Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update with latest VIP checks #563

Merged
merged 1 commit into from
May 3, 2016
Merged

Update with latest VIP checks #563

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 55 additions & 0 deletions WordPress/Sniffs/VIP/RestrictedFunctionsSniff.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -227,7 +227,9 @@ public function getGroups() {
'functions' => array(
'get_adjacent_post',
'get_previous_post',
'get_previous_post_link',
'get_next_post',
'get_next_post_link',
),
),

Expand All @@ -239,6 +241,59 @@ public function getGroups() {
),
),

'get_intermediate_image_sizes' => array(
'type' => 'error',
'message' => 'Intermediate images do not exist on the VIP platform, and thus get_intermediate_image_sizes() returns an empty array() on the platform. This behavior is intentional to prevent WordPress from generating multiple thumbnails when images are uploaded.',
'functions' => array(
'get_intermediate_image_sizes',
),
),

'serialize' => array(
'type' => 'warning',
'message' => '%s Serialized data has <a href=\'https://www.owasp.org/index.php/PHP_Object_Injection\'>known vulnerability problems</a> with Object Injection. JSON is generally a better approach for serializing data.',
'functions' => array(
'serialize',
'unserialize',
),
),

'error_log' => array(
'type' => 'error',
'message' => '%s Debug code is not allowed on VIP Production',
'functions' => array(
'error_log',
'var_dump',
'print_r',
'trigger_error',
'set_error_handler',
),
),

'wp_redirect' => array(
'type' => 'warning',
'message' => '%s Using wp_safe_redirect(), along with the allowed_redirect_hosts filter, can help avoid any chances of malicious redirects within code. It’s also important to remember to call exit() after a redirect so that no other unwanted code is executed.',
'functions' => array(
'wp_redirect',
),
),

'wp_is_mobile' => array(
'type' => 'error',
'message' => '%s When targeting mobile visitors, jetpack_is_mobile() should be used instead of wp_is_mobile. It is more robust and works better with full page caching.',
'functions' => array(
'wp_is_mobile',
),
),

'urlencode' => array(
'type' => 'warning',
'message' => '%s urlencode should only be used when dealing with legacy applications rawurlencode should now de used instead. See http://php.net/manual/en/function.rawurlencode.php and http://www.faqs.org/rfcs/rfc3986.html',
'functions' => array(
'rawurlencode',
),
),

);
}
}//end class