3.4.1 - 2019-03-19

Note for PEAR Users

The PEAR installable version of PHPCS was missing some files, which have been re-included in this release. The result of these omissions were:

• The code report was not previously available for PEAR installs
• The Generic.Formatting.SpaceBeforeCast sniff was not previously available for PEAR installs
• The Generic.WhiteSpace.LanguageConstructSpacing sniff was not previously available for PEAR installs

Thanks to Juliette Reinders Folmer for the patch

Changelog

• PHPCS will now refuse to run if any of the required PHP extensions are not loaded
  • Previously, PHPCS only relied on requirements being checked by PEAR and Composer
  • Thanks to Juliette Reinders Folmer for the patch
• Ruleset XML parsing errors are now displayed in a readable format so they are easier to correct
  • Thanks to Juliette Reinders Folmer for the patch
• The PSR2 standard no longer throws duplicate errors for spacing around FOR loop parentheses
  • Thanks to Juliette Reinders Folmer for the patch
• T_PHPCS_SET tokens now contain sniffCode, sniffProperty, and sniffPropertyValue indexes
  • Sniffs can use this information instead of having to parse the token content manually
• Added more guard code for syntax errors to various CSS sniffs
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.Commenting.DocComment error messages now contain the name of the comment tag that caused the error
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.ControlStructures.InlineControlStructure now handles syntax errors correctly
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.Debug.JSHint now longer requires rhino and can be run directly from the npm install
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.Files.LineEndings no longer adds superfluous new line at the end of JS and CSS files
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.Formatting.DisallowMultipleStatements no longer tries fix lines containing phpcs:ignore statements
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.Functions.FunctionCallArgumentSpacing now has improved performance and anonymous class support
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.WhiteSpace.ScopeIndent now respects changes to the exact property using phpcs:set mid-way through a file
  • This allows you change the exact rule for only some parts of a file
• Generic.WhiteSpace.ScopeIndent now disables exact indent checking inside all arrays
  • Previously, this was only done when using long array syntax, but it now works for short array syntax as well
• PEAR.Classes.ClassDeclaration now has improved handling of PHPCS annotations and tab indents
• PSR12.Classes.ClassInstantiation has changed it's error code from MissingParenthesis to MissingParentheses
• PSR12.Keywords.ShortFormTypeKeywords now ignores all spacing inside type casts during both checking and fixing
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.Classes.LowercaseClassKeywords now examines the class keyword for anonymous classes
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.ControlStructures.ControlSignature now has improved handling of parse errors
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.Commenting.PostStatementComment fixer no longer adds a blank line at the start of a JS file that begins with a comment
  • Fixes a conflict between this sniff and the Squiz.WhiteSpace.SuperfluousWhitespace sniff
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.Commenting.PostStatementComment now ignores comments inside control structure conditions, such as FOR loops
  • Fixes a conflict between this sniff and the Squiz.ControlStructures.ForLoopDeclaration sniff
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.Commenting.FunctionCommentThrowTag now has improved support for unknown exception types and namespaces
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.ControlStructures.ForLoopDeclaration has improved whitespace, closure, and empty expression support
  • The SpacingAfterSecondNoThird error code has been removed as part of these fixes
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.CSS.ClassDefinitionOpeningBraceSpace now handles comments and indentation correctly
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.CSS.ClassDefinitionClosingBrace now handles comments, indentation, and multiple statements on the same line correctly
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.CSS.Opacity now handles comments correctly
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.CSS.SemicolonSpacing now handles comments and syntax errors correctly
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.NamingConventions.ValidVariableName now supports variables inside anonymous classes correctly
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.PHP.LowercasePHPFunctions now handles use statements, namespaces, and comments correctly
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.WhiteSpace.FunctionSpacing now fixes function spacing correctly when a function is the first content in a file
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.WhiteSpace.SuperfluousWhitespace no longer throws errors for spacing between functions and properties in anon classes
  • Thanks to Juliette Reinders Folmer for the patch
• Zend.Files.ClosingTag no longer adds a semi-colon during fixing of a file that only contains a comment
  • Thanks to Juliette Reinders Folmer for the patch
• Zend.NamingConventions.ValidVariableName now supports variables inside anonymous classes correctly
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #2298 : PSR2.Classes.ClassDeclaration allows extended class on new line
  • Thanks to Michał Bundyra for the patch
• Fixed bug #2337 : Generic.WhiteSpace.ScopeIndent incorrect error when multi-line function call starts on same line as open tag
• Fixed bug #2348 : Cache not invalidated when changing a ruleset included by another
• Fixed bug #2376 : Using __halt_compiler() breaks Generic.PHP.ForbiddenFunctions unless it's last in the function list
  • Thanks to Sijun Zhu for the patch
• Fixed bug #2393 : The gitmodified filter will infinitely loop when encountering deleted file paths
  • Thanks to Lucas Manzke for the patch
• Fixed bug #2396 : Generic.WhiteSpace.ScopeIndent incorrect error when multi-line IF condition mixed with HTML
• Fixed bug #2431 : Use function/const not tokenized as T_STRING when preceded by comment

3.4.0 - 2018-12-20

Deprecations

Generic.Formatting.NoSpaceAfterCast Sniff

The Generic.Formatting.NoSpaceAfterCast sniff has been deprecated and will be removed in version 4.

