diff --git a/Puc/v5p0/DebugBar/Panel.php b/Puc/v5p0/DebugBar/Panel.php
index 3a46cf3..c9f6476 100644
--- a/Puc/v5p0/DebugBar/Panel.php
+++ b/Puc/v5p0/DebugBar/Panel.php
@@ -160,11 +160,18 @@ if ( !class_exists(Panel::class, false) && class_exists('Debug_Bar_Panel', false
public function row($name, $value) {
if ( is_object($value) || is_array($value) ) {
+ //This is specifically for debugging, so print_r() is fine.
+ //phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_print_r
$value = '' . htmlentities(print_r($value, true)) . '
';
} else if ($value === null) {
$value = 'null';
}
- printf('| %1$s | %2$s |
|---|
', $name, $value);
+ printf(
+ '| %1$s | %2$s |
|---|
',
+ esc_html($name),
+ //phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Escaped above.
+ $value
+ );
}
}
diff --git a/Puc/v5p0/Scheduler.php b/Puc/v5p0/Scheduler.php
index 6698ed6..1bff943 100644
--- a/Puc/v5p0/Scheduler.php
+++ b/Puc/v5p0/Scheduler.php
@@ -49,6 +49,7 @@ if ( !class_exists(Scheduler::class, false) ):
} else {
//Use a custom cron schedule.
$scheduleName = 'every' . $this->checkPeriod . 'hours';
+ //phpcs:ignore WordPress.WP.CronInterval.ChangeDetected -- WPCS fails to parse the callback.
add_filter('cron_schedules', array($this, '_addCustomSchedule'));
}
@@ -79,6 +80,7 @@ if ( !class_exists(Scheduler::class, false) ):
//Like WordPress itself, we check more often on certain pages.
/** @see wp_update_plugins */
add_action('load-update-core.php', array($this, 'maybeCheckForUpdates'));
+ //phpcs:ignore Squiz.PHP.CommentedOutCode.Found -- Not actually code, just file names.
//"load-update.php" and "load-plugins.php" or "load-themes.php".
$this->hourlyCheckHooks = array_merge($this->hourlyCheckHooks, $hourlyHooks);
foreach($this->hourlyCheckHooks as $hook) {
diff --git a/Puc/v5p0/UpdateChecker.php b/Puc/v5p0/UpdateChecker.php
index 0da5db5..2c5c901 100644
--- a/Puc/v5p0/UpdateChecker.php
+++ b/Puc/v5p0/UpdateChecker.php
@@ -9,7 +9,7 @@ if ( !class_exists(UpdateChecker::class, false) ):
abstract class UpdateChecker {
protected $filterSuffix = '';
protected $updateTransient = '';
- protected $translationType = ''; //"plugin" or "theme".
+ protected $translationType = ''; //This can be "plugin" or "theme".
/**
* Set to TRUE to enable error reporting. Errors are raised using trigger_error()
@@ -660,7 +660,7 @@ if ( !class_exists(UpdateChecker::class, false) ):
//Various options for the wp_remote_get() call. Plugins can filter these, too.
$options = array(
- 'timeout' => 10, //seconds
+ 'timeout' => wp_doing_cron() ? 10 : 3,
'headers' => array(
'Accept' => 'application/json',
),
diff --git a/Puc/v5p0/UpgraderStatus.php b/Puc/v5p0/UpgraderStatus.php
index f95100d..be14268 100644
--- a/Puc/v5p0/UpgraderStatus.php
+++ b/Puc/v5p0/UpgraderStatus.php
@@ -11,7 +11,7 @@ if ( !class_exists(UpgraderStatus::class, false) ):
* This class uses a few workarounds and heuristics to get the file name.
*/
class UpgraderStatus {
- private $currentType = null; //"plugin" or "theme".
+ private $currentType = null; //This must be either "plugin" or "theme".
private $currentId = null; //Plugin basename or theme directory name.
public function __construct() {
diff --git a/Puc/v5p0/Vcs/BitBucketApi.php b/Puc/v5p0/Vcs/BitBucketApi.php
index 13677db..ea3c51a 100644
--- a/Puc/v5p0/Vcs/BitBucketApi.php
+++ b/Puc/v5p0/Vcs/BitBucketApi.php
@@ -210,7 +210,7 @@ if ( !class_exists(BitBucketApi::class, false) ):
$url = $this->oauth->sign($url,'GET');
}
- $options = array('timeout' => 10);
+ $options = array('timeout' => wp_doing_cron() ? 10 : 3);
if ( !empty($this->httpFilterName) ) {
$options = apply_filters($this->httpFilterName, $options);
}
diff --git a/Puc/v5p0/Vcs/GitHubApi.php b/Puc/v5p0/Vcs/GitHubApi.php
index c8bd429..0a20c78 100644
--- a/Puc/v5p0/Vcs/GitHubApi.php
+++ b/Puc/v5p0/Vcs/GitHubApi.php
@@ -248,7 +248,7 @@ if ( !class_exists(GitHubApi::class, false) ):
$baseUrl = $url;
$url = $this->buildApiUrl($url, $queryParams);
- $options = array('timeout' => 10);
+ $options = array('timeout' => wp_doing_cron() ? 10 : 3);
if ( $this->isAuthenticationEnabled() ) {
$options['headers'] = array('Authorization' => $this->getAuthorizationHeader());
}
diff --git a/Puc/v5p0/Vcs/GitLabApi.php b/Puc/v5p0/Vcs/GitLabApi.php
index f71aa97..965a17c 100644
--- a/Puc/v5p0/Vcs/GitLabApi.php
+++ b/Puc/v5p0/Vcs/GitLabApi.php
@@ -260,7 +260,7 @@ if ( !class_exists(GitLabApi::class, false) ):
$baseUrl = $url;
$url = $this->buildApiUrl($url, $queryParams);
- $options = array('timeout' => 10);
+ $options = array('timeout' => wp_doing_cron() ? 10 : 3);
if ( !empty($this->httpFilterName) ) {
$options = apply_filters($this->httpFilterName, $options);
}
diff --git a/js/debug-bar.js b/js/debug-bar.js
index 9cb65a0..80f53f1 100644
--- a/js/debug-bar.js
+++ b/js/debug-bar.js
@@ -14,6 +14,8 @@ jQuery(function($) {
_wpnonce: panel.data('nonce')
},
function(data) {
+ //The response contains HTML that should already be escaped in server-side code.
+ //phpcs:ignore WordPressVIPMinimum.JS.HTMLExecutingFunctions.html
responseBox.html(data);
},
'html'
diff --git a/phpcs.xml b/phpcs.xml
new file mode 100644
index 0000000..e8260b9
--- /dev/null
+++ b/phpcs.xml
@@ -0,0 +1,21 @@
+
+
+ PHPCS settings for Plugin Update Checker
+
+
+
+
+
+
+
+ ./
+
+
+
+
+
+
+
+
+ ^vendor/*
+