Vaultpress Shows Generic Bad Pattern Warning
When you are using Vaultpress its possible that you get a security warning: PHP.Generic.Bad.Pattern.6
In relation to MashShare this is unfortunately a false positive warning and we are already trying to get in contact with the developer of Vaultpress so that they are aware of that and able to fix that.
This issue might be generated due to sprintf() usage as it might lead to many unwanted issues such as DoS attacks or executing harmful code.
However this is the case where user entered code without validating first is allowed.
We never use sprintf() for user input text and modern PHP is fine with it but we understand as developers of Vaultpress might want to take this into consideration.
We use this function just to format the string the way we would like it to appear. This is common WordPress coding practice and we believe the Vaultpress plugin can’t check it to that deep into the code.
So if you get that error you can click on “ Ignore Threat” link in the Vaultpress dashboard and you will not see that warning again.