Quick fixes and code cleanup #6

Merged
merged 3 commits into from Mar 20, 2012
Jump to file
+195 −199
Split
View
@@ -3,31 +3,28 @@
}
.scan-results-table th,
.scan-results-table td {
+ border-bottom: #ececec 1px solid;
padding: 3px 5px;
text-align: left;
- border-bottom: #ECECEC 1px solid;
}
.scan-results-table td {
text-align: right;
}
.scan-results-table .pass {
+ background-color: #7da300;
color: #fff;
- background-color: #7DA300;
}
.scan-results-table .fail {
+ background-color: #c80030;
color: #fff;
- background-color: #C80030;
-}
-
-.scan-results-list {
}
.scan-results-list li {
-border-bottom: 1px solid #DFDFDF;
-padding: 5px 0;
+ border-bottom: 1px solid #DFDFDF;
+ padding: 5px 0;
}
.scan-level {
- font-weight: bold;
color: #fff;
+ font-weight: bold;
padding: 0 10px;
}
.scan-result-info .scan-level,
@@ -45,17 +42,17 @@ padding: 5px 0;
}
.scan-file {
float: right;
- font-family: courier new, monospace;
+ font-family: "Courier New", Courier, monospace;
}
.scan-lines {
clear: both;
}
.scan-line .syntaxhighlighter {
+ background-color: #f7f9fe !important;
padding: .5em 0;
- background-color: #F7F9FE !important;
}
.scan-line .syntaxhighlighter .line,
.scan-line .syntaxhighlighter .line.alt1,
.scan-line .syntaxhighlighter .line.alt2 {
- background-color: #F7F9FE !important;
-}
+ background-color: #f7f9fe !important;
+}
@@ -4,39 +4,39 @@ class VIPRestrictedCommandsCheck extends BaseCheck
{
function check( $files ) {
$result = true;
-
+
$checks = array(
// wordpress functions
"remove_filter" => array( "level" => "Warning", "note" => "Removing filters" ),
"remove_action" => array( "level" => "Warning", "note" => "Removing actions" ),
"add_filter" => array( "level" => "Note", "note" => "Altering filters" ),
"add_action" => array( "level" => "Note", "note" => "Altering actions" ),
-
+
"wp_cache_set" => array( "level" => "Warning", "note" => "Setting Cache Object" ),
"wp_cache_get" => array( "level" => "Note", "note" => "Getting Cache Object" ),
"wp_cache_add" => array( "level" => "Warning", "note" => "Adding Cache Object" ),
"wp_cache_delete" => array( "level" => "Warning", "note" => "Deleting Cache Object" ),
"set_transient" => array( "level" => "Warning", "note" => "Setting transient Object" ),
"get_transient" => array( "level" => "Note", "note" => "Getting transient Object" ),
"delete_transient" => array( "level" => "Warning", "note" => "Deleting transient Object" ),
-
+
"update_post_caches" => array( "level" => "Warning", "note" => "Post cache alteration" ),
-
+
"update_option" => array( "level" => "Warning", "note" => "Updating option" ),
"get_option" => array( "level" => "Note", "note" => "Getting option" ),
"add_option" => array( "level" => "Warning", "note" => "Adding Option" ),
"delete_option" => array( "level" => "Warning", "note" => "Deleting Option" ),
-
+
"wp_remote_get" => array( "level" => "Warning", "note" => "Remote operation" ),
"fetch_feed" => array( "level" => "Warning", "note" => "Remote feed operation" ),
-
+
"wp_schedule_event" => array( "level" => "Warning", "note" => "WP Cron usage" ),
"wp_schedule_single_event" => array( "level" => "Warning", "note" => "WP Cron usage" ),
"wp_clear_scheduled_hook" => array( "level" => "Warning", "note" => "WP Cron usage" ),
"wp_next_scheduled" => array( "level" => "Warning", "note" => "WP Cron usage" ),
"wp_unschedule_event" => array( "level" => "Warning", "note" => "WP Cron usage" ),
"wp_get_schedule" => array( "level" => "Warning", "note" => "WP Cron usage" ),
-
+
"add_feed" => array( "level" => "Warning", "note" => "Custom feed implementation" ),
// Uncached functions
@@ -62,13 +62,13 @@ function check( $files ) {
"var_dump" => array( "level" => "Warning", "note" => "Unfiltered variable output" ),
