Secure Client Portal and Private File Sharing Plugin – User Private Files

WordPress secure client portal plugin with file sharing and document manager. Upload, manage and share documents with users safely.

v2.1.7Deepak KhokharUpdated Added 1k+ installs90% rating
32
Score
183
Errors
510
Warnings
+0
Change

Category Scores

Security0
Repo100
Performance95
Maintainability36

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

693 findings

Security

377

6 issue groups

Maintainability

296

15 issue groups

I18n

11

3 issue groups

Performance

5

1 issue group

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$all_docs_ids".206
Category
Maintainability
Occurrences
206
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$all_docs_ids".

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$data['mime_type']'.166
Category
Security
Occurrences
166
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$data['mime_type']'.

WARNINGSecurityRequest data is not unslashed$_GET['file'] not unslashed before sanitization. Use wp_unslash() or similar95
Category
Security
Occurrences
95
Severity
warning

Sample message

$_GET['file'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_FILES['docfile']['name']. Check that the array index exists before using it.63
Category
Security
Occurrences
63
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_FILES['docfile']['name']. Check that the array index exists before using it.

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_FILES['docfile']['name']42
Category
Security
Occurrences
42
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_FILES['docfile']['name']

WARNINGMaintainabilityslow db query meta queryDetected usage of meta_query, possible slow query.22
Category
Maintainability
Occurrences
22
Severity
warning

Sample message

Detected usage of meta_query, possible slow query.

WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "classic_upload_doc_callback".14
Category
Maintainability
Occurrences
14
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "classic_upload_doc_callback".

WARNINGMaintainabilityDiscouraged PHP functionwp_reset_query() is discouraged. Use wp_reset_postdata() instead.14
Category
Maintainability
Occurrences
14
Severity
warning

Sample message

wp_reset_query() is discouraged. Use wp_reset_postdata() instead.

WARNINGMaintainabilityMissing VersionResource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.13
Category
Maintainability
Occurrences
13
Severity
warning

Sample message

Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.8
Category
Security
Occurrences
8
Severity
warning

Sample message

Processing form data without nonce verification.

Show 15 more
ERRORI18nNon Singular String Literal Text8
Category
I18n
Occurrences
8
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: "{user} shared a file / folder with you on " . get_bloginfo( 'name' )

WARNINGMaintainabilityNot In Footer7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

WARNINGMaintainabilityNon-prefixed hook name6
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'get_template_part_' . $slug".

WARNINGPerformancePost Not In exclude5
Category
Performance
Occurrences
5
Severity
warning

Sample message

Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.

WARNINGMaintainabilityDynamic hook name3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$this->filter_prefix . '_get_template_part'".

WARNINGSecurityMissing nonce verification3
Category
Security
Occurrences
3
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGMaintainabilityslow db query meta key2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Detected usage of meta_key, possible slow query.

WARNINGMaintainabilityslow db query meta value2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Detected usage of meta_value, possible slow query.

WARNINGMaintainabilityNon-prefixed class2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "Gamajo_Template_Loader".

ERRORI18nText Domain Mismatch2
Category
I18n
Occurrences
2
Severity
error

Sample message

Mismatched text domain. Expected 'user-private-files' but got 'user-private-files-pro'.

ERRORMaintainabilityMissing direct file access protection2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

ERRORMaintainabilityForbidden PHP function found1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

The use of function move_uploaded_file() is forbidden

WARNINGI18nDiscouraged text-domain loading1
Category
I18n
Occurrences
1
Severity
warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

ERRORMaintainabilityOffloaded Content1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.

ERRORMaintainabilityfile system operations is writeable1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writeable().

External Connections

Not analyzed yet.

Score History

First score snapshot

v2.1.7

32

Latest

Findings
693
Errors
183
Warnings
510
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

29 nodes

Related Plugins