composer update + requiring composer installers

composer.json

@@ -28,7 +28,8 @@
     }
   ],
   "require": {
-    "php": ">=7.0"
+    "php": ">=7.0",
+    "composer/installers": "^1.0 || ^2.0"
   },
   "require-dev": {
     "10up/phpcs-composer": "dev-master",

includes/classes/Command/Utility.php

@@ -160,8 +160,8 @@ public static function custom_get_transient( $pre_transient, $transient ) {
 		} else {
 			$options = $wpdb->options;
 
+			// phpcs:disable
 			$should_interrupt_sync = $wpdb->get_var(
-				// phpcs:disable
 				$wpdb->prepare(
 					"
 						SELECT option_value
@@ -171,8 +171,8 @@ public static function custom_get_transient( $pre_transient, $transient ) {
 					",
 					"_transient_{$transient}"
 				)
-				// phpcs:enable
 			);
+			// phpcs:enable
 		}
 
 		return $should_interrupt_sync ? (bool) $should_interrupt_sync : null;

includes/classes/Feature/Autosuggest/Autosuggest.php

@@ -740,7 +740,7 @@ public function epio_send_autosuggest_public_request( $blocking = false ) {
 	 * Send the allowed parameters for autosuggest to ElasticPress.io.
 	 */
 	public function epio_send_autosuggest_allowed() {
-		if ( empty( $_REQUEST['ep_epio_nonce'] ) || ! wp_verify_nonce( $_REQUEST['ep_epio_nonce'], 'ep-epio-set-autosuggest' ) ) {
+		if ( empty( $_REQUEST['ep_epio_nonce'] ) || ! wp_verify_nonce( sanitize_key( $_REQUEST['ep_epio_nonce'] ), 'ep-epio-set-autosuggest' ) ) {
 			return;
 		}
 		if ( empty( $_GET['ep_epio_set_autosuggest'] ) ) {

includes/classes/Feature/Facets/Facets.php

@@ -454,7 +454,7 @@ public function build_query_url( $filters ) {
 		 */
 		$query_string = apply_filters( 'ep_facet_query_string', $query_string, $query_params );
 
-		$url        = $_SERVER['REQUEST_URI'];
+		$url        = isset( $_SERVER['REQUEST_URI'] ) ? sanitize_text_field( wp_unslash( $_SERVER['REQUEST_URI'] ) ) : '';
 		$pagination = strpos( $url, '/page' );
 		if ( false !== $pagination ) {
 			$url = substr( $url, 0, $pagination );

includes/classes/Feature/Search/Search.php

@@ -775,7 +775,7 @@ public function save_exclude_from_search_meta( $post_id, $post ) {
 			return;
 		}
 
-		if ( ! isset( $_POST['ep-exclude-from-search-nonce'] ) || ! wp_verify_nonce( $_POST['ep-exclude-from-search-nonce'], 'save-exclude-from-search' ) ) {
+		if ( ! isset( $_POST['ep-exclude-from-search-nonce'] ) || ! wp_verify_nonce( sanitize_key( $_POST['ep-exclude-from-search-nonce'] ), 'save-exclude-from-search' ) ) {
 			return;
 		}
 

includes/classes/Feature/Search/Weighting.php

@@ -220,8 +220,8 @@ public function render_settings_page() {
 				<input type="hidden" name="action" value="ep-weighting">
 				<?php wp_nonce_field( 'save-weighting', 'ep-weighting-nonce' ); ?>
 				<?php
-				if ( isset( $_GET['settings-updated'] ) ) : // phpcs:ignore WordPress.Security.NonceVerification
-					if ( $_GET['settings-updated'] ) : // phpcs:ignore WordPress.Security.NonceVerification
+				if ( isset( $_GET['settings-updated'] ) ) : // phpcs:ignore WordPress.Security.NonceVerification, WordPress.Security.ValidatedSanitizedInput
+					if ( sanitize_key( $_GET['settings-updated'] ) ) : // phpcs:ignore WordPress.Security.NonceVerification
 						?>
 						<div class="notice notice-success is-dismissible">
 							<p><?php esc_html_e( 'Changes Saved!', 'elasticpress' ); ?></p>
@@ -335,7 +335,7 @@ public function render_settings_section( $post_type, $field, $current_values ) {
 	 * Handles processing the new weighting values and saving them to the elasticpress.io service
 	 */
 	public function handle_save() {
-		if ( ! isset( $_POST['ep-weighting-nonce'] ) || ! wp_verify_nonce( $_POST['ep-weighting-nonce'], 'save-weighting' ) ) {
+		if ( ! isset( $_POST['ep-weighting-nonce'] ) || ! wp_verify_nonce( sanitize_key( $_POST['ep-weighting-nonce'] ), 'save-weighting' ) ) {
 			return;
 		}
 

