Release #392
plugin-check.yml
on: pull_request
WordPress.org Guidelines Check
3m 50s
Annotations
10 errors and 10 warnings
|
PluginCheck.CodeAnalysis.Offloading.OffloadedContent:
inc/patterns/cafe-menu.php#L12
Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.
|
|
PluginCheck.CodeAnalysis.Offloading.OffloadedContent:
inc/patterns/cafe-menu.php#L12
Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.
|
|
missing_direct_file_access_protection:
inc/patterns/cafe-menu.php#L0
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
|
|
PluginCheck.CodeAnalysis.Offloading.OffloadedContent:
inc/patterns/travel-contact.php#L12
Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.
|
|
missing_direct_file_access_protection:
inc/patterns/travel-contact.php#L0
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
|
|
WordPress.WP.EnqueuedResources.NonEnqueuedScript:
inc/plugins/class-atomic-wind-blocks.php#L486
Scripts must be registered/enqueued via wp_enqueue_script()
|
|
WordPress.WP.EnqueuedResources.NonEnqueuedScript:
inc/plugins/class-atomic-wind-blocks.php#L485
Scripts must be registered/enqueued via wp_enqueue_script()
|
|
WordPress.WP.AlternativeFunctions.file_system_operations_readfile:
inc/server/class-dynamic-content-server.php#L274
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: readfile().
|
|
WordPress.WP.AlternativeFunctions.file_system_operations_readfile:
inc/server/class-dynamic-content-server.php#L264
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: readfile().
|
|
application_detected:
phpcs.xml.dist#L0
Application files are not permitted.
|
|
WordPress.Security.ValidatedSanitizedInput.MissingUnslash:
inc/plugins/class-stripe-api.php#L300
$_COOKIE['o_stripe_data'] not unslashed before sanitization. Use wp_unslash() or similar
|
|
WordPress.Security.ValidatedSanitizedInput.MissingUnslash:
inc/plugins/class-stripe-api.php#L278
$_SERVER['HTTPS'] not unslashed before sanitization. Use wp_unslash() or similar
|
|
WordPress.Security.ValidatedSanitizedInput.MissingUnslash:
inc/plugins/class-stripe-api.php#L77
$_GET['stripe_session_id'] not unslashed before sanitization. Use wp_unslash() or similar
|
|
PluginCheck.CodeAnalysis.ShortURL.Found:
inc/class-pro.php#L124
Short URL detected (bit.ly). Use full URLs instead of URL shorteners.
|
|
WordPress.Security.ValidatedSanitizedInput.MissingUnslash:
inc/render/class-stripe-checkout-block.php#L118
$_GET['stripe_session_id'] not unslashed before sanitization. Use wp_unslash() or similar
|
|
PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFound:
inc/class-main.php#L64
load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.
|
|
trademarked_term:
otter-blocks.php#L0
The plugin name includes a restricted term. Your chosen plugin name - "Otter – Page Builder Blocks & Extensions for Gutenberg" - contains the restricted term "gutenberg" which cannot be used at all in your plugin name.
|
|
plugin_header_nonexistent_domain_path:
otter-blocks.php#L0
The "Domain Path" header in the plugin file must point to an existing folder. Found: "languages"
|
|
unexpected_markdown_file:
AGENTS.md#L0
Unexpected markdown file "AGENTS.md" detected in plugin root. Only specific markdown files are expected in production plugins.
|
|
WordPress.Security.ValidatedSanitizedInput.MissingUnslash:
plugins/otter-pro/inc/class-main.php#L214
$_GET['post_type'] not unslashed before sanitization. Use wp_unslash() or similar
|
Artifacts
Produced during runtime
| Name | Size | Digest | |
|---|---|---|---|
|
plugin-check-results
|
2.66 KB |
sha256:348be0dede71b6901dc02bef1cbca27943ac259497f70969deec302031412247
|
|