There is something like a coding standard for Magento 1, called ECG where numerous things should be avoided or methods that should not be used.
Let's try to create a list that covers all cases that are throwing "errors" or "warning" in your code.
Below you'll find a list with all possible warnings. I'll update this post at regular intervals and link to given and upvoted answers.
Note: please try to avoid duplicate answers 😉
Download: https://github.com/magento-ecg/coding-standard
ECG Sniffs
Classes
Mysql4 classes are obsolete.
- How to handle deprecated “Mysql4” classes when rewriting resource models
- Magento 1.9 module oddly breaking when changing resource folder from Mysql4 to Resource
Direct object instantiation (class %s) is discouraged in Magento.
protected $disallowedClassPrefixes = array(
'Mage_',
'Enterprise_',
);
…
PHP
Use of goto is discouraged.
…
Namespace for "'.$exceptionClassName.'" class is not specified.
…
Private class member detected.
…
Private class member detected.
…
Performance
Unnecessary loading of a Magento data collection. Use the getSize() method instead.
fetchAll() can be memory inefficient for large data sets.
…
getFirstItem() does not limit the result of collection load to one item.
- GetFirstItem – https://magento.stackexchange.com/a/179309/46249
Array size calculation function %s detected in loop
Model LSD method %s detected in loop
Data load %s method detected in loop
protected $countFunctions = array(
'sizeof',
'count'
);
protected $modelLsdMethods = array(
'load',
'save',
'delete'
);
Security
Missing the %s() ACL method in the %s class.
const PARENT_CLASS_NAME = 'Mage_Adminhtml_Controller_Action';
const REQUIRED_ACL_METHOD_NAME = '_isAllowed';
…
public $forbiddenFunctions = array(
'^is_dir' => null,
'^is_file$' => null,
'^pathinfo$' => null,
);
…
public $forbiddenFunctions = array(
'^assert$' => null,
'^bind_textdomain_codeset$' => null,
'^bindtextdomain$' => null,
'^bz.*$' => null,
'^call_user_func$' => null,
'^call_user_func_array$' => null,
'^chdir$' => null,
'^chgrp$' => null,
'^chmod$' => null,
'^chown$' => null,
'^chroot$' => null,
'^com_load_typelib$' => null,
'^copy$' => null,
'^create_function$' => null,
'^curl_.*$' => null,
'^cyrus_connect$' => null,
'^dba_.*$' => null,
'^dbase_.*$' => null,
'^dbx_.*$' => null,
'^dcgettext$' => null,
'^dcngettext$' => null,
'^dgettext$' => null,
'^dio_.*$' => null,
'^dirname$' => null,
'^dngettext$' => null,
'^domxml_.*$' => null,
'^exec$' => null,
'^fbsql_.*$' => null,
'^fdf_add_doc_javascript$' => null,
'^fdf_open$' => null,
'^fopen$' => null,
'^fsockopen$' => null,
'^ftp_.*$' => null,
'^fwrite$' => null,
'^gettext$' => null,
'^gz.*$' => null,
'^header$' => null,
'^highlight_file$' => null,
'^ibase_.*$' => null,
'^id3_set_tag$' => null,
'^ifx_.*$' => null,
'^image.*$' => null,
'^imap_.*$' => null,
'^ingres_.*$' => null,
'^ircg_.*$' => null,
'^ldap_.*$' => null,
'^link$' => null,
'^mail$' => null,
'^mb_send_mail$' => null,
'^mkdir$' => null,
'^move_uploaded_file$' => null,
'^msession_.*$' => null,
'^msg_send$' => null,
'^msql$' => null,
'^msql_.*$' => null,
'^mssql_.*$' => null,
'^mysql_.*$' => null,
'^odbc_.*$' => null,
'^opendir$' => null,
'^openlog$' => null,
'^ora_.*$' => null,
'^ovrimos_.*$' => null,
'^parse_ini_file$' => null,
'^parse_str$' => null,
'^parse_url$' => null,
'^parsekit_compile_string$' => null,
'^passthru$' => null,
'^pcntl_.*$' => null,
'^posix_.*$' => null,
'^pfpro_.*$' => null,
'^pfsockopen$' => null,
'^pg_.*$' => null,
'^php_check_syntax$' => null,
'^popen$' => null,
'^print_r$' => null,
'^printf$' => null,
'^proc_open$' => null,
'^putenv$' => null,
'^readfile$' => null,
'^readgzfile$' => null,
'^readline$' => null,
'^readlink$' => null,
'^register_shutdown_function$' => null,
'^register_tick_function$' => null,
'^rename$' => null,
'^rmdir$' => null,
'^scandir$' => null,
'^session_.*$' => null,
'^set_include_path$' => null,
'^set_ini$' => null,
'^set_time_limit$' => null,
'^setcookie$' => null,
'^setlocale$' => null,
'^setrawcookie$' => null,
'^shell_exec$' => null,
'^sleep$' => null,
'^socket_.*$' => null,
'^stream_.*$' => null,
