1.4.1

Ignore Patterns

In version 1.3.6, ignore patterns were changed so that they are checked against the relative path of a file instead of the absolute path. This change was done to allow standards to define ignore patterns that didn't have to assume where the code was installed. But there were only very specific cases where using relative paths was better than absolute paths, and all existing ignore patterns needed to be checked to ensure they still worked. Some didn't, and I felt that was important enough to revert the change.

So from version 1.4.1, ignore patterns are now checked against the absolute path of a file again. If you need the ability to check an ignore pattern against the relative path of a file, you can specify this in your ruleset.xml file:

<!--
    Patterns can be specified as relative if you would
    like the relative path of the file checked instead of the
    full path. This can sometimes help with portability.

    The relative path is determined based on the paths you
    pass into PHP_CodeSniffer on the command line.
-->
<exclude-pattern type="relative">^/tests/*</exclude-pattern>
<exclude-pattern type="relative">^/data/*</exclude-pattern>

The T_INLINE_ELSE Token

Natively, PHP doesn't tokenize the question mark or colon in an inline IF statement as a special type of token. PHP_CodeSniffer has always converted the question mark into a token called T_INLINE_THEN but it has always left the colon as T_COLON. Sniffs that look for inline IF statements typically look for the T_INLINE_THEN token and then look ahead for a T_COLON to find the ELSE component.

But now, the colon in an inline IF statement is tokenized as T_INLINE_ELSE. For example, this code:

<?php
$foo = ($bar === true ? 'yes' : 'no');

Will tokenize as:

Process token 0 on line 1 [lvl:0;]: T_OPEN_TAG => <?php\n
Process token 1 on line 2 [lvl:0;]: T_VARIABLE => $foo
Process token 2 on line 2 [lvl:0;]: T_WHITESPACE =>  
Process token 3 on line 2 [lvl:0;]: T_EQUAL => =
Process token 4 on line 2 [lvl:0;]: T_WHITESPACE =>  
Process token 5 on line 2 [lvl:0;]: T_OPEN_PARENTHESIS => (
Process token 6 on line 2 [lvl:0;]: T_VARIABLE => $bar
Process token 7 on line 2 [lvl:0;]: T_WHITESPACE =>  
Process token 8 on line 2 [lvl:0;]: T_IS_IDENTICAL => ===
Process token 9 on line 2 [lvl:0;]: T_WHITESPACE =>  
Process token 10 on line 2 [lvl:0;]: T_TRUE => true
Process token 11 on line 2 [lvl:0;]: T_WHITESPACE =>  
Process token 12 on line 2 [lvl:0;]: T_INLINE_THEN => ?
Process token 13 on line 2 [lvl:0;]: T_WHITESPACE =>  
Process token 14 on line 2 [lvl:0;]: T_CONSTANT_ENCAPSED_STRING => 'yes'
Process token 15 on line 2 [lvl:0;]: T_WHITESPACE =>  
Process token 16 on line 2 [lvl:0;]: T_INLINE_ELSE => :
Process token 17 on line 2 [lvl:0;]: T_WHITESPACE =>  
Process token 18 on line 2 [lvl:0;]: T_CONSTANT_ENCAPSED_STRING => 'no'
Process token 19 on line 2 [lvl:0;]: T_CLOSE_PARENTHESIS => )
Process token 20 on line 2 [lvl:0;]: T_SEMICOLON => ;
Process token 21 on line 2 [lvl:0;]: T_WHITESPACE => \n

Existing sniffs will need to be modified to ensure they work correctly.

Changing the Type of Messages

A problem coding standard developers used to face was that messages could not be changed from errors to warnings, or from warnings to errors. This meant that a new sniff had to be written, or they'd have to live with the existing one, even though it didn't match their coding standard. Sometimes severity levels could be used to work around the problem. But PHP_CodeSniffer now allows you to change the type of any message:

<!--
    You can also change the type of a message from error to
    warning and vice versa.
-->
<rule ref="Generic.Commenting.Todo.CommentFound">
  <type>error</type>
</rule>
<rule ref="Squiz.Strings.DoubleQuoteUsage.ContainsVar">
  <type>warning</type>
</rule>

Mixed Line Endings

PHP_CodeSniffer has trouble tokenizing files that contain mixed line endings. The newline character that is found at the end of the first line is used throughout the tokenizing process to save a lot of processing time, but this may result in line endings being missed. Even the PHP tokenizer can give mixed results when the line endings do not match, although you are unlikely to see any errors on the screen. If processing JS code, you are more likely to see PHP notices from sniffs that get confused.

PHP_CodeSniffer now adds a special internal warning to every file that contains mixed line endings. The warning lets you know that PHP_CodeSniffer may have problems checking that file. It wont stop all the PHP notices from being shown, but it will at least tell you why they are there. And for continuous integration systems that hide the notices, you'll get a notification in the error report so you are informed.

This warning has the code Internal.LineEndings.Mixed and can be overridden in a ruleset.xml file in the same way the Internal.NoCodeFound message can be. This allows you to change the message, the type from a warning to an error, or hide it completely by setting the severity to 0.

Other Changes

• All ignore patterns have been reverted to being checked against the absolute path of a file
  • Patterns can be specified to be relative in a rulset.xml file, but nowhere else
  • e.g., [exclude-pattern type="relative"]^tests/*[/exclude-pattern](with angle brackets, not square brackets)
• Added support for PHP tokenizing of T_INLINE_ELSE colons, so this token type is now available
  • Custom sniffs that rely on looking for T_COLON tokens inside inline if statements must be changed to use the new token
  • Fixes bug #19666 : PSR1.Files.SideEffects throws a notice Undefined index: scope_closer
• Messages can now be changed from errors to warnings (and vice versa) inside ruleset.xml files
  • As you would with "message" and "severity", specify a "type" tag under a "rule" tag and set the value to "error" or "warning"
• PHP_CodeSniffer will now generate a warning on files that it detects have mixed line endings
  • This warning has the code Internal.LineEndings.Mixed and can be overriden in a ruleset.xml file
  • Thanks to Vit Brunner for help with this
• Sniffs inside PHP 5.3 namespaces are now supported, along with the existing underscore-style emulated namespaces
  • For example: namespace MyStandard\Sniffs\Arrays; class ArrayDeclarationSniff implements \PHP_CodeSniffer_Sniff { ...
  • Thanks to Till Klampaeckel for the patch
• Generic DuplicateClassNameSniff is no longer a multi-file sniff, so it won't max out your memory
  • Multi-file sniff support should be considered deprecated as standard sniffs can now do the same thing
• Added Generic DisallowSpaceIndent to check that files are indented using tabs
• Added Generic OneClassPerFileSniff to check that only one class is defined in each file
  • Thanks to Andy Grunwald for the contribution
• Added Generic OneInterfacePerFileSniff to check that only one interface is defined in each file
  • Thanks to Andy Grunwald for the contribution
• Added Generic LowercasedFilenameSniff to check that filenames are lowercase
  • Thanks to Andy Grunwald for the contribution
• Added Generic ClosingPHPTagSniff to check that each open PHP tag has a corresponding close tag
  • Thanks to Andy Grunwald for the contribution
• Added Generic CharacterBeforePHPOpeningTagSniff to check that the open PHP tag is the first content in a file
  • Thanks to Andy Grunwald for the contribution
• Fixed incorrect errors in Squiz OperatorBracketSniff and OperatorSpacingSniff for negative numbers in CASE statements
  • Thanks to Arnout Boks for the patch
• Generic CamelCapsFunctionNameSniff no longer enforces exact case matching for PHP magic methods
• Generic CamelCapsFunctionNameSniff no longer throws errors for overridden SOAPClient methods prefixed with double underscores
  • Thanks to Dorian Villet for the patch
• PEAR ValidFunctionNameSniff now supports traits
• PSR1 ClassDeclarationSniff no longer throws an error for non-namespaced code if PHP version is less than 5.3.0
• Fixed bug #19616 : Nested switches cause false error in PSR2
• Fixed bug #19629 : PSR2 error for inline comments on multi-line argument lists
• Fixed bug #19644 : Alternative syntax, e.g. if/endif triggers Inline Control Structure error
• Fixed bug #19655 : Closures reporting as multi-line when they are not
• Fixed bug #19675 : Improper indent of nested anonymous function bodies in a call
• Fixed bug #19685 : PSR2 catch-22 with empty third statement in for loop
• Fixed bug #19687 : Anonymous functions inside arrays marked as indented incorrectly in PSR2

1.4.0

• Added PSR1 and PSR2 coding standards that can be used to check your code against these guidelines
• PHP 5.4 short array syntax is now detected and tokens are assigned to the open and close characters
  • New tokens are T_OPEN_SHORT_ARRAY and T_CLOSE_SHORT_ARRAY as PHP does not define its own
• Added the ability to explain a coding standard by listing the sniffs that it includes
  • The sniff list includes all imported and native sniffs
  • Explain a standard by using the -e and --standard=[standard] command line arguments
  • E.g., phpcs -e --standard=Squiz
  • Thanks to Ben Selby for the idea
• Added report to show results using notify-send
  • Use --report=notifysend to generate the report
  • Thanks to Christian Weiske for the contribution
• The JS tokenizer now recognises RETURN as a valid closer for CASE and DEFAULT inside switch statements
• AbstractPatternSniff now sets the ignoreComments option using a public var rather than through the constructor
  • This allows the setting to be overwritten in ruleset.xml files
  • Old method remains for backwards compatibility
• Generic LowerCaseConstantSniff and UpperCaseConstantSniff no longer report errors on classes named True, False or Null
• PEAR ValidFunctionNameSniff no longer enforces exact case matching for PHP magic methods
• Squiz SwitchDeclarationSniff now allows RETURN statements to close a CASE or DEFAULT statement
• Squiz BlockCommentSniff now correctly reports an error for blank lines before blocks at the start of a control structure
• Fixed a PHP notice generated when loading custom array settings from a rulset.xml file
• Fixed bug #17908 : CodeSniffer does not recognise optional @params
  • Thanks to Pete Walker for the patch
• Fixed bug #19538 : Function indentation code sniffer checks inside short arrays
• Fixed bug #19565 : Non-Executable Code Sniff Broken for Case Statements with both return and break
• Fixed bug #19612 : Invalid @Package suggestion

1.3.6

• Memory usage has been dramatically reduced when using the summary report
  • Reduced memory is only available when displaying a single summary report to the screen
  • PHP_CodeSniffer will not generate any messages in this case, storing only error counts instead
  • Impact is most notable with very high error and warning counts
• Significantly improved the performance of Squiz NonExecutableCodeSniff
• Ignore patterns now check the relative path of a file based on the dir being checked
  • Allows ignore patterns to become more generic as the path to the code is no longer included when checking
  • Thanks to Kristof Coomans for the patch
• Sniff settings can now be changed by specifying a special comment format inside a file
  • e.g., // @codingStandardsChangeSetting PEAR.Functions.FunctionCallSignature allowMultipleArguments false
  • If you change a setting, don't forget to change it back
• Added Generic EndFileNewlineSniff to ensure PHP files end with a newline character
• PEAR FunctionCallSignatureSniff now includes a setting to force one argument per line in multi-line calls
  • Set allowMultipleArguments to false
• Squiz standard now enforces one argument per line in multi-line function calls
• Squiz FunctionDeclarationArgumentSpacingSniff now supports closures
• Squiz OperatorSpacingSniff no longer throws an error for negative values inside an inline THEN statement
  • Thanks to Klaus Purer for the patch
• Squiz FunctionCommentSniff now throws an error for not closing a comment with */
  • Thanks to Klaus Purer for the patch
• Summary report no longer shows two lines of PHP_Timer output when showing sources
• Fixed undefined variable error in PEAR FunctionCallSignatureSniff for lines with no indent
• Fixed bug #19502 : Generic.Files.LineEndingsSniff fails if no new-lines in file
• Fixed bug #19508 : switch+return: Closing brace indented incorrectly
• Fixed bug #19532 : The PSR-2 standard don't recognize Null in class names
• Fixed bug #19546 : Error thrown for __call() method in traits

1.3.5

• Added Generic CamelCapsFunctionNameSniff to just check if function and method names use camel caps
  • Does not allow underscore prefixes for private/protected methods
  • Defaults to strict checking, where two uppercase characters can not be next to each other
  • Strict checking can be disabled in a ruleset.xml file
• Squiz FunctionDeclarationArgumentSpacing now has a setting to specify how many spaces should surround equals signs
  • Default remains at 0
  • Override the equalsSpacing setting in a ruleset.xml file to change
• Squiz ClassDeclarationSniff now throws errors for > 1 space before extends/implements class name with ns seperator
• Squiz standard now warns about deprecated functions using Generic DeprecatedFunctionsSniff
• PEAR FunctionDeclarationSniff now reports an error for multiple spaces after the FUNCTION keyword and around USE
• PEAR FunctionDeclarationSniff now supports closures
• Squiz MultiLineFunctionDeclarationSniff now supports closures
• Exclude rules written for Unix systems will now work correctly on Windows
  • Thanks to Walter Tamboer for the patch
• The PHP tokenizer now recognises T_RETURN as a valid closer for T_CASE and T_DEFAULT inside switch statements
• Fixed duplicate message codes in Generic OpeningFunctionBraceKernighanRitchieSniff
• Fixed bug #18651 : PHPunit Test cases for custom standards are not working on Windows
• Fixed bug #19416 : Shorthand arrays cause bracket spacing errors
• Fixed bug #19421 : phpcs doesn't recognize ${x} as equivalent to $x
• Fixed bug #19428 : PHPCS Report "hgblame" doesn't support windows paths
  • Thanks to Justin Rovang for the patch
• Fixed bug #19448 : Problem with detecting remote standards
• Fixed bug #19463 : Anonymous functions incorrectly being flagged by NonExecutableCodeSniff
• Fixed bug #19469 : PHP_CodeSniffer_File::getMemberProperties() sets wrong scope
• Fixed bug #19471 : phpcs on Windows, when using Zend standard, doesn't catch problems
  • Thanks to Ivan Habunek for the patch
• Fixed bug #19478 : Incorrect indent detection in PEAR standard
  • Thanks to Shane Auckland for the patch
• Fixed bug #19483 : Blame Reports fail with space in directory name

1.3.4

• Added missing package.xml entries for new Generic FixmeSniff
  • Thanks to Jaroslav Hanslík for the patch
• Expected indents for PEAR ScopeClosingBraceSniff and FunctionCallSignatureSniff can now be set in ruleset files
  • Both sniffs use a variable called "indent"
  • Thanks to Thomas Despoix for the patch
• Standards designed to be installed in the PHPCS Standards dir will now work outside this dir as well
  • In particular, allows the Drupal CS to work without needing to symlink it into the PHPCS install
  • Thanks to Peter Philipp for the patch
• Rule references for standards, directories and specific sniffs can now be relative in ruleset.xml files
  • For example: ref="../MyStandard/Sniffs/Commenting/DisallowHashCommentsSniff.php"
• Symlinked standards now work correctly, allowing aliasing of installed standards (request #19417)
  • Thanks to Tom Klingenberg for the patch
• Squiz ObjectInstantiationSniff now allows objects to be returned without assinging them to a variable
• Added Squiz.Commenting.FileComment.MissingShort error message for file comments that only contains tags
  • Also stops undefined index errors being generated for these comments
• Debug option -vv now shows tokenizer status for CSS files
• Added support for new gjslint error formats
  • Thanks to Meck for the patch
• Generic ScopeIndentSniff now allows comment indents to not be exact even if the exact flag is set
  • The start of the comment is still checked for exact indentation as normal
• Fixed an issue in AbstractPatternSniff where comments were not being ignored in some cases
• Fixed an issue in Zend ClosingTagSniff where the closing tag was not always being detected correctly
  • Thanks to Jonathan Robson for the patch
• Fixed an issue in Generic FunctionCallArgumentSpacingSniff where closures could cause incorrect errors
• Fixed an issue in Generic UpperCaseConstantNameSniff where errors were incorrectly reported on goto statements
  • Thanks to Tom Klingenberg for the patch
• PEAR FileCommentSniff and ClassCommentSniff now support author emails with a single character in the local part
  • E.g., a@me.com
  • Thanks to Denis Shapkin for the patch
• Fixed bug #19290 : Generic indent sniffer fails for anonymous functions
• Fixed bug #19324 : Setting show_warnings configuration option does not work
• Fixed bug #19354 : Not recognizing references passed to method
• Fixed bug #19361 : CSS tokenzier generates errors when PHP embedded in CSS file
• Fixed bug #19374 : HEREDOC/NOWDOC Indentation problems
• Fixed bug #19381 : traits and indetations in traits are not handled properly
• Fixed bug #19394 : Notice in NonExecutableCodeSniff
• Fixed bug #19402 : Syntax error when executing phpcs on Windows with parens in PHP path
  • Thanks to Tom Klingenberg for the patch
• Fixed bug #19411 : magic method error on __construct()
  • The fix required a rewrite of AbstractScopeSniff, so please test any sniffs that extend this class
• Fixed bug #19412 : Incorrect error about assigning objects to variables when inside inline IF
• Fixed bug #19413 : php_cs thinks I haven't used a parameter when I have
• Fixed bug #19414 : php_cs seems to not track variables correctly in heredocs

1.3.3

• Added new Generic FixmeSniff that shows error messages for all FIXME comments left in your code
  • Thanks to Sam Graham for the contribution
• The maxPercentage setting in the Squiz CommentedOutCodeSniff can now be overriden in a rulset.xml file
  • Thanks to Volker Dusch for the patch
• The Checkstyle and XML reports now use XMLWriter
  • Only change in output is that empty file tags are no longer produced for files with no violations
  • Thanks to Sebastian Bergmann for the patch
• Added PHP_CodeSniffer_Tokens::$bracketTokens to give sniff writers fast access to open and close bracket tokens
• Fixed an issue in AbstractPatternSniff where EOL tokens were not being correctly checked in some cases
• PHP_CodeSniffer_File::getTokensAsString() now detects incorrect length value (request #19313)
• Fixed bug #19114 : CodeSniffer checks extension even for single file
• Fixed bug #19171 : Show sniff codes option is ignored by some report types
  • Thanks to Dominic Scheirlinck for the patch
• Fixed bug #19188 : Lots of PHP Notices when analyzing the Symfony framework
  • First issue was list-style.. lines in CSS files not properly adjusting open/close bracket positions
  • Second issue was notices caused by bug #19137
• Fixed bug #19208 : UpperCaseConstantName reports class members
  • Was also a problem with LowerCaseConstantName as well
• Fixed bug #19256 : T_DOC_COMMENT in CSS files breaks ClassDefinitionNameSpacingSniff
  • Thanks to Klaus Purer for the patch
• Fixed bug #19264 : Squiz.PHP.NonExecutableCode does not handle RETURN in CASE without BREAK
• Fixed bug #19270 : DuplicateClassName does not handle namespaces correctly
• Fixed bug #19283 : CSS @media rules cause false positives
  • Thanks to Klaus Purer for the patch

1.3.2

• Added Generic JSHintSniff to run jshint.js over a JS file and report warnings
  • Set jshint path using phpcs --config-set jshint_path /path/to/jshint-rhino.js
  • Set rhino path using phpcs --config-set rhino_path /path/to/rhino
  • Thanks to Alexander Weiß for the contribution
• Nowdocs are now tokenized using PHP_CodeSniffer specific T_NOWDOC tokens for easier identification
• Generic UpperCaseConstantNameSniff no longer throws errors for namespaces
  • Thanks to Jaroslav Hanslík for the patch
• Squiz NonExecutableCodeSniff now detects code after thrown exceptions
  • Thanks to Jaroslav Hanslík for the patch
• Squiz OperatorSpacingSniff now ignores references
  • Thanks to Jaroslav Hanslík for the patch
• Squiz FunctionCommentSniff now reports a missing function comment if it finds a standard code comment instead
• Squiz FunctionCommentThrownTagSniff no longer reports errors if it can't find a function comment
• Fixed unit tests not running under Windows
  • Thanks to Jaroslav Hanslík for the patch
• Fixed bug #18964 : "$stackPtr must be of type T_VARIABLE" on heredocs and nowdocs
• Fixed bug #18973 : phpcs is looking for variables in a nowdoc
• Fixed bug #18974 : Blank line causes "Multi-line function call not indented correctly"
  • Adds new error message to ban empty lines in multi-line function calls
• Fixed bug #18975 : "Closing parenthesis must be on a line by itself" also causes indentation error

1.3.1

• All report file command line arguments now work with relative paths (request #17240)
• The extensions command line argument now supports multi-part file extensions (request #17227)
• Added report type --report=hgblame to show number of errors/warnings committed by authors in a Mercurial repository
  • Has the same functionality as the svnblame report
  • Thanks to Ben Selby for the patch
• Added T_BACKTICK token type to make detection of backticks easier (request #18799)
• Added pattern matching support to Generic ForbiddenFunctionsSniff
  • If you are extending it and overriding register() or addError() you will need to review your sniff
• Namespaces are now recognised as scope openers, although they do not require braces (request #18043)
• Added new ByteOrderMarkSniff to Generic standard (request #18194)
  • Throws an error if a byte order mark is found in any PHP file
  • Thanks to Piotr Karas for the contribution
• PHP_Timer output is no longer included in reports when being written to a file (request #18252)
  • Also now shown for all report types if nothing is being printed to the screen
• Generic DeprecatedFunctionSniff now reports functions as deprecated and not simply forbidden (request #18288)
• PHPCS now accepts file contents from STDIN (request #18447)
  • Example usage: cat temp.php | phpcs [options] -OR- phpcs [options] < temp.php
  • Not every sniff will work correctly due to the lack of a valid file path
• PHP_CodeSniffer_Exception no longer extends PEAR_Exception (request #18483)
  • PEAR_Exception added a requirement that PEAR had to be installed
  • PHP_CodeSniffer is not used as a library, so unlikely to have any impact
• PEAR FileCommentSniff now allows GIT IDs in the version tag (request #14874)
• AbstractVariableSniff now supports heredocs
  • Also includes some variable detection fixes
  • Thanks to Sam Graham for the patch
• Squiz FileCommentSniff now enforces rule that package names cannot start with the word Squiz
• MySource AssignThisSniff now allows "this" to be assigned to the private var _self
• Fixed issue in Squiz FileCommentSniff where suggested package name was the same as the incorrect package name
• Fixed some issues with Squiz ArrayDeclarationSniff when using function calls in array values
• Fixed doc generation so it actually works again
  • Also now works when being run from an SVN checkout as well as when installed as a PEAR package
  • Should fix bug #18949 : Call to private method from static
• PEAR ClassDeclaration sniff now supports indentation checks when using the alternate namespace syntax
  • PEAR.Classes.ClassDeclaration.SpaceBeforeBrace message now contains 2 variables instead of 1
  • Sniff allows overriding of the default indent level, which is set to 4
  • Fixes bug #18933 : Alternative namespace declaration syntax confuses scope sniffs
• Fixed bug #18465 : "self::" does not work in lambda functions
  • Also corrects conversion of T_FUNCTION tokens to T_CLOSURE, which was not fixing token condition arrays
• Fixed bug #18543 : CSS Tokenizer deletes too many #
• Fixed bug #18624 : @throws namespace problem
  • Thanks to Gavin Davies for the patch
• Fixed bug #18628 : Generic.Files.LineLength gives incorrect results with Windows line-endings
• Fixed bug #18633 : CSS Tokenizer doesn't replace T_LIST tokens inside some styles
• Fixed bug #18657 : anonymous functions wrongly indented
• Fixed bug #18670 : UpperCaseConstantNameSniff fails on dynamic retrieval of class constant
• Fixed bug #18709 : Code sniffer sniffs file if even if it's in --ignore
  • Thanks to Artem Lopata for the patch
• Fixed bug #18762 : Incorrect handling of define and constant in UpperCaseConstantNameSniff
  • Thanks to Thomas Baker for the patch
• Fixed bug #18769 : CSS Tokenizer doesn't replace T_BREAK tokens inside some styles
• Fixed bug #18835 : Unreachable errors of inline returns of closure functions
  • Thanks to Patrick Schmidt for the patch
• Fixed bug #18839 : Fix miscount of warnings in AbstractSniffUnitTest.php
  • Thanks to Sam Graham for the patch
• Fixed bug #18844 : Generic_Sniffs_CodeAnalysis_UnusedFunctionParameterSniff with empty body
  • Thanks to Dmitri Medvedev for the patch
• Fixed bug #18847 : Running Squiz_Sniffs_Classes_ClassDeclarationSniff results in PHP notice
• Fixed bug #18868 : jslint+rhino: errors/warnings not detected
  • Thanks to Christian Weiske for the patch
• Fixed bug #18879 : phpcs-svn-pre-commit requires escapeshellarg
  • Thanks to Bjorn Katuin for the patch
• Fixed bug #18951 : weird behaviour with closures and multi-line use () params