PHP Code Sniffer – WordPress VIP Coding Standards
I’m trying to fix up my code to meet the WordPress VIP Coding Standards. I’m getting a couple of issues that I’d like to see go away, but i’m not sure what the best strategy is.
The first issue is when i’m verifying a nonce while saving metabox data:
$nonce = isset( $_POST['revv_meta_box_nonce'] ) ? $_POST['revv_meta_box_nonce'] : '';
The error i’m getting here is
'Processing data without nonce verification'. Which is pretty silly since i’m just storing the nonce in a variable, which I am then verifying on the next line.
The second issue is when i’m storing the data:
$foo = isset($_POST['foo']) ? sanitize_text_field( $_POST['foo'] ) : ''; update_post_meta( $post_id, '_foo', $foo );
On the first line there, the sniffer is complaining that i’m not running
wp_unslash on the data before sanitizing it. But the data is going directly into
update_post_meta on the next line, which expects that data to not be unslashed.
Any ideas on the best strategy for getting rid of these error messages? Thanks!