Closed rebeccahum closed 4 years ago
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).
:memo: Please visit https://cla.developers.google.com/ to sign.
Once you've signed (or fixed any issues), please reply here with @googlebot I signed it!
and we'll verify it.
ℹ️ Googlers: Go here for more info.
@googlebot I signed it!
Thanks for the feedback @swissspidy. Are we good to go on this?
@rebeccahum Almost! WordPress.Security.EscapeOutput.OutputNotEscaped
now flags that the output of phpversion()
is not escaped.
@swissspidy That's a false positive. We typically don't recommend escaping on built-in PHP functions (as the output cannot be modified by any hooks).
That's a false positive. We typically don't recommend escaping on built-in PHP functions (as the output cannot be modified by any hooks).
Then let's use // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
to make PHPCS happy.
@swissspidy Done, thanks!
For more information, see: https://vip.wordpress.com/documentation/vip-go/code-review-blockers-warnings-notices/#validation-sanitization-and-escaping
Summary
This PR can be summarized in the following changelog entry:
Relevant technical choices
For more information, see: https://vip.wordpress.com/documentation/vip-go/code-review-blockers-warnings-notices/#validation-sanitization-and-escaping
Checklist: