Fix issues for WordPress.org release #77
No reviewers
Labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: Event-Federation/wordpress-event-bridge-for-activitypub#77
Loading…
Reference in a new issue
No description provided.
Delete branch "wp_org_fix"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Analysis result:
This plugin is using the prefix "activitypub" for 16 element(s).
Looks like there is an element not using common prefixes.
includes/plugins/class-modern-events-calendar-lite.php:41 apply_filters('mec_post_type_name', 'mec-events');
Allowing Direct File Access to plugin files
Direct file access is when someone directly queries your file. This can be done by simply entering the complete path to the file in the URL bar of the browser but can also be done by doing a POST request directly to the file. For files that only contain a PHP class the risk of something funky happening when directly accessed is pretty small. For files that contain procedural code, functions and function calls, the chance of security risks is a lot bigger.
You can avoid this by putting this code at the top of all PHP files that could potentially execute code if accessed directly :
Example(s) from your plugin:
templates/admin-header.php:9