Date: Mon, 13 Mar 2017 23:40:03 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 217774] devel/pear-PHP_CodeSniffer: Update to 2.8.1 Message-ID: <bug-217774-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D217774 Bug ID: 217774 Summary: devel/pear-PHP_CodeSniffer: Update to 2.8.1 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: tz@freebsd.org Reporter: joneum@bsdproject.de Flags: maintainer-feedback?(tz@freebsd.org) Assignee: tz@freebsd.org Created attachment 180798 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D180798&action= =3Dedit Patch https://pear.php.net/package/PHP_CodeSniffer/download/2.8.1 Changelog: - This release contains a fix for a security advisory related to the improp= er handling of shell commands -- Uses of shell_exec() and exec() were not escaping filenames and configuration settings in most cases -- A properly crafted filename or configuration option would allow for arbitrary code execution when using some features -- All users are encouraged to upgrade to this version, especially if you a= re checking 3rd-party code --- e.g., you run PHPCS over libraries that you did not write --- e.g., you provide a web service that runs PHPCS over user-uploaded file= s or 3rd-party repositories --- e.g., you allow external tool paths to be set by user-defined values -- If you are unable to upgrade but you check 3rd-party code, ensure you are not using the following features: --- The diff report --- The notify-send report --- The Generic.PHP.Syntax sniff --- The Generic.Debug.CSSLint sniff --- The Generic.Debug.ClosureLinter sniff --- The Generic.Debug.JSHint sniff --- The Squiz.Debug.JSLint sniff --- The Squiz.Debug.JavaScriptLint sniff --- The Zend.Debug.CodeAnalyzer sniff -- Thanks to Klaus Purer for the report - The PHP-supplied T_COALESCE_EQUAL token has been replicated for PHP versi= ons before 7.2 - PEAR.Functions.FunctionDeclaration now reports an error for blank lines f= ound inside a function declaration - PEAR.Functions.FunctionDeclaration no longer reports indent errors for bl= ank lines in a function declaration - Squiz.Functions.MultiLineFunctionDeclaration no longer reports errors for blank lines in a function declaration -- It would previously report that only one argument is allowed per line - Squiz.Commenting.FunctionComment now corrects multi-line param comment padding more accurately - Squiz.Commenting.FunctionComment now properly fixes pipe-separated param types - Squiz.Commenting.FunctionComment now works correctly when function return types also contain a comment -- Thanks to Juliette Reinders Folmer for the patch - Squiz.ControlStructures.InlineIfDeclaration now supports the elvis operat= or -- As this is not a real PHP operator, it enforces no spaces between ? and : when the THEN statement is empty - Squiz.ControlStructures.InlineIfDeclaration is now able to fix the spacing errors it reports - Fixed bug #1340 : STDIN file contents not being populated in some cases -- Thanks to David Bi?ovec for the patch - Fixed bug #1344 : PEAR.Functions.FunctionCallSignatureSniff throws error = for blank comment lines - Fixed bug #1347 : PSR2.Methods.FunctionCallSignature strips some comments during fixing -- Thanks to Algirdas Gurevicius for the patch - Fixed bug #1349 : Squiz.Strings.DoubleQuoteUsage.NotRequired message is b= adly formatted when string contains a CR newline char -- Thanks to Algirdas Gurevicius for the patch - Fixed bug #1350 : Invalid Squiz.Formatting.OperatorBracket error when usi= ng namespaces - Fixed bug #1369 : Empty line in multi-line function declaration cause infinite loop Make test is fine. poudriere build fine for: 10.3 amd + i386 11.0 amd + i386 12-current amd + i386 (r314826) portlint is also fine. Cheers jochen --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-217774-13>