Draft
Conversation
Contributor
|
Test on Playground |
Contributor
✅ Code Coverage Report
🎉 Great job maintaining/improving code coverage! 📊 File-level Coverage Changes (10 files)🆕 New Files
📈 Coverage Improved
ℹ️ About this report
|
Collaborator
Author
|
Notes from the recent commits:
We should be careful when defining schema, docs are not that clear and a small mistake can cause Progress Planner MCP server (or tools) not to be registered. |
Contributor
🔍 WordPress Plugin Check Report
📊 Report
|
| 📍 Line | 🔖 Check | 💬 Message |
|---|---|---|
103 |
WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in | Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. |
📁 classes/suggested-tasks/providers/class-content-review.php (4 warnings)
| 📍 Line | 🔖 Check | 💬 Message |
|---|---|---|
232 |
WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in | Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. |
377 |
WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in | Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. |
381 |
WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in | Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. |
388 |
WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in | Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. |
📁 classes/suggested-tasks/data-collector/class-yoast-orphaned-content.php (1 warning)
| 📍 Line | 🔖 Check | 💬 Message |
|---|---|---|
111 |
PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $query used in $wpdb->get_row($query)\n$query assigned unsafely at line 98:\n $query = "SELECT p.ID AS post_id, p.post_title AS post_title\n\t\t\tFROM {$wpdb->posts} p\n\t\t\tLEFT JOIN (\n\t\t\t\tSELECT DISTINCT l.target_post_id\n\t\t\t\tFROM {$wpdb->prefix}yoast_seo_links l\n\t\t\t\tWHERE l.type = 'internal'\n\t\t\t\tAND l.target_post_id IS NOT NULL\n\t\t\t) l ON p.ID = l.target_post_id\n\t\t\tWHERE {$where_clause}\n\t\t\tAND l.target_post_id IS NULL\n\t\t\tORDER BY p.post_date DESC\n\t\t\tLIMIT 1"\n$where_clause assigned unsafely at line 95:\n $where_clause .= ' AND p.ID NOT IN (' . \implode( ',', $exclude_post_ids ) . ')'\n$exclude_post_ids assigned unsafely at line 91:\n $exclude_post_ids = \apply_filters( 'progress_planner_yoast_orphaned_content_exclude_post_ids', $exclude_post_ids )\n$exclude_post_ids assigned unsafely at line 79:\n $exclude_post_ids = \array_filter(\n\t\t\t[\n\t\t\t\t( new Hello_World() )->collect(),\n\t\t\t\t( new Sample_Page() )->collect(),\n\t\t\t]\n\t\t) |
📁 classes/suggested-tasks/data-collector/class-terms-without-description.php (1 warning)
| 📍 Line | 🔖 Check | 💬 Message |
|---|---|---|
108 |
PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $query used in $wpdb->get_results($wpdb->prepare( $query, $taxonomy, self::MIN_POSTS ))\n$query assigned unsafely at line 106:\n $query .= ' ORDER BY tt.count DESC LIMIT 1'\n$query assigned unsafely at line 104:\n $query .= ' AND t.term_id NOT IN (' . \implode( ',', \array_map( 'intval', $exclude_term_ids ) ) . ')'\n$terms assigned unsafely at line 108:\n $terms = $wpdb->get_results( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching\n\t\t\t\t$wpdb->prepare( $query, $taxonomy, self::MIN_POSTS ) // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- We are using array_map to ensure the values are integers.\n\t\t\t)\n$taxonomy used without escaping. |
📁 classes/suggested-tasks/data-collector/class-terms-without-posts.php (1 warning)
| 📍 Line | 🔖 Check | 💬 Message |
|---|---|---|
120 |
PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $query used in $wpdb->get_results($wpdb->prepare( $query, $taxonomy, self::MIN_POSTS, $query_limit ))\n$query assigned unsafely at line 118:\n $query .= ' LIMIT %d'\n$query assigned unsafely at line 115:\n $query .= ' AND t.term_id NOT IN (' . \implode( ',', \array_map( 'intval', $exclude_term_ids ) ) . ')'\n$terms assigned unsafely at line 120:\n $terms = $wpdb->get_results( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching\n\t\t\t\t$wpdb->prepare( $query, $taxonomy, self::MIN_POSTS, $query_limit ) // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- We are using array_map to ensure the values are integers.\n\t\t\t)\n$taxonomy used without escaping. |
