Saturday, 26 April 2008

PHP_CodeSniffer code taken and rebadged as Zend Framework code

A new feature request for PHP_CodeSniffer alerted me to the effort of a couple of Zend Framework developers to create a PHP_CodeSniffer standard that can be used by all Zend Framework developers. The feature request mentioned that the name they had chosen (Zend) conflicts with the existing standard that is distributed with PHP_CodeSniffer.

I immediately thought this was a bit strange because I've already had someone from Zend contribute some code for the Zend Framework coding standard, and I've written a fair few sniffs for it myself.

I took a look at the code and noticed that almost all of the sniffs that have been committed to the Zend Framework SVN repository are just copies of the sniffs I have written for the existing PHP_CodeSniffer standards. The troubling part is that all the copyright notices and author tags have been switched to indicate that the code was written by and copyright Zend. Worse still, the licence had been changed to the Zend Framework's New BSD licence.

This is a pretty clear violation of the BSD licence under which PHP_CodeSniffer is distributed, so I've left a comment on the Coding Standard RC page in the Zend Framework wiki. I tried locating an email address, submitting an issue and even commenting on an existing issue, but it appears the Zend Framework doesn't have any scope for non-approved developer comments besides the wiki.

I did get a little angry when I saw this, but I also see this as an opportunity to complete the PHP_CodeSniffer Zend standard and get PHP_CodeSniffer our there to a new developer community. The Zend Framework obviously has a couple of developers dedicated to automating their coding standard checks using PHP_CodeSniffer, so I've provided them with an invitation to contact me and work together. I will hopefully be taken up on that offer.

Update: Thought it might be easier to see the problem if you can focus on one file. Take a look at Zend's FunctionDeclarationArgumentSpacingSniff (from the ZF SVN repo) and Squiz's FunctionDeclarationArgumentSpacingSniff (from the PEAR CVS repo). Only very minor changes have been made. Even with these changes, it would be best to extend the Squiz sniff and do some minor refactoring rather than copy/paste, which I'm happy to help with.

Update: Thomas Weidner has contacted me to let me know the files have been removed from the Zend Framework SVN repo.

6 comments:

The Nazg said...

Wow... just wow. It's a good thing you caught this. I assume there's a clear commit history visible to see who's done this over there...

Greg Sherwood said...

There sure is. The ZF team use Fisheye, so all these commits are public. You can see the ZF commits here and my commits here.

Ken Guest said...

Have you figured out who did it and why?

Greg Sherwood said...

The commits were from Thomas, a core ZF developer, who was also very quick to rectify the situation.

I am sure this was just an honest mistake where he modified the files to meet the ZF coding standard and didn't think about the consequences of changing the file headers.

Piotr Czachur said...

Hi Greg!

After running:
`phpcs --report=summary --standard=Zend trunk/lib/Zend/`
I get:
A TOTAL OF 4063 ERROR(S) AND 13282 WARNING(S) WERE FOUND IN 1168 FILE(S)

On the other side on ZF wiki (http://framework.zend.com/wiki/display/ZFDEV/ZF+Coding+Standards+(RC)#ZFCodingStandards(RC)-CodeSnifferTestbed) it's written that "The complete framework is tested with a coding standard which we have written using PHP_CodeSniffer".

Something weird is going on, do you have some thought to share, why there are thousands of errors?

PS.
Software versions I have used:
PHP_CodeSniffer version 1.1.0 (stable)
Zenf Framework 1.6.0

Greg Sherwood said...

Hi Piotr,

I'm not sure exactly what standard the ZF guys are using or how much their code actually conforms to the standard.

When the Zend standard was added to PHP_CodeSniffer, it was current at the time, but never really became an official ZF standard.

I think you'll need to ask them as I have not heard anything for a while. I'd love them to contribute whatever they have though. I think that would give PHP developers a real alternative to the PEAR standard.