[Bug 217774] devel/pear-PHP_CodeSniffer: Update to 2.8.1

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217774

            Bug ID: 217774
           Summary: devel/pear-PHP_CodeSniffer: Update to 2.8.1
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: tz at freebsd.org
          Reporter: joneum at bsdproject.de
             Flags: maintainer-feedback?(tz at freebsd.org)
          Assignee: tz at freebsd.org

Created attachment 180798
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=180798&action=edit
Patch

https://pear.php.net/package/PHP_CodeSniffer/download/2.8.1

Changelog:

- This release contains a fix for a security advisory related to the improper
handling of shell commands
-- Uses of shell_exec() and exec() were not escaping filenames and
configuration settings in most cases
-- A properly crafted filename or configuration option would allow for
arbitrary code execution when using some features
-- All users are encouraged to upgrade to this version, especially if you are
checking 3rd-party code
--- e.g., you run PHPCS over libraries that you did not write
--- e.g., you provide a web service that runs PHPCS over user-uploaded files or
3rd-party repositories
--- e.g., you allow external tool paths to be set by user-defined values
-- If you are unable to upgrade but you check 3rd-party code, ensure you are
not using the following features:
--- The diff report
--- The notify-send report
--- The Generic.PHP.Syntax sniff
--- The Generic.Debug.CSSLint sniff
--- The Generic.Debug.ClosureLinter sniff
--- The Generic.Debug.JSHint sniff
--- The Squiz.Debug.JSLint sniff
--- The Squiz.Debug.JavaScriptLint sniff
--- The Zend.Debug.CodeAnalyzer sniff
-- Thanks to Klaus Purer for the report


- The PHP-supplied T_COALESCE_EQUAL token has been replicated for PHP versions
before 7.2
- PEAR.Functions.FunctionDeclaration now reports an error for blank lines found
inside a function declaration
- PEAR.Functions.FunctionDeclaration no longer reports indent errors for blank
lines in a function declaration
- Squiz.Functions.MultiLineFunctionDeclaration no longer reports errors for
blank lines in a function declaration
-- It would previously report that only one argument is allowed per line
- Squiz.Commenting.FunctionComment now corrects multi-line param comment
padding more accurately
- Squiz.Commenting.FunctionComment now properly fixes pipe-separated param
types
- Squiz.Commenting.FunctionComment now works correctly when function return
types also contain a comment
-- Thanks to Juliette Reinders Folmer for the patch
- Squiz.ControlStructures.InlineIfDeclaration now supports the elvis operator
-- As this is not a real PHP operator, it enforces no spaces between ? and :
when the THEN statement is empty
- Squiz.ControlStructures.InlineIfDeclaration is now able to fix the spacing
errors it reports
- Fixed bug #1340 : STDIN file contents not being populated in some cases
-- Thanks to David Bi?ovec for the patch
- Fixed bug #1344 : PEAR.Functions.FunctionCallSignatureSniff throws error for
blank comment lines
- Fixed bug #1347 : PSR2.Methods.FunctionCallSignature strips some comments
during fixing
-- Thanks to Algirdas Gurevicius for the patch
- Fixed bug #1349 : Squiz.Strings.DoubleQuoteUsage.NotRequired message is badly
formatted when string contains a CR newline char
-- Thanks to Algirdas Gurevicius for the patch
- Fixed bug #1350 : Invalid Squiz.Formatting.OperatorBracket error when using
namespaces
- Fixed bug #1369 : Empty line in multi-line function declaration cause
infinite loop

Make test is fine.

poudriere build fine for:

10.3 amd + i386
11.0 amd + i386
12-current amd + i386 (r314826)

portlint is also fine.

Cheers
jochen

-- 
You are receiving this mail because:
You are the assignee for the bug.