📁 classes/activities/class-query.php (2 warnings)
| 📍 Line | 🔖 Check | 💬 Message |
|---|---|---|
71 |
PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $table_name used in $wpdb->query("CREATE TABLE IF NOT EXISTS $table_name (\n\t\t\t\tid BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT,\n\t\t\t\tdate DATE NOT NULL,\n\t\t\t\tcategory VARCHAR(255) NOT NULL,\n\t\t\t\ttype VARCHAR(255) NOT NULL,\n\t\t\t\tdata_id VARCHAR(255),\n\t\t\t\tuser_id BIGINT(20) UNSIGNED NOT NULL,\n\t\t\t\tPRIMARY KEY (id)\n\t\t\t) $charset_collate;")\n$table_name assigned unsafely at line 58:\n $table_name = $wpdb->prefix . static::TABLE_NAME |
163 |
PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $where_args used in $wpdb->get_results($wpdb->prepare(\n\t\t\t\t\t\t\sprintf(\n\t\t\t\t\t\t\t'SELECT * FROM %%i WHERE %s',\n\t\t\t\t\t\t\t\implode( ' AND ', $where_args )\n\t\t\t\t\t\t),\n\t\t\t\t\t\t\array_merge(\n\t\t\t\t\t\t\t[ $wpdb->prefix . static::TABLE_NAME ], \t\t\t\t\t\t\t$prepare_args\n\t\t\t\t\t\t)\n\t\t\t\t\t))\n$where_args assigned unsafely at line 153:\n $where_args[] = 'user_id = %s'\n$prepare_args[] used without escaping.\n$args['user_id'] used without escaping. |
🤖 Generated by WordPress Plugin Check Action • Learn more about Plugin Check
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR implements https://github.com/ProgressPlanner/progress-planner-pro/issues/182 (still WIP of course)
Technically implementation is described in README.md, so I will focus more on testing initial implementation and what needs to be done in the future.
When Progress Planner MCP server is registered Angie becomes aware of it and it is smart when you ask her about it, for example queries like "List me all (completed) Progress Planner tasks" work without the a problem.
Tasks like "Can you complete 'Set site tagline' Progress Planner task for me? I would like to set tagline to 'Thank you!'" work fine most of the time.
Good example is "Can you complete the "Set site timezone" Progress Planner task? I would like to set the timezone to Amsterdam" as well. It is smart enough to pass Europe/Amsterdam to our API callback so the
timezone_stringwp_optionis correctly set.Completing the "Set site locale" didnt work for me, what Angie did was that it set the site locale (by setting the
wp_optiondirectly) and then tried to mark PP task as completed through our API endpoint. That is the thing which we need to be careful when testing, as PP plugin codebase will mark task as completed if the condition is satisfied, but it doesnt mean that it was completed through the Angie integration itself. More on that below.Also my tries to tell it to complete the "Set the site icon" task to the icon which I have uploaded failed, it didn't even add icon to the Media library
Angie runs in an iframe and the WP Dashboard on the right doesn't update without refreshing it. Mentioning it since it will look a bit weird if Angie says that she changed site locale but change is not visible right away. This can be especially be weird if we trigger confetti (yes, it should be possible to do some kind of celebration at least) but in order to do so we need to make sure that tasks are completed through our integration (not by setting
wp_optionsdirectly).That can probably be improved by providing better context to Angie here.
When testing be aware that you have (only) 900 tokens per day on a free plan.
One technical note, code is placed in this way so our autoloader works (at first I placed it in
./third-party/angie, but autoloader requires classes only from classes directory) so we will probably move it to a better place.