Skip to content

fix: resolve WordPress Plugin Check security and readme warnings#2909

Merged
Soare-Robert-Daniel merged 10 commits into
developmentfrom
fix/translations
Jul 3, 2026
Merged

fix: resolve WordPress Plugin Check security and readme warnings#2909
Soare-Robert-Daniel merged 10 commits into
developmentfrom
fix/translations

Conversation

@Soare-Robert-Daniel

Copy link
Copy Markdown
Contributor

Summary

  • Align readme.txt license and plugin name with the plugin header for WordPress.org Plugin Check
  • Add wp_unslash() before sanitizing $_GET, $_POST, $_COOKIE, and $_SERVER inputs
  • Replace unescaped _e() output with esc_html_e() in WooCommerce Builder metabox templates
  • Replace the bit.ly docs short URL with the full Themeisle documentation link
  • Call WP 7.0 AI client APIs via call_user_func() to satisfy minimum-version static analysis while keeping function_exists() guards

Test plan

  • Confirm Plugin Check CI passes or shows fewer plugin_repo / security findings on this branch
  • Smoke-test WooCommerce product editor metabox (upsell + Pro activate copy still renders)
  • Smoke-test Otter Pro WooCommerce Builder enable/disable metabox strings
  • Verify docs links from upsell/admin surfaces resolve to the Themeisle documentation article
  • Confirm AI features still detect WP AI Client availability on WP 7.0+

Made with Cursor

Soare-Robert-Daniel and others added 5 commits July 2, 2026 12:58
Resolves Plugin Check mismatched_plugin_name and license identifier warnings.

Co-authored-by: Cursor <cursoragent@cursor.com>
Avoids Plugin Check wrong-version errors while keeping function_exists guards.

Co-authored-by: Cursor <cursoragent@cursor.com>
Adds wp_unslash() for $_GET, $_POST, $_COOKIE, and $_SERVER inputs flagged by Plugin Check.

Co-authored-by: Cursor <cursoragent@cursor.com>
Replaces _e() with esc_html_e() in WooCommerce Builder metabox templates.

Co-authored-by: Cursor <cursoragent@cursor.com>
Resolves Plugin Check short URL warning for get_docs_url().

Co-authored-by: Cursor <cursoragent@cursor.com>
@pirate-bot pirate-bot added the pr-checklist-incomplete The Pull Request checklist is incomplete. (automatic label) label Jul 2, 2026
@pirate-bot

pirate-bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Bundle Size Diff

Package Old Size New Size Diff
Animations 178.27 KB 178.27 KB 0 B (0.00%)
Blocks 1.65 MB 1.65 MB 0 B (0.00%)
CSS 7.83 KB 7.83 KB 0 B (0.00%)
Dashboard 172.49 KB 172.49 KB 0 B (0.00%)
Onboarding 68.14 KB 68.14 KB 0 B (0.00%)
Export Import 4.73 KB 4.73 KB 0 B (0.00%)
Pro 439.64 KB 439.64 KB 0 B (0.00%)

@pirate-bot

pirate-bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Plugin build for 197f559 is ready 🛎️!

@pirate-bot

pirate-bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

E2E Tests

Playwright Test Status: See serial and parallel matrix jobs

Performance Results serverResponse: {"q25":461.3,"q50":484.8,"q75":498.8,"cnt":10}, firstPaint: {"q25":1390.2,"q50":1562.85,"q75":1960.2,"cnt":10}, domContentLoaded: {"q25":3866.1,"q50":3883.45,"q75":3913.8,"cnt":10}, loaded: {"q25":3868.1,"q50":3885.05,"q75":3915.6,"cnt":10}, firstContentfulPaint: {"q25":4392.3,"q50":4405.6,"q75":4438.3,"cnt":10}, firstBlock: {"q25":14946.8,"q50":14989.3,"q75":15061.1,"cnt":10}, type: {"q25":26,"q50":27.86,"q75":31.66,"cnt":10}, typeWithoutInspector: {"q25":22.7,"q50":26.04,"q75":28.96,"cnt":10}, typeWithTopToolbar: {"q25":33.79,"q50":35.43,"q75":38.16,"cnt":10}, typeContainer: {"q25":17.79,"q50":19.08,"q75":20.12,"cnt":10}, focus: {"q25":133.52,"q50":141.36,"q75":149.92,"cnt":10}, inserterOpen: {"q25":46.9,"q50":47.95,"q75":49.5,"cnt":10}, inserterSearch: {"q25":16.72,"q50":17.92,"q75":19.02,"cnt":10}, inserterHover: {"q25":5.26,"q50":5.64,"q75":6.06,"cnt":20}, loadPatterns: {"q25":1879.86,"q50":1888.33,"q75":1944.02,"cnt":10}, listViewOpen: {"q25":245.58,"q50":256.22,"q75":259.66,"cnt":10}

@Soare-Robert-Daniel Soare-Robert-Daniel added the pr-checklist-skip Allow this Pull Request to skip checklist. label Jul 2, 2026
@pirate-bot pirate-bot added pr-checklist-complete The Pull Request checklist is complete. (automatic label) and removed pr-checklist-incomplete The Pull Request checklist is incomplete. (automatic label) labels Jul 2, 2026

if ( isset( $_COOKIE[ $condition['cookie_key'] ] ) ) { // phpcs:ignore WordPressVIPMinimum.Variables.RestrictedVariables.cache_constraints___COOKIE
$cookie = esc_attr( $_COOKIE[ $condition['cookie_key'] ] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPressVIPMinimum.Variables.RestrictedVariables.cache_constraints___COOKIE
$cookie = esc_attr( sanitize_text_field( wp_unslash( $_COOKIE[ $condition['cookie_key'] ] ) ) ); // phpcs:ignore WordPressVIPMinimum.Variables.RestrictedVariables.cache_constraints___COOKIE

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think esc_attr is needed here. Escaping is usually done for echoing output.

Comment thread readme.txt Outdated
@@ -1,12 +1,12 @@
=== Otter Blocks - Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE ===
=== Otter – Page Builder Blocks & Extensions for Gutenberg ===

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should check with marketing cc: @harshitarora-in before changing this. It can possibly break ranking and search results. As the plugin check is not running on update, I think we can ignore it for now if we don't want to change/sync them both in the admin dashboard and on wp.org.

@Soare-Robert-Daniel Soare-Robert-Daniel merged commit 583bc17 into development Jul 3, 2026
16 of 17 checks passed
@Soare-Robert-Daniel Soare-Robert-Daniel deleted the fix/translations branch July 3, 2026 08:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

pr-checklist-complete The Pull Request checklist is complete. (automatic label) pr-checklist-skip Allow this Pull Request to skip checklist.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants