Who could foresee that a plugin would get pulled from the WordPress plugin directory for a security issue when the developer has left in commented out security checks?
The bigger sin is the use of "Yoda style" order of "if" statements with the value before the variable. I don't get the "protecting from myself" thinking, it's atrocious to read. He even went with the "==="' operator, hard to miss two equal signs for it to become an assignment, so why bother?
Who could foresee that a plugin would get pulled from the WordPress plugin directory for a security issue when the developer has left in commented out security checks? | Spyke
The bigger sin is the use of "Yoda style" order of "if" statements with the value before the variable. I don't get the "protecting from myself" thinking, it's atrocious to read. He even went with the "==="' operator, hard to miss two equal signs for it to become an assignment, so why bother?
Context please.
This is the plugin: https://wordpress.org/plugins/sendpress/ These are security changes the developer made today, which presumably is in response to the plugin being closed for a security issue: https://plugins.trac.wordpress.org/changeset/2990357/ Here is the file from the screenshot: https://plugins.trac.wordpress.org/browser/sendpress/trunk/classes/views/class-sendpress-view-pro.php?rev=2990358 The code in that file is still missing needed security even after the security change made today.
Thank you for the info