Add Wordpress-VIP-Go standards to project #471

maxhartshorn · 2021-04-28T18:55:57Z

Hi All,

I want to suggest that we incorporate the Worpdress-VIP-Go coding standards to this project. Wordpress VIP is a hosting solution provided by Wordpress for enterprise clients. In order to use this plugin on Wordpress VIP websites the plugin code must first pass the Wordpress-VIP-Go standards, which include some additional guidelines to improve security and performance. : https://github.com/Automattic/VIP-Coding-Standards

Here are the errors and warning I found when I ran this against the Wordpress-VIP-Go standards. This plugin is well coded so there are not that many issues flagged. Some of these, like the wpcom_vip_file_get_contents we can add a comment for the linter to ignore.

Happy to submit a PR for this.

FILE: pwa\integrations\class-wp-service-worker-admin-assets-integration.php
-----------------------------------------------------------------------------------------------------------
FOUND 0 ERRORS AND 1 WARNING AFFECTING 1 LINE
-----------------------------------------------------------------------------------------------------------
 68 | WARNING | Unused variable `$handle`.
    |         | (WordPressVIPMinimum.Variables.VariableAnalysis.UnusedVariable)
-----------------------------------------------------------------------------------------------------------


FILE: pwa\integrations\class-wp-service-worker-custom-background-integration.php
------------------------------------------------------------------------------------------------------------------------
FOUND 0 ERRORS AND 1 WARNING AFFECTING 1 LINE
------------------------------------------------------------------------------------------------------------------------
 31 | WARNING | `file_get_contents()` is highly discouraged for remote requests, please use
    |         | `wpcom_vip_file_get_contents()` or `vip_safe_wp_remote_get()` instead.
    |         | (WordPressVIPMinimum.VIP.FetchingRemoteData.fileGetContentsUknown)
------------------------------------------------------------------------------------------------------------------------


FILE: pwa\integrations\class-wp-service-worker-custom-header-integration.php
------------------------------------------------------------------------------------------------------------------------
FOUND 0 ERRORS AND 2 WARNINGS AFFECTING 2 LINES
------------------------------------------------------------------------------------------------------------------------
 50 | WARNING | `file_get_contents()` is highly discouraged for remote requests, please use
    |         | `wpcom_vip_file_get_contents()` or `vip_safe_wp_remote_get()` instead.
    |         | (WordPressVIPMinimum.VIP.FetchingRemoteData.fileGetContentsUknown)
 69 | WARNING | `file_get_contents()` is highly discouraged for remote requests, please use
    |         | `wpcom_vip_file_get_contents()` or `vip_safe_wp_remote_get()` instead.
    |         | (WordPressVIPMinimum.VIP.FetchingRemoteData.fileGetContentsUknown)
------------------------------------------------------------------------------------------------------------------------


FILE: pwa\pwa.php
------------------------------------------------------------------------------------------------------------------------
FOUND 2 ERRORS AFFECTING 2 LINES
------------------------------------------------------------------------------------------------------------------------
 259 | ERROR | `flush_rewrite_rules` should not be used in any normal circumstances in the theme code.
     |       | (WordPressVIPMinimum.VIP.RestrictedFunctions.rewrite_rules_flush_rewrite_rules)
 272 | ERROR | `flush_rewrite_rules` should not be used in any normal circumstances in the theme code.
     |       | (WordPressVIPMinimum.VIP.RestrictedFunctions.rewrite_rules_flush_rewrite_rules)
------------------------------------------------------------------------------------------------------------------------


FILE: pwa\wp-admin\error.php
------------------------------------------------------------------------------------------------------------------------
FOUND 1 ERROR AND 2 WARNINGS AFFECTING 2 LINES
------------------------------------------------------------------------------------------------------------------------
 15 | WARNING | Detected access of super global var $_REQUEST, probably needs manual inspection.
    |         | (WordPress.VIP.SuperGlobalInputUsage.AccessDetected)
 15 | WARNING | Detected access of super global var $_REQUEST, probably needs manual inspection.
    |         | (WordPress.VIP.SuperGlobalInputUsage.AccessDetected)
 46 | ERROR   | Overriding WordPress globals is prohibited. Found assignment to $hook_suffix
    |         | (WordPress.WP.GlobalVariablesOverride.OverrideProhibited)
------------------------------------------------------------------------------------------------------------------------


FILE: pwa\wp-admin\options-reading-offline-browsing.php
------------------------------------------------------------------------------------------------------------------------
FOUND 1 ERROR AFFECTING 1 LINE
------------------------------------------------------------------------------------------------------------------------
 81 | ERROR | get_user_meta() usage is highly discouraged, check VIP documentation on "Working with wp_users"
    |       | (WordPressVIPMinimum.VIP.RestrictedFunctions.user_meta_get_user_meta)
------------------------------------------------------------------------------------------------------------------------


FILE: pwa\wp-includes\class-wp-https-ui.php
------------------------------------------------------------------------------------------------------------------------
FOUND 1 ERROR AND 2 WARNINGS AFFECTING 2 LINES
------------------------------------------------------------------------------------------------------------------------
 366 | WARNING | Detected access of super global var $_SERVER, probably needs manual inspection.
     |         | (WordPress.VIP.SuperGlobalInputUsage.AccessDetected)
 378 | WARNING | Detected access of super global var $_SERVER, probably needs manual inspection.
     |         | (WordPress.VIP.SuperGlobalInputUsage.AccessDetected)
 378 | ERROR   | Detected usage of a non-sanitized input variable: $_SERVER
     |         | (WordPress.VIP.ValidatedSanitizedInput.InputNotSanitized)
------------------------------------------------------------------------------------------------------------------------


FILE: pwa\wp-includes\class-wp-service-worker-scripts.php
------------------------------------------------------------------------------------------------------------------------
FOUND 2 ERRORS AFFECTING 2 LINES
------------------------------------------------------------------------------------------------------------------------
 175 | ERROR | The code shouldn't use error control operators (`@`). The call should be wrapped in appropriate
     |       | checks. (WordPressVIPMinimum.VIP.ErrorControl.ErrorControl)
 184 | ERROR | The code shouldn't use error control operators (`@`). The call should be wrapped in appropriate
     |       | checks. (WordPressVIPMinimum.VIP.ErrorControl.ErrorControl)
------------------------------------------------------------------------------------------------------------------------


FILE: pwa\wp-includes\class-wp-service-workers.php
------------------------------------------------------------------------------------------------------------------------
FOUND 6 ERRORS AND 2 WARNINGS AFFECTING 6 LINES
------------------------------------------------------------------------------------------------------------------------
 136 | ERROR   | The code shouldn't use error control operators (`@`). The call should be wrapped in appropriate
     |         | checks. (WordPressVIPMinimum.VIP.ErrorControl.ErrorControl)
 145 | ERROR   | The code shouldn't use error control operators (`@`). The call should be wrapped in appropriate
     |         | checks. (WordPressVIPMinimum.VIP.ErrorControl.ErrorControl)
 147 | ERROR   | The code shouldn't use error control operators (`@`). The call should be wrapped in appropriate
     |         | checks. (WordPressVIPMinimum.VIP.ErrorControl.ErrorControl)
 149 | ERROR   | The code shouldn't use error control operators (`@`). The call should be wrapped in appropriate
     |         | checks. (WordPressVIPMinimum.VIP.ErrorControl.ErrorControl)
 197 | ERROR   | The code shouldn't use error control operators (`@`). The call should be wrapped in appropriate
     |         | checks. (WordPressVIPMinimum.VIP.ErrorControl.ErrorControl)
 199 | WARNING | Detected access of super global var $_SERVER, probably needs manual inspection.
     |         | (WordPress.VIP.SuperGlobalInputUsage.AccessDetected)
 199 | WARNING | Detected access of super global var $_SERVER, probably needs manual inspection.
     |         | (WordPress.VIP.SuperGlobalInputUsage.AccessDetected)
 199 | ERROR   | Detected usage of a non-sanitized input variable: $_SERVER
     |         | (WordPress.VIP.ValidatedSanitizedInput.InputNotSanitized)
------------------------------------------------------------------------------------------------------------------------


