Skip to content
Triggered via pull request December 18, 2024 22:40
Status Failure
Total duration 20s
Artifacts

cpcs.yml

on: pull_request
Fit to window
Zoom out
Zoom in

Annotations

10 errors and 5 warnings
CPCS: test/get-wp-url.php#L6
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Usage: lando info --format=json | $argv[0] url-pattern\n"'.
CPCS: test/get-wp-url.php#L14
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$url\n"'.
CPCS: lib/update.php#L95
Detected usage of a possibly undefined superglobal array index: $_GET['_migrate']. Use isset() or empty() to check the index exists before using it
CPCS: lib/update.php#L108
Processing form data without nonce verification.
CPCS: lib/update.php#L109
Processing form data without nonce verification.
CPCS: lib/update.php#L114
Processing form data without nonce verification.
CPCS: lib/update.php#L114
$_POST data not unslashed before sanitization. Use wp_unslash() or similar
CPCS: lib/update.php#L114
Detected usage of a non-sanitized input variable: $_POST['_build_url']
CPCS: lib/update.php#L115
Processing form data without nonce verification.
CPCS: lib/update.php#L115
$_POST data not unslashed before sanitization. Use wp_unslash() or similar
CPCS
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
CPCS: test/get-wp-url.php#L21
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite()
CPCS: lib/update.php#L95
Processing form data without nonce verification.
CPCS: lib/update.php#L147
json_encode() is discouraged. Use wp_json_encode() instead.
CPCS: lib/admin-page.php#L1117
Strings should not be wrapped in HTML