Plugin flags warnings on WPVIP

Question

Plugin flags warnings on WPVIP

Closed this issue a month ago · 1 comments

When installed on WPVIP, the VIP Code Analysis Bot flags the following warnings:

plugins/maintenance-mode-wp-main/vipgo-helper.php - line 14

⚠️ Warning( severity 10 ): Detected usage of a non-sanitized input variable: $_SERVER['HTTP_USER_AGENT'] (WordPress.Security.ValidatedSanitizedInput.InputNotSanitized).

plugins/maintenance-mode-wp-main/wpcom-helper.php - line 14

⚠️ Warning( severity 10 ): Detected usage of a non-sanitized input variable: $_SERVER['HTTP_USER_AGENT'] (WordPress.Security.ValidatedSanitizedInput.InputNotSanitized).`

plugins/maintenance-mode-wp-main/tests/bootstrap.php - line 8

⚠️ Warning( severity 3 ): File inclusion using variable ($_tests_dir). Probably needs manual inspection (WordPressVIPMinimum.Files.IncludingFile.UsingVariable).

plugins/maintenance-mode-wp-main/tests/bootstrap.php - line 15

⚠️ Warning( severity 3 ): File inclusion using variable ($_tests_dir). Probably needs manual inspection (WordPressVIPMinimum.Files.IncludingFile.UsingVariable).

Given the plugin is recommended as part of a multisite launch in VIP's documentation, this should likely be fixed.

Answer 1 · 2024-11-24T16:48:47.000Z

Thanks for flagging these!

#51 tackles a few of these, though the VIP Code Analysis bot will still flag some, as it intentionally ignores the phpcs:ignore comments.