Add explicit phpcs-ignore directives (#220)

plugins/wptelegram-login/src/admin/Admin.php

@@ -154,7 +154,8 @@ public function modify_rest_user_query( $prepared_args, WP_REST_Request $request
 			$meta_query[] = $prepared_args['meta_query'];
 		}
 
-		$prepared_args['meta_query'] = $meta_query; // phpcs:ignore
+		// phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_query
+		$prepared_args['meta_query'] = $meta_query;
 
 		return $prepared_args;
 	}
@@ -198,12 +199,12 @@ public function display_plugin_admin_page() {
 	}
 
 	/**
-	 * Create our widget.
+	 * Register widgets.
 	 *
 	 * @since    1.0.0
 	 */
 	public function register_widgets() {
-		register_widget( '\WPTelegram\Login\shared\widgets\Primary' );
+		register_widget( \WPTelegram\Login\shared\widgets\Primary::class );
 	}
 
 	/**
@@ -281,22 +282,24 @@ public static function render_instructions( $is_current_user = true ) {
 				<?php
 					printf(
 						/* translators: %s is bot username */
-						$is_current_user // phpcs:ignore
-						? __( 'Get your Chat ID from %s and enter it above.', 'wptelegram-login' ) // phpcs:ignore
-						/* translators: %s is bot username */
-						: __( 'Ask the user to get the Chat ID from %s and enter it above.', 'wptelegram-login' ), // phpcs:ignore
-						'<a href="https://t.me/MyChatInfoBot" target="_blank" rel="noreferrer noopener">@MyChatInfoBot</a>' // phpcs:ignore
+						$is_current_user
+						// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped, WordPress.WP.I18n.MissingTranslatorsComment
+						? __( 'Get your Chat ID from %s and enter it above.', 'wptelegram-login' )
+						// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped, WordPress.WP.I18n.MissingTranslatorsComment
+						: __( 'Ask the user to get the Chat ID from %s and enter it above.', 'wptelegram-login' ),
+						'<a href="https://t.me/MyChatInfoBot" target="_blank" rel="noreferrer noopener">@MyChatInfoBot</a>'
 					);
 				?>
 			</li>
 			<li>
 				<?php
 					printf(
-						$is_current_user // phpcs:ignore
-						/* translators: %s is bot username */
-						? __( 'Start a conversation with %s to receive notifications.', 'wptelegram-login' ) // phpcs:ignore
 						/* translators: %s is bot username */
-						: __( 'Ask the user to start a conversation with %s to receive notifications.', 'wptelegram-login' ), // phpcs:ignore
+						$is_current_user
+						// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped, WordPress.WP.I18n.MissingTranslatorsComment
+						? __( 'Start a conversation with %s to receive notifications.', 'wptelegram-login' )
+						// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped, WordPress.WP.I18n.MissingTranslatorsComment
+						: __( 'Ask the user to start a conversation with %s to receive notifications.', 'wptelegram-login' ),
 						sprintf( '<a href="https://t.me/%1$s"  target="_blank" rel="noreferrer noopener">@%1$s</a>', esc_html( $bot_username ) )
 					);
 				?>
@@ -313,7 +316,8 @@ public static function render_instructions( $is_current_user = true ) {
 	 */
 	public function validate_user_profile_fields( &$errors ) {
 
-		if ( isset( $_POST[ WPTELEGRAM_USER_ID_META_KEY ] ) ) { // phpcs:ignore
+		// phpcs:ignore WordPress.Security.NonceVerification.Missing
+		if ( isset( $_POST[ WPTELEGRAM_USER_ID_META_KEY ] ) ) {
 
 			// phpcs:ignore WordPress.Security.NonceVerification
 			$chat_id = sanitize_text_field( wp_unslash( $_POST[ WPTELEGRAM_USER_ID_META_KEY ] ) );

plugins/wptelegram-login/src/includes/Upgrade.php

@@ -138,7 +138,8 @@ private function upgrade_to_1_7_0() {
 
 		$args  = [
 			'fields'       => 'ID',
-			'meta_key'     => $old_meta_key, // phpcs:ignore
+			// phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_key
+			'meta_key'     => $old_meta_key,
 			'meta_compare' => 'EXISTS',
 			'number'       => -1,
 		];

plugins/wptelegram-login/src/shared/LoginHandler.php

@@ -683,7 +683,7 @@ public function unique_username( $username ) {
 	 * @param WP_User $user The logged in user.
 	 */
 	private function redirect( $user ) {
-		$redirect_to = isset( $_REQUEST['redirect_to'] ) ? remove_query_arg( 'reauth', wp_unslash( $_REQUEST['redirect_to'] ) ) : ''; // phpcs:ignore
+		$redirect_to = isset( $_REQUEST['redirect_to'] ) ? remove_query_arg( 'reauth', sanitize_url( wp_unslash( $_REQUEST['redirect_to'] ) ) ) : '';
 
 		/**
 		 * Filter the redirect URL after login.

plugins/wptelegram-login/src/shared/Shared.php

@@ -98,8 +98,8 @@ public static function login_shortcode( $atts = [] ) {
 			return '';
 		}
 
-		// Default.
-		$redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : home_url(); // phpcs:ignore
+		// phpcs:ignore WordPress.Security.NonceVerification.Recommended
+		$redirect_to = isset( $_REQUEST['redirect_to'] ) ? sanitize_url( wp_unslash( $_REQUEST['redirect_to'] ) ) : home_url();
 
 		switch ( WPTG_Login()->options()->get( 'redirect_to' ) ) {
 			case 'homepage':

plugins/wptelegram-widget/src/admin/Admin.php

@@ -109,17 +109,21 @@ public function display_plugin_admin_page() {
 	}
 
 	/**
-	 * Create our feed widget
+	 * Register widgets.
 	 *
 	 * @since    1.0.0
 	 */
 	public function register_widgets() {
 
-		register_widget( '\WPTelegram\Widget\shared\widgets\Legacy' );
-
-		register_widget( '\WPTelegram\Widget\shared\widgets\Ajax' );
+		$widgets = [
+			\WPTelegram\Widget\shared\widgets\Legacy::class,
+			\WPTelegram\Widget\shared\widgets\Ajax::class,
+			\WPTelegram\Widget\shared\widgets\JoinChannel::class,
+		];
 
-		register_widget( '\WPTelegram\Widget\shared\widgets\JoinChannel' );
+		foreach ( $widgets as $widget ) {
+			register_widget( $widget );
+		}
 	}
 
 	/**

plugins/wptelegram-widget/src/shared/Shared.php

@@ -181,7 +181,7 @@ public function add_join_link_to_post_content( $content ) {
 	 * @since 1.5.0
 	 */
 	public function may_be_fire_pull_updates() {
-		// phpcs:ignore
+		// phpcs:ignore WordPress.Security.NonceVerification.Recommended
 		if ( isset( $_GET['action'] ) && 'wptelegram_widget_pull_updates' === $_GET['action'] ) {
 			do_action( 'wptelegram_widget_pull_the_updates' );
 			exit( ':)' );

plugins/wptelegram-widget/src/shared/embed/SingleMessage.php

@@ -175,8 +175,10 @@ public static function get_single_message_url( $username, $message_id ) {
 		$args = [
 			'embed' => true,
 		];
-		if ( isset( $_GET['userpic'] ) ) { // phpcs:ignore
-			$args['userpic'] = sanitize_text_field( wp_unslash( $_GET['userpic'] ) ); // phpcs:ignore
+		// phpcs:ignore WordPress.Security.NonceVerification.Recommended
+		if ( isset( $_GET['userpic'] ) ) {
+			// phpcs:ignore WordPress.Security.NonceVerification.Recommended
+			$args['userpic'] = sanitize_text_field( wp_unslash( $_GET['userpic'] ) );
 		}
 
 		$url = add_query_arg( $args, $url );

plugins/wptelegram/src/includes/Logger.php

@@ -135,10 +135,12 @@ public static function get_log_url( $type ) {
 	 */
 	public function view_log() {
 
-		// phpcs:ignore
+		// phpcs:ignore WordPress.Security.NonceVerification.Recommended
 		if ( isset( $_GET['action'], $_GET['hash'], $_GET['type'] ) && 'wptelegram_view_log' === $_GET['action'] && isset( $_GET['hash'] ) ) {
-			$hash = sanitize_text_field( wp_unslash( $_GET['hash'] ) ); // phpcs:ignore
-			$type = sanitize_text_field( wp_unslash( $_GET['type'] ) ); // phpcs:ignore
+			// phpcs:ignore WordPress.Security.NonceVerification.Recommended
+			$hash = sanitize_text_field( wp_unslash( $_GET['hash'] ) );
+			// phpcs:ignore WordPress.Security.NonceVerification.Recommended
+			$type = sanitize_text_field( wp_unslash( $_GET['type'] ) );
 
 			if ( ! empty( $hash ) && ! empty( $type ) ) {
 
@@ -152,7 +154,8 @@ public function view_log() {
 
 				header( 'Content-Type: text/plain' );
 
-				exit( $contents ); // phpcs:ignore
+				// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
+				exit( $contents );
 			}
 		}
 	}

plugins/wptelegram/src/includes/Upgrade.php

@@ -372,7 +372,8 @@ protected function upgrade_to_2_2_0() {
 
 		$args  = [
 			'fields'       => 'ID',
-			'meta_key'     => $old_meta_key, // phpcs:ignore
+			// phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_key
+			'meta_key'     => $old_meta_key,
 			'meta_compare' => 'EXISTS',
 			'number'       => -1,
 		];

plugins/wptelegram/src/modules/p2tg/PostSender.php

@@ -137,6 +137,8 @@ public function set_form_data() {
 			return;
 		}
 
+		// phpcs:disable WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
+
 		if ( RequestCheck::if_is( RequestCheck::REST_REQUEST ) ) {
 			$raw_body = file_get_contents( 'php://input' );
 
@@ -162,13 +164,11 @@ public function set_form_data() {
 			}
 		} else {
 
-			if ( isset( $_POST[ Main::PREFIX . 'send2tg' ] ) ) { // phpcs:ignore
-				// phpcs:ignore
+			if ( isset( $_POST[ Main::PREFIX . 'send2tg' ] ) ) {
 				$this->form_data['send2tg'] = sanitize_text_field( wp_unslash( $_POST[ Main::PREFIX . 'send2tg' ] ) );
 			}
 
-			if ( isset( $_POST[ Main::PREFIX . 'override_switch' ] ) ) { // phpcs:ignore
-				// phpcs:ignore
+			if ( isset( $_POST[ Main::PREFIX . 'override_switch' ] ) ) {
 				$override_switch = sanitize_text_field( wp_unslash( $_POST[ Main::PREFIX . 'override_switch' ] ) );
 
 				$this->form_data['override_switch'] = 'on' === $override_switch;
@@ -178,49 +178,52 @@ public function set_form_data() {
 			if ( $this->defaults_overridden() ) {
 
 				// if no destination channel is selected.
-				if ( empty( $_POST[ Main::PREFIX . 'channels' ] ) ) { // phpcs:ignore
+
+				if ( empty( $_POST[ Main::PREFIX . 'channels' ] ) ) {
 					$this->form_data['channels'] = [];
 				} else {
 					// override the default channels.
-					$this->form_data['channels'] = MainUtils::sanitize( (array) $_POST[ Main::PREFIX . 'channels' ] ); // phpcs:ignore
+					$this->form_data['channels'] = MainUtils::sanitize( (array) wp_unslash( $_POST[ Main::PREFIX . 'channels' ] ) );
 				}
 
 				// if the template is set.
-				if ( isset( $_POST[ Main::PREFIX . 'message_template' ] ) ) { // phpcs:ignore
+				if ( isset( $_POST[ Main::PREFIX . 'message_template' ] ) ) {
 					// sanitize the template.
-					$template = MainUtils::sanitize_message_template( wp_unslash( $_POST[ Main::PREFIX . 'message_template' ] ) ); // phpcs:ignore
+					$template = MainUtils::sanitize_message_template( wp_unslash( $_POST[ Main::PREFIX . 'message_template' ] ) );
 					// override the default template.
 					$this->form_data['message_template'] = $template;
 				}
 
 				// if files included.
-				if ( ! empty( $_POST[ Main::PREFIX . 'files' ] ) ) { // phpcs:ignore
+				if ( ! empty( $_POST[ Main::PREFIX . 'files' ] ) ) {
 					// sanitize the values.
-					$files = array_filter( MainUtils::sanitize( (array) $_POST[ Main::PREFIX . 'files' ] ) ); // phpcs:ignore
+					$files = array_filter( MainUtils::sanitize( (array) wp_unslash( $_POST[ Main::PREFIX . 'files' ] ) ) );
 					if ( ! empty( $files ) ) {
 						// add the files to the options.
 						$this->form_data['files'] = $files;
 					}
 				}
 