"print_r" => array( "level" => "Warning", "note" => "Unfiltered variable output" ),
"var_export" => array( "level" => "Warning", "note" => "Unfiltered variable output" ),
-
+
// other
"date_default_timezone_set" => array( "level" => "Blocker", "note" => "Timezone manipulation" ),
"error_reporting" => array( "level" => "Blocker", "note" => "Settings alteration" ),
'eval' => array( 'level' => 'Blocker', "note" => "Meta programming" ),
"ini_set" => array( "level" => "Blocker", "note" => "Settings alteration" ),
-
+
// filesystem functions
//"basename" => array( "level" => "Note", "note" => "Returns filename component of path" ),
"chgrp" => array( "level" => "Blocker", "note" => "Changes file group" ),
@@ -154,7 +154,7 @@ function check( $files ) {
"touch" => array( "level" => "Blocker", "note" => "Sets access and modification time of file" ),
"umask" => array( "level" => "Blocker", "note" => "Changes the current umask" ),
"unlink" => array( "level" => "Blocker", "note" => "Deletes a file" ),
-
+
// process control functions
"pcntl_alarm" => array( "level" => "Blocker", "note" => "Set an alarm clock for delivery of a signal" ),
"pcntl_exec" => array( "level" => "Blocker", "note" => "Executes specified program in current process space" ),
@@ -175,13 +175,13 @@ function check( $files ) {
"pcntl_wstopsig" => array( "level" => "Blocker", "note" => "Returns the signal which caused the child to stop" ),
"pcntl_wtermsig" => array( "level" => "Blocker", "note" => "Returns the signal which caused the child to terminate" ),
);
-
+
foreach ( $this->filter_files( $files, 'php' ) as $file_path => $file_content ) {
foreach ( $checks as $check => $check_info ) {
$pattern = "/\s+($check)+\s?\(+/msiU";
-
+
$this->increment_check_count();
-
+
if ( preg_match( $pattern, $file_content, $matches ) ) {
$filename = $this->get_filename( $file_path );
$error = rtrim( $matches[0], '(' );//esc_html( rtrim( $matches[0],'(') );
@@ -197,7 +197,7 @@ function check( $files ) {
}
}
}
-
+
return $result;
}
}
@@ -4,24 +4,24 @@ class VIPRestrictedPatternsCheck extends BaseCheck
{
function check( $files ) {
$result = true;
-
+
$checks = array(
"/(kses)+/msiU" => array ( "level" => "Warning", "note" => "Working with kses" ),
"/(\\\$wpdb->|mysql_|WP_Query)+.+(ALTER)+\s+/msiU" => array( "level" => "Blocker", "note" => "Possible database table alteration" ),
"/(\\\$wpdb->|mysql_|WP_Query)+.+(CREATE)+\s+/msiU" => array( "level" => "Blocker", "note" => "Possible database table creation" ),
"/(\\\$wpdb->|mysql_|WP_Query)+.+(DROP)+\s+/msiU" => array( "level" => "Blocker", "note" => "Possible database table deletion" ),
"/(\\\$wpdb->|mysql_|WP_Query)+.+(DELETE)+\s+(FROM)+\s+/msiU" => array( "level" => "Note", "note" => "Direct database delete query" ),
"/(\\\$wpdb->|mysql_|WP_Query)+.+(SELECT)+\s.+/msiU" => array( "level" => "Note", "note" => "Direct Database select query" ),
- "/(^GLOBAL)(\\\$wpdb->|mysql_|WP_Query)+/msiU" => array( "level" => "Warning", "note" => "Possible direct database query" ),
+ "/(^GLOBAL)(\\\$wpdb->|mysql_|WP_Query)+/msiU" => array( "level" => "Warning", "note" => "Possible direct database query" ),
"/(echo|print|\<\?\=)+.+(\\\$GLOBALS|\\\$_SERVER|\\\$_GET|\\\$_REQUEST|\\\$_POST)+/msiU" => array( "level" => "Warning", "note" => "Possible output of restricted variables" ),
"/(echo|print|\<\?\=)+.+(get_search_query)+/msiU" => array( "level" => "Warning", "note" => "Output of search query" ),
"/(\\\$GLOBALS|\\\$_SERVER|\\\$_GET|\\\$_REQUEST|\\\$_POST)+/msiU" => array( "level" => "Note", "note" => "Working with superglobals" ),
);
-
+
foreach ( $this->filter_files( $files, 'php' ) as $file_path => $file_content ) {
foreach ( $checks as $check => $check_info ) {
$this->increment_check_count();
-
+
if ( preg_match( $check, $file_content, $matches ) ) {
