weDevsOfficial · Copilot · Dec 4, 2025 · Dec 4, 2025
diff --git a/core/Cli/Commands.php b/core/Cli/Commands.php
@@ -769,8 +769,9 @@ public function truncate() {
             'pm_gantt_chart_links'
         ];
         foreach ($tables as $table) {
-            /* translators: %s: Table Name. */
-            $wpdb->query( $wpdb->prepare( "TRUNCATE TABLE %s", $wpdb->prefix . $table ) );
+            $table_name = $wpdb->prefix . $table;
+            // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Table name is from hardcoded whitelist
+            $wpdb->query( "TRUNCATE TABLE `" . esc_sql( $table_name ) . "`" );
         }
 
         delete_option('pm_start_migration');

diff --git a/phpcs-xml/plugin-check-plugin-repo.xml b/phpcs-xml/plugin-check-plugin-repo.xml
@@ -44,15 +44,15 @@
 	<exclude-pattern>*/cherry-framework/*</exclude-pattern>
 	<exclude-pattern>*/titan-framework/*</exclude-pattern>
 	<exclude-pattern>*/plugin-update-checker/*</exclude-pattern>
-	<exclude-pattern>*/composer_directory/*</exclude-pattern>
+	<exclude-pattern>*/vendor/*</exclude-pattern>
 	<exclude-pattern>*/guzzlehttp/*</exclude-pattern>
 
 	<!-- =================================== -->
 	<!-- PHP COMPATIBILITY -->
 	<!-- =================================== -->
 
-	<!-- Plugins should be compatible with PHP 5.6 and higher (updated from 5.2) -->
-	<config name="testVersion" value="5.6-"/>
+	<!-- Plugins should be compatible with PHP 7.2 and higher (WordPress 6.7+ requirement) -->
+	<config name="testVersion" value="7.2-"/>
 
 	<!-- Check for PHP compatibility issues -->
 	<rule ref="PHPCompatibility"/>

diff --git a/phpcs-xml/plugin-check-security.xml b/phpcs-xml/plugin-check-security.xml
@@ -173,8 +173,6 @@
 	<rule ref="WordPress.WP.AlternativeFunctions">
 		<type>error</type>
 		<exclude name="WordPress.WP.AlternativeFunctions.json_encode_json_encode"/>
-		<exclude name="WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents"/>
-		<exclude name="WordPress.WP.AlternativeFunctions.file_system_operations_file_put_contents"/>
 	</rule>
 
 	<!-- =================================== -->

diff --git a/src/File/Controllers/File_Controller.php b/src/File/Controllers/File_Controller.php
@@ -109,8 +109,6 @@ public function download( WP_REST_Request $request ) {
             die( esc_html__( 'file not found', 'wedevs-project-manager' ) );
         }
 
-        $file_name = basename( $path );
-
         $mime_type = empty( $file['mime_type'] ) ? 'application/force-download' : $file['mime_type'];
 
         // serve the file with right header
@@ -129,8 +127,9 @@ public function download( WP_REST_Request $request ) {
             header( 'Content-Transfer-Encoding: binary' );
             header( 'Content-Disposition: inline; filename=' . basename( $path ) );
 
-            // Replace readfile with WP_Filesystem method
-            echo $wp_filesystem->get_contents( $path );
+            // For downloads, readfile() is more memory-efficient as it streams content
+            // phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_readfile
+            readfile( $path );
         }
 
         exit;

diff --git a/src/Imports/Helpers/Trello_helper.php b/src/Imports/Helpers/Trello_helper.php
@@ -48,6 +48,12 @@ public function make_request($source,$querystring,$calback){
             return $calback(json_encode(['error' => $response->get_error_message()]));
         }
 
+        // Validate HTTP status code
+        $code = wp_remote_retrieve_response_code($response);
+        if ((int)$code < 200 || (int)$code >= 300) {
+            return $calback(json_encode(['error' => 'HTTP ' . $code]));
+        }
+
         // Get the response body
         $resp = wp_remote_retrieve_body($response);
 

diff --git a/src/Task/Controllers/Task_Controller.php b/src/Task/Controllers/Task_Controller.php
@@ -766,14 +766,14 @@ function filter_query( $request ) {
 
                     if ( ! empty(  $due_date ) ) {
                         if( $due_date == 'overdue' ) {
-                            $today = gmdate( 'Y-m-d', strtotime( current_time('mysql') ) );
+                            $today = gmdate( 'Y-m-d' );
                             $q->where( 'due_date', '<', $today );
                         } else if ( $due_date == 'today' ) {
-                            $today = gmdate('Y-m-d', strtotime( current_time('mysql') ) );
+                            $today = gmdate( 'Y-m-d' );
                             $q->where( 'due_date', $today );
                         } else if ( $due_date == 'week' ) {
-                            $today = gmdate('Y-m-d', strtotime( current_time('mysql') ) );
-                            $last = date('Y-m-d', strtotime( current_time('mysql') . '-1 week' ) );
+                            $today = gmdate( 'Y-m-d' );
+                            $last = gmdate( 'Y-m-d', strtotime( '-1 week' ) );
 
                             $q->where( 'due_date', '>=', $last );
                             $q->where( 'due_date', '<=', $today );
@@ -807,14 +807,14 @@ function filter_query( $request ) {
 
                 if ( ! empty(  $due_date ) ) {
                     if( $due_date == 'overdue' ) {
-                        $today = gmdate( 'Y-m-d', strtotime( current_time('mysql') ) );
+                        $today = gmdate( 'Y-m-d' );
                         $q->where( 'due_date', '<', $today );
                     } else if ( $due_date == 'today' ) {
-                        $today = gmdate('Y-m-d', strtotime( current_time('mysql') ) );
+                        $today = gmdate( 'Y-m-d' );
                         $q->where( 'due_date', $today );
                     } else if ( $due_date == 'week' ) {
-                        $today = gmdate('Y-m-d', strtotime( current_time('mysql') ) );
-                        $last = date('Y-m-d', strtotime( current_time('mysql') . '-1 week' ) );
+                        $today = gmdate( 'Y-m-d' );
+                        $last = gmdate( 'Y-m-d', strtotime( '-1 week' ) );
 
                         $q->where( 'due_date', '>=', $last );
                         $q->where( 'due_date', '<=', $today );

diff --git a/src/Tools/Helpers/ImportActivecollab.php b/src/Tools/Helpers/ImportActivecollab.php
@@ -507,8 +507,10 @@ public function makeFakeEmail($name){
         $email = '';
         $mailuser = str_replace(' ', '', $name);
         $mailuser = preg_replace('/[^A-Za-z0-9\-]/', '', $mailuser);
-        $hostname = str_replace('http', '',get_site_url());
-        $hostname = str_replace('://', '', $hostname);
+        $hostname = wp_parse_url( get_site_url(), PHP_URL_HOST );
+        if ( empty( $hostname ) ) {
+            $hostname = 'localhost';
+        }
         if (strpos($hostname, ".")) {
             $email = 'activecollab_' . $mailuser . '@' . $hostname;
         } else {

diff --git a/src/Tools/Helpers/ImportAsana.php b/src/Tools/Helpers/ImportAsana.php
@@ -475,8 +475,10 @@ public function makeFakeEmail($name){
         $email = '';
         $mailuser = str_replace(' ', '', $name);
         $mailuser = preg_replace('/[^A-Za-z0-9\-]/', '', $mailuser);
-        $hostname = str_replace('http', '',get_site_url());
-        $hostname = str_replace('://', '', $hostname);
+        $hostname = wp_parse_url( get_site_url(), PHP_URL_HOST );
+        if ( empty( $hostname ) ) {
+            $hostname = 'localhost';
+        }
         if (strpos($hostname, ".")) {
             $email = 'asana_'.$mailuser.'@'.$hostname;
         } else {

diff --git a/src/Tools/Helpers/ImportTrello.php b/src/Tools/Helpers/ImportTrello.php
@@ -430,8 +430,10 @@ public function makeFakeEmail($name){
         $email = '';
         $mailuser = str_replace(' ', '', $name);
         $mailuser = preg_replace('/[^A-Za-z0-9\-]/', '', $mailuser);
-        $hostname = str_replace('http', '',get_site_url());
-        $hostname = str_replace('://', '', $hostname);
+        $hostname = wp_parse_url( get_site_url(), PHP_URL_HOST );
+        if ( empty( $hostname ) ) {
+            $hostname = 'localhost';
+        }
         if (strpos($hostname, ".")) {
             $email = 'trello_'.$mailuser.'@'.$hostname;
         } else {

diff --git a/src/Tools/Library/PM_Asana.php b/src/Tools/Library/PM_Asana.php
@@ -1398,9 +1398,9 @@ private function askAsana($url, $data = null, $method = ASANA_METHOD_GET)
                     echo '<pre>';
                     echo 'WordPress HTTP API Error: ' . esc_html($response->get_error_message());
                     echo '</pre>';
-                    echo '<br>Sent info:<br><pre>';
-                    print_r($data);
-                    echo '</pre>';
+                    if ($this->advDebug) {
+                        echo '<br>Sent data type: ' . esc_html(gettype($data));
+                    }
                 }
 
                 if (!$this->failOnError) {

diff --git a/src/User/Transformers/User_Transformer.php b/src/User/Transformers/User_Transformer.php
@@ -113,7 +113,7 @@ public function includeRoles( $user ) {
 
     public function includeMeta ( User $user ) {
         return $this->item ('', function () use ( $user ) {
-            $today = gmdate( 'Y-m-d', strtotime( current_time( 'mysql' ) ) );
+            $today = gmdate( 'Y-m-d' );
 
             $project_ids = User_Role::where( 'user_id', $user->ID )->get(['project_id'])->toArray();
             $project_ids = wp_list_pluck( $project_ids, 'project_id' );
@@ -159,7 +159,7 @@ public function includeMeta ( User $user ) {
 
                 $total_current_tasks = $tasks->where( 'status', 'incomplete' )->filter( function( $item ) use ( $start_at, $due_date, &$total ) {
 
-                    $today         = gmdate( 'Y-m-d', strtotime( current_time('mysql') ) );
+                    $today         = gmdate( 'Y-m-d' );
                     $item_start_at = empty( $item['start_at'] ) ? gmdate( 'Y-m-d', strtotime( $item['created_at'] ) ) : gmdate( 'Y-m-d', strtotime( $item['start_at'] ) );
                     $item_due_date = empty( $item['due_date'] ) ? '' : gmdate( 'Y-m-d', strtotime( $item['due_date'] ) );
 
@@ -179,7 +179,7 @@ public function includeMeta ( User $user ) {
 
                 $total_outstanding_tasks = $tasks->where( 'status', 'incomplete' )->filter( function( $item ) use ( $start_at, $due_date, &$total ) {
 
-                    $today         = gmdate( 'Y-m-d', strtotime( current_time('mysql') ) );
+                    $today         = gmdate( 'Y-m-d' );
                     $item_due_date = empty( $item['due_date'] ) ? '' : gmdate( 'Y-m-d', strtotime( $item['due_date'] ) );
                     $item_start_at = empty( $item['start_at'] ) ? gmdate( 'Y-m-d', strtotime( $item['created_at'] ) ) : gmdate( 'Y-m-d', strtotime( $item['start_at'] ) );
 
@@ -298,7 +298,7 @@ public function includeGraph ( User $item ) {
             $first_day = gmdate( 'Y-m-d', strtotime( $start_at ) );
             $today = gmdate( 'Y-m-d', strtotime( $due_date ) );
         } else {
-            $today     = gmdate( 'Y-m-d', strtotime( current_time( 'mysql' ) ) );
+            $today     = gmdate( 'Y-m-d' );
             $first_day = gmdate( 'Y-m-d', strtotime('-1 month') );
         }