Skip to content
Plugin Check

Ignore some escaping errors #25

Sign in to view logs

Ignore some escaping errors

Ignore some escaping errors #25

Triggered via pull request September 24, 2024 13:09
@lloclloc
synchronize #388
raise-coverage
Status Failure
Total duration 2m 48s
Artifacts

plugin-check.yml

on: pull_request
test
2m 36s
test
Fit to window
Zoom out
Zoom in

Annotations

10 errors and 10 warnings
WordPress.Security.EscapeOutput.OutputNotEscaped: includes/ContentImport/MetaBox.php#L124
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'add_query_arg'.
WordPress.Security.EscapeOutput.OutputNotEscaped: includes/ContentImport/MetaBox.php#L175
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$html'.
WordPress.Security.EscapeOutput.OutputNotEscaped: includes/MslsMetaBox.php#L224
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$lis'.
WordPress.Security.EscapeOutput.OutputNotEscaped: includes/MslsMetaBox.php#L230
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'.
WordPress.Security.EscapeOutput.OutputNotEscaped: includes/MslsMetaBox.php#L324
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$items'.
WordPress.Security.EscapeOutput.OutputNotEscaped: includes/MslsMetaBox.php#L325
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$post_type'.
WordPress.Security.EscapeOutput.OutputNotEscaped: includes/MslsMetaBox.php#L332
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'.
WordPress.Security.EscapeOutput.OutputNotEscaped: MultisiteLanguageSwitcher.php#L79
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'get_the_msls'.
WordPress.Security.ValidatedSanitizedInput.MissingUnslash: includes/ContentImport/Importers/WithRequestPostAttributes.php#L35
$_REQUEST['post_type'] not unslashed before sanitization. Use wp_unslash() or similar
WordPress.Security.ValidatedSanitizedInput.MissingUnslash: includes/ContentImport/ContentImporter.php#L173
$_POST['msls_import'] not unslashed before sanitization. Use wp_unslash() or similar
WordPress.Security.NonceVerification.Recommended: includes/ContentImport/Importers/WithRequestPostAttributes.php#L31
Processing form data without nonce verification.
WordPress.Security.NonceVerification.Recommended: includes/ContentImport/Importers/WithRequestPostAttributes.php#L35
Processing form data without nonce verification.
WordPress.Security.NonceVerification.Missing: includes/ContentImport/ContentImporter.php#L156
Processing form data without nonce verification.
WordPress.Security.NonceVerification.Missing: includes/ContentImport/ContentImporter.php#L169
Processing form data without nonce verification.
WordPress.Security.NonceVerification.Missing: includes/ContentImport/ContentImporter.php#L173
Processing form data without nonce verification.
WordPress.Security.NonceVerification.Recommended: includes/ContentImport/ContentImporter.php#L198
Processing form data without nonce verification.
WordPress.Security.NonceVerification.Recommended: includes/ContentImport/ContentImporter.php#L198
Processing form data without nonce verification.
WordPress.Security.NonceVerification.Recommended: includes/ContentImport/ContentImporter.php#L199
Processing form data without nonce verification.
WordPress.Security.NonceVerification.Missing: includes/ContentImport/ContentImporter.php#L381
Processing form data without nonce verification.
WordPress.Security.NonceVerification.Recommended: includes/ContentImport/ImportCoordinates.php#L93
Processing form data without nonce verification.