Откорректировать плагин WordPress по требованиям площадки

Текущий плагин работает и выполняет возложенные на него функции. Но WordPress Plugin Directory его у себя не размещает, пока не будут соблюдены требования платформы.

Необходимо доработать плагин согласно требованиям.

Плагин в прикреплении.

Требования:

You still have serious issues.

## Please use wp_enqueue commands

Your plugin is not correctly including JS and/or CSS. You should be using the built in functions for this:

• https://developer.wordpress.org/reference/functions/wp_enqueue_script/
• https://developer.wordpress.org/reference/functions/wp_enqueue_style/

And remember you can use this function to add inline javascript:

• https://developer.wordpress.org/reference/functions/wp_add_inline_script/

If you're trying to enqueue on the admin pages you'll want to use the admin enqueues

• https://developer.wordpress.org/reference/hooks/admin_enqueue_scripts/
• https://developer.wordpress.org/reference/hooks/admin_print_scripts/
• https://developer.wordpress.org/reference/hooks/admin_print_styles/

Example(s) from your plugin:

emailtools/emailtools.php:23:

emailtools/emailtools.php:28:

## Don’t use esc_ functions to sanitize

When sanitizing data, it’s important to use sanitization functions, not escape functions. The two work together, but are not interchangeable.

Functions like esc_attr() do NOT sanitize anything, and should never be used for that purpose.

The sole exception to this is URLs, which can use esc_url() or esc_url_raw() when being saved.

Please review this document for help finding the most appropriate sanitization functions: https://developer.wordpress.org/plugins/security/securing-input/

Example(s) from your plugin:

$key = esc_attr($_POST['emt_api_key']);

$updated = update_option('emt_api_key', $key);

## Nonces and User Permissions Needed for Security

Please add a nonce to your POST calls to prevent unauthorized access.

Keep in mind, check_admin_referer alone is not bulletproof security. Do not rely on nonces for authorization purposes. Use current_user_can() in order to prevent users without the right permissions from accessing things.

If you use wp_ajax to trigger submission checks, remember they also need a nonce check.

You also must avoid checking for post submission outside of functions. Doing so means the check runs on every single load of the plugin which means every single person who views any page on a site using your plugin will check for a submission. Doing that makes your code slow and unwieldy for users on any high-traffic site, causing instability and crashes.

The following links may assist you in development:

• https://developer.wordpress.org/plugins/security/nonces/
• https://developer.wordpress.org/plugins/javascript/ajax/#nonce
• https://developer.wordpress.org/plugins/settings/settings-api/

Example(s) from your plugin:

function emt_add_admin_menu_html()