Update plugin-check-action to v1.1.5 #751
Open
+1
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
|
Test on Playground |
Contributor
🔍 WordPress Plugin Check Report
📊 Report
|
| 📍 Line | 🔖 Check | 💬 Message |
|---|---|---|
103 |
WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in | Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. |
📁 classes/suggested-tasks/providers/class-content-review.php (4 warnings)
| 📍 Line | 🔖 Check | 💬 Message |
|---|---|---|
232 |
WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in | Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. |
377 |
WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in | Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. |
381 |
WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in | Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. |
388 |
WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in | Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. |
📁 classes/suggested-tasks/data-collector/class-yoast-orphaned-content.php (1 warning)
| 📍 Line | 🔖 Check | 💬 Message |
|---|---|---|
111 |
PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $query used in $wpdb->get_row($query)\n$query assigned unsafely at line 98:\n $query = "SELECT p.ID AS post_id, p.post_title AS post_title\n\t\t\tFROM {$wpdb->posts} p\n\t\t\tLEFT JOIN (\n\t\t\t\tSELECT DISTINCT l.target_post_id\n\t\t\t\tFROM {$wpdb->prefix}yoast_seo_links l\n\t\t\t\tWHERE l.type = 'internal'\n\t\t\t\tAND l.target_post_id IS NOT NULL\n\t\t\t) l ON p.ID = l.target_post_id\n\t\t\tWHERE {$where_clause}\n\t\t\tAND l.target_post_id IS NULL\n\t\t\tORDER BY p.post_date DESC\n\t\t\tLIMIT 1"\n$where_clause assigned unsafely at line 95:\n $where_clause .= ' AND p.ID NOT IN (' . \implode( ',', $exclude_post_ids ) . ')'\n$exclude_post_ids assigned unsafely at line 91:\n $exclude_post_ids = \apply_filters( 'progress_planner_yoast_orphaned_content_exclude_post_ids', $exclude_post_ids )\n$exclude_post_ids assigned unsafely at line 79:\n $exclude_post_ids = \array_filter(\n\t\t\t[\n\t\t\t\t( new Hello_World() )->collect(),\n\t\t\t\t( new Sample_Page() )->collect(),\n\t\t\t]\n\t\t) |
📁 classes/suggested-tasks/data-collector/class-terms-without-description.php (1 warning)
| 📍 Line | 🔖 Check | 💬 Message |
|---|---|---|
108 |
PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $query used in $wpdb->get_results($wpdb->prepare( $query, $taxonomy, self::MIN_POSTS ))\n$query assigned unsafely at line 106:\n $query .= ' ORDER BY tt.count DESC LIMIT 1'\n$query assigned unsafely at line 104:\n $query .= ' AND t.term_id NOT IN (' . \implode( ',', \array_map( 'intval', $exclude_term_ids ) ) . ')'\n$terms assigned unsafely at line 108:\n $terms = $wpdb->get_results( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching\n\t\t\t\t$wpdb->prepare( $query, $taxonomy, self::MIN_POSTS ) // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- We are using array_map to ensure the values are integers.\n\t\t\t)\n$taxonomy used without escaping. |
📁 classes/suggested-tasks/data-collector/class-terms-without-posts.php (1 warning)
| 📍 Line | 🔖 Check | 💬 Message |
|---|---|---|
120 |
PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $query used in $wpdb->get_results($wpdb->prepare( $query, $taxonomy, self::MIN_POSTS, $query_limit ))\n$query assigned unsafely at line 118:\n $query .= ' LIMIT %d'\n$query assigned unsafely at line 115:\n $query .= ' AND t.term_id NOT IN (' . \implode( ',', \array_map( 'intval', $exclude_term_ids ) ) . ')'\n$terms assigned unsafely at line 120:\n $terms = $wpdb->get_results( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching\n\t\t\t\t$wpdb->prepare( $query, $taxonomy, self::MIN_POSTS, $query_limit ) // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- We are using array_map to ensure the values are integers.\n\t\t\t)\n$taxonomy used without escaping. |
📁 classes/activities/class-query.php (2 warnings)
| 📍 Line | 🔖 Check | 💬 Message |
|---|---|---|
71 |
PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $table_name used in $wpdb->query("CREATE TABLE IF NOT EXISTS $table_name (\n\t\t\t\tid BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT,\n\t\t\t\tdate DATE NOT NULL,\n\t\t\t\tcategory VARCHAR(255) NOT NULL,\n\t\t\t\ttype VARCHAR(255) NOT NULL,\n\t\t\t\tdata_id VARCHAR(255),\n\t\t\t\tuser_id BIGINT(20) UNSIGNED NOT NULL,\n\t\t\t\tPRIMARY KEY (id)\n\t\t\t) $charset_collate;")\n$table_name assigned unsafely at line 58:\n $table_name = $wpdb->prefix . static::TABLE_NAME |
163 |
PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $where_args used in $wpdb->get_results($wpdb->prepare(\n\t\t\t\t\t\t\sprintf(\n\t\t\t\t\t\t\t'SELECT * FROM %%i WHERE %s',\n\t\t\t\t\t\t\t\implode( ' AND ', $where_args )\n\t\t\t\t\t\t),\n\t\t\t\t\t\t\array_merge(\n\t\t\t\t\t\t\t[ $wpdb->prefix . static::TABLE_NAME ], \t\t\t\t\t\t\t$prepare_args\n\t\t\t\t\t\t)\n\t\t\t\t\t))\n$where_args assigned unsafely at line 153:\n $where_args[] = 'user_id = %s'\n$prepare_args[] used without escaping.\n$args['user_id'] used without escaping. |
🤖 Generated by WordPress Plugin Check Action • Learn more about Plugin Check
Contributor
✅ Code Coverage Report
🎉 Great job maintaining/improving code coverage! ℹ️ About this report
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The plugin-check workflow started failing after plugin-check 1.8.0 was released. The error was:
Error: Required file 'cli.php' doesn't exist (from runtime argument).This was fixed in plugin-check-action v1.1.5: "Fix plugin-check CLI path error caused by wp-env folder naming"