The functionality of this sniff is now available in the Generic.Formatting.SpaceAfterCast sniff. Include the Generic.Formatting.SpaceAfterCast sniff and set the spacing property to 0 to retain the existing functionality. As soon as possible, replace all instances of the old sniff code with the new sniff code and property setting in your ruleset.xml files. The existing sniff will continue to work until version 4 has been released.

Other Changes

• Rule include patterns in a ruleset.xml file are now evaluated as OR instead of AND
  • Previously, a file had to match every include pattern and no exclude patterns to be included
  • Now, a file must match at least one include pattern and no exclude patterns to be included
  • This is a bug fix as include patterns are already documented to work this way
• New token T_BITWISE_NOT added for the bitwise not operator
  • This token was previously tokenized as T_NONE
  • Any sniffs specifically looking for T_NONE tokens with a tilde as the contents must now also look for T_BITWISE_NOT
  • Sniffs can continue looking for T_NONE as well as T_BITWISE_NOT to support older PHP_CodeSniffer versions
• All types of binary casting are now tokenized as T_BINARY_CAST
  • Previously, the b in b"some string with $var" would be a T_BINARY_CAST, but only when the string contained a var
  • This change ensures the b is always tokenized as T_BINARY_CAST
  • This change also converts (binary) from T_STRING_CAST to T_BINARY_CAST
  • Thanks to Juliette Reinders Folmer for the help with this patch
• Array properties set inside a ruleset.xml file can now extend a previous value instead of always overwriting it
  • e.g., if you include a ruleset that defines forbidden functions, can you now add to that list instead of having to redefine it
  • To use this feature, add extend="true" to the property tag
    • e.g., <property name="forbiddenFunctionNames" type="array" extend="true">
  • Thanks to Michael Moravec for the patch
• If $XDG_CACHE_HOME is set and points to a valid directory, it will be used for caching instead of the system temp directory
• PHPCBF now disables parallel running if you are passing content on STDIN
  • Stops an error from being shown after the fixed output is printed
• The progress report now shows files with tokenizer errors as skipped (S) instead of a warning (W)
  • The tokenizer error is still displayed in reports as normal
  • Thanks to Juliette Reinders Folmer for the patch
• The Squiz standard now ensures there is no space between an increment/decrement operator and its variable
• The File:: getMethodProperties() method now includes a has_body array index in the return value
  • FALSE if the method has no body (as with abstract and interface methods) or TRUE otherwise
  • Thanks to Chris Wilkinson for the patch
• The File::getTokensAsString() method now throws an exception if the $start param is invalid
  • If the $length param is invalid, an empty string will be returned
  • Stops an infinite loop when the function is passed invalid data
  • Thanks to Juliette Reinders Folmer for the patch
• Added new Generic.CodeAnalysis.EmptyPHPStatement sniff
  • Warns when it finds empty PHP open/close tag combinations or superfluous semicolons
  • Thanks to Juliette Reinders Folmer for the contribution
• Added new Generic.Formatting.SpaceBeforeCast sniff
  • Ensures there is exactly 1 space before a type cast, unless the cast statement is indented or multi-line
  • Thanks to Juliette Reinders Folmer for the contribution
• Added new Generic.VersionControl.GitMergeConflict sniff
  • Detects merge conflict artifacts left in files
  • Thanks to Juliette Reinders Folmer for the contribution
• Added Generic.WhiteSpace.IncrementDecrementSpacing sniff
  • Ensures there is no space between the operator and the variable it applies to
  • Thanks to Juliette Reinders Folmer for the contribution
• Added PSR12.Functions.NullableTypeDeclaration sniff
  • Ensures there is no space after the question mark in a nullable type declaration
  • Thanks to Timo Schinkel for the contribution
• A number of sniffs have improved support for methods in anonymous classes
  • These sniffs would often throw the same error twice for functions in nested classes
  • Error messages have also been changed to be less confusing
  • The full list of affected sniffs is:
    • Generic.NamingConventions.CamelCapsFunctionName
    • PEAR.NamingConventions.ValidFunctionName
    • PSR1.Methods.CamelCapsMethodName
    • PSR2.Methods.MethodDeclaration
    • Squiz.Scope.MethodScope
    • Squiz.Scope.StaticThisUsage
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.CodeAnalysis.UnusedFunctionParameter now only skips functions with empty bodies when the class implements an interface
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.CodeAnalysis.UnusedFunctionParameter now has additional error codes to indicate where unused params were found
  • The new error code prefixes are:
    • FoundInExtendedClass: when the class extends another
    • FoundInImplementedInterface: when the class implements an interface
    • Found: used in all other cases, including closures
  • The new error code suffixes are:
    • BeforeLastUsed: the unused param was positioned before the last used param in the function signature
    • AfterLastUsed: the unused param was positioned after the last used param in the function signature
  • This makes the new error code list for this sniff:
    • Found
    • FoundBeforeLastUsed
    • FoundAfterLastUsed
    • FoundInExtendedClass
    • FoundInExtendedClassBeforeLastUsed
    • FoundInExtendedClassAfterLastUsed
    • FoundInImplementedInterface
    • FoundInImplementedInterfaceBeforeLastUsed
    • FoundInImplementedInterfaceAfterLastUsed
  • These errors code make it easier for specific cases to be ignored or promoted using a ruleset.xml file
  • Thanks to Juliette Reinders Folmer for the contribution
• Generic.Classes.DuplicateClassName now inspects traits for duplicate names as well as classes and interfaces
  • Thanks to Chris Wilkinson for the patch
• Generic.Files.InlineHTML now ignores a BOM at the start of the file
  • Thanks to Chris Wilkinson for the patch
• Generic.PHP.CharacterBeforePHPOpeningTag now ignores a BOM at the start of the file
  • Thanks to Chris Wilkinson for the patch
• Generic.Formatting.SpaceAfterCast now has a setting to specify how many spaces are required after a type cast
  • Default remains 1
  • Override the spacing setting in a ruleset.xml file to change
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.Formatting.SpaceAfterCast now has a setting to ignore newline characters after a type cast
  • Default remains FALSE, so newlines are not allowed
  • Override the ignoreNewlines setting in a ruleset.xml file to change
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.Formatting.SpaceAfterNot now has a setting to specify how many spaces are required after a NOT operator
  • Default remains 1
  • Override the spacing setting in a ruleset.xml file to change
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.Formatting.SpaceAfterNot now has a setting to ignore newline characters after the NOT operator
  • Default remains FALSE, so newlines are not allowed
  • Override the ignoreNewlines setting in a ruleset.xml file to change
  • Thanks to Juliette Reinders Folmer for the patch
• PEAR.Functions.FunctionDeclaration now checks spacing before the opening parenthesis of functions with no body
  • Thanks to Chris Wilkinson for the patch
• PEAR.Functions.FunctionDeclaration now enforces no space before the semicolon in functions with no body
  • Thanks to Chris Wilkinson for the patch
• PSR2.Classes.PropertyDeclaration now checks the order of property modifier keywords
  • This is a rule that is documented in PSR-2 but was not enforced by the included PSR2 standard until now
  • This sniff is also able to fix the order of the modifier keywords if they are incorrect
  • Thanks to Juliette Reinders Folmer for the patch
• PSR2.Methods.MethodDeclaration now checks method declarations inside traits
  • Thanks to Chris Wilkinson for the patch
• Squiz.Commenting.InlineComment now has better detection of comment block boundaries
• Squiz.Classes.ClassFileName now checks that a trait name matches the filename
  • Thanks to Chris Wilkinson for the patch
• Squiz.Classes.SelfMemberReference now supports scoped declarations and anonymous classes
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.Classes.SelfMemberReference now fixes multiple errors at once, increasing fixer performance
  • Thanks to Gabriel Ostrolucký for the patch
• Squiz.Functions.LowercaseFunctionKeywords now checks abstract and final prefixes, and auto-fixes errors
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.Objects.ObjectMemberComma.Missing has been renamed to Squiz.Objects.ObjectMemberComma.Found
  • The error is thrown when the comma is found but not required, so the error code was incorrect
  • If you are referencing the old error code in a ruleset XML file, please use the new code instead
  • If you wish to maintain backwards compatibility, you can provide rules for both the old and new codes
  • Thanks to Juliette Reinders Folmer f...

2.9.2 - 2018-11-07

Final 2.9 Release

Version 2.9.2 will be the final release of the PHP_CodeSniffer 2.9 branch, first released over 4 years ago. All developers still using version 2 are strongly encouraged to migrate to version 3.

Version 3 was first released as stable on the 4th of May 2017 and is a large refactoring of the code base that breaks backwards compatibility for all custom sniffs and custom reports. An upgrade guide for sniff and report developers is available here: https://github.com/PHPCSStandards/PHP_CodeSniffer/wiki/Version-3.0-Upgrade-Guide

Note: If you only use the built-in coding standards (such as PEAR or PSR2), or you have a custom ruleset.xml file that only makes use of the sniffs and reports distributed with PHP_CodeSniffer, you do not need to make any changes to begin using PHP_CodeSniffer version 3.

Other Changes

• PHPCS should now run under PHP 7.3 without deprecation warnings
  • Thanks to Nick Wilde for the patch
• Fixed bug #1496 : Squiz.Strings.DoubleQuoteUsage not unescaping dollar sign when fixing
  • Thanks to Michał Bundyra for the patch
• Fixed bug #1549 : Squiz.PHP.EmbeddedPhp fixer conflict with // comment before PHP close tag
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #1890 : Incorrect Squiz.WhiteSpace.ControlStructureSpacing.NoLineAfterClose error between catch and finally statements

