plugin-check-legacy
plugin-check-legacy copied to clipboard
WordPress
Work in progress of a "Plugin Check" plugin, this is in development and is not final.
Includes code for a PHP Parser that could be useful for following tests. Includes sanitize and escape checks.
Given that one of the main goals of this plugin is to allow plugin authors to self-review, I propose that each individual check includes a link to the documentation: >...
Much related to sanitizing everything, all variables that are echoed need to be escaped when they're echoed, so it can't hijack users or (worse) admin screens. There are many esc_*()...
Resolves #5 Adds a check to ensure the tested up to value is set to the latest release of WordPress. The latest version of WordPress is determined by using the...
When you include POST/GET/REQUEST/FILE calls in your plugin, it's important to sanitize, validate, and escape them. The goal for this check is to prevent a user from accidentally sending trash...
A number of checks included in PHPCS are not currently unit tested. - [ ] WordPress.DB.PreparedSQL - [ ] WordPress.DB.PreparedSQL.InterpolatedNotPrepared - [ ] WordPress.DB.PreparedSQLPlaceholders - [ ] WordPress.Security.NonceVerification - [x]...
Along with #29 it would be ideal to replace the included bin scripts with WP-CLI commands instead.