PluginScore

Lord of the Files: Enhanced Upload Security

This plugin expands file-related security and sanity around the upload process.

v1.4.2BlobfolioUpdated Added 1k+ installs100% rating
SVGfile validationmimesecurity pluginupload security
35
Score
62
Errors
42
Warnings
+0
Change

Category Scores

Security15
Repo63
Performance100
Maintainability73

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

104 findings

Maintainability

40

7 issue groups

Security

28

5 issue groups

I18n

25

5 issue groups

Supply Chain

10

1 issue group

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$data".18
Category
Maintainability
Occurrences
18
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$data".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$id'.16
Category
Security
Occurrences
16
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$id'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
ERRORI18nMissing Translators CommentA function call to esc_html__() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.14
Category
I18n
Occurrences
14
Severity
error

Sample message

A function call to esc_html__() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsCommentReference
ERRORSupply ChainCompressed files includedCompressed files are not permitted.10
Category
Supply Chain
Occurrences
10
Severity
error

Sample message

Compressed files are not permitted.

compressed_files
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;9
Category
Maintainability
Occurrences
9
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
WARNINGMaintainabilityerror log error logerror_log() found. Debug code should not normally be used in production.7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_error_log
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.5
Category
Security
Occurrences
5
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
ERRORI18nNon Singular String Literal TextThe $text parameter must be a single text string literal. Found: static::SUCCESS4
Category
I18n
Occurrences
4
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: static::SUCCESS

WordPress.WP.I18n.NonSingularStringLiteralTextReference
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.3
Category
Security
Occurrences
3
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_FILES['file']['name']3
Category
Security
Occurrences
3
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_FILES['file']['name']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
Show 9 more
ERRORI18nUnordered Placeholders Text3
Category
I18n
Occurrences
3
Severity
error

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in '%s requires the %s PHP extension. It has been automatically deactivated for you.'.

WordPress.WP.I18n.UnorderedPlaceholdersTextReference
WARNINGI18nDiscouraged text-domain loading2
Category
I18n
Occurrences
2
Severity
warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFoundReference
WARNINGMaintainabilityDynamic hook name2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$filter".

WordPress.NamingConventions.PrefixAllGlobals.DynamicHooknameFound
ERRORMaintainabilitystrip tags strip tags2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.

WordPress.WP.AlternativeFunctions.strip_tags_strip_tags
ERRORI18nMissing Arg Domain2
Category
I18n
Occurrences
2
Severity
error

Sample message

Missing $domain parameter in function call to esc_html__().

WordPress.WP.I18n.MissingArgDomainReference
WARNINGMaintainabilityNon-prefixed constant1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "GETID3_TEMP_DIR".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound
WARNINGSecurityInput is not validated1
Category
Security
Occurrences
1
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_FILES['file']['name']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
ERRORMaintainabilityunlink unlink1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

unlink() is discouraged. Use wp_delete_file() to delete a file.

WordPress.WP.AlternativeFunctions.unlink_unlink
ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 6.8 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

outdated_tested_upto_headerReference

External Connections

Potential connections found in static code analysis.

19 domains

Outbound calls

46

External assets

1

Incoming endpoints

0

Notable Domains

raw.githubusercontent.com6 · outbound
iana.org3 · outbound
apache.org2 · outbound
cgit.freedesktop.org2 · outbound
developer.mozilla.org2 · outbound
hg.nginx.org2 · outbound

Platform / Reference Domains

github.com8 · platform/reference
wordpress.org5 · platform/reference
w3.org4 · platform/reference
core.trac.wordpress.org2 · platform/reference
opensource.org2 · platform/reference
developer.wordpress.org1 · platform/reference

External Asset Domains

assets-cdn.github.com1 · asset

Incoming Endpoints

No public endpoints detected.

Score History

First score snapshot

v1.4.2

35

Latest

Findings
104
Errors
62
Warnings
42
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins

Add MIME Types

50k+ active installs

100
Icon Separator

1k+ active installs

100
Easy SVG Support

40k+ active installs

99
SVG Block

4k+ active installs

99
The Icon Block

30k+ active installs

99
Disable Real MIME Check

10k+ active installs

98