外掛說明
Plugin Check 是測試你所開發的外掛是否符合 WordPress.org 外掛目錄需求標準的工具。使用這個外掛,你便能執行大多數用於全新提交外掛的檢查工作,並檢查你所開發的外掛是否符合相關需求。
此外,這個工具會依據開發最佳做法標示違規或發生問題的項目,例如國際化函式的正確使用方式及無障礙工具、效能及安全性最佳做法等基本需求都會進行檢查。
這些項目可使用 WordPress 管理後台使用者介面或 WP-CLI 進行檢查:
- 如果要在 WordPress 管理後台檢查外掛,請前往 [工具]→[Plugin Check] 選單,必須具備在網站上管理外掛的權限,才能存取這個畫面。
- To check a plugin using WP-CLI, please use the
wp plugin check
command. For example, to check the “Hello Dolly” plugin:wp plugin check hello.php
- 請注意,在預設的狀況下使用 WP-CLI,僅能執行靜態檢查;為了同時納入執行階段檢查,目前的因應措施必須使用 WP-CLI 的
--require
引數,以便在載入 WordPress 前手動載入外掛檢查目錄中的cli.php
檔案。命令範例:wp plugin check hello.php --require=./wp-content/plugins/plugin-check/cli.php
- 你可以使用任意路徑或網址以檢查外掛。舉例來說,使用網址檢查外掛:
wp plugin check https://example.com/plugin.zip
或使用路徑檢查外掛:wp plugin check /path/to/plugin
- 請注意,在預設的狀況下使用 WP-CLI,僅能執行靜態檢查;為了同時納入執行階段檢查,目前的因應措施必須使用 WP-CLI 的
檢查項目區分為幾個類型,使用者可以依據需求為外掛自訂要進行檢查的類型。
請注意,這個外掛不會取代人工審閱流程,但可以協助開發者加快在 WordPress.org 外掛目錄核准上架的流程,並協助開發者避免某些常見錯誤。
即使並沒有要將外掛交由 WordPress.org 外掛目錄代管,一樣推薦開發者使用 Plugin Check,以便讓外掛掛遵循 WordPress 外掛的基本要求及最佳做法。
安裝方式
自動安裝
- 前往 [外掛]→[安裝外掛]。
- 搜尋「Plugin Check」。
- 安裝並啟用 Plugin Check 外掛。
手動安裝
- 將外掛安裝壓縮檔解壓縮所得的
plugin-check
資料夾上傳至網站的/wp-content/plugins/
目錄中。 - 前往 [外掛] 頁面。
- 啟用 Plugin Check 外掛。
常見問題集
-
在何處可以為這個專案做出貢獻?
-
這個外掛的全部開發工作均在 GitHub 存放庫上處理,如有任何問題或提取要求,請發佈在外掛的 GitHub 存放庫。
-
如果這個外掛的正確結果卻在報告中列為「錯誤」或「警告」,該如何處理?
-
我們開發這個外掛時已經極力避免這種誤判狀況,如果你發現這種問題,請在外掛的 GitHub 存放庫中提出。對於某些誤判狀況,例如 PHPCodeSniffer 偵測到的誤判狀況,開發者可以為程式碼進行註解,以忽略特定行號程式碼所產生的特定錯誤。
-
為什麼這個外掛會將某些項目標示為「不良」?
-
這個外掛並沒有將任何項目標示為「不良」。Plugin Check 旨在成為測試外掛的一種仍在持續改進的方式,測試外掛是否符合外掛審閱規範,例如是否符合無障礙工具、效能、安全性及其他方面的開發最佳做法,但並非全部外掛都必須遵守這些規範。檢查工具的目的在於確保上傳至 WordPress.org 外掛集中存放庫的外掛符合 WordPress 外掛的最新標準,並可以在各種類型的網站上執行。
許多網站會使用自訂外掛,這完全沒有問題;但是作為公開、且提供大量不同類型網站使用的外掛,必須具備最低程度的功能性,以確保在不同的環境中可以順利執行。外掛審閱規範便是因此而生。
這個外掛檢查程式仍未臻完善,也可能永遠無法完善,因為它只是協助外掛開發者或任何想要讓其外掛更強大的人的工具。提交至 WordPress.org 的全部外掛都必須交由專家團隊進行人工審閱,自動化外掛檢查程式只代表它是實用的工具,而非絕對的測量系統。
-
外掛是否需要通過全部檢查項目,才能在 WordPress.org 外掛目錄核准上架?
-
如果外掛要在 WordPress.org 外掛目錄核准上架,必須要通過 [外掛存放庫] 類型的全部檢查項目。其他檢查項目為額外檢查項目,視情況可以不需全部通過。
無論如何,能通過這個工具提供的檢查項目,有助於順利完成審閱程序,但並不保證外掛能在 WordPress.org 外掛目錄核准上架。
使用者評論
參與者及開發者
變更記錄
1.3.0
- Enhancement – Update disallowed domains for Plugin URI check.
- Enhancement – Added new checks for Plugin Header fields: missing plugin description, missing plugin version and invalid plugin version.
- Enhancement – New check for validation of donate link in the readme file.
- Enhancement – Increased severity for wrong Plugin Requires.
- Enhancement – Added check Restrict parse_str() without second argument.
- Enhancement – New check for Disallow usage of HEREDOC and NOWDOC.
- Enhancement – Added acronyms allowed in Trademark checks.
- Enhancement – Added option in CLI to add low severity errors and warnings.
- Enhancement – Change error type for License check error codes.
- Enhancement – Always use prefixed tables during runtime check requests.
- Enhancement – Created a new class for checking licenses.
- Enhancement – Added support for MPL-2.0 license.
- Enhancement – Implement gherkin linter in GH action.
- Enhancement – Update check for Contributors in markdown readme files.
- Enhancement – CLI: Fix confusing runtime environment setup order.
- Enhancement – Allow custom checks to provide installed_paths.
- Enhancement – Improved the use of localhost URLs in the Plugin.
- Enhancement – Documented checks in the plugin.
- Enhancement – Increased severity for Code obfuscation checks.
- Enhancement – Diffentiate between no existent readme and default readme file.
- Enhancement – Encourage developers to use native functions for loading images in templates.
- Enhancement – Added a check for not allowing include libraries already in WordPress core.
- Enhancement – Warning for usage of query_posts() in favor of WP_Query.
- Fix – Fix for the local environment is set up before testing.
- Fix – Fix addon checks not being executed when running runtime checks.
- Fix – Allow
default
as a text domain in the text domain check. - Fix – Allow GitHub URLs in the Plugin URI field.
- Fix – Don’t flag Apache license. It’s allowed in the WordPress.org plugin repository.
- Fix – Removes the path before the plugin, so it won’t affect to badly named files.
1.2.0
- Enhacement – Added a check for badly used names in files.
- Enhancement – Increased severity for
BacktickOperator
,DisallowShortOpenTag
,DisallowAlternativePHPTags
,RestrictedClasses
, andRestrictedFunctions
. - Enhancement – Added security checks to the Plugin repository category.
- Enhancement – Allowed
runtime-set
in code sniffer checks. - Enhancement – Changed warnings to errors in plugin header checks.
- Enhancement – Detect forbidden plugin headers such as repository URIs in the Directory.
- Enhancement – Added a new check for development functions that are not allowed in final plugins.
- Enhancement – Created new images and icons for the plugin.
- Enhancement – Introduced a slug argument in the CLI.
- Enhancement – Added a check for discouraged PHP functions.
- Enhancement – Added validation for Contributors in the readme file.
- Enhancement – Added a warning for mismatched plugin names in the plugin header and readme file.
- Enhancement – Checked for validation of Plugin Header fields: Name, Plugin URI, Description, Author URI, Requires at least, Requires PHP, and Requires Plugins.
- Enhancement – Added a warning if the “Tested up to” value in the readme file exceeds the released version of WordPress.
- Fix – Display a success message if no errors or warnings are found.
- Fix – Made table results responsive.
- Fix – Prevent proceeding to the next check if the Stable Tag value is set to
trunk
. - Fix – Allow runtime initialization even when only add-on checks are requested.
- Fix – Fixed an SPDX warning for the
GPL version 3
license. - Fix – Prevent runtime checks in the CLI context when they cannot be used.
1.1.0
- Feature – New
Non_Blocking_Scripts_Check
(non_blocking_scripts
) runtime check to warn about enqueued scripts that use neitherdefer
norasync
. - Enhancement – Changed the namespace of included checks.
- Enhancement – Introduced severity levels for all errors and warnings.
- Enhancement – CLI: Support checking a plugin from a path or URL.
- Enhancement – Added short descriptions and URLs for each check.
- Enhancement – Improved messaging in check results.
- Enhancement – Updated code obfuscation check with more accurate results.
