-
Notifications
You must be signed in to change notification settings - Fork 0
/
plugin-scan.sh.xml
79 lines (61 loc) · 3.32 KB
/
plugin-scan.sh.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
<?xml version="1.0"?>
<ruleset xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="WPPluginReview" xsi:noNamespaceSchemaLocation="https://raw.githubusercontent.com/squizlabs/PHP_CodeSniffer/master/phpcs.xsd">
<!-- For more information: https://make.wordpress.org/plugins/handbook/review/ -->
<description>Standards any plugin to be published on wordpress.org should comply with.</description>
<arg name="report" value="code"/>
<arg value="s"/>
<!-- Themes should be compatible with PHP 5.2 and higher. -->
<config name="testVersion" value="5.2-"/>
<exclude-pattern>*/tgm-plugin-activation/*</exclude-pattern>
<exclude-pattern>*/freemius/*</exclude-pattern>
<exclude-pattern>*/dompdf/*</exclude-pattern>
<exclude-pattern>*/cmb2/*</exclude-pattern>
<exclude-pattern>*/redux-framework/*</exclude-pattern>
<exclude-pattern>*/cherry-framework/*</exclude-pattern>
<exclude-pattern>*/titan-framework/*</exclude-pattern>
<exclude-pattern>*/vendor/*</exclude-pattern>
<exclude-pattern>*/guzzlehttp/*</exclude-pattern>
<exclude-pattern>*/vendors/*</exclude-pattern>
<exclude-pattern>*/plugin-update-checker/*</exclude-pattern>
<exclude-pattern>*/composer_directory/*</exclude-pattern>
<exclude-pattern>*/node_modules/*</exclude-pattern>
<!-- All SQL queries should be prepared as close to the time of querying the database as possible. -->
<rule ref="WordPress.DB.PreparedSQL"/>
<!-- Verify that placeholders in prepared queries are used correctly. -->
<rule ref="WordPress.DB.PreparedSQLPlaceholders"/>
<!-- Nonces -->
<rule ref="WordPress.Security.NonceVerification"/>
<!-- Prohibit the use of the backtick operator. -->
<rule ref="Generic.PHP.BacktickOperator"/>
<!-- Prohibit the use of the `goto` PHP language construct. -->
<rule ref="Generic.PHP.DiscourageGoto.Found">
<type>error</type>
<message>The "goto" language construct should not be used.</message>
</rule>
<!-- No PHP short open tags allowed. -->
<!-- Covers: https://github.com/Otto42/theme-check/blob/master/checks/phpshort.php -->
<rule ref="Generic.PHP.DisallowShortOpenTag"/>
<!-- Alternative PHP open tags not allowed. -->
<rule ref="Generic.PHP.DisallowAlternativePHPTags"/>
<!-- Prevent path disclosure when using add_theme_page(). -->
<rule ref="WordPress.Security.PluginMenuSlug"/>
<!-- While most themes shouldn't query the database directly, if they do, it should be done correctly. -->
<!-- Don't use the PHP database functions and classes, use the WP abstraction layer instead. -->
<rule ref="WordPress.DB.RestrictedClasses"/>
<rule ref="WordPress.DB.RestrictedFunctions"/>
<!-- Check for code WP does better -->
<rule ref="WordPress.WP.AlternativeFunctions">
<exclude name="WordPress.WP.AlternativeFunctions.json_encode_json_encode"/>
</rule>
<!-- Check for use of deprecated WordPress classes, functions and function parameters. -->
<rule ref="WordPress.WP.DeprecatedClasses"/>
<rule ref="WordPress.WP.DeprecatedFunctions"/>
<rule ref="WordPress.WP.DeprecatedParameters"/>
<rule ref="WordPress.DateTime.RestrictedFunctions"/>
<!-- Check for deprecated WordPress constants. -->
<rule ref="WordPress.WP.DiscouragedConstants">
<type>error</type>
</rule>
<!-- Check for usage of deprecated parameter values in WP functions and provide alternative based on the parameter passed. -->
<rule ref="WordPress.WP.DeprecatedParameterValues"/>
</ruleset>