PHP Code Sniffer – WordPress VIP Coding Standards


I’m trying to fix up my code to meet the WordPress VIP Coding Standards. I’m getting a couple of issues that I’d like to see go away, but i’m not sure what the best strategy is.

The first issue is when i’m verifying a nonce while saving metabox data:

$nonce = isset( $_POST['revv_meta_box_nonce'] ) ? $_POST['revv_meta_box_nonce'] : '';

The error i’m getting here is 'Processing data without nonce verification'. Which is pretty silly since i’m just storing the nonce in a variable, which I am then verifying on the next line.

The second issue is when i’m storing the data:

$foo = isset($_POST['foo']) ? sanitize_text_field( $_POST['foo'] ) : '';
update_post_meta( $post_id, '_foo', $foo );

On the first line there, the sniffer is complaining that i’m not running wp_unslash on the data before sanitizing it. But the data is going directly into update_post_meta on the next line, which expects that data to not be unslashed.

Any ideas on the best strategy for getting rid of these error messages? Thanks!

, user1020189 2 years 2020-01-12T08:42:28-05:00 0 Answers 95 views 0

Leave an answer