includes/classes/Feature/SearchOrdering/SearchOrdering.php

@@ -462,7 +462,7 @@ public function save_post( $post_id, $post ) {
 		/** Post Indexable @var Post $post_indexable */
 		$post_indexable = Indexables::factory()->get( 'post' );
 
-		if ( ! isset( $_POST['search-ordering-nonce'] ) || ! wp_verify_nonce( $_POST['search-ordering-nonce'], 'save-search-ordering' ) ) {
+		if ( ! isset( $_POST['search-ordering-nonce'] ) || ! wp_verify_nonce( sanitize_key( $_POST['search-ordering-nonce'] ), 'save-search-ordering' ) ) {
 			return;
 		}
 
@@ -476,7 +476,8 @@ public function save_post( $post_id, $post ) {
 		$previous_order_data = get_post_meta( $post_id, 'pointers', true );
 		$previous_post_ids   = ! empty( $previous_order_data ) ? array_flip( wp_list_pluck( $previous_order_data, 'ID' ) ) : [];
 
-		$ordered_posts = json_decode( wp_unslash( $_POST['ordered_posts'] ), true );
+		$ordered_posts = isset( $_POST['ordered_posts'] ) ? wp_unslash( $_POST['ordered_posts'] ) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
+		$ordered_posts = json_decode( $ordered_posts, true );
 
 		$posts_per_page = (int) get_option( 'posts_per_page', 10 );
 
@@ -857,7 +858,7 @@ public function handle_post_untrash( $post_id ) {
 	protected function assign_term_to_post( $post_id, $term_taxonomy_id, $order ) {
 		global $wpdb;
 
-		$result = $wpdb->query(
+		$result = $wpdb->query( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
 			$wpdb->prepare(
 				"INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id, term_order) VALUES ( %d, %d, %d ) ON DUPLICATE KEY UPDATE term_order = VALUES(term_order)",
 				$post_id,

includes/classes/Feature/WooCommerce/WooCommerce.php

@@ -523,7 +523,7 @@ public function translate_args( $query ) {
 		 * Also make sure the orderby param affects only the main query
 		 */
 		if ( ! empty( $_GET['orderby'] ) && $query->is_main_query() ) { // phpcs:ignore WordPress.Security.NonceVerification
-			$orderby = sanitize_text_field( $_GET['orderby'] ); // phpcs:ignore WordPress.Security.NonceVerification
+			$orderby = sanitize_text_field( wp_unslash( $_GET['orderby'] ) ); // phpcs:ignore WordPress.Security.NonceVerification
 			switch ( $orderby ) { // phpcs:ignore WordPress.Security.NonceVerification
 				case 'popularity':
 					$query->set( 'orderby', $this->get_orderby_meta_mapping( 'total_sales' ) );
@@ -706,9 +706,13 @@ public function search_order( $wp ) {
 			return;
 		}
 
-		$search_key_safe = str_replace( array( 'Order #', '#' ), '', wc_clean( $_GET['s'] ) ); // phpcs:ignore WordPress.Security.NonceVerification
-		unset( $wp->query_vars['post__in'] );
-		$wp->query_vars['s'] = $search_key_safe;
+		// phpcs:disable WordPress.Security.NonceVerification, WordPress.Security.ValidatedSanitizedInput
+		if ( isset( $_GET['s'] ) ) {
+			$search_key_safe = str_replace( array( 'Order #', '#' ), '', wc_clean( $_GET['s'] ) );
+			unset( $wp->query_vars['post__in'] );
+			$wp->query_vars['s'] = $search_key_safe;
+		}
+		// phpcs:enable WordPress.Security.NonceVerification, WordPress.Security.ValidatedSanitizedInput
 	}
 
