Closed david-binda closed 6 years ago
Is this something that would better be addressed upstream in WPCS? Or is it from code in VIPCS?
$ cat test.php
<?php
wp_verify_nonce( $_POST['my_modules_nonce'], 'metro_modules' );
$ phpcs --standard=WordPressVIPMinimum ./test.php -s
FILE: /home/wpcom/public_html/test.php
--------------------------------------------------------------------------------------------------------------------------------------------------
FOUND 2 ERRORS AND 1 WARNING AFFECTING 1 LINE
--------------------------------------------------------------------------------------------------------------------------------------------------
3 | WARNING | Detected access of super global var $_POST, probably needs manual inspection. (WordPress.VIP.SuperGlobalInputUsage.AccessDetected)
3 | ERROR | Detected usage of a non-validated input variable: $_POST (WordPress.VIP.ValidatedSanitizedInput.InputNotValidated)
3 | ERROR | Detected usage of a non-sanitized input variable: $_POST (WordPress.VIP.ValidatedSanitizedInput.InputNotSanitized)
--------------------------------------------------------------------------------------------------------------------------------------------------
Time: 49ms; Memory: 6Mb
Feels like it might be better addressed upstream.
Feels like it might be better addressed upstream.
https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/issues/1508
wp_verify_nonce
should not produce Detected usage of a non-sanitized input variable error.Eg.:
wp_verify_nonce( $_POST['my_modules_nonce'], 'metro_modules' )
is totally valid.EDIT: should not even produce
Detected access of super global var $_POST, probably needs manual inspection.