Mago 1.0.0-beta.23
This release introduces a powerful new set of linter rules with a major focus on WordPress security and best practices. It also includes a fundamental correctness fix for how short echo tags (<?=) are handled across the entire toolchain, resolving a number of bugs and regressions.
🛡️ New Linter Rules for WordPress & Security
A batch of new linter rules has been added to help you write safer and more maintainable code, especially for WordPress projects:
- WordPress Security: New rules to prevent common vulnerabilities like unescaped output (
no-unescaped-output), schema changes outside of activation hooks (no-db-schema-change), and using roles instead of capabilities for checks (no-roles-as-capabilities). - WordPress Best Practices: New rules to discourage direct database queries (
no-direct-db-query) and encourage using the WordPress HTTP and Filesystem APIs over native PHP functions (use-wp-functions). - General Rules: Added a
yoda-conditionsrule to prevent accidental assignment bugs and arequire-preg-quote-delimiterrule for safer regular expressions.
🚀 Correct <?= Echo Tag Handling
The short echo tag (<?=) is now parsed and analyzed correctly as a statement, not just an opening tag. This architectural fix resolves a cascade of issues across the toolchain:
- Parser: Now correctly supports comma-separated expression lists (e.g.,
<?= $a, $b ?>). - Analyzer: No longer produces false
unused-statementerrors for expressions inside<?= ... ?>. - Linter: Security rules like
no-unescaped-outputnow correctly inspect expressions inside echo tags. - Formatter: Provides more consistent and correct formatting, fixing several regressions.
Closed Issues
Full Changelog: 1.0.0-beta.22...1.0.0-beta.23