Plugin Check (PCP)

變更記錄

2.0.0

• Enhancement – Add WordPress functions compatibility check to flag usage of functions unavailable in a plugin’s declared minimum WordPress version.
• Enhancement – Add Write File check to detect plugins saving data in the plugin folder instead of the uploads directory or database.
• Enhancement – Add batched AI false positive detection with check-specific prompts and AI model selection for WP-CLI.
• Enhancement – Add CTRF export support for check results.
• Enhancement – Add an error count summary to the Plugin Check UI.
• Enhancement – Improve Direct File Access detection for library-style files.
• Enhancement – Adjust checks for update mode.
• Fix – Relax Update URI header validation for WordPress.org plugin URLs.
• Fix – Improve WordPress functions compatibility detection to avoid PHP serialization false positives.
• Fix – Respect wp_supports_ai() and text-capable model filtering in the Plugin Namer.
• Fix – Show Plugin Namer token usage in results.
• Fix – Recognize EUPL as a GPL-compatible license.
• Fix – Improve internationalization for emoji-prefixed labels.
• Fix – Update PHPCS sniffer repository links.
• Tweak – Update WP-CLI runtime checks documentation.
• Chore – Add automated WordPress function compatibility data generation.
• Chore – Add AI usage disclosure to the pull request template.
• Chore – Add AI coding agent instructions.
• Chore – Clean up wp-env development and test configuration warnings.
• Chore – Show a WordPress Playground preview button on pull requests.
• Chore – Update development and CI dependencies.

1.9.0

• Enhancement – Use the WordPress 7.0 core AI connectors.
• Enhancement – Add External Admin Menu Links check to detect external URLs in top-level admin menus.
• Enhancement – Add and refine the block metadata compatibility check to require apiVersion 3+ for WordPress 7.0+ iframe editor compatibility, including adjusted severity by mode.
• Enhancement – Improve Plugin Updater detection to identify Plugin Update Checker (PUC) calls.
• Enhancement – Accept WTFPL as a GPL-compatible license.
• Fix – Improve PayPal donation URL validation for complex query strings.
• Fix – Ensure AI Check uses the configured model preference.
• Fix – Show a clear Plugin Namer error message when AI connector status is unavailable.
• Fix – Update the Plugin Namer connector settings page link.
• Tweak – Convert the load_plugin_textdomain() check from error to warning severity.
• Fix – Improve readme contributors validation when trailing commas are present.
• Fix – Make markdown file checks case-insensitive.
• Tweak – Refine escaping sniff error messages for clearer guidance.
• Chore – Update development dependencies, including @wordpress/scripts, simple-git, basic-ftp, svgo, immutable, and @wp-playground/cli.
• Tweak – Update WordPress.org Plugins Team naming for consistency.

1.8.0

• Enhancement – Add AI-powered Plugin Namer tool to evaluate plugin names for trademark conflicts and naming best practices.
• Enhancement – Add AI Instructions Detection Check to identify AI tool configuration files and development-only directories.
• Enhancement – Add support for exporting check results in CSV, JSON, and Markdown formats.
• Enhancement – Add check type filter to allow filtering results by errors and warnings.
• Enhancement – Add Direct File Access check to ensure proper security validation with ABSPATH constant.
• Enhancement – Add check for mismatched “Tested up to” header between plugin header and readme.txt.
• Enhancement – Update trademark check to remove acronym exceptions and improve flexibility.
• Enhancement – Add heredoc sniff to detect and restrict heredoc usage (nowdoc allowed).
• Fix – Update Playground integration blueprint for compatibility.
• Fix – Force correct plugin slug detection in WP-CLI command.