 				// if delay overridden.
-				if ( isset( $_POST[ Main::PREFIX . 'delay' ] ) ) { // phpcs:ignore
+				if ( isset( $_POST[ Main::PREFIX . 'delay' ] ) ) {
 					// sanitize the value.
-					$this->form_data['delay'] = MainUtils::sanitize( $_POST[ Main::PREFIX . 'delay' ], true ); // phpcs:ignore
+					$this->form_data['delay'] = MainUtils::sanitize( wp_unslash( $_POST[ Main::PREFIX . 'delay' ] ), true );
 				}
 
 				// if notifications are to be disabled.
-				if ( isset( $_POST[ Main::PREFIX . 'disable_notification' ] ) ) { // phpcs:ignore
+				if ( isset( $_POST[ Main::PREFIX . 'disable_notification' ] ) ) {
 					$this->form_data['disable_notification'] = true;
 				}
 
 				// if send featured image.
-				if ( isset( $_POST[ Main::PREFIX . 'send_featured_image' ] ) ) { // phpcs:ignore
-					$send_featured_image = MainUtils::sanitize( $_POST[ Main::PREFIX . 'send_featured_image' ] ); // phpcs:ignore
+				if ( isset( $_POST[ Main::PREFIX . 'send_featured_image' ] ) ) {
+					$send_featured_image = MainUtils::sanitize( wp_unslash( $_POST[ Main::PREFIX . 'send_featured_image' ] ) );
+
 					$this->form_data['send_featured_image'] = 'on' === $send_featured_image;
 				}
 			}
 		}
+		// phpcs:enable WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
 
 		do_action( 'wptelegram_p2tg_set_form_data', $this->form_data, $this->post );
 	}
@@ -355,7 +358,7 @@ private function may_be_setup_postdata( $post, $trigger ) {
 				$previous_post = $GLOBALS['post'];
 			}
 
-			// phpcs:ignore
+			// phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited
 			$GLOBALS['post'] = $post;
 
 			setup_postdata( $post );
@@ -376,7 +379,7 @@ private function may_be_reset_postdata( $previous_post, $trigger ) {
 
 		if ( 'delayed_post' === $trigger ) {
 
-			// phpcs:ignore
+			// phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited
 			$GLOBALS['post'] = $previous_post;
 
 			if ( $previous_post ) {
@@ -1587,8 +1590,10 @@ public function modify_http_api_curl( &$handle, $r, $url ) {
 
 					if ( ! empty( $r['body'][ $type ] ) && file_exists( $r['body'][ $type ] ) ) {
 
-						$r['body'][ $type ] = curl_file_create( $r['body'][ $type ] ); // phpcs:ignore
-						curl_setopt( $handle, CURLOPT_POSTFIELDS, $r['body'] ); // phpcs:ignore
+						// phpcs:ignore WordPress.WP.AlternativeFunctions.curl_curl_file_create
+						$r['body'][ $type ] = curl_file_create( $r['body'][ $type ] );
+						// phpcs:ignore WordPress.WP.AlternativeFunctions.curl_curl_setopt
+						curl_setopt( $handle, CURLOPT_POSTFIELDS, $r['body'] );
 						break;
 					}
 				}

plugins/wptelegram/src/modules/p2tg/RequestCheck.php

@@ -86,7 +86,7 @@ public static function if_is( $type, $post = null ) {
 				return defined( 'WP_IMPORTING' ) && WP_IMPORTING;
 
 			case self::BULK_EDIT:
-				return isset( $_GET['bulk_edit'] ); // phpcs:ignore
+				return isset( $_GET['bulk_edit'] ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
 
 			case self::QUICK_EDIT:
 				return defined( 'DOING_AJAX' ) && DOING_AJAX && isset( $_REQUEST['action'] ) && 'inline-save' === $_REQUEST['action']; // phpcs:ignore WordPress.Security.NonceVerification.Recommended

plugins/wptelegram/src/wptelegram.php

@@ -79,7 +79,7 @@ function deactivate_wptelegram() {
  *
  * @return \WPTelegram\Core\includes\Main
  */
-function WPTG() { // phpcs:ignore
+function WPTG() { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionNameInvalid
 	return \WPTelegram\Core\includes\Main::instance();
 }