'^sybase_.*$' => null,
'^symlink$' => null,
'^syslog$' => null,
'^system$' => null,
'^touch$' => null,
'^trigger_error$' => null,
'^unlink$' => null,
'^vprintf$' => null,
'^mysqli.*$' => null,
'^oci_connect$' => null,
'^oci_pconnect$' => null,
'^quotemeta$' => null,
'^sqlite_popen$' => null,
'^time_nanosleep$' => null,
'^base64_decode$' => null,
'^base_convert$' => null,
'^basename$' => null,
'^chr$' => null,
'^convert_cyr_string$' => null,
'^dba_nextkey$' => null,
'^dns_get_record$' => null,
'^extract$' => null,
'^fdf_.*$' => null,
'^fget.*$' => null,
'^fread$' => null,
'^fflush$' => null,
'^get_browser$' => null,
'^get_headers$' => null,
'^get_meta_tags$' => null,
'^getallheaders$' => null,
'^getenv$' => null,
'^getopt$' => null,
'^headers_list$' => null,
'^hebrev$' => null,
'^hebrevc$' => null,
'^highlight_string$' => null,
'^html_entity_decode$' => null,
'^ibase_blob_import$' => null,
'^id3_get_tag$' => null,
'^import_request_variables$' => null,
'^ircg_nickname_unescape$' => null,
'^ldap_get_values$' => null,
'^mb_decode_mimeheader$' => null,
'^mb_parse_str$' => null,
'^mcrypt_decrypt$' => null,
'^mdecrypt_generic$' => null,
'^msg_receive$' => null,
'^ngettext$' => null,
'^ob_get_contents$' => null,
'^ob_get_flush$' => null,
'^rawurldecode$' => null,
'^shm_get_var$' => null,
'^stripcslashes$' => null,
'^stripslashes$' => null,
'^token_get_all$' => null,
'^unpack$' => null,
'^convert_uudecode$' => null,
'^iconv_mime_decode$' => null,
'^iconv_mime_decode_headers$' => null,
'^iconv_mime_encode$' => null,
'^iconv_set_encoding$' => null,
'^php_strip_whitespace$' => null,
'^addcslashes$' => null,
'^addslashes$' => null,
'^escapeshellarg$' => null,
'^escapeshellcmd$' => null,
'^gettype$' => null,
'^var_dump$' => null,
'^tempnam$' => null,
'^realpath$' => null,
'^linkinfo$' => null,
'^lstat$' => null,
'^stat$' => null,
'^lchgrp$' => null,
'^lchown$' => null,
'^show_source$' => null,
'^is_executable$' => null,
'^is_link$' => null,
'^is_readable$' => null,
'^is_writable$' => null,
'^is_writeable$' => null,
'^is_uploaded_file$' => null,
'^glob$' => null,
'^ssh2_.*$' => null,
'^delete$' => null,
'^file.*$' => null,
);
- …
- curl_: – https://magento.stackexchange.com/a/178642/46249
- file_exists – https://magento.stackexchange.com/a/178641/46249
- …
"%s" statement detected. File manipulations are discouraged.
… Statement is not a function, no parentheses are required.
… Passing urls is forbidden.
… Concatenating is forbidden.
… Variables inside are insecure.
public $urlPattern = '#(https?|ftp)://.*#i';
…
Incorrect usage of back quote string constant. Back quotes should be always inside strings.
Use of %s language construct is discouraged.
return array(
T_EXIT,
T_ECHO,
T_PRINT,
T_BACKTICK
);
…
Direct use of %s Superglobal detected.
public $superGlobalErrors = array(
'$GLOBALS',
'$_GET',
'$_POST',
'$_SESSION',
'$_REQUEST',
'$_ENV'
);
public $superGlobalWarning = array(
'$_FILES',
'$_COOKIE',
'$_SERVER',
);
Sql
Possible raw SQL statement %s detected
public $statements = array(
'SELECT',
'UPDATE',
'INSERT',
'CREATE',
'DELETE',
'ALTER',
'DROP'
);
public $queryFunctions = array(
'query',
'raw_query'
);
…
Possible slow SQL statement %s detected
Possible slow SQL method %s detected
public $adapterMethods = array(
'group',
'having',
'distinct',
'addLikeEscape',
'escapeLikeValue',
'union',
'orHaving',
);
public $rawStatements = array(
'GROUP BY',
'HAVING',
'DISTINCT',
'LIKE',
'UNION',
);
…
Strings
Possible executable regular expression in %s. Make sure that the pattern doesn\'t contain "e" modifier
public $functions = array(
'preg_replace',
);
…
Use of + operator to concatenate two strings detected
…
Identical operator === is not used for testing the return value of %s function
public $functions = array(
'strpos',
'stripos',
);
- http://php.net/manual/en/function.strpos.php#refsect1-function.strpos-examples
- http://php.net/manual/en/function.stripos.php#refsect1-function.stripos-examples
Related questions & answers for best-practice
Best Answer
Forbidden Function
file_exists()
The use of function file_exists() is forbidden
incorrect:
correct:
or