Below is a differential between the unpatched vulnerable code and the patched update, for reference.
--- a/check-email/check-email.php
+++ b/check-email/check-email.php
@@ -3,7 +3,7 @@
* Plugin Name: Check & Log Email - Easy Email Testing & Mail logging
* Description: Check & Log email allows you to test if your WordPress installation is sending emails correctly and logs every email.
* Author: checkemail
-* Version: 2.0.12
+* Version: 2.0.13
* Author URI: https://check-email.tech/
* Plugin URI: https://check-email.tech/
* License: GPLv3 or later
@@ -41,7 +41,7 @@
define( 'CK_MAIL_TOC_BASE_NAME', plugin_basename( __FILE__ ) );
define( 'CK_MAIL_PATH', dirname( __FILE__ ) );
define( 'CK_MAIL_URL', plugin_dir_url( __FILE__ ) );
-define( 'CK_MAIL_VERSION', '2.0.12' );
+define( 'CK_MAIL_VERSION', '2.0.13' );
require_once(CK_MAIL_PATH. "/include/helper-function.php" );
if ( is_admin() ) {
--- a/check-email/include/Core/Auth.php
+++ b/check-email/include/Core/Auth.php
@@ -97,6 +97,7 @@
'urlAccessToken' => $access_token_url,
'urlResourceOwnerDetails' => $resource_owner_details_url,
'scopes' => 'openid profile User.Read Mail.Read Mail.Send',
+ 'scopeSeparator' => ' ',
]
);
--- a/check-email/include/Core/DB/Check_Email_Table_Manager.php
+++ b/check-email/include/Core/DB/Check_Email_Table_Manager.php
@@ -120,7 +120,7 @@
$table_name = $this->get_log_table_name();
$ids = esc_sql( $ids );
- // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery -- Reason: $table_name
+ // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery, PluginCheck.Security.DirectDB.UnescapedDBParameter -- Reason: $table_name
$result = $wpdb->query( "DELETE FROM {$table_name} where id IN ( {$ids} )" );
$ids_array = array_map('intval', explode(',', $ids));
if ($result !== false) {
@@ -135,7 +135,7 @@
global $wpdb;
$table_name = $this->get_log_table_name();
- // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery -- Reason: $table_name
+ // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,PluginCheck.Security.DirectDB.UnescapedDBParameter -- Reason: $table_name
$result = $wpdb->query( "DELETE FROM {$table_name}" );
if ($result !== false) {
@@ -151,7 +151,7 @@
$table_name = $this->get_error_tracker_table_name();
$ids = esc_sql( $ids );
- // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery -- Reason: $table_name
+ // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,PluginCheck.Security.DirectDB.UnescapedDBParameter -- Reason: $table_name
$result = $wpdb->query( "DELETE FROM {$table_name} where id IN ( {$ids} )" );
$ids_array = array_map('intval', explode(',', $ids));
if ($result !== false) {
@@ -166,7 +166,7 @@
global $wpdb;
$table_name = $this->get_error_tracker_table_name();
- // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery -- Reason: $table_name
+ // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,PluginCheck.Security.DirectDB.UnescapedDBParameter -- Reason: $table_name
$result = $wpdb->query( "DELETE FROM {$table_name}" );
if ($result !== false) {
@@ -181,7 +181,7 @@
$table_name = $this->get_log_table_name();
// phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
$query = $wpdb->prepare( "DELETE FROM {$table_name} WHERE sent_date < DATE_SUB( CURDATE(), INTERVAL %d DAY )", $interval_in_days );
- // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching -- already prepare in query
+ // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter -- already prepare in query
$deleted_rows_count = $wpdb->query( $query );
return $deleted_rows_count;
@@ -325,7 +325,7 @@
// Find total number of items.
$count_query = $count_query . $query_cond;
- // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching
+ // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter
$total_items = $wpdb->get_var( $count_query );
// Adjust the query to take pagination into account.
@@ -336,7 +336,7 @@
// Fetch the items.
$query = $query . $query_cond;
- // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching -- Reason: Due to critical query not used prepare $table_name
+ // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter -- Reason: Due to critical query not used prepare $table_name
$items = $wpdb->get_results( $query );
return array( $items, $total_items );
@@ -361,7 +361,8 @@
public function create_table_if_needed() {
global $wpdb;
- $table_name = $this->get_log_table_name();
+ $table_name = $this->get_log_table_name();
+ // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
$table_exists = $wpdb->get_var( $wpdb->prepare( "SHOW TABLES LIKE %s", $table_name ) );
// If the table does NOT exist...
