Sync QCloud COS

使用腾讯云对象存储服务 COS 作为附件存储空间。(Using Tencent Cloud Object Storage Service COS as Attachment Storage Space.)

v2.6.7沈唁Updated Added 600 installs100% rating
36
Score
63
Errors
109
Warnings
+0
Change

Category Scores

Security0
Repo89
Performance100
Maintainability61

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

172 findings

Security

89

10 issue groups

Maintainability

81

15 issue groups

WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "cos_add_setting_page".54
Category
Maintainability
Occurrences
54
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "cos_add_setting_page".

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<div class='error'><p><strong>{$message}</strong></p></div>"'.41
Category
Security
Occurrences
41
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<div class='error'><p><strong>{$message}</strong></p></div>"'.

WARNINGSecurityRequest data is not unslashed$_GET[&#039;page&#039;] not unslashed before sanitization. Use wp_unslash() or similar18
Category
Security
Occurrences
18
Severity
warning

Sample message

$_GET[&#039;page&#039;] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET[&#039;page&#039;]8
Category
Security
Occurrences
8
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET[&#039;page&#039;]

ERRORMaintainabilityNot AllowedUse of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_GET[&#039;page&#039;]. Check that the array index exists before using it.6
Category
Security
Occurrences
6
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET[&#039;page&#039;]. Check that the array index exists before using it.

ERRORSecurityQuoted Simple PlaceholderSimple placeholders should not be quoted in the query string in $wpdb->prepare(). Found: '%s'.4
Category
Security
Occurrences
4
Severity
error

Sample message

Simple placeholders should not be quoted in the query string in $wpdb->prepare(). Found: '%s'.

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.4
Category
Security
Occurrences
4
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGMaintainabilityNon-prefixed constantGlobal constants defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;COS_PLUGIN_PAGE&quot;.3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;COS_PLUGIN_PAGE&quot;.

WARNINGSecurityInput is not validated or sanitizedDetected usage of a non-sanitized, non-validated input variable _POST: &quot;{$_POST[&#039;type&#039;]}-nonce&quot;3
Category
Security
Occurrences
3
Severity
warning

Sample message

Detected usage of a non-sanitized, non-validated input variable _POST: &quot;{$_POST[&#039;type&#039;]}-nonce&quot;

Show 15 more
ERRORMaintainabilityunlink unlink3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

unlink() is discouraged. Use wp_delete_file() to delete a file.

WARNINGSecurityDatabase parameter is not escaped2
Category
Security
Occurrences
2
Severity
warning

Sample message

Unescaped parameter $postmeta_name used in $wpdb-&gt;query()\n$postmeta_name assigned unsafely at line 1545.

WARNINGMaintainabilityDirect Query2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo Caching2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WARNINGSecurityInterpolated SQL is not prepared2
Category
Security
Occurrences
2
Severity
warning

Sample message

Use placeholders and $wpdb-&gt;prepare(); found interpolated variable $postmeta_name at &quot;UPDATE $postmeta_name SET meta_value = REPLACE(meta_value, &#039;%s&#039;, &#039;%s&#039;)&quot;

WARNINGMaintainabilityNon-prefixed global variable2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;$cos_options&quot;.

ERRORMaintainabilityfile system operations rmdir2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: rmdir().

ERRORMaintainabilityOffloaded Content1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.

WARNINGMaintainabilityNon-prefixed class1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: &quot;COS_CLI_Commands&quot;.

WARNINGMaintainabilityerror log error log1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

WARNINGSecurityPlugin menu slug uses __FILE__1
Category
Security
Occurrences
1
Severity
warning

Sample message

Using __FILE__ for menu slugs risks exposing filesystem structure.

ERRORMaintainabilityfile system operations fclose1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

ERRORMaintainabilityfile system operations fopen1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().

ERRORMaintainabilityNon Enqueued Script1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Scripts must be registered/enqueued via wp_enqueue_script()

ERRORMaintainabilityMissing direct file access protection1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

External Connections

Potential connections found in static code analysis.

34 domains

Outbound calls

172

External assets

2

Incoming endpoints

0

Notable Domains

cloud.tencent.com28 · outbound
datatracker.ietf.org27 · outbound
php.net19 · outbound
tools.ietf.org16 · outbound
apache.org15 · outbound

Platform / Reference Domains

github.com14 · platform/reference
w3.org2 · platform/reference
wordpress.org1 · platform/reference

External Asset Domains

img.qq52o.me1 · asset

Incoming Endpoints

No public endpoints detected.

Score History

First score snapshot

v2.6.7

36

Latest

Findings
172
Errors
63
Warnings
109
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

33 nodes

Related Plugins

OSS Aliyun

3k+ active installs

41
WPOSS阿里云对象存储

1k+ active installs

19