From 5d7ccce0dd27a651b2548ee3d25a562c030aeb03 Mon Sep 17 00:00:00 2001
From: gogdzl <diego.rodrigues@automattic.com>
Date: Tue, 17 Sep 2024 14:44:00 -0700
Subject: [PATCH 1/5] Add documentation for
 WordPress.PHP.RestrictedPHPFunctions

---
 .../PHP/RestrictedPHPFunctionsStandard.xml    | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 WordPress/Docs/PHP/RestrictedPHPFunctionsStandard.xml

diff --git a/WordPress/Docs/PHP/RestrictedPHPFunctionsStandard.xml b/WordPress/Docs/PHP/RestrictedPHPFunctionsStandard.xml
new file mode 100644
index 0000000000..0ec69f129d
--- /dev/null
+++ b/WordPress/Docs/PHP/RestrictedPHPFunctionsStandard.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+<documentation xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:noNamespaceSchemaLocation="https://phpcsstandards.github.io/PHPCSDevTools/phpcsdocs.xsd"
+    title="Restricted PHP Functions"
+    >
+    <standard>
+    <![CDATA[
+    The restricted function create_function() should not be used.
+
+    create_function() is deprecated as of PHP 7.2 and removed in PHP 8.0. Please use declared named or anonymous functions instead.
+    ]]>
+    </standard>
+    <code_comparison>
+        <code title="Valid: Using anonymous function (closure).">
+        <![CDATA[
+add_action( 'init', function() {
+    return foo( 'bar' );
+} );
+        ]]>
+        </code>
+        <code title="Invalid: Using create_function().">
+        <![CDATA[
+add_action( 'init', <em>create_function( '',
+    'return foo( "bar" );'
+)</em> );
+        ]]>
+        </code>
+    </code_comparison>
+</documentation>

From e2f5dabd68b573c33bac2b63afa604cef8299e60 Mon Sep 17 00:00:00 2001
From: Rodrigo Primo <rodrigosprimo@gmail.com>
Date: Wed, 4 Feb 2026 09:27:26 -0300
Subject: [PATCH 2/5] Rework XML documentation for
 WordPress.PHP.RestrictedPHPFunctions

Some of these changes were suggested during the review of PR 2491,
and others were decided while working on the new PR:
- Make the standard description generic instead of mentioning
  create_function() specifically, following the pattern used by other
  docs like DeprecatedFunctionsStandard.xml.
- Use "must not" instead of "should not" since the sniff produces an
  error.
- Simplify the code examples by removing the add_action() wrapper.
- Add <em> tags to the valid code example.
---
 .../Docs/PHP/RestrictedPHPFunctionsStandard.xml   | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/WordPress/Docs/PHP/RestrictedPHPFunctionsStandard.xml b/WordPress/Docs/PHP/RestrictedPHPFunctionsStandard.xml
index 0ec69f129d..5e2dd8859a 100644
--- a/WordPress/Docs/PHP/RestrictedPHPFunctionsStandard.xml
+++ b/WordPress/Docs/PHP/RestrictedPHPFunctionsStandard.xml
@@ -5,24 +5,23 @@
     >
     <standard>
     <![CDATA[
-    The restricted function create_function() should not be used.
-
-    create_function() is deprecated as of PHP 7.2 and removed in PHP 8.0. Please use declared named or anonymous functions instead.
+    Certain PHP functions must not be used. Use the recommended alternatives instead.
     ]]>
     </standard>
     <code_comparison>
-        <code title="Valid: Using anonymous function (closure).">
+        <code title="Valid: Using an anonymous function.">
         <![CDATA[
-add_action( 'init', function() {
+$function = <em>function ()</em> {
     return foo( 'bar' );
-} );
+};
         ]]>
         </code>
         <code title="Invalid: Using create_function().">
         <![CDATA[
-add_action( 'init', <em>create_function( '',
+$function = <em>create_function</em>(
+    '',
     'return foo( "bar" );'
-)</em> );
+);
         ]]>
         </code>
     </code_comparison>

From bc4c983292b414c502807b2fbfc65c9570f891b5 Mon Sep 17 00:00:00 2001
From: Rodrigo Primo <rodrigosprimo@gmail.com>
Date: Fri, 6 Feb 2026 15:20:02 -0300
Subject: [PATCH 3/5] Explain why in the standard description

Following the suggestion in PR 2687, this commit improves the
standard description to explain why these functions must not
be used.

The phrasing is kept generic instead of mentioning
create_function() specifically, since the sniff name suggests
it could be extended with more functions in the future.
---
 WordPress/Docs/PHP/RestrictedPHPFunctionsStandard.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/WordPress/Docs/PHP/RestrictedPHPFunctionsStandard.xml b/WordPress/Docs/PHP/RestrictedPHPFunctionsStandard.xml
index 5e2dd8859a..beed152334 100644
--- a/WordPress/Docs/PHP/RestrictedPHPFunctionsStandard.xml
+++ b/WordPress/Docs/PHP/RestrictedPHPFunctionsStandard.xml
@@ -5,7 +5,7 @@
     >
     <standard>
     <![CDATA[
-    Certain PHP functions must not be used. Use the recommended alternatives instead.
+    Certain PHP functions must not be used, as they have been deprecated and removed from PHP or pose security risks. Use the recommended alternatives instead.
     ]]>
     </standard>
     <code_comparison>

From 3c26be40b7715c6bb14f39c5742f9e2273295917 Mon Sep 17 00:00:00 2001
From: Rodrigo Primo <rodrigosprimo@gmail.com>
Date: Mon, 23 Feb 2026 15:23:48 -0300
Subject: [PATCH 4/5] Apply suggestions from code review

Co-authored-by: Juliette <663378+jrfnl@users.noreply.github.com>
---
 .../PHP/RestrictedPHPFunctionsStandard.xml    | 22 ++++++++++++-------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/WordPress/Docs/PHP/RestrictedPHPFunctionsStandard.xml b/WordPress/Docs/PHP/RestrictedPHPFunctionsStandard.xml
index beed152334..dc727100fa 100644
--- a/WordPress/Docs/PHP/RestrictedPHPFunctionsStandard.xml
+++ b/WordPress/Docs/PHP/RestrictedPHPFunctionsStandard.xml
@@ -5,22 +5,28 @@
     >
     <standard>
     <![CDATA[
-    Certain PHP functions must not be used, as they have been deprecated and removed from PHP or pose security risks. Use the recommended alternatives instead.
+    Certain PHP functions must not be used, as they pose security risks. Use the recommended alternatives instead.
     ]]>
     </standard>
     <code_comparison>
-        <code title="Valid: Using an anonymous function.">
+        <code title="Valid: Using an anonymous function (closure).">
         <![CDATA[
-$function = <em>function ()</em> {
-    return foo( 'bar' );
-};
+add_action(
+    'init',
+    <em>function () {
+        return foo( 'bar' );
+    }</em>
+);
         ]]>
         </code>
         <code title="Invalid: Using create_function().">
         <![CDATA[
-$function = <em>create_function</em>(
-    '',
-    'return foo( "bar" );'
+add_action(
+    'init',
+    <em>create_function(
+        '',
+        'return foo( "bar" );'
+    )</em>
 );
         ]]>
         </code>

From 0565eb1968c3284546f8996cb11bb316916dcfb9 Mon Sep 17 00:00:00 2001
From: Rodrigo Primo <rodrigosprimo@gmail.com>
Date: Tue, 3 Mar 2026 09:47:12 -0300
Subject: [PATCH 5/5] Update the description based on suggestion during PR
 review

---
 WordPress/Docs/PHP/RestrictedPHPFunctionsStandard.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/WordPress/Docs/PHP/RestrictedPHPFunctionsStandard.xml b/WordPress/Docs/PHP/RestrictedPHPFunctionsStandard.xml
index dc727100fa..bebbd86b19 100644
--- a/WordPress/Docs/PHP/RestrictedPHPFunctionsStandard.xml
+++ b/WordPress/Docs/PHP/RestrictedPHPFunctionsStandard.xml
@@ -5,7 +5,7 @@
     >
     <standard>
     <![CDATA[
-    Certain PHP functions must not be used, as they pose security risks. Use the recommended alternatives instead.
+    Certain PHP functions must not be used. Use the recommended alternatives instead.
     ]]>
     </standard>
     <code_comparison>