3.3.2 - 2018-09-24

• Fixed a problem where the report cache was not being cleared when the sniffs inside a standard were updated
• The info report (--report=info) now has improved formatting for metrics that span multiple lines
  • Thanks to Juliette Reinders Folmer for the patch
• The unit test runner now skips .bak files when looking for test cases
  • Thanks to Juliette Reinders Folmer for the patch
• The Squiz standard now ensures underscores are not used to indicate visibility of private members vars and methods
  • Previously, this standard enforced the use of underscores
• Generic.PHP.NoSilencedErrors error messages now contain a code snippet to show the context of the error
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.Arrays.ArrayDeclaration no longer reports errors for a comma on a line new after a here/nowdoc
  • Also stops a parse error being generated when auto-fixing
  • The SpaceBeforeComma error message has been changed to only have one data value instead of two
• Squiz.Commenting.FunctionComment no longer errors when trying to fix indents of multi-line param comments
• Squiz.Formatting.OperatorBracket now correctly fixes statements that contain strings
• Squiz.PHP.CommentedOutCode now ignores more @-style annotations and includes better comment block detection
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed a problem where referencing a relative file path in a ruleset XML file could add unnecessary sniff exclusions
  • This didn't actually exclude anything, but caused verbose output to list strange exclusion rules
• Fixed bug #2110 : Squiz.WhiteSpace.FunctionSpacing is removing indents from the start of functions when fixing
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #2115 : Squiz.Commenting.VariableComment not checking var types when the @var line contains a comment
• Fixed bug #2120 : Tokenizer fails to match T_INLINE_ELSE when used after function call containing closure
• Fixed bug #2121 : Squiz.PHP.DisallowMultipleAssignments false positive in while loop conditions
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #2127 : File::findExtendedClassName() doesn't support nested classes
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #2138 : Tokenizer detects wrong token for php ::class feature with spaces
• Fixed bug #2143 : PSR2.Namespaces.UseDeclaration does not properly fix "use function" and "use const" statements
  • Thanks to Chris Wilkinson for the patch
• Fixed bug #2144 : Squiz.Arrays.ArrayDeclaration does incorrect align calculation in array with cyrillic keys
• Fixed bug #2146 : Zend.Files.ClosingTag removes closing tag from end of file without inserting a semicolon
• Fixed bug #2151 : XML schema not updated with the new array property syntax

3.3.1 - 2018-07-27

HHVM Support Dropped

Support for HHVM has been dropped due to recent unfixed bugs and HHVM's refocus on Hack only. Thanks to Walt Sorensen and Juliette Reinders Folmer for helping to remove all HHVM exceptions from the core.

Other Changes

• The full report (the default report) now has improved word wrapping for multi-line messages and sniff codes
  • Thanks to Juliette Reinders Folmer for the patch
• The summary report now sorts files based on their directory location instead of just a basic string sort
  • Thanks to Juliette Reinders Folmer for the patch
• The source report now orders error codes by name when they have the same number of errors
  • Thanks to Juliette Reinders Folmer for the patch
• The junit report no longer generates validation errors with the Jenkins xUnit plugin
  • Thanks to Nikolay Geo for the patch
• Generic.Commenting.DocComment no longer generates the SpacingBeforeTags error if tags are the first content in the docblock
  • The sniff will still generate a MissingShort error if there is no short comment
  • This allows the MissingShort error to be suppressed in a ruleset to make short descriptions optional
• Generic.Functions.FunctionCallArgumentSpacing now properly fixes multi-line function calls with leading commas
  • Previously, newlines between function arguments would be removed
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.PHP.Syntax will now use PHP_BINARY instead of trying to discover the executable path
  • This ensures that the sniff will always syntax check files using the PHP version that PHPCS is running under
  • Setting the php_path config var will still override this value as normal
  • Thanks to Willem Stuursma-Ruwen for the patch
• PSR2.Namespaces.UseDeclaration now supports commas at the end of group use declarations
  • Also improves checking and fixing for use statements containing parse errors
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.Arrays.ArrayDeclaration no longer removes the array opening brace while fixing
  • This could occur when the opening brace was on a new line and the first array key directly followed
  • This change also stops the KeyNotAligned error message being incorrectly reported in these cases
• Squiz.Arrays.ArrayDeclaration no longer tries to change multi-line arrays to single line when they contain comments
  • Fixes a conflict between this sniff and some indentation sniffs
• Squiz.Classes.ClassDeclaration no longer enforces spacing rules when a class is followed by a function
  • Fixes a conflict between this sniff and the Squiz.WhiteSpace.FunctionSpacing sniff
• The Squiz.Classes.ValidClassName.NotCamelCaps message now references PascalCase instead of CamelCase
  • The CamelCase class name metric produced by the sniff has been changed to PascalCase class name
  • This reflects the fact that the class name check is actually a Pascal Case check and not really Camel Case
  • Thanks to Tom H Anderson for the patch
• Squiz.Commenting.InlineComment no longer enforces spacing rules when an inline comment is followed by a docblock
  • Fixes a conflict between this sniff and the Squiz.WhiteSpace.FunctionSpacing sniff
• Squiz.WhiteSpace.OperatorSpacing no longer tries to fix operator spacing if the next content is a comment on a new line
  • Fixes a conflict between this sniff and the Squiz.Commenting.PostStatementComment sniff
  • Also stops PHPCS annotations from being moved to a different line, potentially changing their meaning
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.WhiteSpace.FunctionSpacing no longer checks spacing of functions at the top of an embedded PHP block
  • Fixes a conflict between this sniff and the Squiz.PHP.EmbeddedPHP sniff
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.WhiteSpace.MemberVarSpacing no longer checks spacing before member vars that come directly after methods
  • Fixes a conflict between this sniff and the Squiz.WhiteSpace.FunctionSpacing sniff
• Squiz.WhiteSpace.SuperfluousWhitespace now recognizes unicode whitespace at the start and end of a file
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #2029 : Squiz.Scope.MemberVarScope throws fatal error when a property is found in an interface
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #2047 : PSR12.Classes.ClassInstantiation false positive when instantiating class from array index
• Fixed bug #2048 : GenericFormatting.MultipleStatementAlignment false positive when assigning values inside an array
• Fixed bug #2053 : PSR12.Classes.ClassInstantiation incorrectly fix when using member vars and some variable formats
• Fixed bug #2065 : Generic.ControlStructures.InlineControlStructure fixing fails when inline control structure contains closure
• Fixed bug #2072 : Squiz.Arrays.ArrayDeclaration throws NoComma error when array value is a shorthand IF statement
• Fixed bug #2082 : File with "defined() or define()" syntax triggers PSR1.Files.SideEffects.FoundWithSymbols
• Fixed bug #2095 : PSR2.Namespaces.NamespaceDeclaration does not handle namespaces defined over multiple lines

3.3.0 - 2018-06-07

Deprecations

Squiz.WhiteSpace.LanguageConstructSpacing Sniff

The Squiz.WhiteSpace.LanguageConstructSpacing sniff has been deprecated and will be removed in version 4.

