40 fix build from GitHub actions #17
9jaDevoAnnotations
10 errors and 10 warnings
|
WordPress.Security.EscapeOutput.OutputNotEscaped:
classes/class-wc-tpayway.php#L164
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$hnbRatesUri'.
|
|
WordPress.Security.EscapeOutput.OutputNotEscaped:
classes/class-wc-tpayway.php#L173
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'wpautop'.
|
|
WordPress.Security.EscapeOutput.OutputNotEscaped:
classes/class-wc-tpayway.php#L180
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'.
|
|
WordPress.WP.I18n.MissingTranslatorsComment:
classes/class-wc-tpayway.php#L485
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
|
|
WordPress.Security.EscapeOutput.OutputNotEscaped:
classes/class-wc-tpayway.php#L527
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$text'.
|
|
WordPress.WP.AlternativeFunctions.json_encode_json_encode:
classes/class-wc-tpayway.php#L533
json_encode() is discouraged. Use wp_json_encode() instead.
|
|
WordPress.Security.EscapeOutput.OutputNotEscaped:
classes/class-wc-tpayway.php#L562
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$text'.
|
|
WordPress.WP.AlternativeFunctions.strip_tags_strip_tags:
classes/class-wc-tpayway.php#L602
strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.
|
|
hidden_files:
.gitignore#L1
Hidden files are not permitted.
|
|
WordPress.DB.PreparedSQL.NotPrepared:
classes/admin/class-paywaydata-list-table.php#L88
Use placeholders and $wpdb->prepare(); found $table_name
|
|
WordPress.DB.DirectDatabaseQuery.DirectQuery:
classes/class-wc-tpayway.php#L309
Use of a direct database call is discouraged.
|
|
WordPress.DB.DirectDatabaseQuery.NoCaching:
classes/class-wc-tpayway.php#L309
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
|
|
WordPress.DB.PreparedSQL.InterpolatedNotPrepared:
classes/class-wc-tpayway.php#L309
Use placeholders and $wpdb->prepare(); found interpolated variable $table_name at "SELECT COUNT(*) FROM $table_name WHERE transaction_id = %s"
|
|
WordPress.DB.DirectDatabaseQuery.DirectQuery:
classes/class-wc-tpayway.php#L318
Use of a direct database call is discouraged.
|
|
WordPress.DB.DirectDatabaseQuery.NoCaching:
classes/class-wc-tpayway.php#L318
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
|
|
WordPress.DB.DirectDatabaseQuery.DirectQuery:
classes/class-wc-tpayway.php#L334
Use of a direct database call is discouraged.
|
|
WordPress.Security.ValidatedSanitizedInput.InputNotValidated:
classes/class-wc-tpayway.php#L440
Detected usage of a possibly undefined superglobal array index: $_SERVER['REQUEST_METHOD']. Use isset() or empty() to check the index exists before using it
|
|
WordPress.Security.ValidatedSanitizedInput.MissingUnslash:
classes/class-wc-tpayway.php#L440
$_POST['payway_nonce'] not unslashed before sanitization. Use wp_unslash() or similar
|
|
WordPress.Security.ValidatedSanitizedInput.InputNotSanitized:
classes/class-wc-tpayway.php#L440
Detected usage of a non-sanitized input variable: $_POST['payway_nonce']
|
|
WordPress.Security.ValidatedSanitizedInput.MissingUnslash:
classes/class-wc-tpayway.php#L444
$_POST['ShoppingCartID'] not unslashed before sanitization. Use wp_unslash() or similar
|