vip-scanner
vip-scanner copied to clipboard
Automattic
Deprecated: Scan all sorts of themes and files and things! Use PHPCS and the VIP coding standards instead
If two bits of code attempt to JOIN with the same tables without a unique alias, MySQL doesn't know which tables are which. All JOINs should have unique table aliases....
All code needs to be reviewable, which means we need un-minified versions of JS. Easiest method is to check for `*.min.js` and a corresponding `*.js`...a more foolproof way is to...
`/e` causes an eval, is deprecated, and is highly discouraged. Flag it as a blocker.
Since this check relies on a real filesystem path, it just hangs. Maybe we can use proc_open() to pipe file contents to STDIN?
Keep things DRY - a theme should never duplicate code. Dupe detection made easy with https://github.com/sebastianbergmann/phpcpd
The filter isn't available on WordPress.com for some reason, reportedly: > the filter you mentioned doesn't work on WordPress.com because we use global profiles instead of the regular WordPress user...
Yes, oembed use is cached within a post, but `wp_oembed_get()` doesn't leverage that goodness.
Filtering escaping and sanitizing functions is generally a bad idea, and can introduce major vulnerabilities if used maliciously. Scanner should flag the usage of any of the filters used by...
The results of a scan's analyzers should be part of the results array returned by `BaseScanner::get_results()`.
When using code like `$data = file_get_contents( 'php://input' );`, VIP Scanner reports a blocker-level issue of "Use wpcom_vip_file_get_contents() instead" However, from my reading of the documentation, `wpcom_vip_file_get_contents()` is for remote...
Metadata
Owner
Metadata
Deprecated: Scan all sorts of themes and files and things! Use PHPCS and the VIP coding standards instead