[TYPO3-50-general] Willing to help Task #1 Create sniffs for PHP Code Sniffer
Malte Jansen
mail at maltejansen.de
Tue Dec 11 13:37:29 CET 2007
Hi Robert,
here are some comments and one security-issue/idea at the bottom..
>
> I suggest that you do the following:
>
> - convert the coding guidelines we've written down so far into rules of
> this
> kind:
>
> "Class names of classes in the Classes/ directory must start with
> 'T3_' followed
> by the package name"
>
> "All constants must be written uppercase, including 'TRUE' and 'FALSE'"
>
> Best is, if you wrote all rules into our wiki - just fill this page:
> http://5-0.dev.typo3.org/trac/wiki/CodingStandards
>
Will the Coding standard be in a single Package?
if yes: There should be a proper name for it like "CodingStandard" or
"CodingGuideline".
else: Where is it located? You mentioned in the wiki, that there are two
rules are already implemented.
> - Then you might want to categorize these rules
>
Should be clear before the implementation is startet...
Here is a list of the other examples (Squiz):
* Files
* Classes
* Functions
* Variables
* Constants
* ControlStructurs
* Arrays
* String
* Formatting
* Operators
* PHP
* Whitespaces
* Comments (needed?)
* Objects
* Scope
### NEW RULE for Security ###
Perhaps it's is possible to disallow the $_GET, $_POST etc. So all
extension have to use functions of the framework it.
So this could be are rule/createria for the TER3. You can only make a
workaround on local installation, but all packages in public go through
this check. Perhaps this check could also be done via a installation of
a package. This extension is disabled if something is found... (Only
this Rule)
Somewhere it was an issue for security to disable this global-vars via
php-command. But I cannot remember, where it was...
Cheers,
Malte
More information about the TYPO3-project-5_0-general
mailing list