skipped files
• Progress output now shows 100% when the file list has finished processing (request #1697)
• Stopped some IDEs complaining about testing class aliases
  • Thanks to Vytautas Stankus for the patch
• Squiz.Commenting.InlineComment incorrectly identified comment blocks in some cases, muting some errors
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #1512 : PEAR.Functions.FunctionCallSignature enforces spaces when no arguments if required spaces is not 0
• Fixed bug #1522 : Squiz Arrays.ArrayDeclaration and Strings.ConcatenationSpacing fixers causing parse errors with here/nowdocs
• Fixed bug #1570 : Squiz.Arrays.ArrayDeclaration fixer removes comments between array keyword and open parentheses
• Fixed bug #1604 : File::isReference has problems with some bitwise operators and class property references
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #1645 : Squiz.Commenting.InlineComment will fail to fix comments at the end of the file
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #1656 : Using the --sniffs argument has a problem with case sensitivity
• Fixed bug #1657 : Uninitialized string offset: 0 when sniffing CSS
• Fixed bug #1669 : Temporary expression proceeded by curly brace is detected as function call
• Fixed bug #1681 : Huge arrays are super slow to scan with Squiz.Arrays.ArrayDeclaration sniff
• Fixed bug #1694 : Squiz.Arrays.ArrayBracketSpacing is removing some comments during fixing
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #1702 : Generic.WhiteSpaceDisallowSpaceIndent fixer bug when line only contains superfluous whitespace

3.1.0

Unit Test Changes

• This release includes a change to support newer versions of PHPUnit (versions 4, 5, and 6 are now supported)
  • The custom PHP_CodeSniffer test runner now requires a bootstrap file
  • Developers with custom standards using the PHP_CodeSniffer test runner will need to do one of the following:
    • run your unit tests from the PHP_CodeSniffer root dir so the bootstrap file is included
    • specify the PHP_CodeSniffer bootstrap file on the command line: phpunit --bootstrap=/path/to/phpcs/tests/bootstrap.php
    • require the PHP_CodeSniffer bootstrap file from your own bootstrap file
  • If you don't run PHP_CodeSniffer unit tests, this change will not affect you
  • Thanks to Juliette Reinders Folmer for the patch

Other Changes

• A phpcs.xml or phpcs.xml.dist file now takes precedence over the default_standard config setting
  • Thanks to Björn Fischer for the patch
• Both phpcs.xml and phpcs.xml.dist files can now be prefixed with a dot (request #1566)
  • The order that the files are searched is: .phpcs.xml, .phpcs.xml.dist, phpcs.xml, phpcs.xml.dist
• The autoloader will now search for files during unit tests runs from the same locations as during normal phpcs runs
  • Allows for easier unit testing of custom standards that use helper classes or custom namespaces
• Include patterns for sniffs now use OR logic instead of AND logic
  • Previously, a file had to be in each of the include patterns to be processed by a sniff
  • Now, a file has to only be in at least one of the patterns
  • This change reflects the original intention of the feature
• PHPCS will now follow symlinks under the list of checked directories
  • This previously only worked if you specified the path to a symlink on the command line
• Output from --config-show, --config-set, and --config-delete now includes the path to the loaded config file
• PHPCS now cleanly exits if its config file is not readable
  • Previously, a combination of PHP notices and PHPCS errors would be generated
• Comment tokens that start with /** are now always tokenized as docblocks
  • Thanks to Michał Bundyra for the patch
• The PHP-supplied T_YIELD and T_YIELD_FROM tokens have been replicated for older PHP versions
  • Thanks to Michał Bundyra for the patch
• Added new Generic.CodeAnalysis.AssignmentInCondition sniff to warn about variable assignments inside conditions
  • Thanks to Juliette Reinders Folmer for the contribution
• Added Generic.Files.OneObjectStructurePerFile sniff to ensure there is a single class/interface/trait per file
  • Thanks to Mponos George for the contribution
• Function call sniffs now check variable function names and self/static object creation
  • Specific sniffs are Generic.Functions.FunctionCallArgumentSpacing, PEAR.Functions.FunctionCallSignature, and PSR2.Methods.FunctionCallSignature
  • Thanks to Michał Bundyra for the patch
• Generic.Files.LineLength can now be configured to ignore all comment lines, no matter their length
  • Set the ignoreComments property to TRUE (default is FALSE) in your ruleset.xml file to enable this
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.PHP.LowerCaseKeyword now checks self, parent, yield, yield from, and closure (function) keywords
  • Thanks to Michał Bundyra for the patch
• PEAR.Functions.FunctionDeclaration now removes a blank line if it creates one by moving the curly brace during fixing
• Squiz.Commenting.FunctionCommentThrowTag now supports PHP 7.1 multi catch exceptions
• Squiz.Formatting.OperatorBracket no longer throws errors for PHP 7.1 multi catch exceptions
• Squiz.Commenting.LongConditionClosingComment now supports finally statements
• Squiz.Formatting.OperatorBracket now correctly fixes pipe separated flags
• Squiz.Formatting.OperatorBracket now correctly fixes statements containing short array syntax
• Squiz.PHP.EmbeddedPhp now properly fixes cases where the only content in an embedded PHP block is a comment
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.WhiteSpace.ControlStructureSpacing now ignores comments when checking blank lines at the top of control structures
• Squiz.WhiteSpace.ObjectOperatorSpacing now detects and fixes spaces around double colons
  • Thanks to Julius Šmatavičius for the patch
• Squiz.WhiteSpace.MemberVarSpacing can now be configured to check any number of blank lines between member vars
  • Set the spacing property (default is 1) in your ruleset.xml file to set the spacing
• Squiz.WhiteSpace.MemberVarSpacing can now be configured to check a different number of blank lines before the first member var
  • Set the spacingBeforeFirst property (default is 1) in your ruleset.xml file to set the spacing
• Added a new PHP_CodeSniffer\Util\Tokens::$ooScopeTokens static member var for quickly checking object scope
  • Includes T_CLASS, T_ANON_CLASS, T_INTERFACE, and T_TRAIT
  • Thanks to Juliette Reinders Folmer for the patch
• PHP_CodeSniffer\Files\File::findExtendedClassName() now supports extended interfaces
  • Thanks to Martin Hujer for the patch
• Fixed bug #1550 : Squiz.Commenting.FunctionComment false positive when function contains closure
• Fixed bug #1577 : Generic.InlineControlStructureSniff breaks with a comment between body and condition in do while loops
• Fixed bug #1581 : Sniffs not loaded when one-standard directories are being registered in installed_paths
• Fixed bug #1591 : Autoloader failing to load arbitrary files when installed_paths only set via a custom ruleset
• Fixed bug #1605 : Squiz.WhiteSpace.OperatorSpacing false positive on unary minus after comment
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #1615 : Uncaught RuntimeException when phpcbf fails to fix files
• Fixed bug #1637 : Generic.WhiteSpaceScopeIndent closure argument indenting incorrect with multi-line strings
• Fixed bug #1638 : Squiz.WhiteSpace.ScopeClosingBrace closure argument indenting incorrect with multi-line strings
• Fixed bug #1640 : Squiz.Strings.DoubleQuoteUsage replaces tabs with spaces when fixing
  • Thanks to Juliette Reinders Folmer for the patch

3.0.2

• Fixed a problem where the source report was not printing the correct number of errors found
• Fixed a problem where the --cache=/path/to/cachefile CLI argument was not working
• The code report now gracefully handles tokenizer exceptions
• The phpcs and phpcbf scripts are now the only places that exit() in the code
  • This allows for easier usage of core PHPCS functions from external scripts
  • If you are calling Runner::runPHPCS() or Runner::runPHPCBF() directly, you will get back the full range of exit codes
  • If not, catch the new DeepExitException to get the error message ($e->getMessage()) and exit code ($e->getCode())
• NOWDOC tokens are now considered conditions, just as HEREDOC tokens are
  • This makes it easier to find the start and end of a NOWDOC from any token within it
  • Thanks to Michał Bundyra for the patch
• Custom autoloaders are now only included once in case multiple standards are using the same one
  • Thanks to Juliette Reinders Folmer for the patch
• Improved tokenizing of fallthrough CASE and DEFAULT statements that share a closing statement and use curly braces
• Improved the error message when Squiz.ControlStructures.ControlSignature detects a newline after the closing parenthesis
• Fixed bug #1465 : Generic.WhiteSpace.ScopeIndent reports incorrect errors when indenting double arrows in short arrays
• Fixed bug #1478 : Indentation in fallthrough CASE that contains a closure
• Fixed bug #1497 : Fatal error if composer prepend-autoloader is set to false
  • Thanks to Kunal Mehta for the patch
• Fixed bug #1503 : Alternative control structure syntax not always recognized as scoped
• Fixed bug #1523 : Fatal error when using the --suffix argument
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #1526 : Use of basepath setting can stop PHPCBF being able to write fixed files
• Fixed bug #1530 : Generic.WhiteSpace.ScopeIndent can increase indent too much for lines within code blocks
• Fixed bug #1547 : Wrong token type for backslash in use function
  • Thanks to Michał Bundyra for the patch
• Fixed bug #1549 : Squiz.PHP.EmbeddedPhp fixer conflict with // comment before PHP close tag
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #1560 : Squiz.Commenting.FunctionComment fatal error when fixing additional param comment lines that have no indent