1.7.0

• Enhancement – Add Minified File Detection Check to identify and handle minified files in plugins.
• Enhancement – Implement check for insecure use of wp_verify_nonce() to improve security validation.
• Enhancement – Add direct database query sniff to detect direct database calls without using WordPress functions.
• Enhancement – Add prefixing check to ensure proper function and class name prefixing.
• Enhancement – Update localhost sniff regex to improve detection of localhost URLs including *.local domains.
• Enhancement – Disallow runtime checks when custom user table constants are defined for better compatibility.
• Enhancement – Add forbidden functions check to detect usage of disallowed PHP functions.
• Enhancement – New check for wp_safe_redirect to encourage use of WordPress safe redirect function.
• Enhancement – Improve mismatched text domain check for better internationalization validation.
• Enhancement – Detect links that request five-star reviews to enforce plugin directory guidelines.
• Enhancement – Add The Unlicense to GPL-compatible license check.
• Enhancement – Improve localhost sniff code for more accurate detection.
• Fix – Ignore vendor_prefixed and vendor-prefixed folders in checks to prevent false positives.
• Fix – Handle possible empty element in scanner to prevent PHP warnings.
• Fix – Hide error output in scanner for cleaner output.
• Fix – Call ReflectionProperty::setAccessible() only in older PHP versions for better PHP 8.1+ compatibility.
• Fix – Prevent deletion of custom WordPress tables during cleanup in test environment.

1.6.0

• Enhancement – Support strict output format for CLI commands.
• Enhancement – Improve check for donate link in readme.
• Enhancement – Improve info check in Version utils.
• Enhancement – Improve URL validation for plugin header fields.
• Enhancement – Improve ruleset files.
• Enhancement – Increased severity for invalid plugin uri domain and plugin description checks in plugin header.
• Enhancement – Remove CallTimePassByReference as it’s deprecated rule.
• Enhancement – Disallow special characters in textdomain.
• Enhancement – Imported readme parser for preventing conflicts with wordpress.org. Use dotorg readme parser if available.
• Enhancement – Discourage the use of load_plugin_textdomain found in plugins as it’s not necessary in wordpress.org.
• Enhancement – Upgrade severity for missing readme headers.
• Enhancement – Show tested up to minor check only when it is current major version.
• Enhancement – Added link in plugins page to run the plugin check.
• Fix – Dynamic WP Content folder.
• Fix – Fix test for special chars in file names giving problems to users after clone.
• Fix – Remove Image_Functions_Check as they were making false positives.
• Fix – Prevent WordPress version 10+ from being flagged as an error in the “Tested up to” check.

1.5.0

• Enhancement – Improve url validation to check duplicate protocol.
• Enhancement – Update severity for incorrect textdomains and i18n error codes.
• Enhancement – Now issues in URL Author check are ERROR instead of WARNING.
• Enhancement – New check for minor version in Tested up.
• Enhancement – Make sure headers are not empty in the requires header check.
• Enhancement – Include experimental option in admin.
• Enhancement – Add Behat test for experimental checks from addons.
• Enhancement – Improve license check for Apache.
• Enhancement – Warn if requires headers are not same in readme and plugin header.
• Fix – Remove warning for dynamic callback in register_setting check.
• Fix – Incorrect database tables being referenced on subsites in Multisite.

1.4.0

• Enhancement – Allow ISC license in the License check.
• Enhancement – Added check for use of settings with sanitization callback.
• Enhancement – Added –ignore-codes in CLI to introduce a mechanism to ignore specific error codes.
• Enhancement – New utils for fetching necessary version info details.
• Enhancement – Added check for unsupported plugin name in plugin header field.
• Enhancement – Segregate the severity of i18n checks. Make sure that is giving errors in the right context.
• Enhancement – Provide more detailed information about checks when the README does not include a tested version or a list of contributors.
• Enhancement – Added rules from WPCS to prevent issues with content being sent before headers and warn about the use of Call-time pass-by-reference.
• Enhancement – Give more context in the error of check wrong named files.
• Enhancement – Simplified PHPUnit setup. Now it does not depend of running inside a WordPress installation.
• Enhancement – Added new check for restricted contributors.
• Fix – Delete transients in unit tests to avoid false positives.
• Fix – Incorrect Tested up to version comparison will make error for two major versions up.
• Fix – Excluded the use of functions file_get_contents and file_put_contents in the check to prevent false positives.
• Fix – Duplicated error message in the check for wrong named files.
• Fix – Use of Json encode wasn’t firing the error message.
• Fix – Change error type of NonEnqueuedImage in ImageFunctions sniff from ERROR to WARNING.

1.3.1

• Enhancement – Add version utilities.
• Fix – Escape error messages.
• Fix – Renamed error type to ERROR_LOW_SEVERITY and WARNING_LOW_SEVERITY.
• Fix – Fix PHPCS checks on unwritable filesystems.

