Global variable or function should never be used 2

More information: https://insight.symfony.com/what-we-analyse/php.use_global_variable_or_function

  1. /**
  2. * This is just an example of a secrept WordPress feature called "fast ajax"
  3. */
  4. add_action( 'wp_ajax_example', function () {
  5. // Include the now instantiated global $wpdb Class for use
  6. global $wpdb;

    $wpdb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Permalink
    Last edited by salaros
  7. // Example: Retrieve and display the number of users.
  8. $results = $wpdb->get_results( "SELECT option_name, option_value FROM {$wpdb->options} WHERE option_name LIKE 'blog%'", ARRAY_A );
  9. die( json_encode( [
  10. 'error' => false,
  • salaros

    Here global variables are mandatory
  1. <?php
  2. global $locale;

    $locale adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Permalink
    Last edited by salaros
  3. $root_dir = dirname( dirname( __DIR__ ) );
  4. // ** Use root_dir to define ABSPATH if it has not been defined yet ** //
  5. if ( ! defined( 'ABSPATH' ) ) {
  • salaros

    Here global variables are mandatory

exit() and die() functions should be avoided 5

More information: https://insight.symfony.com/what-we-analyse/php.use_exit_function

  1. <?php
  2. // Make sure there is an action first
  3. if ( ! isset( $_REQUEST['action'] ) ) {
  4. die( '0' );

    This line stops the execution flow, without explanation. If this is for debug, you should remove it. If this is to deal with an error, use exceptions instead.

    Time to fix: about 4 hours
    Permalink
    Last edited by salaros
  5. }
  6. // Force a short-init since we just need core WP, not the entire framework stack
  7. define( 'SHORTINIT', true );
  • salaros

    These particular exits and dies are mandatory
  1. // Include the now instantiated global $wpdb Class for use
  2. global $wpdb;
  3. // Example: Retrieve and display the number of users.
  4. $results = $wpdb->get_results( "SELECT option_name, option_value FROM {$wpdb->options} WHERE option_name LIKE 'blog%'", ARRAY_A );
  5. die( json_encode( [

    This line stops the execution flow, without explanation. If this is for debug, you should remove it. If this is to deal with an error, use exceptions instead.

    Time to fix: about 4 hours
    Permalink
    Last edited by salaros
  6. 'error' => false,
  7. 'data' => $results,
  8. ] ) );
  9. } );
  • salaros

    These particular exits and dies are mandatory
  1. // ========= ! DO NOT EDIT THE CODE BELOW ! ========= //
  2. try {
  3. $action_name = sprintf( 'wp_ajax_%s', $_REQUEST['action'] );
  4. do_action( $action_name );
  5. die( '0' );

    This line stops the execution flow, without explanation. If this is for debug, you should remove it. If this is to deal with an error, use exceptions instead.

    Time to fix: about 4 hours
    Permalink
    Last edited by salaros
  6. } catch ( \Exception $ex ) {
  7. die( json_encode( [
  8. 'error' => false,
  9. 'message' => $ex->getMessage(),
  10. ] ) );
  • salaros

    These particular exits and dies are mandatory
  1. try {
  2. $action_name = sprintf( 'wp_ajax_%s', $_REQUEST['action'] );
  3. do_action( $action_name );
  4. die( '0' );
  5. } catch ( \Exception $ex ) {
  6. die( json_encode( [

    This line stops the execution flow, without explanation. If this is for debug, you should remove it. If this is to deal with an error, use exceptions instead.

    Time to fix: about 4 hours
    Permalink
    Last edited by salaros
  7. 'error' => false,
  8. 'message' => $ex->getMessage(),
  9. ] ) );
  10. }
  • salaros

    These particular exits and dies are mandatory
  1. }
  2. // ** Load .env file and require DB and URL-related settings to be set ** //
  3. $dotenv = sprintf( '%s/.env', $root_dir );
  4. if ( ! file_exists( $dotenv ) ) {
  5. die( sprintf( 'Please make sure you have created "%s" file containing WordPress settings', $dotenv ) );

    This line stops the execution flow, without explanation. If this is for debug, you should remove it. If this is to deal with an error, use exceptions instead.

    Time to fix: about 4 hours
    Permalink
    Last edited by salaros
  6. }
  7. $dotenv = new Dotenv\Dotenv( $root_dir );
  8. $dotenv->load();
  9. $dotenv->required( [ 'DB_NAME', 'DB_USER', 'DB_PASSWORD', 'WP_HOME', 'WP_SITEURL' ] )->notEmpty();
  • salaros

    These particular exits and dies are mandatory

PHP configuration should not be changed dynamically 2

More information: https://insight.symfony.com/what-we-analyse/php.dynamically_change_configuration

  1. <?php
  2. // ** PHP error settings ** //
  3. error_reporting( E_ERROR | E_PARSE );
  4. ini_set( 'display_errors', 0 );

    Changing PHP configuration dynamically through ini_set() may create hard to debug errors.

    Time to fix: about 2 hours
    Permalink
    Last edited by Zhmayev Yaroslav
  5. // ** Wordpress debug settings ** //
  6. define( 'WP_DEBUG', getenv( 'WP_DEBUG' ) ?: true );
  7. define( 'WP_DEBUG_DISPLAY', getenv( 'WP_DEBUG_DISPLAY' ) ?: false );
  8. define( 'WP_DEBUG_LOG', getenv( 'WP_DEBUG_LOG' ) ?: true );
  • salaros

    Need to forcibly set debug-related settings via configuration bootstrap
  1. ? ( intval( $_REQUEST['DEBUG'] ) ?: 1 )
  2. : 0;
  3. // ** PHP error settings ** //
  4. error_reporting( E_ERROR | E_WARNING | E_PARSE | E_NOTICE );
  5. ini_set( 'display_errors', $debug_mode > 0 );

    Changing PHP configuration dynamically through ini_set() may create hard to debug errors.

    Time to fix: about 2 hours
    Permalink
    Last edited by salaros
  6. // ** Wordpress debug settings ** //
  7. define( 'WP_DEBUG', getenv( 'WP_DEBUG_DISPLAY' ) ?: true );
  8. define( 'WP_DEBUG_DISPLAY', $debug_mode > 0 || getenv( 'WP_DEBUG_DISPLAY' ) );
  9. define( 'WP_DEBUG_LOG', $debug_mode < 1 || getenv( 'WP_DEBUG_LOG' ) );
  • salaros

    Need to forcibly set debug-related settings via configuration bootstrap