Merge pull request #287 from 10up/fix/vipcs

Passing VIPCS check

.github/workflows/lint.yml

@@ -43,3 +43,16 @@ jobs:
       uses: chekalsky/phpcs-action@v1
       with:
         phpcs_bin_path: './vendor/bin/phpcs .'
+  vipcs:
+    name: vipcs 
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+    - name: VIPCS check
+      uses: 10up/wpcs-action@master
+      with:
+        enable_warnings: true
+        standard: 'WordPress-VIP-Go'
+        is_vipcs: true
+        excludes: 'tests'

autoload.php

@@ -68,7 +68,7 @@ public function load_class( $class ) {
 
 		// work backwards through the namespace names of the fully-qualified
 		// class name to find a mapped file name
-		while ( false !== $pos = strrpos( $prefix, '\\' ) ) {
+		while ( false !== $pos = strrpos( $prefix, '\\' ) ) { // phpcs:ignore WordPress.CodeAnalysis.AssignmentInCondition.FoundInWhileCondition
 
 			// retain the trailing namespace separator in the prefix
 			$prefix = substr( $class, 0, $pos + 1 );

classifai.php

@@ -87,7 +87,7 @@ function classifai_can_autoload() {
 	if ( file_exists( classifai_autoloader() ) ) {
 		return true;
 	} else {
-		error_log(
+		error_log( // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_error_log
 			sprintf( esc_html__( 'Fatal Error: Composer not setup in %', 'classifai' ), CLASSIFAI_PLUGIN_DIR )
 		);
 
@@ -138,7 +138,7 @@ function classifai_autorun() {
 			try {
 				\WP_CLI::error( get_error_install_message() );
 			} catch ( \WP_CLI\ExitException $e ) {
-				error_log( $e->getMessage() );
+				error_log( $e->getMessage() ); // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_error_log
 			}
 		}
 
@@ -152,7 +152,7 @@ function classifai_autorun() {
  */
 function classifai_autoload_notice() {
 	printf( '<div class="%1$s"><p>%2$s</p></div>', 'notice notice-error', get_error_install_message() ); // @codingStandardsIgnoreLine Text is escaped in calling function already.
-	error_log( get_error_install_message() );
+	error_log( get_error_install_message() ); // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_error_log
 }
 
 

includes/Classifai/Admin/BulkActions.php

@@ -83,11 +83,11 @@ public function bulk_action_handler( $redirect_to, $doaction, $post_ids ) {
 	 * Display an admin notice after classifying posts in bulk.
 	 */
 	public function bulk_action_admin_notice() {
-		if ( empty( $_REQUEST['bulk_classified'] ) ) {
+		if ( empty( $_REQUEST['bulk_classified'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
 			return;
 		}
 
-		$classified_posts_count = intval( $_REQUEST['bulk_classified'] );
+		$classified_posts_count = intval( $_REQUEST['bulk_classified'] ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
 
 		$output  = '<div id="message" class="notice notice-success is-dismissible fade"><p>';
 		$output .= sprintf(

includes/Classifai/Admin/SavePostHandler.php

@@ -210,7 +210,7 @@ public function is_rest_route() {
 		$rest_bases = apply_filters( 'classifai_rest_bases', array( 'posts', 'pages' ) );
 
 		foreach ( $rest_bases as $rest_base ) {
-			if ( false !== strpos( $_SERVER['REQUEST_URI'], 'wp-json/wp/v2/' . $rest_base ) ) {
+			if ( false !== strpos( sanitize_text_field( $_SERVER['REQUEST_URI'] ), 'wp-json/wp/v2/' . $rest_base ) ) {
 				return true;
 			}
 		}

includes/Classifai/Command/ClassifaiCommand.php

@@ -15,6 +15,7 @@
  * classify posts using the IBM Watson NLU API and images using the
  * Azure AI Computer Vision API.
  */
+// phpcs:ignore WordPressVIPMinimum.Classes.RestrictedExtendClasses.wp_cli
 class ClassifaiCommand extends \WP_CLI_Command {
 