 	/**
@@ -996,39 +1000,42 @@ public function price_filter( $args, $query_args, $query ) {
 			return $args;
 		}
 
+		$min_price = ! empty( $_GET['min_price'] ) ? sanitize_text_field( wp_unslash( $_GET['min_price'] ) ) : null;
+		$max_price = ! empty( $_GET['max_price'] ) ? sanitize_text_field( wp_unslash( $_GET['max_price'] ) ) : null;
+		// phpcs:enable WordPress.Security.NonceVerification
+
 		if ( $query->is_search() ) {
 			/**
 			 * This logic is iffy but the WC price filter widget is not intended for use with search anyway
 			 */
 			$old_query = $args['query']['bool'];
 			unset( $args['query']['bool']['should'] );
 
-			if ( ! empty( $_GET['min_price'] ) ) {
-				$args['query']['bool']['must'][0]['range']['meta._price.long']['gte'] = $_GET['min_price'];
+			if ( ! empty( $min_price ) ) {
+				$args['query']['bool']['must'][0]['range']['meta._price.long']['gte'] = $min_price;
 			}
 
-			if ( ! empty( $_GET['max_price'] ) ) {
-				$args['query']['bool']['must'][0]['range']['meta._price.long']['lte'] = $_GET['max_price'];
+			if ( ! empty( $max_price ) ) {
+				$args['query']['bool']['must'][0]['range']['meta._price.long']['lte'] = $max_price;
 			}
 
 			$args['query']['bool']['must'][0]['range']['meta._price.long']['boost'] = 2.0;
 			$args['query']['bool']['must'][1]['bool']                               = $old_query;
 		} else {
 			unset( $args['query']['match_all'] );
 
-			$args['query']['range']['meta._price.long']['gte'] = ! empty( $_GET['min_price'] ) ? $_GET['min_price'] : 0;
+			$args['query']['range']['meta._price.long']['gte'] = ! empty( $min_price ) ? $min_price : 0;
 
-			if ( ! empty( $_GET['min_price'] ) ) {
-				$args['query']['range']['meta._price.long']['gte'] = $_GET['min_price'];
+			if ( ! empty( $min_price ) ) {
+				$args['query']['range']['meta._price.long']['gte'] = $min_price;
 			}
 
-			if ( ! empty( $_GET['max_price'] ) ) {
-				$args['query']['range']['meta._price.long']['lte'] = $_GET['max_price'];
+			if ( ! empty( $max_price ) ) {
+				$args['query']['range']['meta._price.long']['lte'] = $max_price;
 			}
 
 			$args['query']['range']['meta._price.long']['boost'] = 2.0;
 		}
-		// phpcs:enable WordPress.Security.NonceVerification
 
 		return $args;
 	}
@@ -1155,7 +1162,7 @@ public function translate_args_admin_products_list( $query ) {
 		}
 
 		// WooCommerce unsets the search term right after using it to fetch product IDs. Here we add it back.
-		$search_term = ! empty( $_GET['s'] ) ? sanitize_text_field( $_GET['s'] ) : ''; // phpcs:ignore WordPress.Security.NonceVerification
+		$search_term = ! empty( $_GET['s'] ) ? sanitize_text_field( wp_unslash( $_GET['s'] ) ) : ''; // phpcs:ignore WordPress.Security.NonceVerification
 		if ( ! empty( $search_term ) ) {
 			$query->set( 's', sanitize_text_field( $search_term ) ); // phpcs:ignore WordPress.Security.NonceVerification
 
@@ -1195,7 +1202,7 @@ public function translate_args_admin_products_list( $query ) {
 
