Claude/integrate php libraries q6 w9 f #7
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit enhances the plugin's security posture by integrating patterns from the php-aegis and sanctify-php security libraries. Changes: - Add WPCM_Security class (PHP 7.4+ compatible security layer) - Add declare(strict_types=1) to all PHP files - Add SPDX license headers to all PHP files - Fix REST API limit parameter sanitization - Add security-analysis.yml GitHub workflow - Add docs/SECURITY-INTEGRATION.md with integration report - Update composer.json with security scripts and suggestions The integration report documents: - PHP version incompatibility (php-aegis requires 8.1+, plugin needs 7.4+) - sanctify-php is a Haskell build tool, not a runtime PHP library - Recommendations for upstream improvements to both libraries Version bumped to 1.1.0 to reflect security enhancements.
BREAKING CHANGE: Now requires PHP 8.2+ and WordPress 6.4+ Changes: - Add php-aegis as a direct composer dependency (not just suggested) - WPCM_Security now uses PhpAegis\Validator and PhpAegis\Sanitizer directly - Upgrade PHPUnit to ^10.0 || ^11.0 for PHP 8.2+ compatibility - Use modern PHP syntax: match expressions, mixed type, never return type - Update documentation to reflect full integration Why PHP 8.2+: - PHP 7.4 EOL: November 2022 - PHP 8.0 EOL: November 2023 - Enables direct php-aegis integration without workarounds - Modern language features improve code safety Version bumped to 1.2.0
Document that we will never support PHP 7.x - if you're running EOL PHP, you have bigger security problems than this plugin can solve. Upgrading PHP is the most impactful security fix available. Current requirement remains PHP 8.2+ for active support and php-aegis.
- Add WordPress 6.0+ hard floor policy (same rationale as PHP 8.0+) - Add comprehensive learning report documenting: - php-aegis integration findings (what worked, issues, recommendations) - sanctify-php integration findings (adoption barriers, recommendations) - General observations on PHP security ecosystem gaps - Before/after metrics
Signed-off-by: Jonathan D.A. Jewell <6759885+hyperpolymath@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.