Koko Analytics – Privacy-Friendly Statistics

Short PHP opening tag used with echo; expected "<?php echo esc_html__ ..." but found "<?= esc_html__ ..."

Short PHP opening tag used with echo; expected "<?php echo esc_html__ ..." but found "<?= esc_html__ ..."

rename() is discouraged. Use WP_Filesystem::move() to rename a file.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'number_format_i18n'.

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$i".

Unescaped parameter $query used in $wpdb->query($query)\n$query assigned unsafely at line 293:\n $query = $wpdb->prepare("INSERT INTO {$wpdb->prefix}koko_analytics_post_stats(date, path_id, post_id, visitors, pageviews) VALUES {$placeholders} ON DUPLICATE KEY UPDATE visitors = visitors + VALUES(visitors), pageviews = pageviews + VALUES(pageviews)", $values)\n$placeholders assigned unsafely at line 285:\n $placeholders = rtrim(str_repeat('(%s,%d,%d,%d,%d),', count($item->postviews)), ',')\n$item->postviews assigned unsafely at line 266:\n $item->postviews = array_map(function ($postviews) {\n $permalink = get_permalink($postviews->post_id);\n if (!$permalink) {\n $postviews->path = '/?p=' . $postviews->post_id;\n } else {\n $postviews->path = parse_url($permalink, PHP_URL_PATH);\n }\n return $postviews;\n }, $item->postviews)\n$permalink used without escaping.

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

unlink() is discouraged. Use wp_delete_file() to delete a file.

parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.