Skip to content

Fix/security part1#1045

Merged
kowsar89 merged 10 commits intoalphafrom
fix/security-part1
Jul 26, 2022
Merged

Fix/security part1#1045
kowsar89 merged 10 commits intoalphafrom
fix/security-part1

Conversation

@vairafiq
Copy link
Contributor

@vairafiq vairafiq commented Jul 25, 2022

includes >> checkout
includes >> gateways
includes >> payments

@vairafiq vairafiq added this to the v7.3.1 milestone Jul 25, 2022
kowsar89
kowsar89 suggested changes Jul 25, 2022
View reviewed changes
Copy link
Contributor

@kowsar89 kowsar89 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 


FILE: /media/k/SSD/htdocs/wptest/wp-content/plugins/directorist/includes/checkout/class-checkout.php
  42 | ERROR | [ ] Processing form data without nonce verification.
  43 | ERROR | [ ] All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'atbdp_format_payment_amount'.
  43 | ERROR | [ ] Processing form data without nonce verification.
  43 | ERROR | [ ] $_POST data not unslashed before sanitization. Use wp_unslash() or similar
  43 | ERROR | [ ] Detected usage of a non-sanitized input variable: $_POST['amount']
  71 | ERROR | [ ] Detected usage of a possibly undefined superglobal array index: $_SERVER['REQUEST_METHOD']. Use isset() or empty() to check the index exists before using it
  73 | ERROR | [ ] Processing form data without nonce verification.
 147 | ERROR | [ ] $_REQUEST data not unslashed before sanitization. Use wp_unslash() or similar
 147 | ERROR | [ ] Detected usage of a non-sanitized input variable: $_REQUEST['order']
 188 | ERROR | [ ] extract() usage is highly discouraged, due to the complexity and unintended issues it might cause.
 331 | ERROR | [ ] Detected usage of a possibly undefined superglobal array index: $_SERVER['REQUEST_METHOD']. Use isset() or empty() to check the index exists before using it


FILE: /media/k/SSD/htdocs/wptest/wp-content/plugins/directorist/includes/checkout/functions.php
 111 | ERROR | [ ] $_REQUEST data not unslashed before sanitization. Use wp_unslash() or similar


FILE: /media/k/SSD/htdocs/wptest/wp-content/plugins/directorist/includes/gateways/class-gateway.php
 210 | ERROR | [ ] Visibility must be declared on method "gateway_settings_submenu"
 231 | ERROR | [ ] Visibility must be declared on method "get_gateway_settings_fields"
 341 | ERROR | [ ] Visibility must be declared on method "gateways_markup"


FILE: /media/k/SSD/htdocs/wptest/wp-content/plugins/directorist/includes/gateways/class-offline-gateway.php


FILE: /media/k/SSD/htdocs/wptest/wp-content/plugins/directorist/includes/payments/class-order.php
  72 | ERROR | [ ] All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
  73 | ERROR | [ ] All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'.
  73 | ERROR | [ ] All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$currency'.
  79 | ERROR | [ ] All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$order['label']'.
  80 | ERROR | [ ] All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$order['desc']'.
  83 | ERROR | [ ] All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$before'.
  83 | ERROR | [ ] All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$after'.
  90 | ERROR | [ ] All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'.
  90 | ERROR | [ ] All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$currency'.
  95 | ERROR | [ ] All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$before'.
  95 | ERROR | [ ] All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$after'.
 225 | ERROR | [ ] $_GET data not unslashed before sanitization. Use wp_unslash() or similar
 225 | ERROR | [ ] Detected usage of a non-sanitized input variable: $_GET['payment_status']
 228 | ERROR | [ ] All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'.
 230 | ERROR | [ ] All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$value'.
 230 | ERROR | [ ] All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$title'.
 250 | ERROR | [ ] $_GET data not unslashed before sanitization. Use wp_unslash() or similar
 250 | ERROR | [ ] Detected usage of a non-sanitized input variable: $_GET['payment_status']
 351 | ERROR | [ ] All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$gateway'.
 450 | ERROR | [ ] All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'.
 535 | ERROR | [ ] The $single arg must not contain interpolated variables. Found "$_action".
 535 | ERROR | [ ] Missing singular placeholder, needed for some languages. See https://codex.wordpress.org/I18n_for_WordPress_Developers#Plurals
 535 | ERROR | [ ] The $plural arg must not contain interpolated variables. Found "$_action".
 535 | ERROR | [ ] $_REQUEST data not unslashed before sanitization. Use wp_unslash() or similar
 535 | ERROR | [ ] Detected usage of a non-sanitized input variable: $_REQUEST[$action]
 535 | ERROR | [ ] $_REQUEST data not unslashed before sanitization. Use wp_unslash() or similar
 535 | ERROR | [ ] Detected usage of a non-sanitized input variable: $_REQUEST[$action]


FILE: /media/k/SSD/htdocs/wptest/wp-content/plugins/directorist/includes/payments/functions.php
 103 | ERROR | [ ] extract() usage is highly discouraged, due to the complexity and unintended issues it might cause.
 238 | ERROR | [ ] extract() usage is highly discouraged, due to the complexity and unintended issues it might cause.

Time: 884ms; Memory: 26MB

kowsar89
kowsar89 suggested changes Jul 26, 2022
View reviewed changes
Copy link
Contributor

@kowsar89 kowsar89 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 


FILE: /media/k/SSD/htdocs/wptest/wp-content/plugins/directorist/includes/checkout/class-checkout.php
  42 | ERROR | [ ] Processing form data without nonce verification.
  43 | ERROR | [ ] Processing form data without nonce verification.
  43 | ERROR | [ ] Detected usage of a non-sanitized input variable: $_POST['amount']
  73 | ERROR | [ ] Processing form data without nonce verification.


FILE: /media/k/SSD/htdocs/wptest/wp-content/plugins/directorist/includes/checkout/functions.php


FILE: /media/k/SSD/htdocs/wptest/wp-content/plugins/directorist/includes/gateways/class-gateway.php


FILE: /media/k/SSD/htdocs/wptest/wp-content/plugins/directorist/includes/gateways/class-offline-gateway.php


FILE: /media/k/SSD/htdocs/wptest/wp-content/plugins/directorist/includes/payments/class-order.php
  73 | ERROR | [ ] All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$currency'.


FILE: /media/k/SSD/htdocs/wptest/wp-content/plugins/directorist/includes/payments/functions.php
 103 | ERROR | [ ] extract() usage is highly discouraged, due to the complexity and unintended issues it might cause.
 238 | ERROR | [ ] extract() usage is highly discouraged, due to the complexity and unintended issues it might cause.

Time: 746ms; Memory: 26MB

@kowsar89
Copy link
Contributor

kowsar89 commented Jul 26, 2022 

FILE: /media/k/SSD/htdocs/wptest/wp-content/plugins/directorist/includes/checkout/class-checkout.php
  43 | ERROR | [ ] Processing form data without nonce verification.
  74 | ERROR | [ ] Processing form data without nonce verification.

kowsar89
kowsar89 approved these changes Jul 26, 2022
View reviewed changes
Copy link
Contributor

@kowsar89 kowsar89 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wpcs ok

@kowsar89 kowsar89 merged commit 8a27236 into alpha Jul 26, 2022
@vairafiq vairafiq deleted the fix/security-part1 branch July 26, 2022 03:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@kowsar89 kowsar89 kowsar89 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v7.3.1

Development

Successfully merging this pull request may close these issues.

2 participants

@vairafiq @kowsar89