From 199becfba308a730edb70fb0c4eee3d9d47606bc Mon Sep 17 00:00:00 2001 From: Brad Parbs Date: Wed, 17 Mar 2021 12:20:05 -0500 Subject: [PATCH 1/2] Update phpcs ignore statements --- comments.php | 2 +- inc/extras.php | 3 ++- inc/hooks.php | 4 ++-- inc/scripts.php | 2 +- inc/template-tags.php | 10 +++++----- template-parts/content-password-protected.php | 2 +- template-parts/scaffolding/scaffolding-globals.php | 4 ++-- 7 files changed, 14 insertions(+), 13 deletions(-) diff --git a/comments.php b/comments.php index 485b11b38..cd1cf5c34 100644 --- a/comments.php +++ b/comments.php @@ -29,7 +29,7 @@ ?>

get_var( $wpdb->prepare( "SELECT wposts.ID FROM $wpdb->posts wposts, $wpdb->postmeta wpostmeta WHERE wposts.ID = wpostmeta.post_id AND wpostmeta.meta_key = '_wp_attached_file' AND wpostmeta.meta_value = %s AND wposts.post_type = 'attachment'", $attachment_url ) ); // WPCS db call ok, cache ok, placeholder ok. + // phpcs:ignore phpcs:ignore WordPress.DB + $attachment_id = $wpdb->get_var( $wpdb->prepare( "SELECT wposts.ID FROM $wpdb->posts wposts, $wpdb->postmeta wpostmeta WHERE wposts.ID = wpostmeta.post_id AND wpostmeta.meta_key = '_wp_attached_file' AND wpostmeta.meta_value = %s AND wposts.post_type = 'attachment'", $attachment_url ) ); } return $attachment_id; diff --git a/inc/hooks.php b/inc/hooks.php index af780c209..8f0457e18 100644 --- a/inc/hooks.php +++ b/inc/hooks.php @@ -177,7 +177,7 @@ function _s_display_customizer_header_scripts() { } // Otherwise, echo the scripts! - echo _s_get_the_content( $scripts ); // WPCS XSS OK. + echo _s_get_the_content( $scripts ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped } add_action( 'wp_head', '_s_display_customizer_header_scripts', 999 ); @@ -198,7 +198,7 @@ function _s_display_customizer_footer_scripts() { } // Otherwise, echo the scripts! - echo _s_get_the_content( $scripts ); // WPCS XSS OK. + echo _s_get_the_content( $scripts ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped } add_action( 'wp_footer', '_s_display_customizer_footer_scripts', 999 ); diff --git a/inc/scripts.php b/inc/scripts.php index 50c05a078..1b0ca26c1 100644 --- a/inc/scripts.php +++ b/inc/scripts.php @@ -19,7 +19,7 @@ function _s_scripts() { /** * If WP is in script debug, or we pass ?script_debug in a URL - set debug to true. */ - $debug = ( defined( 'SCRIPT_DEBUG' ) && true === SCRIPT_DEBUG ) || ( isset( $_GET['script_debug'] ) ) ? true : false; // WPCS: CSRF OK. + $debug = ( defined( 'SCRIPT_DEBUG' ) && true === SCRIPT_DEBUG ) || ( isset( $_GET['script_debug'] ) ) ? true : false; // phpcs:ignore WordPress.Security.NonceVerification /** * If we are debugging the site, use a unique version every page load so as to ensure no cache issues. diff --git a/inc/template-tags.php b/inc/template-tags.php index f608836a0..77a265195 100644 --- a/inc/template-tags.php +++ b/inc/template-tags.php @@ -38,7 +38,7 @@ function _s_posted_on() { '' . esc_html( get_the_author() ) . '' ); - echo '' . $posted_on . ' ' . $byline . ''; // WPCS: XSS OK. + echo '' . $posted_on . ' ' . $byline . ''; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped } /** @@ -53,14 +53,14 @@ function _s_entry_footer() { $categories_list = get_the_category_list( esc_html__( ', ', '_s' ) ); if ( $categories_list && _s_categorized_blog() ) { /* translators: the post category */ - printf( '' . esc_html__( 'Posted in %1$s', '_s' ) . '', $categories_list ); // WPCS: XSS OK. + printf( '' . esc_html__( 'Posted in %1$s', '_s' ) . '', $categories_list ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped } /* translators: used between list items, there is a space after the comma */ $tags_list = get_the_tag_list( '', esc_html__( ', ', '_s' ) ); if ( $tags_list ) { /* translators: the post tags */ - printf( '' . esc_html__( 'Tagged %1$s', '_s' ) . '', $tags_list ); // WPCS: XSS OK. + printf( '' . esc_html__( 'Tagged %1$s', '_s' ) . '', $tags_list ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped } } @@ -299,7 +299,7 @@ function _s_display_social_network_links() { ?> @@ -349,7 +349,7 @@ function _s_display_numeric_pagination( $args = array(), $query = null ) { ?>
- +
diff --git a/template-parts/scaffolding/scaffolding-globals.php b/template-parts/scaffolding/scaffolding-globals.php index 07d407cac..11fb54589 100644 --- a/template-parts/scaffolding/scaffolding-globals.php +++ b/template-parts/scaffolding/scaffolding-globals.php @@ -14,7 +14,7 @@ 'colors', 'title' => 'Colors', 'arguments' => array( @@ -29,7 +29,7 @@ // Theme fonts. _s_display_global_scaffolding_section( - array( // WPCS: XSS OK. + array( // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped 'global_type' => 'fonts', 'title' => 'Fonts', 'arguments' => array( From 35d0086c8948f2234cda5db33ec5355464a78dec Mon Sep 17 00:00:00 2001 From: Brad Parbs Date: Thu, 18 Mar 2021 08:57:01 -0500 Subject: [PATCH 2/2] Update phpcs ignore statements --- comments.php | 6 +++--- inc/extras.php | 2 +- inc/hooks.php | 6 ++++-- inc/scripts.php | 4 ++-- inc/template-tags.php | 17 ++++++++++++----- template-parts/content-password-protected.php | 5 ++++- .../scaffolding/scaffolding-globals.php | 4 ++-- 7 files changed, 28 insertions(+), 16 deletions(-) diff --git a/comments.php b/comments.php index cd1cf5c34..f84739f22 100644 --- a/comments.php +++ b/comments.php @@ -29,11 +29,11 @@ ?>

' . get_the_title() . '' + number_format_i18n( get_comments_number() ), // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- XSS OK. + '' . get_the_title() . '' // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- XSS OK. ); ?>

diff --git a/inc/extras.php b/inc/extras.php index 6a0b61fa5..595a04377 100644 --- a/inc/extras.php +++ b/inc/extras.php @@ -64,7 +64,7 @@ function _s_get_attachment_id_from_url( $attachment_url = '' ) { $attachment_url = str_replace( $upload_dir_paths['baseurl'] . '/', '', $attachment_url ); // Do something with $result. - // phpcs:ignore phpcs:ignore WordPress.DB + // phpcs:ignore phpcs:ignore WordPress.DB -- db call ok, cache ok, placeholder ok. $attachment_id = $wpdb->get_var( $wpdb->prepare( "SELECT wposts.ID FROM $wpdb->posts wposts, $wpdb->postmeta wpostmeta WHERE wposts.ID = wpostmeta.post_id AND wpostmeta.meta_key = '_wp_attached_file' AND wpostmeta.meta_value = %s AND wposts.post_type = 'attachment'", $attachment_url ) ); } diff --git a/inc/hooks.php b/inc/hooks.php index 8f0457e18..ddb444a28 100644 --- a/inc/hooks.php +++ b/inc/hooks.php @@ -177,7 +177,8 @@ function _s_display_customizer_header_scripts() { } // Otherwise, echo the scripts! - echo _s_get_the_content( $scripts ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- XSS OK. + echo _s_get_the_content( $scripts ); } add_action( 'wp_head', '_s_display_customizer_header_scripts', 999 ); @@ -198,7 +199,8 @@ function _s_display_customizer_footer_scripts() { } // Otherwise, echo the scripts! - echo _s_get_the_content( $scripts ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- XSS OK. + echo _s_get_the_content( $scripts ); } add_action( 'wp_footer', '_s_display_customizer_footer_scripts', 999 ); diff --git a/inc/scripts.php b/inc/scripts.php index 1b0ca26c1..4c731eff3 100644 --- a/inc/scripts.php +++ b/inc/scripts.php @@ -19,8 +19,8 @@ function _s_scripts() { /** * If WP is in script debug, or we pass ?script_debug in a URL - set debug to true. */ - $debug = ( defined( 'SCRIPT_DEBUG' ) && true === SCRIPT_DEBUG ) || ( isset( $_GET['script_debug'] ) ) ? true : false; // phpcs:ignore WordPress.Security.NonceVerification - + // phpcs:ignore WordPress.Security.NonceVerification -- CSRF OK + $debug = ( defined( 'SCRIPT_DEBUG' ) && true === SCRIPT_DEBUG ) || ( isset( $_GET['script_debug'] ) ) ? true : false; /** * If we are debugging the site, use a unique version every page load so as to ensure no cache issues. */ diff --git a/inc/template-tags.php b/inc/template-tags.php index 77a265195..6d2dfb51a 100644 --- a/inc/template-tags.php +++ b/inc/template-tags.php @@ -38,7 +38,8 @@ function _s_posted_on() { '' . esc_html( get_the_author() ) . '' ); - echo '' . $posted_on . ' ' . $byline . ''; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- XSS OK. + echo '' . $posted_on . ' ' . $byline . ''; } /** @@ -52,15 +53,17 @@ function _s_entry_footer() { /* translators: used between list items, there is a space after the comma */ $categories_list = get_the_category_list( esc_html__( ', ', '_s' ) ); if ( $categories_list && _s_categorized_blog() ) { + /* translators: the post category */ - printf( '' . esc_html__( 'Posted in %1$s', '_s' ) . '', $categories_list ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + printf( '' . esc_html__( 'Posted in %1$s', '_s' ) . '', $categories_list ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- XSS OK. } /* translators: used between list items, there is a space after the comma */ $tags_list = get_the_tag_list( '', esc_html__( ', ', '_s' ) ); if ( $tags_list ) { + /* translators: the post tags */ - printf( '' . esc_html__( 'Tagged %1$s', '_s' ) . '', $tags_list ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + printf( '' . esc_html__( 'Tagged %1$s', '_s' ) . '', $tags_list ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- XSS OK. } } @@ -299,7 +302,8 @@ function _s_display_social_network_links() { ?> @@ -349,7 +353,10 @@ function _s_display_numeric_pagination( $args = array(), $query = null ) { ?>
- +
diff --git a/template-parts/scaffolding/scaffolding-globals.php b/template-parts/scaffolding/scaffolding-globals.php index 11fb54589..d4e034fc3 100644 --- a/template-parts/scaffolding/scaffolding-globals.php +++ b/template-parts/scaffolding/scaffolding-globals.php @@ -14,7 +14,7 @@ 'colors', 'title' => 'Colors', 'arguments' => array( @@ -29,7 +29,7 @@ // Theme fonts. _s_display_global_scaffolding_section( - array( // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + array( 'global_type' => 'fonts', 'title' => 'Fonts', 'arguments' => array(