AgentSkillsCN

php-standards

Oh My Brand!主题的PHP编码规范。遵循WordPress编码标准,严格类型标注、转义处理、数据净化、DocBlocks以及安全实践。在编写PHP函数、类或渲染模板时,请使用这些规范。

SKILL.md
--- frontmatter
name: php-standards
description: PHP coding standards for Oh My Brand! theme. WordPress Coding Standards, strict typing, escaping, sanitization, DocBlocks, and security practices. Use when writing PHP functions, classes, or render templates.
metadata:
  author: Wesley Smits
  version: "1.0.0"

PHP Standards

PHP coding standards and security practices for the Oh My Brand! WordPress FSE theme.


When to Use

  • Writing new PHP functions, classes, or methods
  • Creating block render templates (render.php)
  • Building helper functions (helpers.php)
  • Working with WordPress hooks and filters
  • Handling user input or output

Reference Files

FilePurpose
file-structure.phpFile and class structure
escaping-examples.phpOutput escaping patterns
sanitization-examples.phpInput sanitization
nonce-examples.phpNonce verification
hooks-examples.phpActions and filters

File Header

Every PHP file must include:

php
<?php
/**
 * Short description of the file.
 *
 * @package theme-oh-my-brand
 */

declare(strict_types=1);

See file-structure.php for complete structure.


Naming Conventions

TypeConventionExample
ClassesPascalCaseGalleryBlock
Functionssnake_case with prefixomb_get_gallery_images()
Methodssnake_caseget_images()
Variablessnake_case$gallery_images
ConstantsSCREAMING_SNAKEOMB_VERSION
Fileskebab-casegallery-block.php

Function Prefix

Use omb_ prefix for theme functions:

php
// ✅ Good - prefixed
function omb_register_blocks(): void { }

// ❌ Bad - no prefix
function register_blocks(): void { }

Type Declarations

Use type hints for all function parameters and return types:

php
function format_gallery_images(array $images, int $limit = 10): array {
    // Implementation
}

Common Type Patterns

TypeUsage
stringText values
intInteger numbers
floatDecimal numbers
boolBoolean values
arrayArrays (use PHPDoc for element types)
?stringNullable string
voidNo return value

Output Escaping

All output must be escaped based on context:

FunctionUse Case
esc_html()Text content
esc_attr()HTML attributes
esc_url()URLs
wp_kses_post()Rich HTML content
wp_json_encode()JavaScript values
esc_html__()Translated text
esc_attr__()Translated attributes

See escaping-examples.php for examples.


Input Sanitization

Sanitize all input data before use:

FunctionUse Case
sanitize_text_field()Text input
sanitize_textarea_field()Textarea
sanitize_email()Email
absint()Integer
esc_url_raw()URL for database
sanitize_file_name()File name
sanitize_html_class()HTML class

See sanitization-examples.php for examples.


Nonce Verification

Use nonces for form submissions and AJAX:

FunctionPurpose
wp_nonce_field()Add nonce to form
wp_create_nonce()Create nonce for AJAX
wp_verify_nonce()Verify form nonce
check_ajax_referer()Verify AJAX nonce

See nonce-examples.php for examples.


WordPress Hooks

Hook TypeFunctionCustom Hook
Actionsadd_action()do_action()
Filtersadd_filter()apply_filters()

Common Actions

php
add_action('init', 'omb_register_blocks');
add_action('wp_enqueue_scripts', 'omb_enqueue_assets');
add_action('after_setup_theme', 'omb_setup_theme');

Hook Priority

php
add_action('init', 'omb_early_init', 5);    // Earlier
add_action('init', 'omb_normal_init');       // Default: 10
add_action('init', 'omb_late_init', 20);     // Later

See hooks-examples.php for examples.


Error Handling

Use early returns and guard clauses:

php
function omb_get_gallery_html(int $gallery_id): string {
    if ($gallery_id <= 0) {
        return '';
    }

    $gallery = get_post($gallery_id);

    if (!$gallery instanceof WP_Post) {
        return '';
    }

    return omb_render_gallery($gallery);
}

Related Skills


References