@@ -371,7 +372,7 @@
if ( ! function_exists( 'dbDelta' ) ) {
require_once ABSPATH . 'wp-admin/includes/upgrade.php';
}
-
+ // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter
$wpdb->query( $sql );
}
@@ -389,7 +390,7 @@
// phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
// $query = $wpdb->prepare("SELECT count(*) FROM `$table_name`");
$query = "SELECT count(*) FROM `$table_name`";
- // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching -- Reason:already used prepare
+ // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter -- Reason:already used prepare
return $wpdb->get_var( $query );
}
@@ -438,7 +439,7 @@
$query_cond .= ' ORDER BY id DESC LIMIT 1';
$query = $query . $query_cond;
- // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching
+ // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter
return absint( $wpdb->get_var( $query ) );
}
@@ -538,7 +539,7 @@
$query_cond .= ' ORDER BY id DESC';
$query = $query . $query_cond;
- // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching
+ // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter
return $wpdb->get_results( $query );
}
}
@@ -555,7 +556,7 @@
$field_name = 'backtrace_segment';
// Query to check if the field exists in the table
- // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching
+ // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter
$field_exists = $wpdb->get_results(
$wpdb->prepare(
// phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
@@ -566,7 +567,7 @@
if(empty($field_exists)){
$query = "ALTER TABLE $table_name ADD backtrace_segment TEXT NULL DEFAULT NULL AFTER message";
- // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching
+ // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter
$wpdb->query($query);
}
}
@@ -582,7 +583,7 @@
$field_name = 'open_count';
// Query to check if the field exists in the table
- // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching
+ // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter
$field_exists = $wpdb->get_results(
$wpdb->prepare(
// phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
@@ -593,7 +594,7 @@
if(empty($field_exists)){
$query = "ALTER TABLE $table_name ADD open_tracking_id TEXT NULL DEFAULT NULL, ADD open_count TEXT NULL DEFAULT NULL AFTER message";
- // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching
+ // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter
$wpdb->query($query);
}
}
@@ -722,7 +723,7 @@
// Find total number of items.
$count_query = $count_query . $query_cond;
- // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching -- Reason using critical conditions in query
+ // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter -- Reason using critical conditions in query
$total_items = $wpdb->get_var( $count_query );
return $total_items;
}
@@ -736,11 +737,11 @@
$limit= intval($option['retention_amount']);
if(!empty($limit)){
$count_query = 'SELECT count(*) FROM ' . $table_name;
- // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching
+ // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter
$total_items = $wpdb->get_var( $count_query );
if ($total_items > $limit) {
$data_to_delete = $total_items - $limit;
- // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching
+ // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter
$old_posts = $wpdb->get_col( $wpdb->prepare(
// phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
"SELECT ID FROM $table_name
@@ -754,7 +755,7 @@
"DELETE FROM $table_name WHERE ID = %d",
$column_value
);
- // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching
+ // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter
$wpdb->query($sql);
}
}
@@ -780,7 +781,7 @@
$sql = "DELETE FROM " . $table_name . " WHERE Unix_timestamp(sent_date) <= %d";
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
$sql = $wpdb->prepare($sql, $timestamp);
- // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching
+ // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter
$wpdb->query($sql);
}
}
@@ -841,7 +842,7 @@
// Find total number of items.
$count_query = $count_query . $query_cond;
- // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching
+ // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter
$total_items = $wpdb->get_var( $count_query );
// Adjust the query to take pagination into account.
@@ -852,7 +853,7 @@
// Fetch the items.
$query = $query . $query_cond;
- // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching -- Reason: Due to critical query not used prepare $table_name
+ // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter -- Reason: Due to critical query not used prepare $table_name
$items = $wpdb->get_results( $query );
return array( $items, $total_items );
--- a/check-email/include/Core/UI/Page/Check_Email_Analyzer.php
+++ b/check-email/include/Core/UI/Page/Check_Email_Analyzer.php
@@ -63,7 +63,7 @@
global $wpdb;
// phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
$table_name = $wpdb->prefix . 'check_email_spam_analyzer';
- // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.InterpolatedNotPrepared
+ // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.InterpolatedNotPrepared,PluginCheck.Security.DirectDB.UnescapedDBParameter
$results = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$table_name} WHERE ID = %d", $detail_id ), ARRAY_A );
$wrong_icon_svg = '<svg viewBox="0 0 32 32" height="50px" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:sketch="http://www.bohemiancoding.com/sketch/ns" fill="#000000"><g id="SVGRepo_bgCarrier" stroke-width="0"></g><g id="SVGRepo_tracerCarrier" stroke-linecap="round" stroke-linejoin="round"></g><g id="SVGRepo_iconCarrier"> <title>cross-circle</title> <desc>Created with Sketch Beta.</desc> <defs> </defs> <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd" sketch:type="MSPage"> <g id="Icon-Set-Filled" sketch:type="MSLayerGroup" transform="translate(-570.000000, -1089.000000)" fill="#fa0000"> <path d="M591.657,1109.24 C592.048,1109.63 592.048,1110.27 591.657,1110.66 C591.267,1111.05 590.633,1111.05 590.242,1110.66 L586.006,1106.42 L581.74,1110.69 C581.346,1111.08 580.708,1111.08 580.314,1110.69 C579.921,1110.29 579.921,1109.65 580.314,1109.26 L584.58,1104.99 L580.344,1100.76 C579.953,1100.37 579.953,1099.73 580.344,1099.34 C580.733,1098.95 581.367,1098.95 581.758,1099.34 L585.994,1103.58 L590.292,1099.28 C590.686,1098.89 591.323,1098.89 591.717,1099.28 C592.11,1099.68 592.11,1100.31 591.717,1100.71 L587.42,1105.01 L591.657,1109.24 L591.657,1109.24 Z M586,1089 C577.163,1089 570,1096.16 570,1105 C570,1113.84 577.163,1121 586,1121 C594.837,1121 602,1113.84 602,1105 C602,1096.16 594.837,1089 586,1089 L586,1089 Z" id="cross-circle" sketch:type="MSShapeGroup"> </path> </g> </g> </g></svg>';
@@ -389,7 +389,7 @@
$current_user = wp_get_current_user();
global $wpdb;
$table_name = $wpdb->prefix . 'check_email_spam_analyzer';
- // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.InterpolatedNotPrepared
+ // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.InterpolatedNotPrepared,PluginCheck.Security.DirectDB.UnescapedDBParameter
$results = $wpdb->get_results( "SELECT * FROM {$table_name}", ARRAY_A );
?>
<div class="ck_banner">
--- a/check-email/include/Core/UI/Page/Check_Email_Dashboard.php
+++ b/check-email/include/Core/UI/Page/Check_Email_Dashboard.php
@@ -84,7 +84,7 @@
<span class="ck_dashboard-free"><?php echo esc_html__('Free', 'check-email'); ?></span>
<hr/>
<p style="overflow:hidden;"><?php echo esc_html__('In need of a tool that allows you to easily log and view all emails sent from WordPress? Logs helps you store sent emails for auditing purposes, as well as debug email related problems in your site.', 'check-email'); ?></p>
- <a class="button button-primary" href="<?php echo esc_url('https://check-email.tech/docs/'); ?>"><?php echo esc_html__( "Go to Email Logs Module", 'check-email' ); ?></a>
+ <a class="button button-primary" href="<?php echo esc_url(admin_url('admin.php?page=check-email-logs')); ?>"><?php echo esc_html__( "Go to Email Logs Module", 'check-email' ); ?></a>
<a class="ck_dashboard-learn-more" target="_blank" href="<?php echo esc_url('https://check-email.tech/docs/'); ?>"><?php echo esc_html__( "Learn More", 'check-email' ); ?></a>
</div>
--- a/check-email/include/helper-function.php
+++ b/check-email/include/helper-function.php
@@ -905,8 +905,6 @@
(?:mailto:)? # Optional mailto:
(?:
[-!#$%&*+/=?^_`.{|}~wx80-xFF]+ # Local part before @
- |
- ".*?" # Quoted local part
)
@ # At sign (@)
(?:
@@ -1149,7 +1147,7 @@
"SELECT * FROM {$table_name} WHERE open_tracking_id = %s",
$open_tracking_id
);
- // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
+ // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter
$record = $wpdb->get_row($query);
if ($record) {
@@ -1278,7 +1276,7 @@
$ck_days
);
// phpcs:ignore InterpolatedNotPrepared
- // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared
+ // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared,PluginCheck.Security.DirectDB.UnescapedDBParameter
$results = $wpdb->get_results($query);
$data = [
--- a/check-email/uninstall.php
+++ b/check-email/uninstall.php
@@ -38,12 +38,13 @@
if ( $wpdb->get_var( $wpdb->prepare( "SHOW TABLES LIKE %s",$wpdb->esc_like( $table_name )) ) == $table_name ) {
$wpdb->query(
- //phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.SchemaChange -- Reason Custom table drop on uninstall
+ //phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.SchemaChange,PluginCheck.Security.DirectDB.UnescapedDBParameter -- Reason Custom table drop on uninstall
"DROP TABLE $table_name" );
}
$table_name_email_tracker = $wpdb->prefix . 'check_email_error_logs';
//phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching -- just to check if table exists
if ( $wpdb->get_var( $wpdb->prepare( "SHOW TABLES LIKE %s",$wpdb->esc_like( $table_name_email_tracker )) ) == $table_name_email_tracker ) {
+ // phpcs:ignore PluginCheck.Security.DirectDB.UnescapedDBParameter
$wpdb->query(
//phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.SchemaChange -- Reason Custom table drop on uninstall
"DROP TABLE $table_name_email_tracker" );
