FALSE POSITIVE: Comet Cache

Comet Cache is being incorrectly reported as “Possibly not PHP 7.0 compatible.”. Here’s a pastebin of the full report: https://pastebin.com/2CkBDDZD We’ve been running Comet Cache in production PHP 7 environments for some time now and we continue to run regular tests aginast the latest versions of PHP 7. There are no compatibility issues.

The two main issues reported by the scanner are a warning that “Function name “__” is discouraged;” and an error that “Using a call-time pass-by-reference is deprecated since PHP 5.3 and prohibited since PHP 5.4”.

“Function name “__” is discouraged”

WordPress itself uses __() to deal with translations.

Comet Cache needs to create a namespaced function with the name __() as a polyfill in an early phase. In addition, strictly speaking, there is nothing in the PHP language that prevents the use of double underscores, and this is no way even related to PHP 7 as this has existed since PHP 5.x. What the scanner is referring to is this article at PHP.net where it is suggested not to use double underscores as a way of future-proofing your code.

So the word ‘WARNING’ is good here, but it might make more sense to call this a ‘NOTICE’, or not show it at all. Also, when Comet Cache uses double underscores, there are in fact 3 underscores ___function_name() and not just two. There are three to avoid a collision with PHP, for the very reason the scanner is producing this warning. So having three underscores should not be reported by their system. We use three for a reason; it future-proofs the code that we write.

Suggestions for WP Engine pertaining to Function name “__” is discouraged:

• Scanner should be smart enough to detect namespaced functions not in the global scope and consider this before returning a warning about a function with the name __().
• Scanner should probably not return a warning for any function with the name __() whether it is global or not, given this is an i18n function name that is common to all of WordPress.
• Scanner should be smart enough to see there are three underscores and not just two; i.e., ___function_name() is future-proof, whereas __function_name() is not future-proof.
• A PHP 7 compatibility scanner shouldn’t even bring this up to begin with, as this is not something that is specific to PHP 7.

“call-time pass-by-reference is prohibited since php 5.4”

This is bogus, a false-positive. The scanner is detecting this incorrectly. The Comet Cache use of =& is in a write context and not in a pass-by-reference context. Here is an example of what the scanner is detecting incorrectly: /src/includes/traits/Plugin/WcpUtils.php#L298 This is inside a function call, and while it might appear to be a pass-by-reference to a dumb robot, it is in fact not a pass-by-reference. The value is being assigned.

Suggestions for WP Engine pertaining to call-time pass-by-reference is prohibited since php 5.4

• Make the scanner smart enough to parse the language and not just skim the surface. Before a scanner returns a warning or error, it first needs to be smart enough to know what an error actually is and what is not. This false-positive is being reported because the scanner is not smart enough (yet) to look at the context in which it is used.