Annotations
10 errors and 5 warnings
CPCS:
test/get-wp-url.php#L6
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Usage: lando info --format=json | $argv[0] url-pattern\n"'.
|
CPCS:
test/get-wp-url.php#L14
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$url\n"'.
|
CPCS:
lib/update.php#L95
Detected usage of a possibly undefined superglobal array index: $_GET['_migrate']. Use isset() or empty() to check the index exists before using it
|
CPCS:
lib/update.php#L108
Processing form data without nonce verification.
|
CPCS:
lib/update.php#L109
Processing form data without nonce verification.
|
CPCS:
lib/update.php#L114
Processing form data without nonce verification.
|
CPCS:
lib/update.php#L114
$_POST data not unslashed before sanitization. Use wp_unslash() or similar
|
CPCS:
lib/update.php#L114
Detected usage of a non-sanitized input variable: $_POST['_build_url']
|
CPCS:
lib/update.php#L115
Processing form data without nonce verification.
|
CPCS:
lib/update.php#L115
$_POST data not unslashed before sanitization. Use wp_unslash() or similar
|
CPCS
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
|
CPCS:
test/get-wp-url.php#L21
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite()
|
CPCS:
lib/update.php#L95
Processing form data without nonce verification.
|
CPCS:
lib/update.php#L147
json_encode() is discouraged. Use wp_json_encode() instead.
|
CPCS:
lib/admin-page.php#L1117
Strings should not be wrapped in HTML
|