Draft
Conversation
Contributor
|
Test on Playground |
Contributor
🔍 WordPress Plugin Check Report
📊 Report
|
| 📍 Line | 🔖 Check | 💬 Message |
|---|---|---|
103 |
WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in | Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. |
📁 classes/suggested-tasks/providers/class-content-review.php (4 warnings)
| 📍 Line | 🔖 Check | 💬 Message |
|---|---|---|
232 |
WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in | Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. |
377 |
WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in | Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. |
381 |
WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in | Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. |
388 |
WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in | Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. |
📁 classes/suggested-tasks/data-collector/class-yoast-orphaned-content.php (1 warning)
| 📍 Line | 🔖 Check | 💬 Message |
|---|---|---|
111 |
PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $query used in $wpdb->get_row($query)\n$query assigned unsafely at line 98:\n $query = "SELECT p.ID AS post_id, p.post_title AS post_title\n\t\t\tFROM {$wpdb->posts} p\n\t\t\tLEFT JOIN (\n\t\t\t\tSELECT DISTINCT l.target_post_id\n\t\t\t\tFROM {$wpdb->prefix}yoast_seo_links l\n\t\t\t\tWHERE l.type = 'internal'\n\t\t\t\tAND l.target_post_id IS NOT NULL\n\t\t\t) l ON p.ID = l.target_post_id\n\t\t\tWHERE {$where_clause}\n\t\t\tAND l.target_post_id IS NULL\n\t\t\tORDER BY p.post_date DESC\n\t\t\tLIMIT 1"\n$where_clause assigned unsafely at line 95:\n $where_clause .= ' AND p.ID NOT IN (' . \implode( ',', $exclude_post_ids ) . ')'\n$exclude_post_ids assigned unsafely at line 91:\n $exclude_post_ids = \apply_filters( 'progress_planner_yoast_orphaned_content_exclude_post_ids', $exclude_post_ids )\n$exclude_post_ids assigned unsafely at line 79:\n $exclude_post_ids = \array_filter(\n\t\t\t[\n\t\t\t\t( new Hello_World() )->collect(),\n\t\t\t\t( new Sample_Page() )->collect(),\n\t\t\t]\n\t\t) |
📁 classes/suggested-tasks/data-collector/class-terms-without-description.php (1 warning)
| 📍 Line | 🔖 Check | 💬 Message |
|---|---|---|
108 |
PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $query used in $wpdb->get_results($wpdb->prepare( $query, $taxonomy, self::MIN_POSTS ))\n$query assigned unsafely at line 106:\n $query .= ' ORDER BY tt.count DESC LIMIT 1'\n$query assigned unsafely at line 104:\n $query .= ' AND t.term_id NOT IN (' . \implode( ',', \array_map( 'intval', $exclude_term_ids ) ) . ')'\n$terms assigned unsafely at line 108:\n $terms = $wpdb->get_results( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching\n\t\t\t\t$wpdb->prepare( $query, $taxonomy, self::MIN_POSTS ) // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- We are using array_map to ensure the values are integers.\n\t\t\t)\n$taxonomy used without escaping. |
📁 classes/suggested-tasks/data-collector/class-terms-without-posts.php (1 warning)
| 📍 Line | 🔖 Check | 💬 Message |
|---|---|---|
120 |
PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $query used in $wpdb->get_results($wpdb->prepare( $query, $taxonomy, self::MIN_POSTS, $query_limit ))\n$query assigned unsafely at line 118:\n $query .= ' LIMIT %d'\n$query assigned unsafely at line 115:\n $query .= ' AND t.term_id NOT IN (' . \implode( ',', \array_map( 'intval', $exclude_term_ids ) ) . ')'\n$terms assigned unsafely at line 120:\n $terms = $wpdb->get_results( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching\n\t\t\t\t$wpdb->prepare( $query, $taxonomy, self::MIN_POSTS, $query_limit ) // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- We are using array_map to ensure the values are integers.\n\t\t\t)\n$taxonomy used without escaping. |
📁 classes/activities/class-query.php (2 warnings)
| 📍 Line | 🔖 Check | 💬 Message |
|---|---|---|
71 |
PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $table_name used in $wpdb->query("CREATE TABLE IF NOT EXISTS $table_name (\n\t\t\t\tid BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT,\n\t\t\t\tdate DATE NOT NULL,\n\t\t\t\tcategory VARCHAR(255) NOT NULL,\n\t\t\t\ttype VARCHAR(255) NOT NULL,\n\t\t\t\tdata_id VARCHAR(255),\n\t\t\t\tuser_id BIGINT(20) UNSIGNED NOT NULL,\n\t\t\t\tPRIMARY KEY (id)\n\t\t\t) $charset_collate;")\n$table_name assigned unsafely at line 58:\n $table_name = $wpdb->prefix . static::TABLE_NAME |
163 |
PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $where_args used in $wpdb->get_results($wpdb->prepare(\n\t\t\t\t\t\t\sprintf(\n\t\t\t\t\t\t\t'SELECT * FROM %%i WHERE %s',\n\t\t\t\t\t\t\t\implode( ' AND ', $where_args )\n\t\t\t\t\t\t),\n\t\t\t\t\t\t\array_merge(\n\t\t\t\t\t\t\t[ $wpdb->prefix . static::TABLE_NAME ], \t\t\t\t\t\t\t$prepare_args\n\t\t\t\t\t\t)\n\t\t\t\t\t))\n$where_args assigned unsafely at line 153:\n $where_args[] = 'user_id = %s'\n$prepare_args[] used without escaping.\n$args['user_id'] used without escaping. |
🤖 Generated by WordPress Plugin Check Action • Learn more about Plugin Check
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Most of the code base is instantiated always, both in WP dashboard and on front end although it is not needed.
Long time ago I created made a version of the plugin which doesn't doesn't run code on WP front end if it is not necessary.
Back then I mostly did it for performance reasons and since a lot of things have changed, but I kept the branch in sync with the changes and currently it doesnt have conflicts with the develop branch.
Still in draft state since it needs to be checked in detail.