Comments (9)
@jessuppi see
- https://github.com/nunomaduro/phpinsights
- https://themecheck.info/ - https://wordpress.org/plugins/theme-check/
- https://coderisk.com/
- https://wpvulndb.com/
- https://github.com/WordPress/WordPress-Coding-Standards/tree/develop/WordPress/Sniffs/Security
- and [email protected] to run various quality code bases
from slickstack.
Wow it looks like PHPStan is so much more than standard PHPStorm inspections even with code sniffer integration.
I will allow myself to grab the @szepeviktor phpstan config and add it to our CI - we are using gitlab CI :)
Thank you @szepeviktor for the extension 👍
from slickstack.
Hmm good question. I'm not sure I have documented the original reason on this plugin, I think perhaps we got it confused with another "UPS WooCommerce Shipping" errors e.g.
PHP Fatal error: Uncaught Error: Call to undefined function WC() in /var/www/html/wp-content/plugins/ups-woocommerce-shipping/includes/class-wf-shipping-ups-admin.php:205
...and after looking at recent reviews, we believed there were other issues as well:
https://wordpress.org/plugins/flexible-shipping-ups/#reviews
For now I will remove this plugin from our blacklist. Thanks for commenting.
from slickstack.
Actually it appears you have a non-dismissable nag notice asking users to enable tracking, which is probably against WordPress.org guidelines (besides the general annoyance).
I recommend and request not hijacking the WP Admin in any way... and 99% of plugins don't need to be tracking their users for general usage statistics.
Will keep it whitelisted for now, but seems multiple of your plugins are doing hijacky-ness...
from slickstack.
Thanks very much for adding the plugin to the whitelist.
As a backend dev I understand perfectly why this notice is a complete abomination, but as far is I know you can dismiss it quite simply by closing it so it should be a one-time dirturbance.
The data that are tracked are used to grasp what functionalities are really used by users (mostly to prioritize our backlog), and what really works for users when we use A/B testing in a plugin. Surprisingly for me that is not the info you can easly get from users as they usually don't know or don't really care till something is broken :)
As for reviews, well... we have dropped the ball and passed a really nasty bug that appears only when certain other plugins are active :/ The lesson has been learned and we've added more integration/functional tests to deal with it but the matter is not that easy to solve. Mostly because WordPress made using composer a real pain in the ass.
I've seen that dashboard-cleanup define some const like DISABLE_NAG_NOTICES. I'm not sure if that is a good idea but we can add a condition to not nag more demanding users who have declared something like that const.
from slickstack.
As a backend dev I understand perfectly why this notice is a complete abomination, but as far is I know you can dismiss it quite simply by closing it so it should be a one-time dirturbance.
When we tested yesterday, we weren't able to dismiss the nag notice.
The data that are tracked are used to grasp what functionalities are really used by users (mostly to prioritize our backlog), and what really works for users when we use A/B testing in a plugin.
But any plugin author could say that, and most sites have 25-50 plugins or more... surely tracking general usage is not something WordPress as a community wants to standardize. Besides the privacy and bloat issues, its adding more security/performance concerns.
Implementing DISABLE_NAG_NOTICES
would definitely be appreciated by advanced users, and show the community that you're making good faith efforts.
Eventually we may even feature plugin authors who make these sorts of ethical efforts:
- no tracking or third party resources
- no nag notices or WP Admin hijacking (and/or
DISABLE_NAG_NOTICES
support) - transparency in author identity and plugin ownership
- history of solid PHP testing and debugging
- etc
from slickstack.
@dyszczo It takes couple of minutes to take a look at a plugin with szepeviktor/phpstan-wordpress
here is the first try on the config for flexible-shipping-ups plugin
phpstan.neon
# Install phpstan/phpstan-shim and szepeviktor/phpstan-wordpress into a renamed vendor dir
# "config": { "vendor-dir": "analyze" }
# analyze/bin/phpstan analyze
includes:
- phar://phpstan.phar/conf/bleedingEdge.neon
- analyze/szepeviktor/phpstan-wordpress/extension.neon
parameters:
level: 4
paths:
- %currentWorkingDirectory%/inc/
- %currentWorkingDirectory%/classes/
excludes_analyse:
- %currentWorkingDirectory%/inc/wpdesk-tracker/views/
- %currentWorkingDirectory%/classes/views/
autoload_files:
- %currentWorkingDirectory%/vendor/autoload.php
- %currentWorkingDirectory%/wc-stubs.php
autoload_directories:
- %currentWorkingDirectory%/inc/
- %currentWorkingDirectory%/classes/
- %currentWorkingDirectory%/vendor/wpdesk/wp-basic-requirements/src/
ignoreErrors:
# Uses func_get_args()
- '#^Function add_query_arg invoked with [123] parameters?, 0 required\.$#'
wc-stubs.php is generated by szepeviktor/phpstan-wordpress#4
from slickstack.
@dyszczo It takes couple of minutes to take a look at a plugin with szepeviktor/phpstan-wordpress ... here is the first try on the config for flexible-shipping-ups plugin
Wow, that's some nice looking sorcery. I'm not a PHP wizard myself, to be honest...
If there were easy to understand "red flags" or a grading system, that would be kinda interesting to refer plugin authors to as some general feedback on their code. Having WordPress-specific warnings would probably be too difficult to maintain I guess, but something that can at least generate some type of grading system would be interesting, like A, B, C, etc.
I would guess the majority of WP developers don't use Composer and probably are hacking together all kinds of PHP snippets, so something easy to generate (online tool?) would be amazing.
Anyway cool stuff :)
from slickstack.
You're welcome.
from slickstack.
Related Issues (20)
- Migration slickstack between VPS to VPS HOT 1
- change php version and Install ioncube loader HOT 4
- Install freeze on Running ss-install-redis-packages... HOT 3
- Website very slow loading inside apps ios HOT 3
- CERT_AUTHORITY_INVALID After install HOT 1
- SUDO_USER and SFTP_USER validation check to avoid conflicts? HOT 2
- Perform custom tasks during certain SlickStack scripts HOT 1
- Invalid user mysql:mysql error when using remote database HOT 1
- Ensure more privacy for openssl cert generation. HOT 11
- SS_ADMINER_PUBLIC="false" does not work as intended. HOT 9
- Allow tuning of PHP8 JIT settings (opcache.jit options in php.ini) HOT 4
- Cloudflare real visitor IP support in Nginx config HOT 18
- Option to allow only Cloudflare IPs to connect to origin server HOT 2
- OpenVZ PHP-FPM "Unable to set priority for the master process: Permission denied" HOT 9
- Support for custom Permissions Policy HTTP header in Nginx HOT 6
- Improve WP-Cron robustness for Multisite environments HOT 3
- Scanning WordPress core files to check if intact or broken HOT 4
- Redirect .php extension to WordPress if not exists HOT 4
- Why deny /wp-admin/load-styles.php and /wp-admin/load-scripts.php? HOT 3
- Nginx access log enabled by default but nginx.conf says not HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from slickstack.