- Enhancement – Updated plugin review check to flag missing input sanitization (
WordPress.Security.ValidatedSanitizedInput
). - Fix – Improve readme checks to exclude invalid files.
- Fix – Only show edit link if files are actually editable.
1.0.2
- Feature – New
Enqueued_Scripts_Scope_Check
(enqueued_scripts_scope
),Enqueued_Styles_Size_Check
(enqueued_styles_size
) andEnqueued_Resources_Check
(enqueued_resources
) performance checks. - Enhancement – Improved readme check and added a new
wp_plugin_check_ignored_readme_warnings
filter. - Enhancement – New
wp_plugin_check_default_categories
filter to change the categories which are selected by default. - Enhancement – New
wp_plugin_check_ignore_files
filter to allow ignoring specific files. - Fix – Correct detection of readme files in Windows by normalizing file paths.
1.0.1
- Fix – Add missing
test-content
folder needed for runtime checks. - Fix – Do not send emails when setting up test environment.
- Fix – Prevent PHP warning when the
argv
variable isn’t set.
1.0.0
- Feature – Complete overhaul of the plugin, its architecture, and all checks.
- Feature – Added new WP-CLI commands for running checks and listing available options.
- Enhancement – Added option to only run checks for a specific category.
0.2.3
- Tweak – Use version 3.8.0 of the PHP_CodeSniffer library, moving away from
squizlabs/PHP_CodeSniffer
to usePHPCSStandards/PHP_CodeSniffer
. - Fix – Ensure the plugin works as expected on the WP playground environment to enable reviewers to use PCP. Props @tellyworth.
- Fix – Undefined array key “argv” when running the plugin check in certain environments. Props @afragen. #340
0.2.2
- Enhancement – Include support for Windows Servers.
- Enhancement – Avoid using PHP CLI directly, which enables plugin developers to use PCP in a variety of new environments.
- Fix – Remove dependency on
shell_exec
andexec
functions, which enables plugin developers to use PCP in a variety of new environments. - Fix – Prevent problems with Readme parser warning related to
contributor_ignored
for when running the check outside WP.org. Props @dev4press. #276 - Fix – Remove extra period on the end of the sentence for Phar warning. Props @pixolin. #275
0.2.1
- Added – ‘View in code editor’ link beneath each PHPCS error or warning. Props @EvanHerman, @westonruter, @felixarntz, @mukeshpanchal27 #262
- Fix – Ensure
readme.txt
has priority overreadme.md
when both are present. Props @bordoni, @afragen #258 - Fix – Ensure that the PHPCS check runs even when the PHPCS binary is not executable. Props @bordoni, @shawn-digitalpoint, @mrfoxtalbot #254
- Fix – Readme changes and typos. Props @aaronjorbin. #261
- Fix – Long lines of code with PHPCS check no longer expand over the size of the notice. Props @bordoni, @felixarntz. #263
- Fix – Ensure that we have PHP 7.2 compatibility remove trailing comma. Props @bordoni, @leoloso. #265
- Fix – Include all strings that were missed in the previous release. Props @bordoni, @pixolin. #270
0.2.0
- Feature – Enable modification of the PHP Binary path used by the plugin with
PLUGIN_CHECK_PHP_BIN
constant. - Feature – Include a check for the usage of
ALLOW_UNFILTERED_UPLOADS
on any PHP files – Props EvanHerman at #45 - Feature – Include a check for the presence of the application files (
.a
,.bin
,.bpk
,.deploy
,.dist
,.distz
,.dmg
,.dms
,.DS_Store
,.dump
,.elc
,.exe
,.iso
,.lha
,.lrf
,.lzh
,.o
,.obj
,.phar
,.pkg
,.sh
, ‘.so`) – Props EvanHerman at #43 - Feature – Include a check for the presence of the readme.txt or readme.md file – Props EvanHerman at #42
- Fix – Ensure that Readme parsing is included properly when a readme.md or readme.txt file is present. Props Bordoni #52
- Tweak – Disallow functions
move_uploaded_file
,passthru
,proc_open
– Props alexsanford at #50 - Tweak – Change the message type for using functions WordPress already includes from Warning to Error. Props davidperezgar at #18
- Tweak – Change the message type for incorrect usage of Stable tag from Notice/Warning to Error. Props davidperezgar at #3
[0.1] 2011-09-04
Original version of the plugin check tool, not a released version of the plugin, this changelog is here for historical purposes only.