Post Password Token

The Post Password Token plugin allows readers to access protected posts without having to enter a password by creating secret token urls for the post.

v2.0.3Shawn ParkerUpdated 3 years agoAdded 17 years ago600 installs98% rating

guest pass password post token

Score

132

Errors

Warnings

Change

Category Scores

Security0

Repo82

Performance100

Maintainability75

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

170 findings

Security

10 issue groups

I18n

5 issue groups

Maintainability

7 issue groups

Repo Compliance

2 issue groups

ERRORI18nText Domain MismatchMismatched text domain. Expected 'post-password-plugin' but got 'post-password-token'.50

Category: I18n
Occurrences: 50
Severity: error

Sample message

Mismatched text domain. Expected 'post-password-plugin' but got 'post-password-token'.

WordPress.WP.I18n.TextDomainMismatch Reference

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.45

Category: Security
Occurrences: 45
Severity: error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunction Reference

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$hide_protected'.11

Category: Security
Occurrences: 11
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$hide_protected'.

WordPress.Security.EscapeOutput.OutputNotEscaped Reference

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.10

Category: Security
Occurrences: 10
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.8

Category: Security
Occurrences: 8
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;7

Category: Maintainability
Occurrences: 7
Severity: error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protection Reference

WARNINGSecurityRequest data is not unslashed$_COOKIE[self::COOKIE_PREFIX . COOKIEHASH] not unslashed before sanitization. Use wp_unslash() or similar6

Category: Security
Occurrences: 6
Severity: warning

Sample message

$_COOKIE[self::COOKIE_PREFIX . COOKIEHASH] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash

ERRORSecurityHeredoc Output Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found interpolation in unescaped heredoc.5

Category: Security
Occurrences: 5
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found interpolation in unescaped heredoc.

WordPress.Security.EscapeOutput.HeredocOutputNotEscaped Reference

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['ppt']5

Category: Security
Occurrences: 5
Severity: warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['ppt']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

ERRORMaintainabilityNot AllowedUse of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead3

Category: Maintainability
Occurrences: 3
Severity: error

Sample message

Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead

PluginCheck.CodeAnalysis.Heredoc.NotAllowed

Show 15 more

ERRORI18nMissing Arg Domain3

Category: I18n
Occurrences: 3
Severity: error

Sample message

Missing $domain parameter in function call to __().

WordPress.WP.I18n.MissingArgDomain Reference

ERRORSecurityException output is not escaped2

Category: Security
Occurrences: 2
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$wpPath'.

WordPress.Security.EscapeOutput.ExceptionNotEscaped Reference

WARNINGI18nDiscouraged text-domain loading1

Category: I18n
Occurrences: 1
Severity: warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFound Reference

ERRORMaintainabilityOffloaded Content1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.

PluginCheck.CodeAnalysis.Offloading.OffloadedContent

WARNINGMaintainabilityDiscouraged PHP function1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

The use of function ini_set() is discouraged

Squiz.PHP.DiscouragedFunctions.Discouraged

WARNINGSecuritywp redirect wp redirect1

Category: Security
Occurrences: 1
Severity: warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WordPress.Security.SafeRedirect.wp_redirect_wp_redirect Reference

WARNINGSecurityInput is not validated1

Category: Security
Occurrences: 1
Severity: warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_SERVER['REQUEST_METHOD']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated

ERRORMaintainabilityparse url parse url1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.

WordPress.WP.AlternativeFunctions.parse_url_parse_url

ERRORMaintainabilityDeprecated parameter: add_option parameter 31

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

The parameter "$d" at position #3 of add_option() has been deprecated since WordPress version 2.3.0. Use "" instead.

WordPress.WP.DeprecatedParameters.Add_optionParam3Found

WARNINGMaintainabilityNot In Footer1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

WordPress.WP.EnqueuedResourceParameters.NotInFooter

ERRORI18nMissing Translators Comment1

Category: I18n
Occurrences: 1
Severity: error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsComment Reference

ERRORSupply ChainHidden files included1

Category: Supply Chain
Occurrences: 1
Severity: error

Sample message

Hidden files are not permitted.

hidden_files

ERRORRepo Complianceoutdated tested upto header1

Category: Repo Compliance
Occurrences: 1
Severity: error

Sample message

Tested up to: 6.2 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

outdated_tested_upto_header Reference

WARNINGRepo Compliancereadme parser warnings too many tags1

Category: Repo Compliance
Occurrences: 1
Severity: warning

Sample message

One or more tags were ignored. Please limit your plugin to 5 tags.

readme_parser_warnings_too_many_tags

WARNINGI18ntextdomain mismatch1

Category: I18n
Occurrences: 1
Severity: warning

Sample message

The "Text Domain" header in the plugin file does not match the slug. Found "post-password-token", expected "post-password-plugin".

textdomain_mismatch Reference

External Connections

Potential connections found in static code analysis.

8 domains

Outbound calls

External assets

Incoming endpoints

Notable Domains

dummy.com2 · outbound

php-fig.org2 · outbound

top-frog.com2 · outbound

getcomposer.org1 · outbound

wp-storybook.netlify.app1 · outbound

Platform / Reference Domains

github.com2 · platform/reference

gnu.org1 · platform/reference

External Asset Domains

paypal.com3 · asset + outbound

Incoming Endpoints

No public endpoints detected.

Score History

First score snapshot

yesterday

v2.0.3

Latest

Findings: 170
Errors: 132
Warnings: 38
Check: 2.0.0

Scan	Score	Findings	Errors	Warnings	Plugin	Check
yesterdayLatest	35	170	132	38	v2.0.3	2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

34 nodes

Loading map

PluginAuthorCategoryIssueDomainRelated

Relationship links

Issue

Domain

dummy.com2 signals php-fig.org2 signals top-frog.com2 signals getcomposer.org1 signal wp-storybook.netlify.app1 signal

Related Plugins

Custom Post Exporter

3k+ active installs

Display Featured Image In Post List

3k+ active installs

Header and Footer Scripts

200k+ active installs

Hide Broken Shortcodes

400 active installs

Link Shortner

800 active installs

Preserve Code Formatting

400 active installs