Plugin Check (PCP)

外掛說明

Plugin Check 是測試你所開發的外掛是否符合 WordPress.org 外掛目錄需求標準的工具。使用這個外掛,你便能執行大多數用於全新提交外掛的檢查工作,並檢查你所開發的外掛是否符合相關需求。

此外,這個工具會依據開發最佳做法標示違規或發生問題的項目,例如國際化函式的正確使用方式及無障礙工具、效能及安全性最佳做法等基本需求都會進行檢查。

這些項目可使用 WordPress 管理後台使用者介面或 WP-CLI 進行檢查:

  • 如果要在 WordPress 管理後台檢查外掛,請前往 [工具]→[Plugin Check] 選單,必須具備在網站上管理外掛的權限,才能存取這個畫面。
  • To check a plugin using WP-CLI, please use the wp plugin check command. For example, to check the “Hello Dolly” plugin: wp plugin check hello.php
    • 請注意,在預設的狀況下使用 WP-CLI,僅能執行靜態檢查;為了同時納入執行階段檢查,目前的因應措施必須使用 WP-CLI 的 --require 引數,以便在載入 WordPress 前手動載入外掛檢查目錄中的 cli.php 檔案。命令範例:wp plugin check hello.php --require=./wp-content/plugins/plugin-check/cli.php

檢查項目區分為幾個類型,使用者可以依據需求為外掛自訂要進行檢查的類型。

請注意,這個外掛不會取代人工審閱流程,但可以協助開發者加快在 WordPress.org 外掛目錄核准上架的流程,並協助開發者避免某些常見錯誤。

即使並沒有要將外掛交由 WordPress.org 外掛目錄代管,一樣推薦開發者使用 Plugin Check,以便讓外掛掛遵循 WordPress 外掛的基本要求及最佳做法。

安裝方式

自動安裝

  1. 前往 [外掛]→[安裝外掛]
  2. 搜尋「Plugin Check」
  3. 安裝並啟用 Plugin Check 外掛。

手動安裝

  1. 將外掛安裝壓縮檔解壓縮所得的 plugin-check 資料夾上傳至網站的 /wp-content/plugins/ 目錄中。
  2. 前往 [外掛] 頁面。
  3. 啟用 Plugin Check 外掛。

常見問題集

在何處可以為這個專案做出貢獻?

這個外掛的全部開發工作均在 GitHub 存放庫上處理,如有任何問題或提取要求,請發佈在外掛的 GitHub 存放庫。

如果這個外掛的正確結果卻在報告中列為「錯誤」或「警告」,該如何處理?

我們開發這個外掛時已經極力避免這種誤判狀況,如果你發現這種問題,請在外掛的 GitHub 存放庫中提出。對於某些誤判狀況,例如 PHPCodeSniffer 偵測到的誤判狀況,開發者可以為程式碼進行註解,以忽略特定行號程式碼所產生的特定錯誤。

為什麼這個外掛會將某些項目標示為「不良」?

這個外掛並沒有將任何項目標示為「不良」。Plugin Check 旨在成為測試外掛的一種仍在持續改進的方式,測試外掛是否符合外掛審閱規範,例如是否符合無障礙工具、效能、安全性及其他方面的開發最佳做法,但並非全部外掛都必須遵守這些規範。檢查工具的目的在於確保上傳至 WordPress.org 外掛集中存放庫的外掛符合 WordPress 外掛的最新標準,並可以在各種類型的網站上執行。

許多網站會使用自訂外掛,這完全沒有問題;但是作為公開、且提供大量不同類型網站使用的外掛,必須具備最低程度的功能性,以確保在不同的環境中可以順利執行。外掛審閱規範便是因此而生。

這個外掛檢查程式仍未臻完善,也可能永遠無法完善,因為它只是協助外掛開發者或任何想要讓其外掛更強大的人的工具。提交至 WordPress.org 的全部外掛都必須交由專家團隊進行人工審閱,自動化外掛檢查程式只代表它是實用的工具,而非絕對的測量系統。

外掛是否需要通過全部檢查項目,才能在 WordPress.org 外掛目錄核准上架?

如果外掛要在 WordPress.org 外掛目錄核准上架,必須要通過 [外掛存放庫] 類型的全部檢查項目。其他檢查項目為額外檢查項目,視情況可以不需全部通過。

無論如何,能通過這個工具提供的檢查項目,有助於順利完成審閱程序,但並不保證外掛能在 WordPress.org 外掛目錄核准上架。

使用者評論

2024 年 9 月 18 日
Thanks, it is useful to find security issues like missed escape function or sanitization even if you do not plan on submitting the plugin to wordpress.org.
2024 年 7 月 13 日
DevTools for WordPress is an essential toolkit for WordPress plugin developers, providing a comprehensive suite of features to simplify and accelerate the development process. This plugin is designed to enhance your coding efficiency, improve testing workflows, and ensure seamless integration of your custom plugins into WordPress environments.
2024 年 5 月 4 日
A great way to validate plugins against WordPress ecosystem standards. Yet another useful tool.
2024 年 3 月 30 日
This tool is very useful, not just for developers.Since finding it, I use it to test any new plugins I want to use.I have had good responses from plugin author’s when contacting them to resolve matters.
閱讀全部 15 則使用者評論

參與者及開發者

以下人員參與了開源軟體〈Plugin Check (PCP)〉的開發相關工作。

參與者

〈Plugin Check (PCP)〉外掛目前已有 11 個本地化語言版本。 感謝全部譯者為這個外掛做出的貢獻。

將〈Plugin Check (PCP)〉外掛本地化為台灣繁體中文版

對開發相關資訊感興趣?

任何人均可瀏覽程式碼、查看 SVN 存放庫,或透過 RSS 訂閱開發記錄

變更記錄

1.1.0

  • Feature – New Non_Blocking_Scripts_Check (non_blocking_scripts) runtime check to warn about enqueued scripts that use neither defer nor async.
  • Enhancement – Changed the namespace of included checks.
  • Enhancement – Introduced severity levels for all errors and warnings.
  • Enhancement – CLI: Support checking a plugin from a path or URL.
  • Enhancement – Added short descriptions and URLs for each check.
  • Enhancement – Improved messaging in check results.
  • Enhancement – Updated code obfuscation check with more accurate results.
  • Enhancement – Updated plugin review check to flag missing input sanitization (WordPress.Security.ValidatedSanitizedInput).
  • Fix – Improve readme checks to exclude invalid files.
  • Fix – Only show edit link if files are actually editable.

1.0.2

  • Feature – New Enqueued_Scripts_Scope_Check (enqueued_scripts_scope), Enqueued_Styles_Size_Check (enqueued_styles_size) and Enqueued_Resources_Check (enqueued_resources) performance checks.
  • Enhancement – Improved readme check and added a new wp_plugin_check_ignored_readme_warnings filter.
  • Enhancement – New wp_plugin_check_default_categories filter to change the categories which are selected by default.
  • Enhancement – New wp_plugin_check_ignore_files filter to allow ignoring specific files.
  • Fix – Correct detection of readme files in Windows by normalizing file paths.

1.0.1

  • Fix – Add missing test-content folder needed for runtime checks.
  • Fix – Do not send emails when setting up test environment.
  • Fix – Prevent PHP warning when the argv variable isn’t set.

1.0.0

  • Feature – Complete overhaul of the plugin, its architecture, and all checks.
  • Feature – Added new WP-CLI commands for running checks and listing available options.
  • Enhancement – Added option to only run checks for a specific category.

0.2.3

  • Tweak – Use version 3.8.0 of the PHP_CodeSniffer library, moving away from squizlabs/PHP_CodeSniffer to use PHPCSStandards/PHP_CodeSniffer.
  • Fix – Ensure the plugin works as expected on the WP playground environment to enable reviewers to use PCP. Props @tellyworth.
  • Fix – Undefined array key “argv” when running the plugin check in certain environments. Props @afragen. #340

0.2.2

  • Enhancement – Include support for Windows Servers.
  • Enhancement – Avoid using PHP CLI directly, which enables plugin developers to use PCP in a variety of new environments.
  • Fix – Remove dependency on shell_exec and exec functions, which enables plugin developers to use PCP in a variety of new environments.
  • Fix – Prevent problems with Readme parser warning related to contributor_ignored for when running the check outside WP.org. Props @dev4press. #276
  • Fix – Remove extra period on the end of the sentence for Phar warning. Props @pixolin. #275

0.2.1

  • Added – ‘View in code editor’ link beneath each PHPCS error or warning. Props @EvanHerman, @westonruter, @felixarntz, @mukeshpanchal27 #262
  • Fix – Ensure readme.txt has priority over readme.md when both are present. Props @bordoni, @afragen #258
  • Fix – Ensure that the PHPCS check runs even when the PHPCS binary is not executable. Props @bordoni, @shawn-digitalpoint, @mrfoxtalbot #254
  • Fix – Readme changes and typos. Props @aaronjorbin. #261
  • Fix – Long lines of code with PHPCS check no longer expand over the size of the notice. Props @bordoni, @felixarntz. #263
  • Fix – Ensure that we have PHP 7.2 compatibility remove trailing comma. Props @bordoni, @leoloso. #265
  • Fix – Include all strings that were missed in the previous release. Props @bordoni, @pixolin. #270

0.2.0

  • Feature – Enable modification of the PHP Binary path used by the plugin with PLUGIN_CHECK_PHP_BIN constant.
  • Feature – Include a check for the usage of ALLOW_UNFILTERED_UPLOADS on any PHP files – Props EvanHerman at #45
  • Feature – Include a check for the presence of the application files (.a, .bin, .bpk, .deploy, .dist, .distz, .dmg, .dms, .DS_Store, .dump, .elc, .exe, .iso, .lha, .lrf, .lzh, .o, .obj, .phar, .pkg, .sh, ‘.so`) – Props EvanHerman at #43
  • Feature – Include a check for the presence of the readme.txt or readme.md file – Props EvanHerman at #42
  • Fix – Ensure that Readme parsing is included properly when a readme.md or readme.txt file is present. Props Bordoni #52
  • Tweak – Disallow functions move_uploaded_file, passthru, proc_open – Props alexsanford at #50
  • Tweak – Change the message type for using functions WordPress already includes from Warning to Error. Props davidperezgar at #18
  • Tweak – Change the message type for incorrect usage of Stable tag from Notice/Warning to Error. Props davidperezgar at #3

[0.1] 2011-09-04

Original version of the plugin check tool, not a released version of the plugin, this changelog is here for historical purposes only.