Skip to content
ClassicPress Directory Coding Standard checks.

Escape all data and use native WP functions, where applicable, instea… #9

Sign in to view logs

Escape all data and use native WP functions, where applicable, instea…

Escape all data and use native WP functions, where applicable, instea… #9

Triggered via push June 12, 2024 19:09
@wolffewolffe
pushed ad372e4
master
Status Failure
Total duration 22s
Artifacts

cpcs.yml

on: push
CPCS
11s
CPCS
Fit to window
Zoom out
Zoom in

Annotations

9 errors and 3 warnings
CPCS: includes/builder/class-functions.php#L177
extract() usage is highly discouraged, due to the complexity and unintended issues it might cause.
CPCS: includes/builder/class-functions.php#L291
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'wpautop'.
CPCS: includes/builder/class-builder.php#L156
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$item['row_id']'.
CPCS: includes/builder/class-builder.php#L156
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$item['col_index']'.
CPCS: includes/builder/class-tools.php#L177
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$item['row_id']'.
CPCS: includes/builder/class-tools.php#L177
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$item['col_index']'.
CPCS: includes/updater.php#L61
Missing $domain arg.
CPCS: includes/updater.php#L66
Missing $domain arg.
CPCS: includes/settings/class-settings.php#L155
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$post_type'.
CPCS: includes/updater.php#L24
unserialize() found. Serialized data has known vulnerability problems with Object Injection. JSON is generally a better approach for serializing data. See https://www.owasp.org/index.php/PHP_Object_Injection
CPCS: includes/updater.php#L63
unserialize() found. Serialized data has known vulnerability problems with Object Injection. JSON is generally a better approach for serializing data. See https://www.owasp.org/index.php/PHP_Object_Injection
CPCS: includes/updater.php#L79
serialize() found. Serialized data has known vulnerability problems with Object Injection. JSON is generally a better approach for serializing data. See https://www.owasp.org/index.php/PHP_Object_Injection