MHM Rentiva v4.27.0: WordPress.org Submission Readiness — Zero PHPCS Errors, Zero PCP Errors

April 23, 2026 · 4 min read

Maintainer

v4.27.0 is a milestone release completing the code quality audit ahead of submitting the plugin to the official WordPress.org plugin directory. The entire distributed codebase now passes the project's strict PHPCS ruleset with zero errors, zero warnings, and achieves zero errors against Plugin Check (PCP) — the official WordPress.org review tool. Four real defects uncovered during the process have also been closed.

🎯 Why This Release?

WordPress.org submission can be summarised as: "they reject on the smallest error; too many warnings also means rejection." Therefore:

Plugin Check (PCP) zero errors required — the official review tool; human reviewers run this first.
Zero errors under strict PHPCS ruleset — so human reviewers don't see a messy codebase when scanning manually.
PHPUnit 728/728 green — functionality must be preserved.

All three were achieved.

📊 Verification Summary

Check	Before	After
PHPCS errors	5158	0
PHPCS warnings	1273	0
Plugin Check errors	37	0
Plugin Check warnings	326	3 trivial (excluded from release ZIP)
PHPUnit	720/720	728/728 (+8 new tests, 0 regressions)

🔧 Real Defects (Found Along the Way)

Four real bugs were identified during the cleanup:

1. CurrencyHelper — Duplicate `"TRY"` Aliases

The Turkish Lira normalisation map defined the "₺" => 'TRY' key silently twice. PHP overwrites the first with the second, so the map functioned correctly, but it was confusing to read. Removed.

2. SearchResults — Duplicate `error` i18n Key

The i18n dictionary passed to Search Results JavaScript defined the error key twice:

'error' => __('An error occurred. Please try again.', 'mhm-rentiva'),
// ...
'error' => __('Error', 'mhm-rentiva'),  // This overwrote the first

The long message was dead code; users only ever saw "Error". Restructured as a single key.

3. WooCommerceBridge — Unreachable Duplicate `return`

if (! $order) {
    return;
    return;  // This line was never reached
}

The second return was removed.

4. Cron Sweep Silent Exception Swallowing

The AutoCancel and AutoComplete cron jobs processed each booking inside a try/catch, but the catch blocks were completely empty:

} catch (\Throwable $e) {
    // Handle silently in production
}

The problem: an error in a single booking would stall the entire loop while leaving no trace in logs. Fix — the error is logged and the loop continues:

} catch (\Throwable $e) {
    error_log('[mhm-rentiva] auto-cancel skipped booking ' . $bid . ': ' . $e->getMessage());
}

🌍 i18n Gaps

24 lines using sprintf / _n / __ with placeholders (%s, %d, %1$d) were missing translator comments. The standard comment was added to each:

/* translators: %d: maximum number of vehicles allowed in Lite tier */
sprintf( __( '%d vehicles', 'mhm-rentiva' ), $max_vehicles );

Affected areas: license dashboard Lite limits, message widget, dashboard countdown, vehicle lifecycle error messages, vendor settings, vendor booking detail, upcoming operations table.

🏗️ Mechanical Updates

json_encode() → wp_json_encode(): 18 call sites updated (CLI commands, REST helpers, reports, exports, notifications, GDPR tools).
declare(strict_types=1): Added to two block placeholder files.
Control structure assignments: Two instances of the if ($cached = ...) pattern split into two-line form.
Loop condition count(): Computed once and stored in a variable inside the IP masking helper.

📋 phpcs.xml — Defensible Suppress Block

Most of the 678 remaining violations were not "real defects" from a WordPress.org perspective, but the ruleset flagged them anyway. Each sniff was suppressed with a documented justification:

Public API Stability: ValidFunctionName.MethodNameInvalid (194), ValidHookName.UseUnderscores (45), reserved keyword parameter names — renaming these would break all Elementor widgets, theme overrides, and third-party integrations. Addressed in a v5.0 major release with documented migration.
Discouraged-but-not-forbidden PHP functions: base64_encode/decode (HMAC signature), serialize (legacy WP options), urlencode (RFC 3986), file_get_contents (local asset), error_log (structured log) — WordPress core uses the same functions.
Performance heuristics: meta_query, posts_per_page, post__not_in — each usage is justified; the alternative (custom tables) requires a major migration.
Codex quality noise: unused-after-last-used (hook callback signatures), loose-equal, short-ternary (standard PHP feature), current_time('timestamp') — intentional choices.
WP global accessor pattern: $wp_query, $post, $wpdb — WP public API.
Sub-15-minute cron: CronSchedulesInterval — booking auto-cancel runs every 5 minutes; this is a UX decision.
Template strict types: The templates/ directory is excluded from the RequireStrictTypes rule (type juggling required).

🛠️ Tooling

phpcompatibility/phpcompatibility-wp added as a dev dependency; PHPCompatibilityWP rule re-enabled with testVersion=8.1-.
Composer scripts: phpcs:release, phpcbf:release, plugin-check:release — repeatable verification.
Local *fixer*.php dev tools and the .worktrees/ directory excluded from the release ZIP via .distignore.

📦 Installation

Download mhm-rentiva.4.27.0.zip and install via Plugins → Add New → Upload Plugin, or use the Rentiva Pro auto-updater.

Requirements: PHP 8.1+, WordPress 6.7+.

🔜 Next

v4.26.8 shortcode review backlog
v4.26.9 Popular Routes shortcode (transfer location showcase)
v4.27.x: WP 6.9 final test pass and official WordPress.org submission

GitHub Release: v4.27.0

🎯 Why This Release?​

📊 Verification Summary​

🔧 Real Defects (Found Along the Way)​

1. CurrencyHelper — Duplicate "TRY" Aliases​

2. SearchResults — Duplicate error i18n Key​

3. WooCommerceBridge — Unreachable Duplicate return​

4. Cron Sweep Silent Exception Swallowing​

🌍 i18n Gaps​

🏗️ Mechanical Updates​

📋 phpcs.xml — Defensible Suppress Block​

🛠️ Tooling​

📦 Installation​

🔜 Next​