 		// Sets the meta query for `product_type` if needed. Also removed from the WP_Query by WC in `WC_Admin_List_Table_Products::query_filters()`.
 		$product_type_query = $query->get( 'product_type', '' );
-		$product_type_url   = ! empty( $_GET['product_type'] ) ? sanitize_text_field( $_GET['product_type'] ) : ''; // phpcs:ignore WordPress.Security.NonceVerification
+		$product_type_url   = ! empty( $_GET['product_type'] ) ? sanitize_text_field( wp_unslash( $_GET['product_type'] ) ) : ''; // phpcs:ignore WordPress.Security.NonceVerification
 		$allowed_prod_types = [ 'virtual', 'downloadable' ];
 		if ( empty( $product_type_query ) && ! empty( $product_type_url ) && in_array( $product_type_url, $allowed_prod_types, true ) ) {
 			$meta_query   = $query->get( 'meta_query', [] );
@@ -1208,7 +1215,7 @@ public function translate_args_admin_products_list( $query ) {
 
 		// Sets the meta query for `stock_status` if needed.
 		$stock_status_query   = $query->get( 'stock_status', '' );
-		$stock_status_url     = ! empty( $_GET['stock_status'] ) ? sanitize_text_field( $_GET['stock_status'] ) : ''; // phpcs:ignore WordPress.Security.NonceVerification
+		$stock_status_url     = ! empty( $_GET['stock_status'] ) ? sanitize_text_field( wp_unslash( $_GET['stock_status'] ) ) : ''; // phpcs:ignore WordPress.Security.NonceVerification
 		$allowed_stock_status = [ 'instock', 'outofstock', 'onbackorder' ];
 		if ( empty( $stock_status_query ) && ! empty( $stock_status_url ) && in_array( $stock_status_url, $allowed_stock_status, true ) ) {
 			$meta_query   = $query->get( 'meta_query', [] );

includes/classes/Indexable/Post/Post.php

@@ -245,7 +245,7 @@ protected function get_total_objects_for_query_from_db( $query_args ) {
 		 * The if below will pass if `has_password` is false but not null.
 		 */
 		if ( isset( $query_args['has_password'] ) && ! $query_args['has_password'] ) {
-			$posts_with_password = (int) $wpdb->get_var( "SELECT COUNT(1) AS posts_with_password FROM {$wpdb->posts} WHERE post_password != ''" );
+			$posts_with_password = (int) $wpdb->get_var( "SELECT COUNT(1) AS posts_with_password FROM {$wpdb->posts} WHERE post_password != ''" ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery
 
 			$post_count -= $posts_with_password;
 		}
@@ -797,7 +797,7 @@ protected function get_term_order( $term_taxonomy_id, $object_id ) {
 		$term_orders = wp_cache_get( $cache_key );
 
 		if ( false === $term_orders ) {
-			$results = $wpdb->get_results(
+			$results = $wpdb->get_results( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
 				$wpdb->prepare(
 					"SELECT term_taxonomy_id, term_order from $wpdb->term_relationships where object_id=%d;",
 					$object_id
@@ -2562,8 +2562,8 @@ public function get_distinct_meta_field_keys_db( bool $force_refresh = false ) :
 			$allowed_protected_keys_sql = " OR meta_key IN ( {$placeholders} ) ";
 		}
 
+		// phpcs:disable WordPress.DB.DirectDatabaseQuery, WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.PreparedSQLPlaceholders.ReplacementsWrongNumber
 		$meta_keys = $wpdb->get_col(
-			// phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.PreparedSQLPlaceholders.ReplacementsWrongNumber
 			$wpdb->prepare(
 				"SELECT DISTINCT meta_key
 					FROM {$wpdb->postmeta}
@@ -2572,8 +2572,9 @@ public function get_distinct_meta_field_keys_db( bool $force_refresh = false ) :
 				'\_%',
 				...$allowed_protected_keys
 			)
-			// phpcs:enable WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.PreparedSQLPlaceholders.ReplacementsWrongNumber
 		);
+		// phpcs:enable WordPress.DB.DirectDatabaseQuery, WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.PreparedSQLPlaceholders.ReplacementsWrongNumber
+
 		sort( $meta_keys );
 
