[wp-trac] [WordPress Trac] #63621: Enhancement: Ensure Hello Dolly passess the Plugin Check (PCP)
WordPress Trac
noreply at wordpress.org
Wed Jun 25 14:56:19 UTC 2025
#63621: Enhancement: Ensure Hello Dolly passess the Plugin Check (PCP)
-------------------------+-------------------------------------------------
Reporter: jhimross | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Plugins | Version:
Severity: minor | Keywords: has-patch has-test-info has-
Focuses: | screenshots
-------------------------+-------------------------------------------------
This ticket details several issues found in the Hello Dolly plugin, along
with proposed solutions to ensure it passes the Plugin Check (PCP).
See screenshot when I tested it using Plugin Check.
[[Image(https://p-d0fk22zg.t2.n0.cdn.zight.com/items/rRuK26b5/31fc4cc1-3155
-45de-ac75-9fa87ab08024.jpeg?v=0c4a4d20044fa74c204a8783b372032e)]]
And here is the screenshot after I applied the changes below:
[[Image(https://p-d0fk22zg.t2.n0.cdn.zight.com/items/12umW1ox/bd3ceef7-17f2-41f8-b0e8-9a9a2a0066aa.jpeg?v=50214d3df4832c47804f560104ec7a8a)]]
**Issue 1: Missing Text Domain in __() Function**
Problem: The __() function on line 67 is missing the required $domain
parameter for internationalization, which is a PCP requirement.
Fix: Add 'hello-dolly' as the text domain.
{{{
// Original:
__( 'Quote from Hello Dolly song, by Jerry Herman:' ),
}}}
{{{
// Fixed:
__( 'Quote from Hello Dolly song, by Jerry Herman:', 'hello-dolly' ),
}}}
**Issue 2: Missing License Information in Plugin Header**
Problem: The plugin header is missing "License" and "License URI"
information, which is a standard PCP check.
Fix: Add the following lines to the plugin header, ideally before Author:
Matt Mullenweg.
{{{
/*
Plugin Name: Hello Dolly
Plugin URI: http://wordpress.org/plugins/hello-dolly/
Description: This is not just a plugin, it symbolizes the hope and
enthusiasm of an entire generation summed up in two words sung most
famously by Louis Armstrong: Hello, Dolly. When activated you will
randomly see a lyric from <cite>Hello, Dolly</cite> in the upper right of
your admin screen on every page.
Author: Matt Mullenweg
Version: 1.7.2
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html
Author URI: http://ma.tt/
*/
}}}
**Issue 3: Unescaped Output**
Problem: On lines 67, 68, and 69, output is not being properly escaped,
leading to potential Cross-Site Scripting (XSS) vulnerabilities. This is a
critical security check in PCP.
Fix: Apply appropriate escaping functions:
For the translatable string on line 67, use esc_html__().
For $lang on line 68 (used within an HTML attribute), use esc_attr().
For $chosen on line 69 (plain text output), use esc_html().
{{{
// Original:
printf(
'<p id="dolly"><span class="screen-reader-text">%s </span><span
dir="ltr"%s>%s</span></p>',
__( 'Quote from Hello Dolly song, by Jerry Herman:' ), // Line 67
$lang, // Line 68
$chosen // Line 69
);
}}}
{{{
// Fixed:
printf(
'<p id="dolly"><span class="screen-reader-text">%s </span><span
dir="ltr"%s>%s</span></p>',
esc_html__( 'Quote from Hello Dolly song, by Jerry Herman:', 'hello-
dolly' ), // Line 67
esc_attr( $lang ), // Line 68
esc_html( $chosen ) // Line 69
);
}}}
**Issue 4: Discouraged mt_rand() Function**
Problem: On line 54, mt_rand() is used, which is discouraged in WordPress
for consistency and better randomness, as highlighted by PCP.
Fix: Replace mt_rand() with wp_rand().
{{{
// Original:
return wptexturize( $lyrics[ mt_rand( 0, count( $lyrics ) - 1 ) ] );
}}}
{{{
// Fixed:
return wptexturize( $lyrics[ wp_rand( 0, count( $lyrics ) - 1 ) ] );
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63621>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list