From 49c906b383b0c214f3f421b7f1d283d0ceabb717 Mon Sep 17 00:00:00 2001 From: Rodrigo Primo Date: Wed, 4 Feb 2026 12:18:02 -0300 Subject: [PATCH 1/2] PHP: fix ambiguous wording in eval() paragraph The original sentence "Both of these must not be used" was changed to "Neither of these must be used" in 4361cec (PR 65), based on a suggestion noting the original sentence read weird. However, it seems to me that "Neither of these must be used" can be read as "there is no requirement to use either" instead of the intended prohibition. This commit changes the sentence to "These must not be used", which keeps the clear prohibition from "must not". --- wordpress-coding-standards/php.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wordpress-coding-standards/php.md b/wordpress-coding-standards/php.md index b754ec3..4bd3e0e 100644 --- a/wordpress-coding-standards/php.md +++ b/wordpress-coding-standards/php.md @@ -991,7 +991,7 @@ switch ( $foo ) { The `goto` statement must never be used. -The `eval()` construct is _very dangerous_ and is impossible to secure. Additionally, the `create_function()` function, which internally performs an `eval()`, is deprecated since PHP 7.2 and has been removed in PHP 8.0. Neither of these must be used. +The `eval()` construct is _very dangerous_ and is impossible to secure. Additionally, the `create_function()` function, which internally performs an `eval()`, is deprecated since PHP 7.2 and has been removed in PHP 8.0. These must not be used. ### Closures (Anonymous Functions) From 68dd6e587cd1173b2e1ed389f8e7800fc4a95838 Mon Sep 17 00:00:00 2001 From: Rodrigo Primo Date: Fri, 6 Feb 2026 11:12:32 -0300 Subject: [PATCH 2/2] Update wordpress-coding-standards/php.md Co-authored-by: Gary Jones --- wordpress-coding-standards/php.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/wordpress-coding-standards/php.md b/wordpress-coding-standards/php.md index 4bd3e0e..48ff31e 100644 --- a/wordpress-coding-standards/php.md +++ b/wordpress-coding-standards/php.md @@ -991,7 +991,9 @@ switch ( $foo ) { The `goto` statement must never be used. -The `eval()` construct is _very dangerous_ and is impossible to secure. Additionally, the `create_function()` function, which internally performs an `eval()`, is deprecated since PHP 7.2 and has been removed in PHP 8.0. These must not be used. +The `eval()` construct is _very dangerous_ and is impossible to secure. It must not be used. + +The `create_function()` function internally performs an `eval()`. It was deprecated in PHP 7.2 and removed in PHP 8.0. It must not be used. ### Closures (Anonymous Functions)