 		// Make sure the size of the transient will not be bigger than 1MB
@@ -2753,7 +2754,12 @@ function( $meta_key ) use ( $empty_post ) {
 	protected function get_lazy_post_type_ids( string $post_type ) {
 		global $wpdb;
 
-		$total = $wpdb->get_var( $wpdb->prepare( "SELECT count(*) FROM {$wpdb->posts} WHERE post_type = %s", $post_type ) );
+		$total = $wpdb->get_var( // phpcs:ignore WordPress.DB.DirectDatabaseQuery
+			$wpdb->prepare(
+				"SELECT count(*) FROM {$wpdb->posts} WHERE post_type = %s",
+				$post_type
+			)
+		);
 
 		if ( ! $total ) {
 			return [];
@@ -2786,7 +2792,7 @@ protected function get_lazy_post_type_ids( string $post_type ) {
 
 		for ( $page = 0; $page < $pages; $page++ ) {
 			$start = $per_page * $page;
-			$ids   = $wpdb->get_col(
+			$ids   = $wpdb->get_col( // phpcs:ignore WordPress.DB.DirectDatabaseQuery
 				$wpdb->prepare(
 					"SELECT ID FROM {$wpdb->posts} WHERE post_type = %s LIMIT %d, %d",
 					$post_type,
@@ -2813,7 +2819,7 @@ protected function get_meta_keys_from_post_ids( array $post_ids ) : array {
 		}
 
 		$placeholders = implode( ',', array_fill( 0, count( $post_ids ), '%d' ) );
-		$meta_keys    = $wpdb->get_col(
+		$meta_keys    = $wpdb->get_col( // phpcs:ignore WordPress.DB.DirectDatabaseQuery
 			$wpdb->prepare(
 				// phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare
 				"SELECT DISTINCT meta_key FROM {$wpdb->postmeta} WHERE post_id IN ( {$placeholders} )",

includes/classes/Indexable/Post/SyncManager.php

@@ -579,14 +579,21 @@ public function action_edited_term( $term_id, $tt_id, $taxonomy ) {
 		}
 
 		// Find ID of all attached posts (query lifted from wp_delete_term())
-		$object_ids = (array) $wpdb->get_col( $wpdb->prepare( "SELECT object_id FROM {$wpdb->term_relationships} WHERE term_taxonomy_id = %d", $tt_id ) );
+		$object_ids = (array) $wpdb->get_col( // phpcs:disable WordPress.DB.DirectDatabaseQuery
+			$wpdb->prepare( "SELECT object_id FROM {$wpdb->term_relationships} WHERE term_taxonomy_id = %d", $tt_id )
+		);
 
 		// If the current term is not attached, check if the child terms are attached to the post
 		if ( empty( $object_ids ) ) {
 			$child_terms = get_term_children( $term_id, $taxonomy );
 			if ( ! empty( $child_terms ) ) {
 				$in_id      = join( ',', array_fill( 0, count( $child_terms ), '%d' ) );
-				$object_ids = (array) $wpdb->get_col( $wpdb->prepare( "SELECT object_id FROM {$wpdb->term_relationships} WHERE term_taxonomy_id IN ( {$in_id} )", $child_terms ) ); // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare
+				$object_ids = (array) $wpdb->get_col( // phpcs:disable WordPress.DB.DirectDatabaseQuery
+					$wpdb->prepare(
+						"SELECT object_id FROM {$wpdb->term_relationships} WHERE term_taxonomy_id IN ( {$in_id} )", // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare
+						$child_terms
+					)
+				);
 			}
 		}
 		if ( ! count( $object_ids ) ) {

includes/classes/Indexable/User/User.php

@@ -664,13 +664,20 @@ public function query_db( $args ) {
 		 * WP_User_Query doesn't let us get users across all blogs easily. This is the best
 		 * way to do that.
 		 */
-		// phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared
-		$objects = $wpdb->get_results( $wpdb->prepare( "SELECT SQL_CALC_FOUND_ROWS ID FROM {$wpdb->users} {$orderby} LIMIT %d, %d", (int) $args['offset'], (int) $args['number'] ) );
+		// phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.DirectDatabaseQuery
+		$objects = $wpdb->get_results(
+			$wpdb->prepare(
+				"SELECT SQL_CALC_FOUND_ROWS ID FROM {$wpdb->users} {$orderby} LIMIT %d, %d",
+				(int) $args['offset'],
+				(int) $args['number']
+			)
+		);
 