FILE: pwa\wp-includes\class-wp.php
------------------------------------------------------------------------------------------------------------------------
FOUND 1 ERROR AFFECTING 1 LINE
------------------------------------------------------------------------------------------------------------------------
 23 | ERROR | `flush_rewrite_rules` should not be used in any normal circumstances in the theme code.
    |       | (WordPressVIPMinimum.VIP.RestrictedFunctions.rewrite_rules_flush_rewrite_rules)
------------------------------------------------------------------------------------------------------------------------


FILE: pwa\wp-includes\components\class-wp-service-worker-navigation-routing-component.php
------------------------------------------------------------------------------------------------------------------------
FOUND 0 ERRORS AND 2 WARNINGS AFFECTING 2 LINES
------------------------------------------------------------------------------------------------------------------------
 208 | WARNING | `file_get_contents()` is highly discouraged for remote requests, please use
     |         | `wpcom_vip_file_get_contents()` or `vip_safe_wp_remote_get()` instead.
     |         | (WordPressVIPMinimum.VIP.FetchingRemoteData.fileGetContentsUknown)
 213 | WARNING | `file_get_contents()` is highly discouraged for remote requests, please use
     |         | `wpcom_vip_file_get_contents()` or `vip_safe_wp_remote_get()` instead.
     |         | (WordPressVIPMinimum.VIP.FetchingRemoteData.fileGetContentsUknown)
------------------------------------------------------------------------------------------------------------------------


FILE: pwa\wp-includes\js\service-worker-navigation-routing.js
------------------------------------------------------------------------------------------------------------------------
FOUND 0 ERRORS AND 3 WARNINGS AFFECTING 3 LINES
------------------------------------------------------------------------------------------------------------------------
  91 | WARNING | Found Mustache unescaped output notation: "{{{}}}".
     |         | (WordPressVIPMinimum.TemplatingEngines.UnescapedOutputMustache.{{{)
  96 | WARNING | Found Mustache unescaped output notation: "{{{}}}".
     |         | (WordPressVIPMinimum.TemplatingEngines.UnescapedOutputMustache.{{{)
 100 | WARNING | Found Mustache unescaped output notation: "{{{}}}".
     |         | (WordPressVIPMinimum.TemplatingEngines.UnescapedOutputMustache.{{{)
------------------------------------------------------------------------------------------------------------------------


FILE: pwa\wp-includes\js\service-worker-offline-commenting.js
------------------------------------------------------------------------------------------------------------------------
FOUND 0 ERRORS AND 3 WARNINGS AFFECTING 3 LINES
------------------------------------------------------------------------------------------------------------------------
 59 | WARNING | Found Mustache unescaped output notation: "{{{}}}".
    |         | (WordPressVIPMinimum.TemplatingEngines.UnescapedOutputMustache.{{{)
 64 | WARNING | Found Mustache unescaped output notation: "{{{}}}".
    |         | (WordPressVIPMinimum.TemplatingEngines.UnescapedOutputMustache.{{{)
 68 | WARNING | Found Mustache unescaped output notation: "{{{}}}".
    |         | (WordPressVIPMinimum.TemplatingEngines.UnescapedOutputMustache.{{{)
------------------------------------------------------------------------------------------------------------------------


FILE: pwa\wp-includes\service-workers.php
------------------------------------------------------------------------------------------------------------------------
FOUND 1 ERROR AND 8 WARNINGS AFFECTING 5 LINES
------------------------------------------------------------------------------------------------------------------------
 144 | WARNING | Detected access of super global var $_SERVER, probably needs manual inspection.
     |         | (WordPress.VIP.SuperGlobalInputUsage.AccessDetected)
 144 | WARNING | Detected access of super global var $_SERVER, probably needs manual inspection.
     |         | (WordPress.VIP.SuperGlobalInputUsage.AccessDetected)
 145 | WARNING | Detected access of super global var $_SERVER, probably needs manual inspection.
     |         | (WordPress.VIP.SuperGlobalInputUsage.AccessDetected)
 145 | WARNING | Detected access of super global var $_SERVER, probably needs manual inspection.
     |         | (WordPress.VIP.SuperGlobalInputUsage.AccessDetected)
 227 | WARNING | Unused global variable `$concatenate_scripts`.
     |         | (WordPressVIPMinimum.Variables.VariableAnalysis.UnusedVariable)
 234 | WARNING | Due to using Batcache, server side based client related logic will not work, use JS instead.
     |         | (WordPress.VIP.RestrictedVariables.cache_constraints___COOKIE)
 234 | WARNING | Detected access of super global var $_COOKIE, probably needs manual inspection.
     |         | (WordPress.VIP.SuperGlobalInputUsage.AccessDetected)
 235 | WARNING | Unused global variable `$concatenate_scripts`.
     |         | (WordPressVIPMinimum.Variables.VariableAnalysis.UnusedVariable)
 235 | ERROR   | Overriding WordPress globals is prohibited. Found assignment to $concatenate_scripts
     |         | (WordPress.WP.GlobalVariablesOverride.OverrideProhibited)
------------------------------------------------------------------------------------------------------------------------


FILE: pwa\wp-includes\template.php
------------------------------------------------------------------------------------------------------------------------
FOUND 0 ERRORS AND 1 WARNING AFFECTING 1 LINE
------------------------------------------------------------------------------------------------------------------------
 161 | WARNING | Found Mustache unescaped output notation: "{{{}}}".
     |         | (WordPressVIPMinimum.TemplatingEngines.UnescapedOutputMustache.{{{)
------------------------------------------------------------------------------------------------------------------------

The text was updated successfully, but these errors were encountered:

westonruter · 2021-04-28T19:02:37Z

Agreed. We'll add this.

maxhartshorn · 2021-04-28T20:21:55Z

Glad to hear!

westonruter · 2021-04-29T19:14:02Z

Opened PR to do so: #476.

maxhartshorn · 2021-10-25T16:01:02Z

@westonruter Thanks again for making these upgrades! Just following up as to when you are considering a new release of the plugin that includes these changes.

westonruter · 2021-10-25T16:59:58Z

The release is overdue. I haven't prioritized it due to other priorities and because there hasn't been much clamoring for a new release. I do want to have the new release out before the holidays.

maxhartshorn · 2021-10-26T20:13:02Z

Awesome thanks for the update! I think once the plugin meets WP VIP standards it will open the door for greater adoption by WP VIP clients

pooja-muchandikar · 2022-04-20T07:06:27Z

QA Passed ✅
Ran a quick check and found that WordPress-VIP-GO standards are included

westonruter added this to the 0.7 milestone Apr 28, 2021

westonruter mentioned this issue Apr 29, 2021

Add WordPress-VIP-Go coding standard for PHPCS #476

Merged

westonruter closed this as completed in #476 Apr 29, 2021

westonruter added the changelogged label Apr 29, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add Wordpress-VIP-Go standards to project #471

Add Wordpress-VIP-Go standards to project #471

maxhartshorn commented Apr 28, 2021

westonruter commented Apr 28, 2021

maxhartshorn commented Apr 28, 2021

westonruter commented Apr 29, 2021

maxhartshorn commented Oct 25, 2021

westonruter commented Oct 25, 2021

maxhartshorn commented Oct 26, 2021

pooja-muchandikar commented Apr 20, 2022

Add Wordpress-VIP-Go standards to project #471

Add Wordpress-VIP-Go standards to project #471

Comments

maxhartshorn commented Apr 28, 2021

westonruter commented Apr 28, 2021

maxhartshorn commented Apr 28, 2021

westonruter commented Apr 29, 2021

maxhartshorn commented Oct 25, 2021

westonruter commented Oct 25, 2021

maxhartshorn commented Oct 26, 2021

pooja-muchandikar commented Apr 20, 2022