The sniff has been moved to the Generic standard, with a new code of Generic.WhiteSpace.LanguageConstructSpacing. The new Generic sniff now also checks many more language constructs to enforce additional spacing rules. The existing Squiz sniff will continue to work until version 4 has been released. Thanks to Mponos George for the contribution.

As soon as possible, replace all instances of the old sniff code with the new sniff code in your ruleset.xml files.

Setting Array Properties

The current method for setting array properties in ruleset files has been deprecated and will be removed in version 4.

Currently, setting an array value uses the string syntax print=>echo,create_function=>null. Now, individual array elements are specified using a new element tag with key and value attributes.

For example, the following array of forbidden functions:

<property name="forbiddenFunctions" type="array" value="sizeof=>count,delete=>unset,print=>echo,is_null=>null,create_function=>null"/>

Will be rewritten using this format:

<property name="forbiddenFunctions" type="array">
    <element key="sizeof" value="count"/>
    <element key="delete" value="unset"/>
    <element key="print" value="echo"/>
    <element key="is_null" value="null"/>
    <element key="create_function" value="null"/>
</property>

Thanks to Michał Bundyra for the patch.

T_ARRAY_HINT Token

The T_ARRAY_HINT token has been deprecated and will be removed in version 4.

The token was used to ensure array type hints were not tokenized as T_ARRAY, but no other type hints were given a special token. Array type hints now use the standard T_STRING token instead.

Sniffs referencing this token type will continue to run without error until version 4, but will not find any T_ARRAY_HINT tokens.

T_RETURN_TYPE Token

The T_RETURN_TYPE token has been deprecated and will be removed in version 4.

The token was used to ensure array/self/parent/callable return types were tokenized consistently. But for namespaced return types, only the last part of the string (the class name) was tokenized as T_RETURN_TYPE. This was not consistent and so return types are now left using their original token types so they are not skipped by sniffs. The exception are array return types, which are tokenized as T_STRING instead of T_ARRAY, as they are used for type hints.

Sniffs referencing this token type will continue to run without error until version 4, but will not find any T_RETUTN_TYPE tokens.

To get the return type of a function, use the File::getMethodProperties() method, which now contains a return_type array index. This index contains the return type of the function or closer, or a blank string if not specified. If the return type is nullable, the return type will contain the leading ? and a nullable_return_type array index in the return value will also be set to true. If the return type contains namespace information, it will be cleaned of whitespace and comments. To access the original return value string, use the main tokens array.

PSR-12 Standard In-Progress

This release contains an incomplete version of the PSR-12 coding standard. Errors found using this standard should be valid, but it will miss a lot of violations until it is complete. If you'd like to test and help, you can use the standard by running PHPCS with --standard=PSR12