$filename = $this->get_filename( $file_path );
$error = rtrim( $matches[0], '(' );//esc_html( rtrim( $matches[0],'(') );
@@ -37,7 +37,7 @@ function check( $files ) {
}
}
}
-
+
return $result;
}
}
@@ -4,9 +4,9 @@ class VIPWhitelistCheck extends BaseCheck
{
function check( $files ) {
$result = true;
-
+
$php = $this->merge_files( $files, 'php' );
-
+
$checks = array(
"/<!DOCTYPE\s+html([^>]{0,})/msiU" => array( "level" => "Warning", "note" => "No doctype defined" ),
"/<html.+(language_attributes){1}([^>]{0,})/msiU" => array( "level" => "Warning", "note" => "No language_attributes() in html tag" ),
@@ -16,7 +16,7 @@ function check( $files ) {
"/(wp_footer)+\s?\(\)/msiU" => array( "level" => "Blocker", "note" => "wp_footer() call missing" ),
"/<a.+href=[\"|']?(http:\/\/en\.wordpress\.com\/vip-hosting\/).[\"|']?([^>]+).+Wordpress\.com\sVIP([^<]+)</msiU" => array( "level" => "Warning", "note" => "Attribution link missing or not well formatted" ),
);
-
+
foreach ( $checks as $check => $check_info ) {
$this->increment_check_count();
if ( ! preg_match( $check, $php ) ) {
@@ -28,7 +28,7 @@ function check( $files ) {
$result = false;
}
}
-
+
return $result;
}
}
View
@@ -41,7 +41,7 @@ function admin_enqueue_scripts( $hook ) {
if ( 'tools_page_' . self::key !== $hook )
return;
- wp_enqueue_style( 'vip-scanner-css', plugins_url( 'css/vip-scanner.css', __FILE__ ) );
+ wp_enqueue_style( 'vip-scanner-css', plugins_url( 'css/vip-scanner.css', __FILE__ ), array(), '20120320' );
}
function display_admin_page() {
@@ -62,7 +62,7 @@ function display_admin_page() {
}
function display_vip_scanner_form() {
- $themes = get_themes();
+ $themes = wp_get_themes();
$review_types = VIP_Scanner::get_instance()->get_review_types();
$current_theme = isset( $_POST[ 'vip-scanner-theme-name' ] ) ? sanitize_text_field( $_POST[ 'vip-scanner-theme-name' ] ) : get_stylesheet();
$current_review = isset( $_POST[ 'vip-scanner-review-type' ] ) ? sanitize_text_field( $_POST[ 'vip-scanner-review-type' ] ) : $review_types[0]; // TODO: eugh, need better error checking
@@ -71,8 +71,7 @@ function display_vip_scanner_form() {
<p>Select a theme and the review that you want to run:</p>
<select name="vip-scanner-theme-name">
<?php foreach ( $themes as $name => $location ) : ?>
- <?php var_dump( $location, $current_theme ); ?>
- <option <?php selected( $current_theme, $location['Stylesheet'] ); ?> value="<?php echo esc_attr( $location['Stylesheet'] ); ?>"><?php echo esc_html( $name ); ?></option>
+ <option <?php selected( $current_theme, $location['Stylesheet'] ); ?> value="<?php echo esc_attr( $location['Stylesheet'] ); ?>"><?php echo esc_html( $location['Name'] ); ?></option>
<?php endforeach; ?>
</select>
<select name="vip-scanner-review-type">
@@ -90,13 +89,13 @@ function display_vip_scanner_form() {
function do_theme_review() {
if( ! isset( $_POST[ 'vip-scanner-nonce' ] ) || ! wp_verify_nonce( $_POST[ 'vip-scanner-nonce' ], 'vip-scan-theme' ) )
return;
-
+
if ( ! isset( $_POST[ 'vip-scanner-theme-name' ] ) )
return;
$theme = sanitize_text_field( $_POST[ 'vip-scanner-theme-name' ] );
$review = isset( $_POST[ 'vip-scanner-review-type' ] ) ? sanitize_text_field( $_POST[ 'vip-scanner-review-type' ] ) : $review_types[0]; // TODO: eugh, need better error checking
-
+
$scanner = VIP_Scanner::get_instance()->run_theme_review( $theme, $review );
if ( $scanner )
$this->display_theme_review_result( $scanner, $theme );
@@ -109,13 +108,13 @@ function display_theme_review_result( $scanner, $theme ) {
if ( isset( $SyntaxHighlighter ) ) {
add_action( 'admin_footer', array( &$SyntaxHighlighter, 'maybe_output_scripts' ) );
}
-
+
$report = $scanner->get_results();
$blockers = $scanner->get_errors( array( 'blocker', 'warning', 'required' ) ); // TODO allow to be filtered.
