feat(checks): detect production-time PHP error reporting changes

[faisalahammad]

Summary

Adds a new static check Php_Error_Reporting_Check that flags plugins which modify PHP error-reporting configurations or redefine core WordPress debug constants in production. This prevents sensitive information disclosure and ensures a standard debugging experience on WordPress sites.

Fixes #1315

Changes

Php_Error_Reporting_Check

Before:
No check existed to flag PHP error reporting changes.

After:

class Php_Error_Reporting_Check extends Abstract_File_Check {
	// Trait and Category declarations...

	protected function check_files( Check_Result $result, array $files ) {
		$php_files   = self::filter_files_by_extension( $files, 'php' );
		$plugin_path = $result->plugin()->path();

		foreach ( $php_files as $file ) {
			// Skip test suite folders or files relative to the plugin\'s root path.
			$relative_file = str_replace( $plugin_path, '', $file );
			if ( preg_match( \'#^(?:tests|test|testdata|phpunit)/#i\', $relative_file ) || preg_match( \'#/phpunit[^/]*$\#i\', $relative_file ) ) {
				continue;
			}

			$this->check_file( $result, $file );
		}
	}
}

Why: Leverages an AST-based search (using PhpParser\\ParserFactory) to precisely flag direct error_reporting() calls, ini_set()/ini_alter() calls with error_reporting/display_errors, and the definition of core debug constants (WP_DEBUG, etc.). The check has a robust fallback to regex search if AST parsing fails.

Default_Check_Repository

Before:

				\'i18n_usage\'                 => new Checks\\General\\I18n_Usage_Check(),
				\'enqueued_scripts_size\'      => new Checks\\Performance\\Enqueued_Scripts_Size_Check(),

After:

				\'i18n_usage\'                 => new Checks\\General\\I18n_Usage_Check(),
				\'php_error_reporting\'        => new Checks\\General\\Php_Error_Reporting_Check(),
				\'enqueued_scripts_size\'      => new Checks\\Performance\\Enqueued_Scripts_Size_Check(),

Why: Registers the new static check class as a default check in the General category.

Testing

Test 1: Run the automated unit test suite

1. Run PHPUnit on the new test class:

vendor/bin/phpunit tests/phpunit/tests/Checker/Checks/Php_Error_Reporting_Check_Tests.php

Result: Works as expected (2 tests, 6 assertions successfully pass).

Test 2: Perform static analysis and lint checks

1. Execute composer run-script lint
2. Execute composer run-script phpstan
   Result: Works as expected (0 errors, completely clean).

[github-actions]

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message.

Co-authored-by: faisalahammad <faisalahammad@git.wordpress.org>
Co-authored-by: davidperezgar <davidperez@git.wordpress.org>

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.