Other Changes

• Config values set using --runtime-set now override any config values set in rulesets or the CodeSniffer.conf file
• You can now apply include-pattern rules to individual message codes in a ruleset like you can with exclude-pattern rules
  • Previously, include-pattern rules only applied to entire sniffs
  • If a message code has both include and exclude patterns, the exclude patterns will be ignored
• Using PHPCS annotations to selectively re-enable sniffs is now more flexible
  • Previously, you could only re-enable a sniff/category/standard using the exact same code that was disabled
  • Now, you can disable a standard and only re-enable a specific category or sniff
  • Or, you can disable a specific sniff and have it re-enable when you re-enable the category or standard
• The value of array sniff properties can now be set using phpcs:set annotations
  • e.g., phpcs:set Standard.Category.SniffName property[] key=>value,key2=>value2
  • Thanks to Michał Bundyra for the patch
• PHPCS annotations now remain as T_PHPCS_* tokens instead of reverting to comment tokens when --ignore-annotations is used
  • This stops sniffs (especially commenting sniffs) from generating a large number of false errors when ignoring
  • Any custom sniffs that are using the T_PHPCS_* tokens to detect annotations may need to be changed to ignore them
    • Check $phpcsFile->config->annotations to see if annotations are enabled and ignore when false
• You can now use fully or partially qualified class names for custom reports instead of absolute file paths
  • To support this, you must specify an autoload file in your ruleset.xml file and use it to register an autoloader
  • Your autoloader will need to load your custom report class when requested
  • Thanks to Juliette Reinders Folmer for the patch
• The JSON report format now does escaping in error source codes as well as error messages
  • Thanks to Martin Vasel for the patch
• Invalid installed_paths values are now ignored instead of causing a fatal error
• Improved testability of custom rulesets by allowing the installed standards to be overridden
  • Thanks to Timo Schinkel for the patch
• The key used for caching PHPCS runs now includes all set config values
  • This fixes a problem where changing config values (e.g., via --runtime-set) used an incorrect cache file
• The "Function opening brace placement" metric has been separated into function and closure metrics in the info report
  • Closures are no longer included in the "Function opening brace placement" metric
  • A new "Closure opening brace placement" metric now shows information for closures
• Multi-line T_YIELD_FROM statements are now replicated properly for older PHP versions
• The PSR2 standard no longer produces 2 error messages when the AS keyword in a foreach loop is not lowercase
• Specifying a path to a non-existent dir when using the --report-[reportType]=/path/to/report CLI option no longer throws an exception
  • This now prints a readable error message, as it does when using --report-file
• The File::getMethodParamaters() method now includes a type_hint_token array index in the return value
  • Provides the position in the token stack of the first token in the type hint
• The File::getMethodProperties() method now includes a return_type_token array index in the return value
  • Provides the position in the token stack of the first token in the return type
• The File::getTokensAsString() method can now optionally return original (non tab-replaced) content
  • Thanks to Juliette Reinders Folmer for the patch
• Removed Squiz.PHP.DisallowObEndFlush from the Squiz standard
  • If you use this sniff and want to continue banning ob_end_flush(), use Generic.PHP.ForbiddenFunctions instead
  • You will need to set the forbiddenFunctions property in your ruleset.xml file
• Removed Squiz.PHP.ForbiddenFunctions from the Squiz standard
  • Replaced by using the forbiddenFunctions property of Generic.PHP.ForbiddenFunctions in the Squiz ruleset.xml
  • Functionality of the Squiz standard remains the same, but the error codes are now different
  • Previously, Squiz.PHP.ForbiddenFunctions.Found and Squiz.PHP.ForbiddenFunctions.FoundWithAlternative
  • Now, Generic.PHP.ForbiddenFunctions.Found and Generic.PHP.ForbiddenFunctions.FoundWithAlternative
• Added new Generic.PHP.LowerCaseType sniff
  • Ensures PHP types used for type hints, return types, and type casting are lowercase
  • Thanks to Juliette Reinders Folmer for the contribution
• Added new Generic.WhiteSpace.ArbitraryParenthesesSpacing sniff
  • Generates an error for whitespace inside parenthesis that don't belong to a function call/declaration or control structure
  • Generates a warning for any empty parenthesis found
  • Allows the required spacing to be set using the spacing sniff property (default is 0)
  • Allows newlines to be used by setting the ignoreNewlines sniff property (default is false)
  • Thanks to Juliette Reinders Folmer for the contribution
• Added new PSR12.Classes.ClassInstantiation sniff
  • Ensures parenthesis are used when instantiating a new class
• Added new PSR12.Keywords.ShortFormTypeKeywords sniff
  • Ensures the short form of PHP types is used when type casting
• Added new PSR12.Namespaces.CompundNamespaceDepth sniff
  • Ensures compound namespace use statements have a max depth of 2 levels
  • The max depth can be changed by setting the 'maxDepth' sniff property in a ruleset.xml file
• Added new PSR12.Operators.OperatorSpacing sniff
  • Ensures operators are preceded and followed by at least 1 space
• Improved core support for grouped property declarations
  • Also improves support in Squiz.WhiteSpace.ScopeKeywordSpacing and Squiz.WhiteSpace.MemberVarSpacing
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.Commenting.DocComment now produces a NonParamGroup error when tags are mixed in with the @param tag group
  • It would previously throw either a NonParamGroup or ParamGroup error depending on the order of tags
  • This change allows the NonParamGroup error to be suppressed in a ruleset to allow the @param group to contain other tags
  • Thanks to Phil Davis f...

