xili-language

xili-language lets you create and manage multilingual WP site in several languages with yours or most famous localizable themes. Ready for CMS design.

v2.21.3Michel - xiligroup devUpdated Added 600 installs78% rating
24
Score
1,501
Errors
523
Warnings
+0
Change

Category Scores

Security0
Repo94
Performance97
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

2,024 findings

Security

1,148

9 issue groups

I18n

685

8 issue groups

Maintainability

140

8 issue groups

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<br /><span class='description'>$desc</span>"'.662
Category
Security
Occurrences
662
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<br /><span class='description'>$desc</span>"'.

ERRORI18nNon Singular String Literal DomainThe $domain parameter must be a single text string literal. Found: $textdomain199
Category
I18n
Occurrences
199
Severity
error

Sample message

The $domain parameter must be a single text string literal. Found: $textdomain

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like echo esc_html_x() or echo esc_attr_x()), found '_ex'.186
Category
Security
Occurrences
186
Severity
error

Sample message

All output should be run through an escaping function (like echo esc_html_x() or echo esc_attr_x()), found '_ex'.

ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.149
Category
I18n
Occurrences
149
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

ERRORI18nNon Singular String Literal TextThe $text parameter must be a single text string literal. Found: $before104
Category
I18n
Occurrences
104
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $before

WARNINGI18nLow Level Translation FunctionUse of the &quot;translate()&quot; function is reserved for low-level API usage.89
Category
I18n
Occurrences
89
Severity
warning

Sample message

Use of the &quot;translate()&quot; function is reserved for low-level API usage.

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET[&#039;action&#039;]85
Category
Security
Occurrences
85
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET[&#039;action&#039;]

WARNINGSecurityRequest data is not unslashed$_GET[&#039;action&#039;] not unslashed before sanitization. Use wp_unslash() or similar85
Category
Security
Occurrences
85
Severity
warning

Sample message

$_GET[&#039;action&#039;] not unslashed before sanitization. Use wp_unslash() or similar

ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().83
Category
I18n
Occurrences
83
Severity
error

Sample message

Missing $domain parameter in function call to __().

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_POST[$key]. Check that the array index exists before using it.51
Category
Security
Occurrences
51
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST[$key]. Check that the array index exists before using it.

Show 15 more
WARNINGSecurityMissing nonce verification40
Category
Security
Occurrences
40
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORI18nText Domain Mismatch37
Category
I18n
Occurrences
37
Severity
error

Sample message

Mismatched text domain. Expected 'xili-language' but got "xili-dictionary".

WARNINGMaintainabilityNon-prefixed hook name31
Category
Maintainability
Occurrences
31
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: &quot;&#039;load_plugin_domain_for_curlang_&#039;. str_replace(&#039;-&#039;, &#039;_&#039;, $plugin_domain )&quot;.

WARNINGMaintainabilityNon-prefixed function30
Category
Maintainability
Occurrences
30
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: &quot;add_again_filter&quot;.

WARNINGSecurityNonce verification recommended26
Category
Security
Occurrences
26
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGMaintainabilityDirect Query21
Category
Maintainability
Occurrences
21
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo Caching20
Category
Maintainability
Occurrences
20
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

ERRORI18nUnordered Placeholders Text18
Category
I18n
Occurrences
18
Severity
error

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1$1s, %2$2s", but got "%1s, %2s" in 'xili-dictionary: msgid list updated (n=%1s, d=%2s'.

ERRORMaintainabilityDeprecated parameter: get_terms parameter 217
Category
Maintainability
Occurrences
17
Severity
error

Sample message

The parameter "array ( 'hide_empty' => false )" at position #2 of get_terms() has been deprecated since WordPress version 4.5.0. Instead do not pass the parameter.

ERRORMaintainabilitystrip tags strip tags8
Category
Maintainability
Occurrences
8
Severity
error

Sample message

strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.

ERRORSecurityDatabase parameter is not escaped7
Category
Security
Occurrences
7
Severity
error

Sample message

Unescaped parameter $q used in $wpdb->get_col()\n$q assigned unsafely at line 5238.

ERRORMaintainabilityDeprecated function: screen_icon7
Category
Maintainability
Occurrences
7
Severity
error

Sample message

screen_icon() has been deprecated since WordPress version 3.8.0.

WARNINGI18nDiscouraged text-domain loading6
Category
I18n
Occurrences
6
Severity
warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

ERRORSecuritySQL query is not prepared6
Category
Security
Occurrences
6
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $q

WARNINGMaintainabilityNon-prefixed constant6
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;DEFAULTSLUG&quot;.

External Connections

Potential connections found in static code analysis.

18 domains

Outbound calls

48

External assets

0

Incoming endpoints

3

Notable Domains

dev.xiligroup.com11 · outbound
php.net4 · outbound
svn.automattic.com4 · outbound
wiki.xiligroup.org3 · outbound
blog.zen-dreams.com1 · outbound

Platform / Reference Domains

translate.wordpress.org6 · platform/reference
codex.wordpress.org3 · platform/reference
core.trac.wordpress.org3 · platform/reference
buddypress.trac.wordpress.org2 · platform/reference
gnu.org2 · platform/reference
wordpress.org2 · platform/reference
bbpress.trac.wordpress.org1 · platform/reference
make.wordpress.org1 · platform/reference
plugins.trac.wordpress.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints3
wp_ajax_find_post_typesauthenticated

wp_ajax

wp_ajax_get_menu_infosauthenticated

wp_ajax

wp_ajax_save_bulk_editauthenticated

wp_ajax

Score History

First score snapshot

v2.21.3

24

Latest

Findings
2,024
Errors
1,501
Warnings
523
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins