refactor: WordPress.Security.EscapeOutput.OutputNotEscaped, WordPress.Security.EscapeOutput.ExceptionNotEscaped escaping

[mralaminahamed]

All Submissions:

• My code follows the WordPress' coding standards
• My code satisfies feature requirements
• My code is tested
• My code passes the PHPCS tests
• My code has proper inline documentation
• I've included related pull request(s) (optional)
• I've included developer documentation (optional)
• I've added proper labels to this pull request

Changes proposed in this Pull Request:

This PR addresses security issues identified in the Dokan plugin for WordPress. It implements necessary fixes and improvements to enhance the plugin's security and protect against potential vulnerabilities.

Related Pull Request(s)

• N/A

Closes

• Closes #

How to test the changes in this Pull Request:

1. Review the changes made to the codebase to address the security issues.
2. Perform thorough testing, including manual testing and automated testing, to ensure the plugin's functionality is not affected by the security fixes.
3. Perform security testing or engage with security experts to validate the effectiveness of the implemented security measures.

Changelog entry

improved: WordPress security issues
fix: The parameter "$drop_down_tags" at position #2 of get_terms() has been deprecated since WordPress version 4.5.0. Instead do not pass the parameter.

This update addresses several security issues identified in the Dokan plugin for WordPress. It implements necessary fixes and improvements to enhance the plugin's security and protect against potential vulnerabilities. The changes include sanitizing user inputs, validating data, escaping outputs, and implementing proper access controls and authentication mechanisms.

Before Changes

The Dokan plugin had security vulnerabilities that could potentially lead to security breaches, such as cross-site scripting (XSS), SQL injection, or unauthorized access to sensitive data or functionality.

After Changes

After the changes, the Dokan plugin has enhanced security measures in place, with user inputs sanitized, data validated, outputs escaped, and proper access controls and authentication mechanisms implemented. This significantly reduces the risk of security vulnerabilities and ensures a more secure environment for plugin users.

Feature Video (optional)

N/A

PR Self Review Checklist:

• Code is following code style guidelines
• Code has appropriate naming conventions
• Code follows the KISS principle
• Code follows the DRY principle
• Code is readable and self-explanatory
• Code has no performance issues
• Code has no grammar errors

FOR PR REVIEWER ONLY:

As a reviewer, your feedback should be focused on the idea, not the person. Seek to understand, be respectful, and focus on constructive dialog.

As a contributor, your responsibility is to learn from suggestions and iterate your pull request should it be needed based on feedback. Seek to collaborate and produce the best possible contribution to the greater whole.

• Correct — Does the change do what it's supposed to? ie: code 100% fulfilling the requirements?
• Secure — Would a nefarious party find some way to exploit this change? ie: everything is sanitized/escaped appropriately for any SQL or XSS injection possibilities?
• Readable — Will your future self be able to understand this change months down the road?
• Elegant — Does the change fit aesthetically within the overall style and architecture?

Summary by CodeRabbit

• Bug Fixes

  • Enhanced security by sanitizing and escaping user inputs in various admin and setup wizard scripts.
  • Corrected variable assignments and added output escaping for widget titles and attributes in multiple widgets.

• Chores

  • Updated PHPCS configuration to include wc_esc_json for custom sanitizing functions.

[coderabbitai]

Actionable comments posted: 15

Outside diff range and nitpick comments (7)

includes/Admin/Hooks.php (1)

Line range hint 168-168: Remove unused parameter $post from the method override_product_author_by_admin.

- public function override_product_author_by_admin( $product_id, $post ) {
+ public function override_product_author_by_admin( $product_id ) {

includes/Order/Admin/Hooks.php (1)

Line range hint 179-179: Avoid using reserved keywords as parameter names to ensure compatibility with future PHP versions.

- public function admin_shop_order_row_classes( $classes, $class, $post_id ) {
+ public function admin_shop_order_row_classes( $classes, $class_name, $post_id ) {

templates/settings/store-form.php (2)

65-65: Ensure alt text for images is descriptive and accurate.

Consider improving the alt text for the banner image to be more descriptive than just "banner". This can enhance accessibility and SEO.

---

105-105: Ensure alt text for images is descriptive and accurate.

The alt text for the gravatar image is misspelled as "gravtar". It should be corrected to "gravatar" to improve readability and professionalism.

includes/template-tags.php (1)

Line range hint 299-299: Address unused function parameters.

The parameter $title in the function dokan_store_category_menu is never used. Consider removing it if it's not planned for future use:

- function dokan_store_category_menu( $seller_id, $title = '' ) {
+ function dokan_store_category_menu( $seller_id ) {

includes/Ajax.php (1)

Line range hint 877-877: Consider renaming the parameter to avoid using reserved keywords.

- public function create_attachment_object( $cropped, $parent_attachment_id ) {
+ public function create_attachment_object( $cropped, $parent_attachment_id, $attachment_details ) {

Using "object" as a parameter name can lead to confusion and potential issues in PHP, as it is a reserved keyword. Consider renaming it to something more descriptive like attachment_details.

includes/REST/ProductController.php (1)

Line range hint 1205-1205: Avoid using reserved keywords as parameter names.

The parameter name $object in the method prepare_links is a reserved keyword in some contexts. Consider renaming it to avoid potential issues in future PHP versions.

- protected function prepare_links($object, $request) {
+ protected function prepare_links($product, $request) {

Review Details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 0c90ac8 and f336658.

Files selected for processing (31)

• includes/Admin/Hooks.php (1 hunks)
• includes/Admin/SetupWizard.php (2 hunks)
• includes/Admin/SetupWizardNoWC.php (2 hunks)
• includes/Admin/SetupWizardWCAdmin.php (2 hunks)
• includes/Ajax.php (5 hunks)
• includes/Customizer/HeadingControl.php (1 hunks)
• includes/Customizer/RadioImageControl.php (1 hunks)
• includes/Order/Admin/Hooks.php (1 hunks)
• includes/PageViews.php (2 hunks)
• includes/REST/ProductController.php (3 hunks)
• includes/ReverseWithdrawal/ReverseWithdrawal.php (2 hunks)
• includes/Traits/ChainableContainer.php (2 hunks)
• includes/Widgets/BestSellingProducts.php (2 hunks)
• includes/Widgets/FilterByAttributes.php (4 hunks)
• includes/Widgets/ProductCategoryMenu.php (3 hunks)
• includes/Widgets/StoreCategoryMenu.php (4 hunks)
• includes/Widgets/StoreContactForm.php (5 hunks)
• includes/Widgets/StoreLocation.php (4 hunks)
• includes/Widgets/StoreOpenClose.php (5 hunks)
• includes/Widgets/TopratedProducts.php (3 hunks)
• includes/template-tags.php (3 hunks)
• phpcs.xml.dist (2 hunks)
• templates/page-views.php (1 hunks)
• templates/products/dokan-category-header-ui.php (2 hunks)
• templates/products/dokan-category-ui.php (1 hunks)
• templates/products/listing-status-filter.php (1 hunks)
• templates/products/new-product.php (1 hunks)
• templates/products/products-listing.php (2 hunks)
• templates/settings/bank-payment-method-settings.php (8 hunks)
• templates/settings/payment.php (2 hunks)
• templates/settings/store-form.php (3 hunks)

Files skipped from review due to trivial changes (12)

• includes/Admin/SetupWizardWCAdmin.php
• includes/Customizer/RadioImageControl.php
• includes/ReverseWithdrawal/ReverseWithdrawal.php
• includes/Traits/ChainableContainer.php
• includes/Widgets/StoreCategoryMenu.php
• includes/Widgets/StoreLocation.php
• templates/page-views.php
• templates/products/dokan-category-ui.php
• templates/products/new-product.php
• templates/products/products-listing.php
• templates/settings/bank-payment-method-settings.php
• templates/settings/payment.php

Additional Context Used

GitHub Check Runs (1)

Run PHPCS inspection success (11)

includes/Admin/Hooks.php: [warning] 168-168:
The method parameter $post is never used

---

includes/Ajax.php: [warning] 268-268:
Stand-alone post-increment statement found. Use pre-increment instead: ++$loop.

---

includes/Ajax.php: [warning] 269-269:
Stand-alone post-increment statement found. Use pre-increment instead: ++$file_count.

---

includes/Ajax.php: [warning] 877-877:
It is recommended not to use reserved keyword "object" as function parameter name. Found: $object

---

includes/Order/Admin/Hooks.php: [warning] 179-179:
It is recommended not to use reserved keyword "class" as function parameter name. Found: $class

---

includes/REST/ProductController.php: [warning] 1205-1205:
It is recommended not to use reserved keyword "object" as function parameter name. Found: $object

---

includes/template-tags.php: [warning] 299-299:
The method parameter $title is never used

Additional comments not posted (8)

includes/Customizer/HeadingControl.php (1)

31-33: Sanitization of the description using wp_kses enhances security by preventing potential XSS vulnerabilities.

includes/PageViews.php (1)

22-28: Refactoring to use dokan_get_template for script loading simplifies the code and potentially enhances security by including a nonce.

Verification successful

---

Nonce validation for 'dokan_pageview' is correctly implemented using check_ajax_referer in includes/PageViews.php.

• includes/PageViews.php: check_ajax_referer( 'dokan_pageview' );

Scripts Executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Description: Verify the usage of the nonce in the 'dokan_pageview' context to ensure it's properly validated.

# Test: Search for nonce verification in AJAX handling. Expect: Proper nonce verification logic.
rg --type php 'check_ajax_referer.*dokan_pageview'

Length of output: 123

templates/products/listing-status-filter.php (1)

23-23: Using esc_html__ and number_format_i18n for the product count enhances security and supports internationalization.

templates/products/dokan-category-header-ui.php (1)

16-16: Setting a default category when none is selected and using Helper::get_ancestors_html for category display improves user experience and code clarity.

Also applies to: 30-32

includes/Admin/SetupWizardNoWC.php (2)

132-132: Properly escaped error message enhances security.

---

231-239: Sanitization of user inputs is correctly implemented.

includes/Order/Admin/Hooks.php (1)

161-161: Properly sanitized output enhances security.

includes/Admin/SetupWizard.php (1)

518-518: Ensure proper escaping of dynamic data in printf.

- printf( esc_html__( 'Enable %s for your vendor as a withdraw method', 'dokan-lite' ), esc_html( dokan_withdraw_get_method_title( $key ) ) );
+ printf( esc_html__( 'Enable %s for your vendor as a withdraw method', 'dokan-lite' ), esc_html( dokan_withdraw_get_method_title( esc_html( $key ) ) ) );

Likely invalid or redundant comment.

[coderabbitai]

Actionable comments posted: 0

Outside diff range and nitpick comments (5)

includes/functions.php (5)

Line range hint 303-303: Avoid directly inserting variables into SQL queries. Use $wpdb->prepare() for safe SQL queries.

- AND terms.slug NOT IN ({$exclude_product_types_text})
+ AND terms.slug NOT IN (%s)", $exclude_product_types_text)

---

Line range hint 867-867: The parameters $key and $array are declared but never used in the function dokan_posted_input. Consider removing or using these parameters.

---

Line range hint 1103-1103: The shorthand array syntax "[]" is not supported in PHP versions earlier than 5.4. Use array() instead for backward compatibility.

- $all_days = [
+ $all_days = array(

---

Line range hint 1202-1202: Ensure the $_SERVER['QUERY_STRING'] index is defined before using it and sanitize it properly to prevent security issues.

- return add_query_arg( $_SERVER['QUERY_STRING'], '', home_url( $wp->request ) );
+ $query_string = isset($_SERVER['QUERY_STRING']) ? sanitize_text_field(wp_unslash($_SERVER['QUERY_STRING'])) : '';
+ return add_query_arg( $query_string, '', home_url( $wp->request ) );

---

Line range hint 3989-3989: The shorthand array syntax "[]" is not supported in PHP versions earlier than 5.4. Use array() instead for backward compatibility.

- $map = [
+ $map = array(

Review Details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between f336658 and ca9c085.

Files selected for processing (2)

• includes/PageViews.php (2 hunks)
• includes/functions.php (1 hunks)

Files skipped from review as they are similar to previous changes (1)

• includes/PageViews.php

Additional Context Used

GitHub Check Runs (1)

Run PHPCS inspection failure (21)

includes/functions.php: [warning] 49-49:
Found unknown capability "vendor_staff" in function call to current_user_can(). Please check the spelling of the capability. If this is a custom capability, please verify the capability is registered with WordPress via a call to WP_Role(s)->add_cap().
Custom capabilities can be made known to this sniff by setting the "custom_capabilities" property in the PHPCS ruleset.

---

includes/functions.php: [failure] 303-303:
Use placeholders and $wpdb->prepare(); found interpolated variable {$exclude_product_types_text} at WHERE tt.taxonomy = 'product_type' AND t.slug NOT IN ({$exclude_product_types_text})

---

includes/functions.php: [warning] 867-867:
The method parameter $key is never used

---

includes/functions.php: [warning] 867-867:
The method parameter $array is never used

---

includes/functions.php: [failure] 1103-1103:
The shorthand list syntax "[]" to destructure arrays is not available in PHP 7.0 or earlier.

---

includes/functions.php: [failure] 1202-1202:
Detected usage of a possibly undefined superglobal array index: $_SERVER['QUERY_STRING']. Use isset() or empty() to check the index exists before using it

---

includes/functions.php: [failure] 1202-1202:
$_SERVER['QUERY_STRING'] not unslashed before sanitization. Use wp_unslash() or similar

---

includes/functions.php: [failure] 1202-1202:
Detected usage of a non-sanitized input variable: $_SERVER['QUERY_STRING']

---

includes/functions.php: [failure] 3989-3989:
The shorthand list syntax "[]" to destructure arrays is not available in PHP 7.0 or earlier.

Additional comments not posted (1)

includes/functions.php (1)

Line range hint 49-49: Consider verifying the custom capability 'vendor_staff' used in current_user_can(). If it's a custom capability, ensure it's registered properly with WordPress.

[coderabbitai]

Actionable comments posted: 0

Outside diff range and nitpick comments (1)

includes/Ajax.php (1)

Line range hint 877-877: Avoid using reserved keywords as function parameter names.

- final public function create_attachment_object( $cropped, $parent_attachment_id ) {
+ final public function create_attachment_object( $cropped, $parent_attachment_id ) {

Consider renaming the $object parameter to avoid potential issues with PHP reserved keywords.

Review Details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between ca9c085 and 941271a.

Files selected for processing (2)

• includes/Ajax.php (5 hunks)
• templates/settings/store-form.php (3 hunks)

Files skipped from review as they are similar to previous changes (1)

• templates/settings/store-form.php

Additional Context Used

GitHub Check Runs (1)

Run PHPCS inspection failure (21)

includes/Ajax.php: [warning] 877-877:
It is recommended not to use reserved keyword "object" as function parameter name. Found: $object

Additional comments not posted (2)

includes/Ajax.php (2)

268-269: Optimize increment operations for clarity and performance.

This change uses pre-increment operators which are generally more performant in PHP, especially within loops.

---

Line range hint 695-705: Ensure correct usage of get_terms function.

Verification successful

---

The output from the shell scripts shows the usage of the get_terms function in various files. Let's analyze each instance to ensure the correct usage of the function.

1. includes/functions.php:

   • The get_terms function is not directly used here. The context provided is related to a different function, dokan_get_terms_condition_url.

2. includes/Ajax.php:

   • The get_terms function is used with the variable $drop_down_tags as its parameter. This appears to be correctly formatted.

3. includes/Widgets/ProductCategoryMenu.php:

   • The get_terms function is used with the variable $term_args as its parameter. This appears to be correctly formatted.

4. includes/Upgrade/Upgrades/V_2_6_9.php:

   • The get_terms function is used as $the_query->get_terms(). This is a method call on a WP_Term_Query object, which is correct.

5. includes/Product/ProductAttribute.php:

   • The get_terms function is used with two parameters: $taxonomy and an array of arguments. This appears to be correctly formatted.

6. templates/account/vendor-registration.php:

   • The get_terms function is not directly used here. The context provided is related to a different function, dokan_get_terms_condition_url.

7. templates/global/seller-registration-form.php:

   • The get_terms function is not directly used here. The context provided is related to a different function, dokan_get_terms_condition_url.

Based on the analysis, the usage of the get_terms function in the relevant files appears to be correct. Therefore, the review comment regarding the correct usage of the get_terms function can be verified as accurate.

Scripts Executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Description: Verify the correct usage of `get_terms` function across the codebase.

# Test: Search for the function usage. Expect: Only occurances with correct parameters.
rg --type php $'get_terms'

Length of output: 818

---

---

Script:

#!/bin/bash
# Extract lines where `get_terms` is used in each relevant file.

# Extract usage in includes/functions.php
rg --type php --context 5 'get_terms' includes/functions.php

# Extract usage in includes/Ajax.php
rg --type php --context 5 'get_terms' includes/Ajax.php

# Extract usage in includes/Widgets/ProductCategoryMenu.php
rg --type php --context 5 'get_terms' includes/Widgets/ProductCategoryMenu.php

# Extract usage in includes/Upgrade/Upgrades/V_2_6_9.php
rg --type php --context 5 'get_terms' includes/Upgrade/Upgrades/V_2_6_9.php

# Extract usage in includes/Product/ProductAttribute.php
rg --type php --context 5 'get_terms' includes/Product/ProductAttribute.php

# Extract usage in templates/account/vendor-registration.php
rg --type php --context 5 'get_terms' templates/account/vendor-registration.php

# Extract usage in templates/global/seller-registration-form.php
rg --type php --context 5 'get_terms' templates/global/seller-registration-form.php

Length of output: 3783

[coderabbitai]

Actionable comments posted: 0

Outside diff range and nitpick comments (9)

includes/functions.php (9)

Line range hint 303-303: Consider using placeholders and $wpdb->prepare() for SQL queries to prevent SQL injection vulnerabilities. Found interpolated variable {$exclude_product_types_text} in the SQL query.

- AND t.slug NOT IN ({$exclude_product_types_text})
+ AND t.slug NOT IN (%s)", $exclude_product_types_text)

---

Line range hint 867-867: The method parameter $key is never used in the function dokan_posted_input. Consider removing it if it's not necessary.

---

Line range hint 867-867: The method parameter $array is never used in the function dokan_posted_input. Consider removing it if it's not necessary.

---

Line range hint 867-867: It is recommended not to use reserved keyword "array" as a function parameter name. Found: $array in the function dokan_posted_input.

---

Line range hint 880-880: The method parameter $key is never used in the function dokan_posted_textarea. Consider removing it if it's not necessary.

---

Line range hint 977-977: The method parameter $pro is never used in the function dokan_locate_template. Consider removing it if it's not necessary.

---

Line range hint 2009-2009: The method parameter $args is never used in the function dokan_product_listing_filter. Consider removing it if it's not necessary.

---

Line range hint 2734-2734: The method parameter $seller_id is never used in the function dokan_get_seller_address. Consider removing it if it's not necessary.

---

Line range hint 3344-3344: It is recommended not to use reserved keyword "return" as a function parameter name. Found: $return in the function dokan_privacy_policy_text.

Review Details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 941271a and 1a3496b.

Files selected for processing (14)

• includes/Admin/SetupWizard.php (2 hunks)
• includes/Order/Admin/Hooks.php (2 hunks)
• includes/REST/ProductController.php (6 hunks)
• includes/Widgets/BestSellingProducts.php (2 hunks)
• includes/Widgets/FilterByAttributes.php (4 hunks)
• includes/Widgets/ProductCategoryMenu.php (3 hunks)
• includes/Widgets/StoreCategoryMenu.php (4 hunks)
• includes/Widgets/StoreContactForm.php (5 hunks)
• includes/Widgets/StoreLocation.php (4 hunks)
• includes/Widgets/StoreOpenClose.php (5 hunks)
• includes/Widgets/TopratedProducts.php (3 hunks)
• includes/functions.php (6 hunks)
• includes/template-tags.php (4 hunks)
• phpcs.xml.dist (2 hunks)

Files skipped from review as they are similar to previous changes (12)

• includes/Admin/SetupWizard.php
• includes/Order/Admin/Hooks.php
• includes/REST/ProductController.php
• includes/Widgets/BestSellingProducts.php
• includes/Widgets/FilterByAttributes.php
• includes/Widgets/ProductCategoryMenu.php
• includes/Widgets/StoreCategoryMenu.php
• includes/Widgets/StoreContactForm.php
• includes/Widgets/StoreLocation.php
• includes/Widgets/StoreOpenClose.php
• includes/Widgets/TopratedProducts.php
• includes/template-tags.php

Additional Context Used

GitHub Check Runs (1)

Run PHPCS inspection failure (12)

includes/functions.php: [failure] 303-303:
Use placeholders and $wpdb->prepare(); found interpolated variable {$exclude_product_types_text} at WHERE tt.taxonomy = 'product_type' AND t.slug NOT IN ({$exclude_product_types_text})

---

includes/functions.php: [warning] 867-867:
The method parameter $key is never used

---

includes/functions.php: [warning] 867-867:
The method parameter $array is never used

---

includes/functions.php: [warning] 867-867:
It is recommended not to use reserved keyword "array" as function parameter name. Found: $array

---

includes/functions.php: [warning] 880-880:
The method parameter $key is never used

---

includes/functions.php: [warning] 977-977:
The method parameter $pro is never used

---

includes/functions.php: [warning] 2009-2009:
The method parameter $args is never used

---

includes/functions.php: [warning] 2734-2734:
The method parameter $seller_id is never used

---

includes/functions.php: [warning] 3344-3344:
It is recommended not to use reserved keyword "return" as function parameter name. Found: $return

Additional comments not posted (2)

phpcs.xml.dist (2)

131-131: The addition of wc_esc_json and dokan_sanitize_phone_number to custom sanitizing functions is a good enhancement for security.

---

205-205: Addition of the vendor_staff capability is noted. Please ensure that this new capability is integrated and tested across the plugin to verify that it functions as intended.

Verification successful

---

The vendor_staff capability is integrated across the plugin in various contexts, including user roles, permissions, and access control. This confirms that the capability is properly integrated and utilized within the plugin.

• uninstall.php: The role is removed during uninstallation.
• includes/functions.php: The capability is checked for current user permissions and role assignments.
• includes/Rewrites.php: The capability is checked for user permissions.
• includes/Core.php: The capability is checked for user role validation.
• includes/Dashboard/Templates/Orders.php: The capability is checked for order export permissions.

Scripts Executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Description: Verify integration of the `vendor_staff` capability across the plugin.

# Test: Search for usage of the `vendor_staff` capability. Expect: Integration points across the plugin.
rg --type php $'vendor_staff'

Length of output: 709

[coderabbitai]

Actionable comments posted: 0

Outside diff range and nitpick comments (8)

includes/functions.php (8)

Line range hint 861-861: Consider removing or using the unused parameter $key in the function dokan_array_after.

---

Line range hint 861-861: Avoid using reserved keywords like array as parameter names to prevent potential conflicts in PHP. Consider renaming the parameter $array.

- function dokan_array_after( $array, $position, $new_array ) {
+ function dokan_array_after( $data_array, $position, $new_array ) {

---

Line range hint 874-874: The parameter $key is declared but not used within the function dokan_array_insert_after. Consider removing it if it's not necessary.

---

Line range hint 971-971: The parameter $pro is declared but not used within the function dokan_locate_template. Consider removing it if it's not necessary.

---

Line range hint 2003-2003: The parameter $args is declared but not used within the function dokan_product_listing_filter. Consider removing it if it's not necessary.

---

Line range hint 2728-2728: The parameter $seller_id is declared but not used within the function dokan_get_seller_status_count. Consider removing it if it's not necessary.

---

Line range hint 3338-3338: Avoid using reserved keywords like return as parameter names to prevent potential conflicts in PHP. Consider renaming the parameter $return.

- function dokan_privacy_policy_text( $return = false ) {
+ function dokan_privacy_policy_text( $should_return = false ) {

---

Line range hint 3382-3382: Avoid using reserved keywords like echo as parameter names to prevent potential conflicts in PHP. Consider renaming the parameter $echo.

- function dokan_login_form( $args = [], $echo = false ) {
+ function dokan_login_form( $args = [], $should_echo = false ) {

Review Details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 1a3496b and 4c3f4b6.

Files selected for processing (3)

• includes/Admin/Hooks.php (2 hunks)
• includes/Admin/SetupWizardNoWC.php (1 hunks)
• includes/functions.php (12 hunks)

Files skipped from review as they are similar to previous changes (2)

• includes/Admin/Hooks.php
• includes/Admin/SetupWizardNoWC.php

Additional Context Used

GitHub Check Runs (1)

Run PHPCS inspection success (10)

includes/functions.php: [warning] 861-861:
The method parameter $key is never used

---

includes/functions.php: [warning] 861-861:
The method parameter $array is never used

---

includes/functions.php: [warning] 861-861:
It is recommended not to use reserved keyword "array" as function parameter name. Found: $array

---

includes/functions.php: [warning] 874-874:
The method parameter $key is never used

---

includes/functions.php: [warning] 971-971:
The method parameter $pro is never used

---

includes/functions.php: [warning] 2003-2003:
The method parameter $args is never used

---

includes/functions.php: [warning] 2728-2728:
The method parameter $seller_id is never used

---

includes/functions.php: [warning] 3338-3338:
It is recommended not to use reserved keyword "return" as function parameter name. Found: $return

---

includes/functions.php: [warning] 3382-3382:
It is recommended not to use reserved keyword "echo" as function parameter name. Found: $echo

[coderabbitai]

Actionable comments posted: 1

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 4c3f4b6 and c8b8ede.

Files selected for processing (1)

• phpcs.xml.dist (2 hunks)

Additional comments not posted (1)

phpcs.xml.dist (1)

206-206: Addition of vendor_staff capability is appropriate.

This enhances role management by introducing a specific capability for vendor staff. Confirm that this capability is used consistently across the project.

Verification successful

---

Addition of vendor_staff capability is appropriate.

This enhances role management by introducing a specific capability for vendor staff. The capability is used consistently across the project in various files:

• uninstall.php
• includes/functions.php
• includes/Rewrites.php
• includes/Core.php
• includes/Dashboard/Templates/Orders.php

Scripts executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Description: Verify the use of `vendor_staff` capability.

# Test: Search for the capability usage. Expect: Consistent and appropriate usage.
rg --type php $'vendor_staff'

Length of output: 709

[mrabbani]

Need @getdokan/plugin-qa attention for:

• includes/PageViews.php
• templates/products/dokan-category-header-ui.php