Narrow parameter type for check_admin_referer and check_ajax_referer (#366)

Author: IanDelMar

functionMap.php

@@ -56,8 +56,8 @@
     'block_version' => ["(\$content is '' ? 0 : 0|1)", '@phpstan-pure' => ''],
     'bool_from_yn' => ["(\$yn is 'y' ? true : false)", '@phpstan-pure' => ''],
     'build_dropdown_script_block_core_categories' => ['non-falsy-string'],
-    'check_admin_referer' => ['1|2|false', 'action' => '-1|string'],
-    'check_ajax_referer' => ['1|2|false', 'action' => '-1|string'],
+    'check_admin_referer' => ['1|2|false', 'action' => 'string'],
+    'check_ajax_referer' => ['1|2|false', 'action' => 'string'],
     'comment_class' => ['($display is true ? void : string)'],
     'current_time' => ["(\$type is 'timestamp'|'U' ? int : string)"],
     'did_action' => ['int<0, max>'],

tests/ParameterTypeTest.php

@@ -69,6 +69,28 @@ public function testBookmarks(): void
         );
     }
 
+    public function testCheckAdminReferer(): void
+    {
+        $this->analyse(
+            __DIR__ . '/data/param/check_admin_referer.php',
+            [
+                ['Parameter #1 $action of function check_admin_referer expects string, int given.', 10],
+                ['Parameter #1 $action of function check_admin_referer expects string, int given.', 11],
+            ]
+        );
+    }
+
+    public function testCheckAjaxReferer(): void
+    {
+        $this->analyse(
+            __DIR__ . '/data/param/check_ajax_referer.php',
+            [
+                ['Parameter #1 $action of function check_ajax_referer expects string, int given.', 10],
+                ['Parameter #1 $action of function check_ajax_referer expects string, int given.', 11],
+            ]
+        );
+    }
+
     public function testWpdbGetRow(): void
     {
         $this->analyse(

tests/data/param/check_admin_referer.php

@@ -0,0 +1,14 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PhpStubs\WordPress\Core\Tests;
+
+use function check_admin_referer;
+
+// Incorrect action
+check_admin_referer(-1, Faker::string());
+check_admin_referer(Faker::int(), Faker::string());
+
+// Correct action
+check_admin_referer(Faker::string(), Faker::string());

tests/data/param/check_ajax_referer.php

@@ -0,0 +1,14 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PhpStubs\WordPress\Core\Tests;
+
+use function check_ajax_referer;
+
+// Incorrect action
+check_ajax_referer(-1, Faker::string());
+check_ajax_referer(Faker::int(), Faker::string());
+
+// Correct action
+check_ajax_referer(Faker::string(), Faker::string());

wordpress-stubs.php

@@ -128746,7 +128746,7 @@ function auth_redirect()
      * @return int|false 1 if the nonce is valid and generated between 0-12 hours ago,
      *                   2 if the nonce is valid and generated between 12-24 hours ago.
      *                   False if the nonce is invalid.
-     * @phpstan-param -1|string $action
+     * @phpstan-param string $action
      * @phpstan-return 1|2|false
      */
     function check_admin_referer($action = -1, $query_arg = '_wpnonce')
@@ -128766,7 +128766,7 @@ function check_admin_referer($action = -1, $query_arg = '_wpnonce')
      * @return int|false 1 if the nonce is valid and generated between 0-12 hours ago,
      *                   2 if the nonce is valid and generated between 12-24 hours ago.
      *                   False if the nonce is invalid.
-     * @phpstan-param -1|string $action
+     * @phpstan-param string $action
      * @phpstan-return 1|2|false
      */
     function check_ajax_referer($action = -1, $query_arg = \false, $stop = \true)