3.0.1

Security Advisory

• This release contains a fix for a security advisory related to the improper handling of a shell command
  • A properly crafted filename would allow for arbitrary code execution when using the --filter=gitmodified command line option
  • All version 3 users are encouraged to upgrade to this version, especially if you are checking 3rd-party code
    • e.g., you run PHPCS over libraries that you did not write
    • e.g., you provide a web service that runs PHPCS over user-uploaded files or 3rd-party repositories
    • e.g., you allow external tool paths to be set by user-defined values
  • If you are unable to upgrade but you check 3rd-party code, ensure you are not using the Git modified filter
  • This advisory does not affect PHP_CodeSniffer version 2.
  • Thanks to Sergei Morozov for the report and patch

Other Changes

• Arguments on the command line now override or merge with those specified in a ruleset.xml file in all cases
• PHPCS now stops looking for a phpcs.xml file as soon as one is found, favoring the closest one to the current dir
• Added missing help text for the --stdin-path CLI option to --help
• Re-added missing help text for the --file-list and --bootstrap CLI options to --help
• Runner::runPHPCS() and Runner::runPHPCBF() now return an exit code instead of exiting directly (request #1484)
• The Squiz standard now enforces short array syntax by default
• The autoloader is now working correctly with classes created with class_alias()
• The autoloader will now search for files inside all directories in the installed_paths config var
  • This allows autoloading of files inside included custom coding standards without manually requiring them
• You can now specify a namespace for a custom coding standard, used by the autoloader to load non-sniff helper files
  • Also used by the autoloader to help other standards directly include sniffs for your standard
  • Set the value to the namespace prefix you are using for sniff files (everything up to \Sniffs\)
  • e.g., if your namespace format is MyProject\CS\Standard\Sniffs\Category set the namespace to MyProject\CS\Standard
  • If omitted, the namespace is assumed to be the same as the directory name containing the ruleset.xml file
  • The namespace is set in the ruleset tag of the ruleset.xml file
  • e.g., <ruleset name="My Coding Standard" namespace="MyProject\CS\Standard">
• Rulesets can now specify custom autoloaders using the new autoload tag
  • Autoloaders are included while the ruleset is being processed and before any custom sniffs are included
  • Allows for very custom autoloading of helper classes well before the bootstrap files are included
• The PEAR standard now includes Squiz.Commenting.DocCommentAlignment
  • It previously broke comments onto multiple lines, but didn't align them
• Fixed a problem where excluding a message from a custom standard's own sniff would exclude the whole sniff
  • This caused some PSR2 errors to be under-reported
• Fixed bug #1442 : T_NULLABLE detection not working for nullable parameters and return type hints in some cases
• Fixed bug #1447 : Running the unit tests with a phpunit config file breaks the test suite
  • Unknown arguments were not being handled correctly, but are now stored in $config->unknown
• Fixed bug #1449 : Generic.Classes.OpeningBraceSameLine doesn't detect comment before opening brace
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #1450 : Coding standard located under an installed_path with the same directory name throws an error
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #1451 : Sniff exclusions/restrictions dont work with custom sniffs unless they use the PHP_CodeSniffer NS
• Fixed bug #1454 : Squiz.WhiteSpace.OperatorSpacing is not checking spacing on either side of a short ternary operator
  • Thanks to Mponos George for the patch
• Fixed bug #1495 : Setting an invalid installed path breaks all commands
• Fixed bug #1496 : Squiz.Strings.DoubleQuoteUsage not unescaping dollar sign when fixing
  • Thanks to Michał Bundyra for the patch
• Fixed bug #1501 : Interactive mode is broken
• Fixed bug #1504 : PSR2.Namespaces.UseDeclaration hangs fixing use statement with no trailing code