WordPress 七牛云对象存储(简称:WPQiNiu),基于七牛云对象存储与WordPress实现静态资源到对象存储中,让静态资源包括图片、附件分离WordPress根目录,提高网站打开速度。
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Maintainability
689
18 issue groups
Security
43
6 issue groups
Supply Chain
3
1 issue group
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$accessKey".503
- Category
- Maintainability
- Occurrences
- 503
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$accessKey".
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;52
- Category
- Maintainability
- Occurrences
- 52
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGMaintainabilityerror log print rprint_r() found. Debug code should not normally be used in production.47
- Category
- Maintainability
- Occurrences
- 47
- Severity
- warning
Sample message
print_r() found. Debug code should not normally be used in production.
WARNINGMaintainabilityerror log var dumpvar_dump() found. Debug code should not normally be used in production.42
- Category
- Maintainability
- Occurrences
- 42
- Severity
- warning
Sample message
var_dump() found. Debug code should not normally be used in production.
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"=====> fetch $url to bucket: $bucket key: $(etag)\n"'.27
- Category
- Security
- Occurrences
- 27
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"=====> fetch $url to bucket: $bucket key: $(etag)\n"'.
ERRORMaintainabilityunlink unlinkunlink() is discouraged. Use wp_delete_file() to delete a file.8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- error
Sample message
unlink() is discouraged. Use wp_delete_file() to delete a file.
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_POST['accessKey']6
- Category
- Security
- Occurrences
- 6
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_POST['accessKey']
WARNINGSecurityRequest data is not unslashed$_POST['accessKey'] not unslashed before sanitization. Use wp_unslash() or similar6
- Category
- Security
- Occurrences
- 6
- Severity
- warning
Sample message
$_POST['accessKey'] not unslashed before sanitization. Use wp_unslash() or similar
ERRORMaintainabilityrand randrand() is discouraged. Use the far less predictable wp_rand() instead.6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
rand() is discouraged. Use the far less predictable wp_rand() instead.
ERRORMaintainabilityfile system operations fcloseFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
Show 15 moreShow less
ERRORMaintainabilityparse url parse url5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- error
Sample message
parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.
ERRORMaintainabilityfile system operations fread4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fread().
ERRORSupply ChainHidden files included3
- Category
- Supply Chain
- Occurrences
- 3
- Severity
- error
Sample message
Hidden files are not permitted.
WARNINGMaintainabilitytrademarked term3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
The plugin name includes a restricted term. Your chosen plugin name - "WPQiNiu(七牛云对象存储插件)" - contains the restricted term "wp" which cannot be used at all in your plugin name.
ERRORMaintainabilityPlugin Directory Write2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
Plugin folders are deleted when upgraded. Do not save data to the plugin folder using file_put_contents(). Detected usage of constant WP_CONTENT_DIR. Use wp_upload_dir() to get the uploads directory path or save to the database instead.
ERRORSecurityException output is not escaped2
- Category
- Security
- Occurrences
- 2
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$err'.
ERRORMaintainabilitycurl curl close2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilitycurl curl getinfo2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilityfile system operations fopen2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
ERRORMaintainabilityNon Enqueued Stylesheet2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
Stylesheets must be registered/enqueued via wp_enqueue_style()
ERRORMaintainabilityapplication detected2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
Application files are not permitted.
ERRORMaintainabilitydate date1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
WARNINGMaintainabilityNon-prefixed function1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "classLoader".
WARNINGSecurityPlugin menu slug uses __FILE__1
- Category
- Security
- Occurrences
- 1
- Severity
- warning
Sample message
Using __FILE__ for menu slugs risks exposing filesystem structure.
WARNINGSecurityInput is not validated1
- Category
- Security
- Occurrences
- 1
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_SERVER['HTTP_AUTHORIZATION']. Check that the array index exists before using it.
External Connections
Potential connections found in static code analysis.
Outbound calls
140
External assets
0
Incoming endpoints
0
Notable Domains
External Asset Domains
No external asset domains detected.
Incoming Endpoints
No public endpoints detected.
Score History
First score snapshot
v5.0
19
Latest
- Findings
- 750
- Errors
- 138
- Warnings
- 612
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 19 | 750 | 138 | 612 | v5.0 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.
Relationship links
Plugin
Author
Category
Issue
Domain
Related
Plugin
Author
Category
Issue
Domain
Related
Related Plugins
1k+ active installs
1k+ active installs
800 active installs
500 active installs