 		return [
 			'objects'       => $objects,
 			'total_objects' => ( 0 === count( $objects ) ) ? 0 : (int) $wpdb->get_var( 'SELECT FOUND_ROWS()' ),
 		];
+		// phpcs:enable WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.DirectDatabaseQuery
 	}
 
 	/**

includes/classes/Installer.php

@@ -113,7 +113,7 @@ public function get_install_status() {
 	 * Check if it should use the features selected during the install to update the settings.
 	 */
 	public function maybe_set_features() {
-		if ( empty( $_POST['ep_install_page_nonce'] ) || ! wp_verify_nonce( $_POST['ep_install_page_nonce'], 'ep_install_page' ) ) {
+		if ( empty( $_POST['ep_install_page_nonce'] ) || ! wp_verify_nonce( sanitize_key( $_POST['ep_install_page_nonce'] ), 'ep_install_page' ) ) {
 			return;
 		}
 

includes/classes/Screen.php

@@ -86,7 +86,7 @@ public function determine_screen() {
 		}
 
 		// phpcs:disable WordPress.Security.NonceVerification
-		if ( ! empty( $_GET['page'] ) && false !== strpos( $_GET['page'], 'elasticpress' ) ) {
+		if ( ! empty( $_GET['page'] ) && false !== strpos( sanitize_key( $_GET['page'] ), 'elasticpress' ) ) {
 			$install_status = Installer::factory()->get_install_status();
 
 			$this->screen = 'install';

includes/classes/Screen/StatusReport.php

@@ -106,8 +106,11 @@ public function get_reports() : array {
 		 */
 		$filtered_reports = apply_filters( 'ep_status_report_reports', $reports );
 
-		$skipped_reports = ! empty( $_GET['ep-skip-reports'] ) ? (array) $_GET['ep-skip-reports'] : []; // phpcs:ignore WordPress.Security.NonceVerification
-		$skipped_reports = array_map( 'sanitize_text_field', $skipped_reports );
+		// phpcs:disable WordPress.Security.NonceVerification
+		$skipped_reports = isset( $_GET['ep-skip-reports'] ) ?
+			array_map( 'sanitize_text_field', (array) wp_unslash( $_GET['ep-skip-reports'] ) ) :
+			[];
+		// phpcs:enable WordPress.Security.NonceVerification
 
 		$filtered_reports = array_filter(
 			$filtered_reports,

includes/classes/StatusReport/FailedQueries.php

@@ -132,7 +132,7 @@ public function get_actions() : array {
 	 * If a nonce is present, clear the logs
 	 */
 	protected function maybe_clear_logs() {
-		if ( empty( $_GET['_wpnonce'] ) || ! wp_verify_nonce( $_GET['_wpnonce'], 'ep-clear-logged-queries' ) ) { // phpcs:ignore WordPress.Security.NonceVerification
+		if ( empty( $_GET['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( $_GET['_wpnonce'] ), 'ep-clear-logged-queries' ) ) { // phpcs:ignore WordPress.Security.NonceVerification
 			return;
 		}
 

includes/classes/Upgrades.php

@@ -148,13 +148,15 @@ public function upgrade_3_6_6() {
 			return;
 		}
 
+		// phpcs:disable WordPress.DB.DirectDatabaseQuery
 		$synonyms_example_ids = $wpdb->get_col(
 			$wpdb->prepare(
 				"SELECT ID FROM {$wpdb->posts} WHERE post_type = %s AND post_content = %s LIMIT 100",
 				$synonyms::POST_TYPE_NAME,
 				$synonyms->example_synonym_list()
 			)
 		);
+		// phpcs:enable WordPress.DB.DirectDatabaseQuery
 
 		if ( ! $synonyms_example_ids ) {
 			return;