Updated Coding Standards

Kit · Feb 24, 2025 · f8ae8a9 · f8ae8a9
1 parent bdb76e2
commit f8ae8a9
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 13 deletions.
diff --git a/admin/class-convertkit-mm-admin.php b/admin/class-convertkit-mm-admin.php
@@ -102,7 +102,7 @@ private function maybe_get_and_store_access_token() {
 		if ( ! array_key_exists( 'page', $_REQUEST ) ) {  // phpcs:ignore WordPress.Security.NonceVerification
 			return;
 		}
-		if ( sanitize_text_field( $_REQUEST['page'] ) !== 'convertkit-mm' ) {  // phpcs:ignore WordPress.Security.NonceVerification
+		if ( sanitize_text_field( wp_unslash( $_REQUEST['page'] ) ) !== 'convertkit-mm' ) {  // phpcs:ignore WordPress.Security.NonceVerification
 			return;
 		}
 
@@ -112,7 +112,7 @@ private function maybe_get_and_store_access_token() {
 		}
 
 		// Sanitize token.
-		$authorization_code = sanitize_text_field( $_REQUEST['code'] ); // phpcs:ignore WordPress.Security.NonceVerification
+		$authorization_code = sanitize_text_field( wp_unslash( $_REQUEST['code'] ) ); // phpcs:ignore WordPress.Security.NonceVerification
 
 		// Exchange the authorization code and verifier for an access token.
 		$api    = new ConvertKit_MM_API( CONVERTKIT_MM_OAUTH_CLIENT_ID, CONVERTKIT_MM_OAUTH_CLIENT_REDIRECT_URI );
@@ -167,7 +167,7 @@ private function check_credentials() {
 		if ( ! array_key_exists( 'page', $_REQUEST ) ) {  // phpcs:ignore WordPress.Security.NonceVerification
 			return;
 		}
-		if ( sanitize_text_field( $_REQUEST['page'] ) !== 'convertkit-mm' ) {  // phpcs:ignore WordPress.Security.NonceVerification
+		if ( sanitize_text_field( wp_unslash( $_REQUEST['page'] ) ) !== 'convertkit-mm' ) {  // phpcs:ignore WordPress.Security.NonceVerification
 			return;
 		}
 
@@ -230,7 +230,7 @@ private function maybe_disconnect() {
 		if ( ! array_key_exists( 'page', $_REQUEST ) ) {  // phpcs:ignore WordPress.Security.NonceVerification
 			return;
 		}
-		if ( sanitize_text_field( $_REQUEST['page'] ) !== 'convertkit-mm' ) {  // phpcs:ignore WordPress.Security.NonceVerification
+		if ( sanitize_text_field( wp_unslash( $_REQUEST['page'] ) ) !== 'convertkit-mm' ) {  // phpcs:ignore WordPress.Security.NonceVerification
 			return;
 		}
 
@@ -297,7 +297,7 @@ public function on_settings_screen() {
 		if ( ! array_key_exists( 'page', $_REQUEST ) ) {
 			return false;
 		}
-		if ( sanitize_text_field( $_REQUEST['page'] ) !== 'convertkit-mm' ) {
+		if ( sanitize_text_field( wp_unslash( $_REQUEST['page'] ) ) !== 'convertkit-mm' ) {
 			return false;
 		}
 		// phpcs:enable
@@ -1058,7 +1058,7 @@ private function get_mm_membership_levels() {
 			return $levels;
 		}
 
-		$result = $wpdb->get_results( 'SELECT id, name, status FROM ' . MM_TABLE_MEMBERSHIP_LEVELS, OBJECT ); // phpcs:ignore WordPress.DB.PreparedSQL
+		$result = $wpdb->get_results( 'SELECT id, name, status FROM ' . MM_TABLE_MEMBERSHIP_LEVELS, OBJECT ); // phpcs:ignore WordPress.DB
 
 		foreach ( $result as $_level ) {
 			$levels[ $_level->id ] = $_level->name;
@@ -1084,7 +1084,7 @@ private function get_mm_products() {
 			return $products;
 		}
 
-		$result = $wpdb->get_results( 'SELECT id, name FROM ' . MM_TABLE_PRODUCTS, OBJECT ); // phpcs:ignore WordPress.DB.PreparedSQL
+		$result = $wpdb->get_results( 'SELECT id, name FROM ' . MM_TABLE_PRODUCTS, OBJECT ); // phpcs:ignore WordPress.DB
 
 		foreach ( $result as $product ) {
 			$products[ $product->id ] = $product->name;
@@ -1110,7 +1110,7 @@ private function get_mm_bundles() {
 			return $bundles;
 		}
 
-		$result = $wpdb->get_results( 'SELECT id, name FROM ' . MM_TABLE_BUNDLES, OBJECT ); // phpcs:ignore WordPress.DB.PreparedSQL
+		$result = $wpdb->get_results( 'SELECT id, name FROM ' . MM_TABLE_BUNDLES, OBJECT ); // phpcs:ignore WordPress.DB
 
 		foreach ( $result as $bundle ) {
 			$bundles[ $bundle->id ] = $bundle->name;

diff --git a/phpcs.xml b/phpcs.xml
@@ -10,8 +10,8 @@
 	<!-- Exclude minified Javascript files. -->
 	<exclude-pattern>*.min.js</exclude-pattern>
 
-	<!-- Check that code meets WordPress-Extra standards. -->
-	<rule ref="WordPress-Extra">
+	<!-- Check that code meets WordPress standards - this includes core, docs and extra. -->
+	<rule ref="WordPress">
 		<!--
 		We may want a middle ground though. The best way to do this is add the
 		entire ruleset, then rule by rule, remove ones that don't suit a project.
@@ -29,13 +29,11 @@
 		<exclude name="WordPress.Security.EscapeOutput"/>
 		-->
 		<exclude name="WordPress.PHP.YodaConditions" />
+		<exclude name="WordPress.DB.SlowDBQuery.slow_db_query_meta_query" />
 		<exclude name="PSR2.Methods.FunctionClosingBrace.SpacingBeforeClose" />
 		<exclude name="PSR2.Classes.ClassDeclaration.CloseBraceAfterBody" />
 	</rule>
 
-	<!-- Check that code is documented to WordPress Standards. -->
-	<rule ref="WordPress-Docs"/>
-
 	<!-- Add in some extra rules from other standards. -->
 	<rule ref="Generic.CodeAnalysis.UnusedFunctionParameter"/>
 	<rule ref="Generic.Commenting.Todo"/>