On your same note, it is not like my Plugins are a million miles away from being CP ready; some are close or maybe OK now, others were not designed to conform and would not be accepted, but are not dangerous or insecure.
Oh, I always think that my plugins or themes never live up to expectations. I know, perhaps I may seem insecure, even though those who have tried my plugins and themes have been satisfied, but it’s bug anxiety. The idea that what you create with so much passion ultimately doesn’t work as it should, leading to disappointment.
And in any case, I too have often given up on uploading good plugins to WordPress: as much as I thought they were ready, I feared the evaluation, the boredom of the correction, of the note, of the request to give up certain “non-standard” options.
So your reflections are mine too.
- If cpcs complains about the use of something unsanitized, but I sanitized that earlier, with my own function or don’t feel the need to sanitize, I can just put a
phpcs:ignore
directive and hopefully a comment explaining why.
- If I find that a sniff is unuseful I can ask to remove it (
cpcs
is not perfect and can complain about code styling).
Yes CPCS is extremely rigid, but perhaps an automated test needs to be. The important thing is that the evaluation is then up to a thinking mind, that is, a person, who can actually evaluate the case, and make a decision that is not based only on the response of a bot.
My idea is that standards are there for a reason, and this means that if a dev wants to be listed they have to recognize at least that they need to apply safe coding standards to be listed.
This is a fundamental point. Rules are established, and like it or not, these rules must be respected. If we could insert anything and everything into the directory without controls or with excessively flexible if not formal controls, we would seriously endanger websites and their security, and CP would soon gain a bad reputation. Rigidity is better, which in these cases equates to seriousness. We developers have to make the effort in trying to make better, better performing and safer code.