 
@@ -198,7 +199,7 @@ public function text( $args = [], $opts = [] ) {
 			$result = $classifier->classify( $plain_text, $options );
 
 			if ( ! is_wp_error( $result ) ) {
-				\WP_CLI::log( json_encode( $result, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES ) );
+				\WP_CLI::log( wp_json_encode( $result, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES ) );
 			} else {
 				\WP_CLI::log( 'Failed to classify text.' );
 				\WP_CLI::error( $result->get_error_message() );
@@ -477,7 +478,7 @@ private function get_attachment_to_classify( $opts = [] ) {
 		}
 
 		if ( ! $opts['force'] ) {
-			$query_params['meta_query'] = [
+			$query_params['meta_query'] = [ // phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_query
 				'relation' => 'OR',
 				[
 					'key'     => '_wp_attachment_image_alt',
@@ -494,7 +495,7 @@ private function get_attachment_to_classify( $opts = [] ) {
 
 		\WP_CLI::log( 'Fetching images ...' );
 
-		$query = new \WP_Query( $query_params );
+		$query  = new \WP_Query( $query_params );
 		$images = $query->posts;
 
 		\WP_CLI::log( 'Fetching images ... DONE (' . count( $images ) . ')' );
@@ -524,7 +525,7 @@ private function gc( $index ) {
 	 */
 	private function print( $output, $post_id ) {
 		if ( ! is_wp_error( $output ) ) {
-			\WP_CLI::log( var_export( $output, true ) );
+			\WP_CLI::log( var_export( $output, true ) ); // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_var_export
 		} else {
 			\WP_CLI::warning( "Failed to classify $post_id: " . $output->get_error_message() );
 		}
@@ -535,5 +536,5 @@ private function print( $output, $post_id ) {
 try {
 	\WP_CLI::add_command( 'classifai', __NAMESPACE__ . '\\ClassifaiCommand' );
 } catch ( \Exception $e ) {
-	error_log( $e->getMessage() );
+	error_log( $e->getMessage() ); // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_error_log
 }

includes/Classifai/Command/RSSImporterCommand.php

@@ -12,6 +12,7 @@
  *
  * For development use only.
  */
+// phpcs:ignore WordPressVIPMinimum.Classes.RestrictedExtendClasses.wp_cli
 class RSSImporterCommand extends \WP_CLI_Command {
 
 	/**
@@ -200,10 +201,10 @@ public function get_url_meta( $url ) {
 		}
 
 		$options['headers']['x-api-key'] = MERCURY_PARSER_API_KEY;
-		$options['timeout']              = 60;
+		$options['timeout']              = 60; // phpcs:ignore WordPressVIPMinimum.Performance.RemoteRequestTimeout.timeout_timeout
 
 		$request_url = 'https://mercury.postlight.com/parser?url=' . urlencode( $url );
-		$response    = wp_remote_get( $request_url, $options );
+		$response    = wp_remote_get( $request_url, $options ); // phpcs:ignore WordPressVIPMinimum.Functions.RestrictedFunctions.wp_remote_get_wp_remote_get
 
 		if ( ! is_wp_error( $response ) ) {
 			$body = wp_remote_retrieve_body( $response );

includes/Classifai/Providers/Azure/ComputerVision.php

@@ -267,36 +267,36 @@ public function maybe_rescan_image( $attachment_id ) {
 			);
 		}
 
-		if ( filter_input( INPUT_POST, 'rescan-captions' ) ) {
+		if ( filter_input( INPUT_POST, 'rescan-captions', FILTER_SANITIZE_STRING ) ) {
 			$routes[] = 'alt-tags';
-		} else if ( filter_input( INPUT_POST, 'rescan-tags' ) ) {
+		} else if ( filter_input( INPUT_POST, 'rescan-tags', FILTER_SANITIZE_STRING ) ) {
 			$routes[] = 'image-tags';
-		} else if ( filter_input( INPUT_POST, 'rescan-smart-crop' ) ) {
+		} else if ( filter_input( INPUT_POST, 'rescan-smart-crop', FILTER_SANITIZE_STRING ) ) {
 			$routes[] = 'smart-crop';
 		}
 
 		if ( in_array( 'smart-crop', $routes, true ) ) {
 			// Are we smart cropping the image?
-			if ( filter_input( INPUT_POST, 'rescan-smart-crop' ) && ! empty( $metadata ) ) {
+			if ( filter_input( INPUT_POST, 'rescan-smart-crop', FILTER_SANITIZE_STRING ) && ! empty( $metadata ) ) {
 				$this->smart_crop_image( $metadata, $attachment_id );
 			}
 		} else {
 			$image_scan = $this->scan_image( $image_url, $routes );
 
 			if ( ! is_wp_error( $image_scan ) ) {
 				// Are we updating the captions?
-				if ( filter_input( INPUT_POST, 'rescan-captions' ) && isset( $image_scan->description->captions ) ) {
+				if ( filter_input( INPUT_POST, 'rescan-captions', FILTER_SANITIZE_STRING ) && isset( $image_scan->description->captions ) ) {
 					$this->generate_alt_tags( $image_scan->description->captions, $attachment_id );
 				}
 				// Are we updating the tags?
-				if ( filter_input( INPUT_POST, 'rescan-tags' ) && isset( $image_scan->tags ) ) {
+				if ( filter_input( INPUT_POST, 'rescan-tags', FILTER_SANITIZE_STRING ) && isset( $image_scan->tags ) ) {
 					$this->generate_image_tags( $image_scan->tags, $attachment_id );
 				}
 			}
 		}
 
 		// Are we updating the OCR text?
-		if ( filter_input( INPUT_POST, 'rescan-ocr' ) ) {
+		if ( filter_input( INPUT_POST, 'rescan-ocr', FILTER_SANITIZE_STRING ) ) {
 			$this->ocr_processing( wp_get_attachment_metadata( $attachment_id ), $attachment_id, true );
 		}
 	}

includes/Classifai/Providers/Watson/NLU.php

@@ -612,7 +612,7 @@ public function check_license_key( $email, $license_key ) {
 		$request = wp_remote_post(
 			'https://classifaiplugin.com/wp-json/classifai-theme/v1/validate-license',
 			[
-				'timeout' => 10,
+				'timeout' => 10, // phpcs:ignore WordPressVIPMinimum.Performance.RemoteRequestTimeout.timeout_timeout
 				'body'    => [
 					'license_key' => $license_key,
 					'email'       => $email,

includes/Classifai/Services/Service.php

@@ -104,7 +104,7 @@ public function get_display_name() {
 	 * Render the start of a settings page. The rest is added by the providers
 	 */
 	public function render_settings_page() {
-		$active_tab = isset( $_GET['tab'] ) ? $_GET['tab'] : $this->provider_classes[0]->get_settings_section();
+		$active_tab = isset( $_GET['tab'] ) ? sanitize_text_field( $_GET['tab'] ) : $this->provider_classes[0]->get_settings_section(); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
 		?>
 		<div class="wrap">
 			<h2><?php echo esc_html( $this->display_name ); ?></h2>

includes/Classifai/Services/ServicesManager.php

@@ -328,7 +328,7 @@ public function check_license_key( $email, $license_key ) {
 		$request = wp_remote_post(
 			'https://classifaiplugin.com/wp-json/classifai-theme/v1/validate-license',
 			[
-				'timeout' => 10,
+				'timeout' => 10, // phpcs:ignore WordPressVIPMinimum.Performance.RemoteRequestTimeout.timeout_timeout
 				'body'    => [
 					'license_key' => $license_key,
 					'email'       => $email,

includes/Classifai/Watson/APIRequest.php

@@ -54,7 +54,7 @@ public function request( $url, $options = [] ) {
 	 */
 	public function get( $url, $options = [] ) {
 		$this->add_headers( $options );
-		return $this->get_result( wp_remote_get( $url, $options ) );
+		return $this->get_result( wp_remote_get( $url, $options ) ); // phpcs:ignore WordPressVIPMinimum.Functions.RestrictedFunctions.wp_remote_get_wp_remote_get
 	}
 
 	/**
@@ -67,7 +67,7 @@ public function get( $url, $options = [] ) {
 	 */
 	public function post( $url, $options = [] ) {
 		$this->add_headers( $options );
-		return $this->get_result( wp_remote_post( $url, $options ) );
+		return $this->get_result( wp_remote_post( $url, $options ) ); // phpcs:ignore WordPressVIPMinimum.Functions.RestrictedFunctions.wp_remote_get_wp_remote_get
 	}
 
 	/**

includes/Classifai/Watson/Classifier.php

@@ -122,7 +122,7 @@ public function get_body( $text, $options = [] ) {
 			];
 		}
 
-		return json_encode( $options );
+		return wp_json_encode( $options );
 	}
 
 }