- Run the WordPress VIP scans on Authors publishpress#639

ojopaul · ojopaul · commit 16068fe869a1 · 2022-05-12T10:14:02.000+01:00
diff --git a/src/core/Classes/Admin_Ajax.php b/src/core/Classes/Admin_Ajax.php
@@ -237,8 +237,8 @@ public static function handle_mapped_author_validation()
             );
         } else {
             $author_slug = !empty($_POST['author_slug']) ? sanitize_title($_POST['author_slug']) : '';
-            $author_id   = !empty($_POST['author_id']) ? (int)($_POST['author_id']) : 0;
-            $term_id     = !empty($_POST['term_id']) ? (int)($_POST['term_id']) : 0;
+            $author_id   = !empty($_POST['author_id']) ? (int) $_POST['author_id'] : 0;
+            $term_id     = !empty($_POST['term_id']) ? (int) $_POST['term_id'] : 0;
 
             if ($author_id > 0) {
                 $author = Author::get_by_user_id($author_id);
diff --git a/src/core/Classes/Author_Editor.php b/src/core/Classes/Author_Editor.php
@@ -478,7 +478,7 @@ class="<?php echo esc_attr('form-field term-' . $key . '-wrap '. $tab_class); ?>
                             <label for="<?php echo esc_attr($avatar_option_key.'-'.$key.'-options'); ?>">
                                 <?php echo esc_html($avatar_option_data['label']); ?>
                                 <?php if (isset($avatar_option_data['description'])) : ?>
-                                    <span class="description"><?php echo $avatar_option_data['description']; ?></span>
+                                    <span class="description"><?php echo $avatar_option_data['description']; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?></span>
                                 <?php endif; ?>
                             </label>
                         </p>
diff --git a/src/core/Plugin.php b/src/core/Plugin.php
@@ -1041,9 +1041,10 @@ public function filter_wp_get_object_terms($terms, $object_ids, $taxonomies, $ar
         $orderby       = 'ORDER BY tr.term_order';
         $order         = 'ASC';
         $object_ids    = (int)$object_ids;
+        // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
         $raw_coauthors = $wpdb->get_results(
-            $wpdb->prepare( // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
-                "SELECT t.name, t.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON tt.term_id = t.term_id INNER JOIN $wpdb->term_relationships AS tr ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tt.taxonomy IN (%s) AND tr.object_id IN (%s) $orderby $order",
+            $wpdb->prepare(
+                "SELECT t.name, t.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON tt.term_id = t.term_id INNER JOIN $wpdb->term_relationships AS tr ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tt.taxonomy IN (%s) AND tr.object_id IN (%s) $orderby $order", // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
                 $this->coauthor_taxonomy,
                 $object_ids
             )
diff --git a/src/functions/notify.php b/src/functions/notify.php
@@ -147,6 +147,7 @@ function wp_notify_postauthor($comment_id, $comment_type = '')
             $subject         = apply_filters('comment_notification_subject', $subject, $comment_id);
             $message_headers = apply_filters('comment_notification_headers', $message_headers, $comment_id);
 
+             // phpcs:ignore WordPressVIPMinimum.Functions.RestrictedFunctions.wp_mail_wp_mail
             wp_mail($author->user_email, $subject, $notify_message, $message_headers);
         }
 

Original file line number	Diff line number	Diff line change
`@@ -147,6 +147,7 @@ function wp_notify_postauthor($comment_id, $comment_type = '')`
`147`	`147`	`$subject = apply_filters('comment_notification_subject', $subject, $comment_id);`
`148`	`148`	`$message_headers = apply_filters('comment_notification_headers', $message_headers, $comment_id);`
`149`	`149`
	`150`	`+ // phpcs:ignore WordPressVIPMinimum.Functions.RestrictedFunctions.wp_mail_wp_mail`
`150`	`151`	`wp_mail($author->user_email, $subject, $notify_message, $message_headers);`
`151`	`152`	`}`
`152`	`153`