[TYPO3-50-general] Willing to help Task #1 Create sniffs for PHP Code Sniffer

[Malte Jansen]

Hi Robert,

here are some comments and one security-issue/idea at the bottom..

> 
> I suggest that you do the following:
> 
>  - convert the coding guidelines we've written down so far into rules of 
> this
>    kind:
> 
>    "Class names of classes in the Classes/ directory must start with 
> 'T3_' followed
>     by the package name"
> 
>    "All constants must be written uppercase, including 'TRUE' and 'FALSE'"
> 
>    Best is, if you wrote all rules into our wiki - just fill this page:
>    http://5-0.dev.typo3.org/trac/wiki/CodingStandards
> 
Will the Coding standard be in a single Package?

if yes: There should be a proper name for it like "CodingStandard" or 
"CodingGuideline".

else: Where is it located? You mentioned in the wiki, that there are two 
rules are already implemented.

>  - Then you might want to categorize these rules
> 
Should be clear before the implementation is startet...
Here is a list of the other examples (Squiz):
* Files

* Classes
* Functions
* Variables
* Constants
* ControlStructurs

* Arrays
* String
* Formatting
* Operators
* PHP
* Whitespaces
* Comments (needed?)
* Objects
* Scope


### NEW RULE for Security ###
Perhaps it's is possible to disallow the $_GET, $_POST etc. So all 
extension have to use functions of the framework it.

So this could be are rule/createria for the TER3. You can only make a 
workaround on local installation, but all packages in public go through 
this check. Perhaps this check could also be done via a installation of 
a package. This extension is disabled if something is found... (Only 
this Rule)

Somewhere it was an issue for security to disable this global-vars via 
php-command. But I cannot remember, where it was...


Cheers,

Malte