WordPress/wporg-code-analysis

Issues

• UnsafeVerifyNonceStatement: If it's used within a ternary it may be okay.

  #75 opened 2 years ago by dd32
  1

• UnescapedOutputParameter doesn't terminate at ?>

  #76 opened a year ago by dd32
  2

• Scan ignored files anyway

  #71 opened 3 years ago by iandunn
  1

• Reduce Slack notification noise

  #66 opened 3 years ago by tellyworth
  3

• WooCommerce false negative

  #60 opened 3 years ago by iandunn
  0

• Use WPCS lists of escaping functions

  #59 opened 4 years ago by iandunn
  0

• Evaluate Tide, Psalm, PHPStan, etc

  #54 opened 4 years ago by iandunn
  8

• `insecure_wpdb_query_14()` defined twice

  #58 opened 4 years ago by iandunn
  0

• Pull in and/or surface WPCS inline docs

  #56 opened 4 years ago by iandunn
  0

• Propose a templating language?

  #49 opened 4 years ago by iandunn
  1

• [Tracking] Create Plugin Standard

  #45 opened 4 years ago by iandunn
  0

• Enforce time limits on PHPCS when running via admin-ajax

  #53 opened 4 years ago by dd32
  0

• Clarify unit tests

  #50 opened 4 years ago by iandunn
  3

• How to handle unescaped output in widgets?

  #40 opened 4 years ago by akirk
  6

• Contribute sniffs upstream

  #34 opened 4 years ago by iandunn
  5

• `esc_sql( $table_name )` should be an error

  #43 opened 4 years ago by iandunn
  1

• Track progress on native prepared statements

  #44 opened 4 years ago by iandunn
  2

• [Tracking] Educate Plugin Authors & Users

  #46 opened 4 years ago by iandunn
  0

• What should PHPCompatibility rules be?

  #48 opened 4 years ago by iandunn
  0

• Audit disabled sniffs

  #47 opened 4 years ago by iandunn
  0

• Should hardcoded strings and translations functions flagged?

  #30 opened 4 years ago by iandunn
  0

• Warn on double prepare?

  #36 opened 4 years ago by iandunn
  1

• Table names not handled consistently

  #42 opened 4 years ago by iandunn
  3

• Clean up warnings/notices

  #41 opened 4 years ago by iandunn
  0

• Theme standard

  #38 opened 4 years ago by dingo-d
  4

• `WordPress.NamingConventions.PrefixAllGlobals` rule is inactive

  #35 opened 4 years ago by iandunn
  0

• Only run `MinimalPluginStandard` sniff by default?

  #31 opened 4 years ago by iandunn
  0

• Cache exported plugins for performance and environmental impact

  #29 opened 4 years ago by iandunn
  0