Updated #15
9jaDevoAnnotations
10 errors and 10 warnings
|
WordPress.Security.EscapeOutput.OutputNotEscaped:
classes/class-wc-tpayway.php#L164
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$hnbRatesUri'.
|
|
WordPress.Security.EscapeOutput.OutputNotEscaped:
classes/class-wc-tpayway.php#L174
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'wpautop'.
|
|
WordPress.Security.EscapeOutput.OutputNotEscaped:
classes/class-wc-tpayway.php#L181
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'.
|
|
WordPress.WP.AlternativeFunctions.file_system_operations_file_put_contents:
classes/class-wc-tpayway.php#L219
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: file_put_contents().
|
|
WordPress.WP.AlternativeFunctions.file_system_operations_file_put_contents:
classes/class-wc-tpayway.php#L227
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: file_put_contents().
|
|
WordPress.WP.AlternativeFunctions.file_system_operations_file_put_contents:
classes/class-wc-tpayway.php#L231
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: file_put_contents().
|
|
WordPress.DateTime.RestrictedFunctions.date_date:
classes/class-wc-tpayway.php#L247
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
|
|
WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents:
classes/class-wc-tpayway.php#L268
file_get_contents() is discouraged. Use wp_remote_get() for remote URLs instead.
|
|
WordPress.WP.I18n.MissingTranslatorsComment:
classes/class-wc-tpayway.php#L475
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
|
|
WordPress.Security.EscapeOutput.OutputNotEscaped:
classes/class-wc-tpayway.php#L517
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$text'.
|
|
WordPress.DB.DirectDatabaseQuery.DirectQuery:
classes/class-wc-tpayway.php#L300
Use of a direct database call is discouraged.
|
|
WordPress.DB.DirectDatabaseQuery.NoCaching:
classes/class-wc-tpayway.php#L300
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
|
|
WordPress.DB.PreparedSQL.InterpolatedNotPrepared:
classes/class-wc-tpayway.php#L300
Use placeholders and $wpdb->prepare(); found interpolated variable $table_name at "SELECT COUNT(*) FROM $table_name WHERE transaction_id = %s"
|
|
WordPress.DB.DirectDatabaseQuery.DirectQuery:
classes/class-wc-tpayway.php#L309
Use of a direct database call is discouraged.
|
|
WordPress.DB.DirectDatabaseQuery.NoCaching:
classes/class-wc-tpayway.php#L309
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
|
|
WordPress.DB.DirectDatabaseQuery.DirectQuery:
classes/class-wc-tpayway.php#L325
Use of a direct database call is discouraged.
|
|
WordPress.Security.ValidatedSanitizedInput.InputNotValidated:
classes/class-wc-tpayway.php#L430
Detected usage of a possibly undefined superglobal array index: $_SERVER['REQUEST_METHOD']. Use isset() or empty() to check the index exists before using it
|
|
WordPress.Security.ValidatedSanitizedInput.MissingUnslash:
classes/class-wc-tpayway.php#L430
$_POST['payway_nonce'] not unslashed before sanitization. Use wp_unslash() or similar
|
|
WordPress.Security.ValidatedSanitizedInput.InputNotSanitized:
classes/class-wc-tpayway.php#L430
Detected usage of a non-sanitized input variable: $_POST['payway_nonce']
|
|
WordPress.Security.ValidatedSanitizedInput.MissingUnslash:
classes/class-wc-tpayway.php#L434
$_POST['ShoppingCartID'] not unslashed before sanitization. Use wp_unslash() or similar
|