CaioAndersonMM
commented
3 months ago - Normativas aplicadas.
- Prefixos comum e correção do plugin_slug.
- Aplicação do wp_enqueue_script() para os arquivos de css.
Closed emanuellopess closed 1 month ago
CaioAndersonMM
commented
3 months ago CaioAndersonMM
commented
3 months ago Havia fechado a issue, o Abraão me comunicou que não deveria ser fechada
emanuellopess
commented
1 month ago Direct file access is when someone directly queries your file. This can be done by simply entering the complete path to the file in the URL bar of the browser but can also be done by doing a POST request directly to the file. For files that only contain a PHP class the risk of something funky happening when directly accessed is pretty small. For files that contain procedural code, functions and function calls, the chance of security risks is a lot bigger.
You can avoid this by putting this code at the top of all PHP files that could potentially execute code if accessed directly :
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directlyExample(s) from your plugin:
payment-gateway-pix-for-givewp/payment-gateway-pix-for-givewp.php:28
All plugins must have unique function names, namespaces, defines, class and option names. This prevents your plugin from conflicting with other plugins or themes. We need you to update your plugin to use more unique and distinct names.
A good way to do this is with a prefix. For example, if your plugin is called "Easy Custom Post Types" then you could use names like these:
function ecpt_save_post()
class ECPT_Admin{}
namespace ECPT;
update_option( 'ecpt_settings', $settings );
define( 'ECPT_LICENSE', true );
global $ecpt_options;Don't try to use two (2) or three (3) letter prefixes anymore. We host nearly 100-thousand plugins on WordPress.org alone. There are tens of thousands more outside our servers. Believe us, you’re going to run into conflicts.
You also need to avoid the use of _ (double underscores), wp , or _ (single underscore) as a prefix. Those are reserved for WordPress itself. You can use them inside your classes, but not as stand-alone function.
Please remember, if you're using _n() or __() for translation, that's fine. We're only talking about functions you've created for your plugin, not the core functions from WordPress. In fact, those core features are why you need to not use those prefixes in your own plugin! You don't want to break WordPress for your users.
Related to this, using if (!function_exists('NAME')) { around all your functions and classes sounds like a great idea until you realize the fatal flaw. If something else has a function with the same name and their code loads first, your plugin will break. Using if-exists should be reserved for shared libraries only.
Remember: Good prefix names are unique and distinct to your plugin. This will help you and the next person in debugging, as well as prevent conflicts.
Analysis result:
payment-gateway-pix-for-givewp/Includes/PGPFGForGivewpDeactivator.php:3 namespace Lkn\PGPFGForGivewp\Includes payment-gateway-pix-for-givewp/Includes/PGPFGForGivewp.php:3 namespace Lkn\PGPFGForGivewp\Includes payment-gateway-pix-for-givewp/Includes/PGPFGHelperClass.php:3 namespace Lkn\PGPFGForGivewp\Includes payment-gateway-pix-for-givewp/Includes/PGPFGForGivewpLoader.php:3 namespace Lkn\PGPFGForGivewp\Includes payment-gateway-pix-for-givewp/Includes/PGPFGGatewayClass.php:3 namespace Lkn\PGPFGForGivewp\Includes payment-gateway-pix-for-givewp/Includes/PGPFGForGivewpActivator.php:3 namespace Lkn\PGPFGForGivewp\Includes payment-gateway-pix-for-givewp/Includes/PGPFGForGivewpi18n.php:3 namespace Lkn\PGPFGForGivewp\Includes payment-gateway-pix-for-givewp/Admin/PGPFGForGivewpAdmin.php:3 namespace Lkn\PGPFGForGivewp\Admin payment-gateway-pix-for-givewp/payment-gateway-pix-for-givewp.php:94 function lkn_wc_cielo_plugin_row_meta payment-gateway-pix-for-givewp/Public/PGPFGForGivewpPublic.php:3 namespace Lkn\PGPFGForGivewp\PublicView payment-gateway-pix-for-givewp/Public/PGPFGGatewayClass.php:3 namespace Lkn\PGPFGForGivewp\PublicView
It is not allowed for plugins to change the activation status of other plugins, this is an action that must be performed by the user.
It is also not allowed to interfere with the user's actions when activating or deactivating a plugin, unless that's done to prevent errors (For example: When your plugin depends on another plugin, deactivate your own plugin when that other plugin is not active).
WordPress 6.5 introduces Plugin Dependencies, you can use it to manage dependencies (although it's fine if you use this as a fallback).
From your plugin:
payment-gateway-pix-for-givewp/Includes/PGPFGForGivewp.php:177 deactivate_plugins(PGPFG_PIX_PLUGIN_BASENAME);
Your plugin is not correctly including JS and/or CSS. You should be using the built in functions for this:
When including JavaScript code you can use:
wp_register_script() and [wp_enqueue_script()](https://developer.wordpress.org/reference/functions/wp_enqueue_script/) to add JavaScript code from a file.