$pass = ! count( $blockers );
?>
<h4>Scanning: <?php echo $theme; ?></h4>
-
+
<table class="scan-results-table">
<tr>
<th><?php _e( 'Scan Result', 'theme-check' ); ?></th>
@@ -134,7 +133,7 @@ function display_theme_review_result( $scanner, $theme ) {
<td><?php echo count( $blockers ); ?></td>
</tr>
</table>
-
+
<ol class="scan-results-list">
<?php
$results = $scanner->get_errors();
@@ -145,13 +144,13 @@ function display_theme_review_result( $scanner, $theme ) {
</ol>
<?php
}
-
+
function display_theme_review_result_row( $error, $scanner, $theme ) {
global $SyntaxHighlighter;
-
+
$level = $error['level'];
$description = $error['description'];
-
+
$file = '';
if ( is_array( $error['file'] ) ) {
if ( ! empty( $error['file'][0] ) )
@@ -165,20 +164,20 @@ function display_theme_review_result_row( $error, $scanner, $theme ) {
if ( ! $file && ! empty( $file_theme_path ) )
$file = $file_theme_path;
}
-
+
$lines = ! empty( $error['lines'] ) ? $error['lines'] : array();
-
+
?>
<li class="scan-result-<?php echo strtolower( $level ); ?>">
<span class="scan-level"><?php echo $level; ?></span>
<span class="scan-description"><?php echo $description; ?></span>
-
+
<?php if( ! empty( $file ) ) : ?>
<span class="scan-file">
<?php echo $file; ?>
</span>
<?php endif; ?>
-
+
<?php if( ! empty( $lines ) ) : ?>
<div class="scan-lines">
<?php foreach( $lines as $line ) : ?>
@@ -196,7 +195,7 @@ function display_theme_review_result_row( $error, $scanner, $theme ) {
<?php endforeach; ?>
</div>
<?php endif; ?>
-
+
</li>
<?php
}
@@ -41,7 +41,7 @@ function check( $files ) {
'/cx=[0-9]{21}:[a-z0-9]{10}/ms' => 'Google search code detected',
'/pub-[0-9]{16}/' => 'Google advertising code detected'
);
-
+
$other_files = array_diff( $this->get_all_files( $files ), $php_files );
foreach ( $other_files as $file_path => $file_content ) {
@@ -2,7 +2,7 @@
class BloginfoDeprecatedCheck extends BaseCheck {
function check( $files ) {
$result = true;
-
+
$checks = array(
'/[\s|]get_bloginfo\((\s|)("|\')url("|\')(\s|)\)/m' => 'home_url()',
'/[\s|]get_bloginfo\((\s|)("|\')wpurl("|\')(\s|)\)/m' => 'site_url()',
@@ -19,7 +19,7 @@ function check( $files ) {
'/[\s|]bloginfo\((\s|)("|\')text_direction("|\')(\s|)\)/m' => 'is_rtl()',
'/[\s|]bloginfo\((\s|)("|\')feed_url("|\')(\s|)\)/m' => 'get_feed_link( \'feed\' ) (where feed is rss, rss2, atom)',
);
-
+
foreach ( $this->filter_files( $files, 'php' ) as $file_path => $file_content ) {
foreach ( $checks as $key => $check ) {
$this->increment_check_count();
Oops, something went wrong.