From 9fb083d00c7767694564c3d90076deacbed8f374 Mon Sep 17 00:00:00 2001 From: Christoph Daum Date: Mon, 13 Apr 2026 22:36:42 +0200 Subject: [PATCH 1/2] fix: validate repo_info before accessing version plugins_api() can return a valid object (not WP_Error) that lacks expected properties like `version`. This happens with plugins like Search & Filter Pro whose slug collides with a wp.org entry returning invalid data. Guard against this in two places: - assemble_plugin_report(): reject API responses missing `version` before caching as repo_info - render_table_row(): add isset() check on version, consistent with tested/rating/last_updated guards Fixes #56 --- rt-plugin-report.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rt-plugin-report.php b/rt-plugin-report.php index 6b76f78..4ae544d 100644 --- a/rt-plugin-report.php +++ b/rt-plugin-report.php @@ -351,7 +351,7 @@ private function assemble_plugin_report( $slug ) { // Add the repo info to the report. if ( isset( $returned_object ) ) { - if ( ! is_wp_error( $returned_object ) ) { + if ( ! is_wp_error( $returned_object ) && isset( $returned_object->version ) ) { $report['repo_info'] = $returned_object; // Cache the report. set_site_transient( $cache_key, $report, self::CACHE_LIFETIME ); @@ -493,7 +493,7 @@ private function render_table_row( $report ) { } // Installed / available version. - if ( isset( $report['repo_info'] ) ) { + if ( isset( $report['repo_info'] ) && isset( $report['repo_info']->version ) ) { $css_class = $this->get_version_risk_classname( $report['local_info']['Version'], $report['repo_info']->version ); $html .= ''; $html .= esc_html( $report['local_info']['Version'] ); From f5de638a8ddf792e4b128c5f529397afdc2303fc Mon Sep 17 00:00:00 2001 From: Christoph Daum Date: Tue, 14 Apr 2026 08:34:26 +0200 Subject: [PATCH 2/2] fix(phpstan): separate version check from error branch Move the isset(version) check inside the non-error branch so the else is only reached for WP_Error, letting PHPStan narrow the type correctly. --- rt-plugin-report.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/rt-plugin-report.php b/rt-plugin-report.php index 4ae544d..81977cf 100644 --- a/rt-plugin-report.php +++ b/rt-plugin-report.php @@ -351,10 +351,12 @@ private function assemble_plugin_report( $slug ) { // Add the repo info to the report. if ( isset( $returned_object ) ) { - if ( ! is_wp_error( $returned_object ) && isset( $returned_object->version ) ) { - $report['repo_info'] = $returned_object; - // Cache the report. - set_site_transient( $cache_key, $report, self::CACHE_LIFETIME ); + if ( ! is_wp_error( $returned_object ) ) { + if ( isset( $returned_object->version ) ) { + $report['repo_info'] = $returned_object; + // Cache the report. + set_site_transient( $cache_key, $report, self::CACHE_LIFETIME ); + } } else { // Store the error code and message in the report. $report['repo_error_code'] = $returned_object->get_error_code();