[wp_add_inline_script()](https://developer.wordpress.org/reference/functions/wp_add_inline_script/) to add inline JavaScript code to previous declared scripts.When including CSS you can use:
wp_register_style() and [wp_enqueue_style()](https://developer.wordpress.org/reference/functions/wp_enqueue_style/) to add CSS from a file.
[wp_add_inline_style()](https://developer.wordpress.org/reference/functions/wp_add_inline_style/) to add inline CSS to previously declared CSS.Note that as of WordPress 5.7, you can pass attributes like async, nonce, and type by using new functions and filters: https://make.wordpress.org/core/2021/02/23/introducing-script-attributes-related-functions-in-wordpress-5-7/
If you're trying to enqueue on the admin pages you'll want to use the admin enqueues.
https://developer.wordpress.org/reference/hooks/admin_enqueue_scripts/
https://developer.wordpress.org/reference/hooks/admin_print_scripts/
https://developer.wordpress.org/reference/hooks/admin_print_styles/Example(s) from your plugin:
payment-gateway-pix-for-givewp/Public/PGPFGGatewayClass.php:99 payment-gateway-pix-for-givewp/Public/PGPFGGatewayClass.php:100
emanuellopess
commented
1 month ago @helonfranca02 Prioridade a essa issue, plugin está em processo de aprovação pelo wordpress
No publicly documented resource for your compressed content
In reviewing your plugin, we cannot find a non-compiled version of your javascript and/or css related source code.
In order to comply with our guidelines of human-readable code, we require you to include the source code and / or a link to the non-compressed, developer libraries you’ve included in your plugin. If you include a link, this may be in your source code, however we require you to also have it in your readme.
https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/#4-code-must-be-mostly-human-readable
We strongly feel that one of the strengths of open source is the ability to review, observe, and adapt code. By maintaining a public directory of freely available code, we encourage and welcome future developers to engage with WordPress and push it forward.
That said, with the advent of larger and larger plugins using more complex libraries, people are making good use of build tools (such as composer or npm) to generate their distributed production code. In order to balance the need to keep plugin sizes smaller while still encouraging open source development, we require plugins to make the source code to any compressed files available to the public in an easy to find location, by documenting it in the readme.
For example, if you’ve made a Gutenberg plugin and used npm and webpack to compress and minify it, you must either include the source code within the published plugin or provide access to a public maintained source that can be reviewed, studied, and yes, forked.
We strongly recommend you include directions on the use of any build tools to encourage future developers.
From your plugin:
payment-gateway-pix-for-givewp/public/js/qrcode.min.js:1 ...var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this.parsedData=[];for(var b=[],d=0,e=this.data.length;e>d;d++){var f=this.data.charCodeAt(d);f>65536?(b[0]=240|(1835008&f)>...
Use wp_enqueue commands
Your plugin is not correctly including JS and/or CSS. You should be using the built in functions for this:
When including JavaScript code you can use:
When including CSS you can use:
Note that as of WordPress 5.7, you can pass attributes like async, nonce, and type by using new functions and filters: https://make.wordpress.org/core/2021/02/23/introducing-script-attributes-related-functions-in-wordpress-5-7/
If you're trying to enqueue on the admin pages you'll want to use the admin enqueues.
Example(s) from your plugin:
payment-gateway-pix-for-givewp/public/partials/payment-gateway-pix-for-givewp-public-display.php:47 payment-gateway-pix-for-givewp/public/partials/payment-gateway-pix-for-givewp-public-display.php:48
Internationalization: Don't use variables or defines as text, context or text domain parameters.
In order to make a string translatable in your plugin you are using a set of special functions. These functions collectively are known as "gettext".
There is a dedicated team in the WordPress community to translate and help other translating strings of WordPress core, plugins and themes to other languages.
To make them be able to translate this plugin, please do not use variables or function calls for the text, context or text domain parameters of any gettext function, all of them NEED to be strings. Note that the translation parser reads the code without executing it, so it won't be able to read anything that is not a string within these functions.
For example, if your gettext function looks like this... esc_html__( $greetings , 'plugin-slug' ); ...the translator won't be able to see anything to be translated as $greetings is not a string, it is not something that can be translated. You need to give them the string to be translated, so they can see it in the translation system and can translate it, the correct would be as follows... esc_html__( 'Hello, how are you?' , 'plugin-slug' );
This also applies to the translation domain, this is a bad call: esc_html( 'Hello, how are you?' , $plugin_slug ); The fix here would be like this esc_html( 'Hello, how are you?' , 'plugin-slug' ); Also note that the translation domain needs to be the same as your plugin slug.
What if we want to include a dynamic value inside the translation? Easy, you need to add a placeholder which will be part of the string and change it after the gettext function does its magic, you can use printf to do so, like this:
printf(
);
You can read https://developer.wordpress.org/plugins/internationalization/how-to-internationalize-your-plugin/#text-domains for more information.
Example(s) from your plugin:
payment-gateway-pix-for-givewp/public/partials/payment-gateway-pix-for-givewp-public-display.php:24 esc_attr_e($args['pixKey']); payment-gateway-pix-for-givewp/public/partials/payment-gateway-pix-for-givewp-public-display.php:29 esc_attr_e($args['pixName']); payment-gateway-pix-for-givewp/public/partials/payment-gateway-pix-for-givewp-public-display.php:34 esc_attr_e($args['pixCity']); payment-gateway-pix-for-givewp/public/partials/payment-gateway-pix-for-givewp-public-display.php:47 esc_attr_e(PAYMENT_GATEWAY_PIX_PLUGIN_URL); payment-gateway-pix-for-givewp/public/partials/payment-gateway-pix-for-givewp-public-display.php:19 esc_attr_e($args['pixType']); payment-gateway-pix-for-givewp/public/partials/payment-gateway-pix-for-givewp-public-display.php:24 esc_attr_e($args['pixKey']); payment-gateway-pix-for-givewp/public/partials/payment-gateway-pix-for-givewp-public-display.php:39 esc_attr_e($args['pixId']); payment-gateway-pix-for-givewp/public/partials/payment-gateway-pix-for-givewp-public-display.php:39 esc_attr_e($args['pixId']);
... out of a total of 12 incidences.
Internationalization: Text domain does not match plugin slug.
In order to make a string translatable in your plugin you are using a set of special functions. These functions collectively are known as "gettext".
These functions have a parameter called "text domain", which is a unique identifier for retrieving translated strings.
This "text domain" must be the same as your plugin slug so that the plugin can be translated by the community using the tools provided by the directory.As for example, if this plugin slug is penfold-macrame the Internationalization functions should look like: esc_html__('Hello', 'penfold-macrame');
From your plugin, you have set your text domain as follows:
This plugin is using the domain "pix-give" for 3 element(s).
However, the current plugin slug is this:
payment-gateway-pix-for-givewp
Generic function/class/define/namespace/option names
All plugins must have unique function names, namespaces, defines, class and option names. This prevents your plugin from conflicting with other plugins or themes. We need you to update your plugin to use more unique and distinct names.
A good way to do this is with a prefix. For example, if your plugin is called "Easy Custom Post Types" then you could use names like these:
Don't try to use two (2) or three (3) letter prefixes anymore. We host nearly 100-thousand plugins on WordPress.org alone. There are tens of thousands more outside our servers. Believe us, you’re going to run into conflicts.
You also need to avoid the use of _ (double underscores), wp , or _ (single underscore) as a prefix. Those are reserved for WordPress itself. You can use them inside your classes, but not as stand-alone function.
Please remember, if you're using _n() or __() for translation, that's fine. We're only talking about functions you've created for your plugin, not the core functions from WordPress. In fact, those core features are why you need to not use those prefixes in your own plugin! You don't want to break WordPress for your users.
Related to this, using if (!function_exists('NAME')) { around all your functions and classes sounds like a great idea until you realize the fatal flaw. If something else has a function with the same name and their code loads first, your plugin will break. Using if-exists should be reserved for shared libraries only.
Remember: Good prefix names are unique and distinct to your plugin. This will help you and the next person in debugging, as well as prevent conflicts.
Analysis result:
This plugin is using the prefix "payment_gateway" for 11 element(s).
Looks like there are elements not using common prefixes.
payment-gateway-pix-for-givewp/includes/class-payment-gateway-pix-for-givewp-gateway.php:18 class PixGatewayClass payment-gateway-pix-for-givewp/includes/class-payment-gateway-pix-for-givewp-helper.php:17 class PixHelperClass payment-gateway-pix-for-givewp/payment-gateway-pix-for-givewp.php:47 function activate_payment_gateway_pix_for_givewp payment-gateway-pix-for-givewp/payment-gateway-pix-for-givewp.php:57 function deactivate_payment_gateway_pix_for_givewp payment-gateway-pix-for-givewp/payment-gateway-pix-for-givewp.php:81 function run_payment_gateway_pix_for_givewp
Allowing Direct File Access to plugin files
Direct file access is when someone directly queries your file. This can be done by simply entering the complete path to the file in the URL bar of the browser but can also be done by doing a POST request directly to the file. For files that only contain a PHP class the risk of something funky happening when directly accessed is pretty small. For files that contain procedural code, functions and function calls, the chance of security risks is a lot bigger.
You can avoid this by putting this code at the top of all PHP files that could potentially execute code if accessed directly :
Example(s) from your plugin:
payment-gateway-pix-for-givewp/public/partials/payment-gateway-pix-for-givewp-public-display.php:19