Mihdan: Ajax Edit Comments

Allow users to edit comments for a limited time, while admins can edit all comments.

v6.1mihdanUpdated Added 500 installs88% rating
27
Score
1,300
Errors
523
Warnings
+0
Change

Category Scores

Security0
Repo91
Performance100
Maintainability15

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

1,823 findings

Security

1,026

9 issue groups

I18n

668

5 issue groups

Maintainability

114

11 issue groups

ERRORI18nText Domain MismatchMismatched text domain. Expected 'wp-ajax-edit-comments' but got "ajaxEdit".611
Category
I18n
Occurrences
611
Severity
error

Sample message

Mismatched text domain. Expected 'wp-ajax-edit-comments' but got "ajaxEdit".

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.466
Category
Security
Occurrences
466
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_GET['action']. Check that the array index exists before using it.152
Category
Security
Occurrences
152
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET['action']. Check that the array index exists before using it.

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['action']142
Category
Security
Occurrences
142
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['action']

WARNINGSecurityRequest data is not unslashed$_GET['action'] not unslashed before sanitization. Use wp_unslash() or similar142
Category
Security
Occurrences
142
Severity
warning

Sample message

$_GET['action'] not unslashed before sanitization. Use wp_unslash() or similar

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<option value='$file' $selected>$file</option>"'.96
Category
Security
Occurrences
96
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<option value='$file' $selected>$file</option>"'.

ERRORI18nNon Singular String Literal DomainThe $domain parameter must be a single text string literal. Found: $localization25
Category
I18n
Occurrences
25
Severity
error

Sample message

The $domain parameter must be a single text string literal. Found: $localization

WARNINGMaintainabilityNo PHP code foundNo PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them.23
Category
Maintainability
Occurrences
23
Severity
warning

Sample message

No PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them.

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.20
Category
Maintainability
Occurrences
20
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().20
Category
Maintainability
Occurrences
20
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

Show 15 more
ERRORI18nMissing Translators Comment18
Category
I18n
Occurrences
18
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

ERRORMaintainabilityfile system operations is writable14
Category
Maintainability
Occurrences
14
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().

ERRORSecuritySQL query is not prepared13
Category
Security
Occurrences
13
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $comment

ERRORMaintainabilitystrip tags strip tags12
Category
Maintainability
Occurrences
12
Severity
error

Sample message

strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.

ERRORI18nNon Singular String Literal Text12
Category
I18n
Occurrences
12
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $column['text']

ERRORMaintainabilityMissing direct file access protection11
Category
Maintainability
Occurrences
11
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGSecurityMissing nonce verification9
Category
Security
Occurrences
9
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORSecurityDatabase parameter is not escaped4
Category
Security
Occurrences
4
Severity
error

Sample message

Unescaped parameter $comment['comment_post_ID'] used in $wpdb->get_var()\n$comment['comment_post_ID'] used without escaping.

ERRORMaintainabilityfile system operations chmod4
Category
Maintainability
Occurrences
4
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().

WARNINGMaintainabilityerror log error log3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

WARNINGMaintainabilityNot In Footer3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_register_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

ERRORSecurityQuoted Simple Placeholder2
Category
Security
Occurrences
2
Severity
error

Sample message

Simple placeholders should not be quoted in the query string in $wpdb->prepare(). Found: '%s'.

WARNINGMaintainabilityDeprecated function: get_currentuserinfo2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

get_currentuserinfo() has been deprecated since WordPress version 4.5.0. Use wp_get_current_user() instead.

WARNINGMaintainabilityDeprecated parameter value found2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

The parameter value &quot;blacklist_keys&quot; has been deprecated since WordPress version 5.5.0. Use disallowed_keys instead.

ERRORI18nMissing Arg Domain2
Category
I18n
Occurrences
2
Severity
error

Sample message

Missing $domain parameter in function call to __().

External Connections

Potential connections found in static code analysis.

20 domains

Outbound calls

46

External assets

0

Incoming endpoints

5

Notable Domains

jacklmoore.com4 · outbound
xkr.us4 · outbound
blue-anvil.com2 · outbound
colorpowered.com2 · outbound
quirksmode.org2 · outbound
adobe.com1 · outbound

Platform / Reference Domains

w3.org12 · platform/reference
wordpress.org5 · platform/reference
opensource.org3 · platform/reference
gnu.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

wp_ajax_nopriv_{$action}public

wp_ajax

Admin AJAX endpoints3
wp_ajax_comments_comment_editedauthenticated

wp_ajax

wp_ajax_{$action}authenticated

wp_ajax

wp_ajax_comments_remove_content_filterauthenticated

wp_ajax

Score History

First score snapshot

v6.1

27

Latest

Findings
1,823
Errors
1,300
Warnings
523
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins

Block List Updater

4k+ active installs

99
Enable CORS

6k+ active installs

98
Gravity Forms Email Blacklist

10k+ active installs

98
WP Edit Username

2k+ active installs

98
WP Search Suggest

400 active installs

98