1.3.0

• Enhancement – Update disallowed domains for Plugin URI check.
• Enhancement – Added new checks for Plugin Header fields: missing plugin description, missing plugin version and invalid plugin version.
• Enhancement – New check for validation of donate link in the readme file.
• Enhancement – Increased severity for wrong Plugin Requires.
• Enhancement – Added check Restrict parse_str() without second argument.
• Enhancement – New check for Disallow usage of HEREDOC and NOWDOC.
• Enhancement – Added acronyms allowed in Trademark checks.
• Enhancement – Added option in CLI to add low severity errors and warnings.
• Enhancement – Change error type for License check error codes.
• Enhancement – Always use prefixed tables during runtime check requests.
• Enhancement – Created a new class for checking licenses.
• Enhancement – Added support for MPL-2.0 license.
• Enhancement – Implement gherkin linter in GH action.
• Enhancement – Update check for Contributors in markdown readme files.
• Enhancement – CLI: Fix confusing runtime environment setup order.
• Enhancement – Allow custom checks to provide installed_paths.
• Enhancement – Improved the use of localhost URLs in the Plugin.
• Enhancement – Documented checks in the plugin.
• Enhancement – Increased severity for Code obfuscation checks.
• Enhancement – Differentiate between non-existent readme and default readme file.
• Enhancement – Encourage developers to use native functions for loading images in templates.
• Enhancement – Added a check for not allowing include libraries already in WordPress core.
• Enhancement – Warning for usage of query_posts() in favor of WP_Query.
• Fix – Fix for the local environment is set up before testing.
• Fix – Fix addon checks not being executed when running runtime checks.
• Fix – Allow default as a text domain in the text domain check.
• Fix – Allow GitHub URLs in the Plugin URI field.
• Fix – Don’t flag Apache license. It’s allowed in the WordPress.org plugin repository.
• Fix – Removes the path before the plugin, so it won’t affect to badly named files.

1.2.0

• Enhancement – Added a check for badly used names in files.
• Enhancement – Increased severity for BacktickOperator, DisallowShortOpenTag, DisallowAlternativePHPTags, RestrictedClasses, and RestrictedFunctions.
• Enhancement – Added security checks to the Plugin repository category.
• Enhancement – Allowed runtime-set in code sniffer checks.
• Enhancement – Changed warnings to errors in plugin header checks.
• Enhancement – Detect forbidden plugin headers such as repository URIs in the Directory.
• Enhancement – Added a new check for development functions that are not allowed in final plugins.
• Enhancement – Created new images and icons for the plugin.
• Enhancement – Introduced a slug argument in the CLI.
• Enhancement – Added a check for discouraged PHP functions.
• Enhancement – Added validation for Contributors in the readme file.
• Enhancement – Added a warning for mismatched plugin names in the plugin header and readme file.
• Enhancement – Checked for validation of Plugin Header fields: Name, Plugin URI, Description, Author URI, Requires at least, Requires PHP, and Requires Plugins.
• Enhancement – Added a warning if the “Tested up to” value in the readme file exceeds the released version of WordPress.
• Fix – Display a success message if no errors or warnings are found.
• Fix – Made table results responsive.
• Fix – Prevent proceeding to the next check if the Stable Tag value is set to trunk.
• Fix – Allow runtime initialization even when only add-on checks are requested.
• Fix – Fixed an SPDX warning for the GPL version 3 license.
• Fix – Prevent runtime checks in the CLI context when they cannot be used.

1.1.0

• Feature – New Non_Blocking_Scripts_Check (non_blocking_scripts) runtime check to warn about enqueued scripts that use neither defer nor async.
• Enhancement – Changed the namespace of included checks.
• Enhancement – Introduced severity levels for all errors and warnings.
• Enhancement – CLI: Support checking a plugin from a path or URL.
• Enhancement – Added short descriptions and URLs for each check.
• Enhancement – Improved messaging in check results.
• Enhancement – Updated code obfuscation check with more accurate results.
• Enhancement – Updated plugin review check to flag missing input sanitization (WordPress.Security.ValidatedSanitizedInput).
• Fix – Improve readme checks to exclude invalid files.
• Fix – Only show edit link if files are actually editable.

