error_log() found. Debug code should not normally be used in production
joho1968 opened this issue · comments
How does plugin-check determine if error_log()
is being used for "debug code" or to log an actual error condition that may be used for forensics? 🤔
I typically will put "debug code" in my plugins and then activcate/deactivate logging based on the prescence of a define
. This also allows me to ask a user to enable the define
and send me the output of the PHP log file. The "debug code" is never active by default when the plugin is pushed to the official repo.
Also, as mentioned in #657, sort of, this should probably not emit a warning if I choose to only check it for repo submission issues?
I typically will put "debug code" in my plugins and then activcate/deactivate logging based on the prescence of a define. This also allows me to ask a user to enable the define and send me the output of the PHP log file. The "debug code" is never active by default when the plugin is pushed to the official repo.
A code scanning tool like PCP doesn‘t execute your code, so it doesn‘t know that you do this.
Also, as mentioned in #657, sort of, this should probably not emit a warning if I choose to only check it for repo submission issues?
Only errors block plugin submission, not warnings. So you can simply ignore the warnings too.
Fair enough; I guess my point is that if I've only enabled "repo submission issues", then maybe the warnings about error_log()
are sort of pointless if it doesn't prevent the plugin from being submitted to the repo. Just my two cents.
Warnings are best practices and something that you could avoid it.