FV Top Level Categories

This is a fix of Top Level Categories plugin for Wordpress 3.1. and above.

v1.9.1FolioVisionUpdated Added 20k+ installs88% rating
56
Score
24
Errors
16
Warnings
+0
Change

Category Scores

Security27
Repo89
Performance100
Maintainability90

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

40 findings

Security

21

5 issue groups

I18n

13

4 issue groups

Maintainability

4

4 issue groups

Repo Compliance

2

2 issue groups

ERRORI18nText Domain MismatchMismatched text domain. Expected 'fv-top-level-cats' but got 'fv_tlc'.10
Category
I18n
Occurrences
10
Severity
error

Sample message

Mismatched text domain. Expected 'fv-top-level-cats' but got 'fv_tlc'.

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.7
Category
Security
Occurrences
7
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_POST['category-allow-enabled']5
Category
Security
Occurrences
5
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_POST['category-allow-enabled']

WARNINGSecurityRequest data is not unslashed$_POST['category-allow-enabled'] not unslashed before sanitization. Use wp_unslash() or similar5
Category
Security
Occurrences
5
Severity
warning

Sample message

$_POST['category-allow-enabled'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecuritywp redirect wp redirectwp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.2
Category
Security
Occurrences
2
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_SERVER['HTTP_HOST']. Check that the array index exists before using it.2
Category
Security
Occurrences
2
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_SERVER['HTTP_HOST']. Check that the array index exists before using it.

WARNINGI18nDiscouraged text-domain loadingload_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.1
Category
I18n
Occurrences
1
Severity
warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

ERRORMaintainabilityOffloaded ContentOffloading images, js, css, and other scripts to your servers or any remote service is disallowed.1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.

WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "top_level_cats_remove_cat_base".1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "top_level_cats_remove_cat_base".

ERRORI18nMissing Translators CommentA function call to _e() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.1
Category
I18n
Occurrences
1
Severity
error

Sample message

A function call to _e() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

Show 5 more
ERRORMaintainabilityMissing direct file access protection1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 6.8 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

ERRORRepo Complianceplugin header no license1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.

ERRORI18ntextdomain invalid format1
Category
I18n
Occurrences
1
Severity
error

Sample message

The "Text Domain" header in the plugin file should only contain lowercase letters, numbers, and hyphens. Found "fv_tlc".

ERRORMaintainabilitytrunk stable tag1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Incorrect Stable Tag. It's recommended not to use "Stable Tag: trunk". Your Stable Tag is meant to be the stable version of your plugin and it needs to be exactly the same with the Version in your main plugin file's header. Any mismatch can prevent users from downloading the correct plugin files from WordPress.org.

External Connections

Not analyzed yet.

Score History

First score snapshot

v1.9.1

56

Latest

Findings
40
Errors
24
Warnings
16
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

26 nodes

Related Plugins

Custom Post Type Rewrite

1k+ active installs

99
Essential Widgets

10k+ active installs

99
Category Checklist Tree

5k+ active installs

98