1.0.2

• Feature – New Enqueued_Scripts_Scope_Check (enqueued_scripts_scope), Enqueued_Styles_Size_Check (enqueued_styles_size) and Enqueued_Resources_Check (enqueued_resources) performance checks.
• Enhancement – Improved readme check and added a new wp_plugin_check_ignored_readme_warnings filter.
• Enhancement – New wp_plugin_check_default_categories filter to change the categories which are selected by default.
• Enhancement – New wp_plugin_check_ignore_files filter to allow ignoring specific files.
• Fix – Correct detection of readme files in Windows by normalizing file paths.

1.0.1

• Fix – Add missing test-content folder needed for runtime checks.
• Fix – Do not send emails when setting up test environment.
• Fix – Prevent PHP warning when the argv variable isn’t set.

1.0.0

• Feature – Complete overhaul of the plugin, its architecture, and all checks.
• Feature – Added new WP-CLI commands for running checks and listing available options.
• Enhancement – Added option to only run checks for a specific category.

0.2.3

• Tweak – Use version 3.8.0 of the PHP_CodeSniffer library, moving away from squizlabs/PHP_CodeSniffer to use PHPCSStandards/PHP_CodeSniffer.
• Fix – Ensure the plugin works as expected on the WP playground environment to enable reviewers to use PCP. Props @tellyworth.
• Fix – Undefined array key “argv” when running the plugin check in certain environments. Props @afragen. #340

0.2.2

• Enhancement – Include support for Windows Servers.
• Enhancement – Avoid using PHP CLI directly, which enables plugin developers to use PCP in a variety of new environments.
• Fix – Remove dependency on shell_exec and exec functions, which enables plugin developers to use PCP in a variety of new environments.
• Fix – Prevent problems with Readme parser warning related to contributor_ignored for when running the check outside WP.org. Props @dev4press. #276
• Fix – Remove extra period on the end of the sentence for Phar warning. Props @pixolin. #275

0.2.1

• Added – ‘View in code editor’ link beneath each PHPCS error or warning. Props @EvanHerman, @westonruter, @felixarntz, @mukeshpanchal27 #262
• Fix – Ensure readme.txt has priority over readme.md when both are present. Props @bordoni, @afragen #258
• Fix – Ensure that the PHPCS check runs even when the PHPCS binary is not executable. Props @bordoni, @shawn-digitalpoint, @mrfoxtalbot #254
• Fix – Readme changes and typos. Props @aaronjorbin. #261
• Fix – Long lines of code with PHPCS check no longer expand over the size of the notice. Props @bordoni, @felixarntz. #263
• Fix – Ensure that we have PHP 7.2 compatibility remove trailing comma. Props @bordoni, @leoloso. #265
• Fix – Include all strings that were missed in the previous release. Props @bordoni, @pixolin. #270

0.2.0

• Feature – Enable modification of the PHP Binary path used by the plugin with PLUGIN_CHECK_PHP_BIN constant.
• Feature – Include a check for the usage of ALLOW_UNFILTERED_UPLOADS on any PHP files – Props EvanHerman at #45
• Feature – Include a check for the presence of the application files (.a, .bin, .bpk, .deploy, .dist, .distz, .dmg, .dms, .DS_Store, .dump, .elc, .exe, .iso, .lha, .lrf, .lzh, .o, .obj, .phar, .pkg, .sh, ‘.so`) – Props EvanHerman at #43
• Feature – Include a check for the presence of the readme.txt or readme.md file – Props EvanHerman at #42
• Fix – Ensure that Readme parsing is included properly when a readme.md or readme.txt file is present. Props Bordoni #52
• Tweak – Disallow functions move_uploaded_file, passthru, proc_open – Props alexsanford at #50
• Tweak – Change the message type for using functions WordPress already includes from Warning to Error. Props davidperezgar at #18
• Tweak – Change the message type for incorrect usage of Stable tag from Notice/Warning to Error. Props davidperezgar at #3

[0.1] 2011-09-04

Original version of the plugin check tool, not a released version of the plugin, this changelog is here for historical purposes only.