3.2.3 - 2018-02-20

• The new phpcs: comment syntax can now be prefixed with an at symbol ( @phpcs: )
  • This restores the behaviour of the previous syntax where these comments are ignored by doc generators
• The current PHP version ID is now used to generate cache files
  • This ensures that only cache files generated by the current PHP version are selected
  • This change fixes caching issues when using sniffs that produce errors based on the current PHP version
• A new Tokens::$phpcsCommentTokens array is now available for sniff developers to detect phpcs: comment syntax
  • Thanks to Juliette Reinders Folmer for the patch
• Error message codes generated by Generic.CodeAnalysis.EmptyStatement are no longer all-uppercase
  • For example Generic.CodeAnalysis.EmptyStatement.DetectedCATCH becomes Generic.CodeAnalysis.EmptyStatement.DetectedCatch
• The PEAR.Commenting.FunctionComment.Missing error message now includes the name of the function
  • Thanks to Yorman Arias for the patch
• The PEAR.Commenting.ClassComment.Missing and Squiz.Commenting.ClassComment.Missing error messages now include the name of the class
  • Thanks to Yorman Arias for the patch
• PEAR.Functions.FunctionCallSignature now only forces alignment at a specific tab stop while fixing
  • It was enforcing this during checking, but this meant invalid errors if the OpeningIndent message was being muted
  • This fixes incorrect errors when using the PSR2 standard with some code blocks
• Generic.Files.LineLength now ignores lines that only contain phpcs: annotation comments
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.Formatting.MultipleStatementAlignment now skips over arrays containing comments
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.PHP.Syntax now forces display_errors to ON when linting
  • Thanks to Raúl Arellano for the patch
• PSR2.Namespaces.UseDeclaration has improved syntax error handling and closure detection
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.PHP.CommentedOutCode now has improved comment block detection for improved accuracy
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.PHP.NonExecutableCode could fatal error while fixing file with syntax error
• Squiz.PHP.NonExecutableCode now detects unreachable code after a goto statement
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.WhiteSpace.LanguageConstructSpacing has improved syntax error handling while fixing
  • Thanks to Juliette Reinders Folmer for the patch
• Improved phpcs: annotation syntax handling for a number of sniffs
  • Thanks to Juliette Reinders Folmer for the patch
• Improved auto-fixing of files with incomplete comment blocks for various commenting sniffs
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed test suite compatibility with PHPUnit 7
• Fixed bug #1793 : PSR2 forcing exact indent for function call opening statements
• Fixed bug #1803 : Squiz.WhiteSpace.ScopeKeywordSpacing removes member var name while fixing if no space after scope keyword
• Fixed bug #1817 : Blank line not enforced after control structure if comment on same line as closing brace
• Fixed bug #1827 : A phpcs:enable comment is not tokenized correctly if it is outside a phpcs:disable block
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #1828 : Squiz.WhiteSpace.SuperfluousWhiteSpace ignoreBlankLines property ignores whitespace after single line comments
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #1840 : When a comment has too many asterisks, phpcbf gives FAILED TO FIX error
• Fixed bug #1867 : Cant use phpcs:ignore where the next line is HTML
• Fixed bug #1870 : Invalid warning in multiple assignments alignment with closure or anon class
• Fixed bug #1890 : Incorrect Squiz.WhiteSpace.ControlStructureSpacing.NoLineAfterClose error between catch and finally statements
• Fixed bug #1891 : Comment on last USE statement causes false positive for PSR2.Namespaces.UseDeclaration.SpaceAfterLastUse
  • Thanks to Matt Coleman, Daniel Hensby, and Juliette Reinders Folmer for the patch
• Fixed bug #1901 : Fixed PHPCS annotations in multi-line tab-indented comments + not ignoring whole line for phpcs:set
  • Thanks to Juliette Reinders Folmer for the patch

3.2.2 - 2017-12-19

• Disabled STDIN detection on Windows
  • This fixes a problem with IDE plugins (e.g., PHPStorm) hanging on Windows

3.2.1 - 2017-12-18

• Fixed problems with some scripts and plugins waiting for STDIN
  • This was a notable problem with IDE plugins (e.g., PHPStorm) and build systems
• Empty diffs are no longer followed by a newline character (request #1781)
• Generic.Functions.OpeningFunctionBraceKernighanRitchie no longer complains when the open brace is followed by a close tag
  • This makes the sniff more useful when used in templates
  • Thanks to Joseph Zidell for the patch
• Fixed bug #1782 : Incorrect detection of operator in ternary + anonymous function

3.2.0 - 2017-12-12

Comment Syntax Changes

This release deprecates the @codingStandards comment syntax used for sending commands to PHP_CodeSniffer. The existing syntax will continue to work in all version 3 releases, but will be removed in version 4

The comment formats have been replaced by a shorter syntax:

• @codingStandardsIgnoreFile becomes phpcs:ignoreFile
• @codingStandardsIgnoreStart becomes phpcs:disable
• @codingStandardsIgnoreEnd becomes phpcs:enable
• @codingStandardsIgnoreLine becomes phpcs:ignore
• @codingStandardsChangeSetting becomes phpcs:set

The new syntax allows for additional developer comments to be added after a -- separator. This is useful for describing why a code block is being ignored, or why a setting is being changed. E.g., // phpcs:disable -- This code block must be left as-is.

Comments using the new syntax are assigned new comment token types to allow them to be detected:

• phpcs:ignoreFile has the token T_PHPCS_IGNORE_FILE
• phpcs:disable has the token T_PHPCS_DISABLE
• phpcs:enable has the token T_PHPCS_ENABLE
• phpcs:ignore has the token T_PHPCS_IGNORE
• phpcs:set has the token T_PHPCS_SET

Other Changes

• The phpcs:disable and phpcs:ignore comments can now selectively ignore specific sniffs (request #604)
  • E.g., // phpcs:disable Generic.Commenting.Todo.Found for a specific message
  • E.g., // phpcs:disable Generic.Commenting.Todo for a whole sniff
  • E.g., // phpcs:disable Generic.Commenting for a whole category of sniffs
  • E.g., // phpcs:disable Generic for a whole standard
  • Multiple sniff codes can be specified by comma separating them
    • E.g., // phpcs:disable Generic.Commenting.Todo,PSR1.Files
• @codingStandardsIgnoreLine comments now only ignore the following line if they are on a line by themselves
  • If they are at the end of an existing line, they will only ignore the line they are on
  • Stops some lines from accidentally being ignored
  • Same rule applies for the new phpcs:ignore comment syntax
• PSR1.Files.SideEffects now respects the new phpcs:disable comment syntax
  • The sniff will no longer check any code that is between phpcs:disable and phpcs:enable comments
  • The sniff does not support phpcs:ignore; you must wrap code structures with disable/enable comments
  • Previously, there was no way to have this sniff ignore parts of a file
• Fixed a problem where PHPCS would sometimes hang waiting for STDIN, or read incomplete versions of large files
  • Thanks to Arne Jørgensen for the patch
• Array properties specified in ruleset files now have their keys and values trimmed
  • This saves having to do this in individual sniffs and stops errors introduced by whitespace in rulesets
  • Thanks to Juliette Reinders Folmer for the patch
• Added phpcs.xsd to allow validation of ruleset XML files
  • Thanks to Renaat De Muynck for the contribution
• File paths specified using --stdin-path can now point to fake file locations (request #1488)
  • Previously, STDIN files using fake file paths were excluded from checking
• Setting an empty basepath (--basepath=) on the CLI will now clear a basepath set directly in a ruleset
  • Thanks to Xaver Loppenstedt for the patch
• Ignore patterns are now checked on symlink target paths instead of symlink source paths
  • Restores previous behaviour of this feature
• Metrics were being double counted when multiple sniffs were recording the same metric
• Added support for bash process substitution
  • Thanks to Scott Dutton for the contribution
• Files included in the cache file code hash are now sorted to aid in cache file reuse across servers
• Windows BAT files can now be used outside a PEAR install
  • You must have the path to PHP set in your PATH environment variable
  • Thanks to Joris Debonnet for the patch
• The JS unsigned right shift assignment operator is now properly classified as an assignment operator
  • Thanks to Juliette Reinders Folmer for the patch
• The AbstractVariableSniff abstract sniff now supports anonymous classes and nested functions
  • Also fixes an issue with Squiz.Scope.MemberVarScope where member vars of anonymous classes were not being checked
• Added AbstractArraySniff to make it easier to create sniffs that check array formatting
  • Allows for checking of single and multi line arrays easily
  • Provides a parsed structure of the array including positions of keys, values, and double arrows
• Added Generic.Arrays.ArrayIndent to enforce a single tab stop indent for array keys in multi-line arrays
  • Also ensures the close brace is on a new line and indented to the same level as the original statement
  • Allows for the indent size to be set using an indent property of the sniff
• Added Generic.PHP.DiscourageGoto to warn about the use of the GOTO language construct
  • Thanks to Juliette Reinders Folmer for the contribution
• Generic.Debug.ClosureLinter was not running the gjslint command
  • Thanks to Michał Bundyra for the patch
• Generic.WhiteSpace.DisallowSpaceIndent now fixes space indents in multi-line block comments
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.WhiteSpace.DisallowSpaceIndent now fixes mixed space/tab indents more accurately
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.WhiteSpace.DisallowTabIndent now fixes tab indents in multi-line block comments
  • Thanks to Juliette Reinders Folmer for the patch
• PEAR.Functions.FunctionDeclaration no longer errors when a function declaration is the first content in a JS file
  • Thanks to Juliette Reinders Folmer for the patch
• PEAR.Functions.FunctionCallSignature now requires the function name to be indented to an exact tab stop
  • If the function name is not the start of the statement, the opening statement must be indented correctly instead
  • Added a new fixable error code PEAR.Functions.FunctionCallSignature.OpeningIndent for this error
• Squiz.Functions.FunctionDeclarationArgumentSpacing is no longer confused about comments in function declarations
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.PHP.NonExecutableCode error messages now indicate which line the code block ending is on
  • Makes it easier to identify where the code block exited or returned
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.Commenting.FunctionComment now supports nullable type hints
• Squiz.Commenting.FunctionCommentThrowTag no longer assigns throw tags inside anon classes to the enclosing function
• Squiz.WhiteSpace.SemicolonSpacing now ignores semicolons used for empty statements inside FOR conditions
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.ControlStructures.ControlSignature now allows configuring the number of spaces before the colon in alternative syntax
  • Override the requiredSpacesBeforeColon setting in a ruleset.xml file to change
  • Default remains at 1
  • Thanks to Nikola Kovacs for the patch
• The Squiz standard now ensures array keys are indented 4 spaces from the main statement
  • Previously, this standard aligned keys 1 space from the start of the array keyword
• The Squiz standard now ensures array end braces are aligned with the main statement
  • Previously, this standard aligned the close brace with the start of the array keyword
• The standard for PHP_CodeSniffer itself now enforces short array syntax
• The standard for PHP_CodeSniffer itself now uses the Generic.Arrays/ArrayIndent sniff rules
• Improved fixer conflicts and syntax error handling for a number of sniffs
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #1462 : Error processing cyrillic strings in Tokenizer
• Fixed bug #1573 : Squiz.WhiteSpace.LanguageConstructSpacing does not properly check for tabs and newlines
  • Thanks to Michał Bundyra for the patch
• Fixed bug #1590 : InlineControlStructure CBF issue while adding braces to an if thats returning a nested function
• Fixed bug #1718 : Unclosed strings at EOF sometimes tokenized as T_WHITESPACE by the JS tokenizer
• Fixed bug #1731 : Directory exclusions do not work as expected when a single file name is passed to phpcs
• Fixed bug #1737 : Squiz.CSS.EmptyStyleDefinition sees comment as style definition and fails to report error
• Fixed bug #1746 : Very large reports can sometimes become garbled when using the parallel option
• Fixed bug #1747 : Squiz.Scope.StaticThisUsage incorrectly looking inside closures
• Fixed bug #1757 : Unknown type hint "object" in Squiz.Commenting.FunctionComment
• Fixed bug #1758 : PHPCS gets stuck creating file list when processing circular symlinks
• Fixed bug #1761 : Generic.WhiteSpace.ScopeIndent error on multi-line function call with static closure argument
• Fixed bug #1762 : Generic.WhiteSpace.Disallow[Space/Tab]Indent not inspecting content before open tag
  • Thanks to Juliette Reinders Folmer for the patch
• Fixe...