Closed amberhinds closed 2 years ago
Hello again @amberhinds—thanks for reporting this!
:memo: As a friendly note for the future, I'd ask first of all that you report any other security issues via HackerOne. This is our preferred way to handle possible security issues (and I'll make a note to update our readme file to make this clearer, as I don't think we currently cover this).
Running through those specific issues:
wc_help_tip()
within an escaping function, because the function itself returns HTML. Similar to a previous issue, though, we could certainly add a // phpcs:ignore <rule>
style comment to reassure PHPCS.esc_html()
.esc_html()
.esc_html()
.If you are interested in submitting a pull request we'd definitely appreciate it, or else we'll aim to circle back on our side and fix these up.
Opened a PR here #761 to address these issues.
https://github.com/woocommerce/action-scheduler/pull/761 is merged, closing.
Hello!
We've included Action Scheduler in one of our plugins (thank you!) and while doing security audits on our plugin, identified problems related to Action Scheduler.
We ran the plugin through WP Engine's linting test which helps identify best practices and potential problems. For this process, we are using PHP Codesniffer with rules derived from both the WordPress Coding Standards and PHPCompatibility rulesets. Below is a detailed line-by-line report of the sniff violation.
Can you please let me know if these are actual errors that require fixes? If so, we may be able to submit a pull request with fixes.