Address code review feedback - improve security and code quality

- Properly escape null device path in shell commands to prevent injection
- Remove error suppression operator and add explicit error logging
- Use more precise phpcs exclude patterns instead of wildcards

Co-authored-by: swissspidy <[email protected]>

Author: Copilot

phpcs.xml.dist

@@ -59,7 +59,12 @@
 	<rule ref="WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedNamespaceFound">
 		<exclude-pattern>*/src/WP_CLI/Fetchers/(Plugin|Theme)\.php$</exclude-pattern>
 		<exclude-pattern>*/src/WP_CLI/CommandWithUpgrade\.php$</exclude-pattern>
-		<exclude-pattern>*/src/WP_CLI/(CommandWith|DestructivePlugin|DestructiveTheme|ValidatingPlugin|ValidatingTheme|PackageValidator|UpgraderWithValidation).*\.php$</exclude-pattern>
+		<exclude-pattern>*/src/WP_CLI/DestructivePluginUpgrader\.php$</exclude-pattern>
+		<exclude-pattern>*/src/WP_CLI/DestructiveThemeUpgrader\.php$</exclude-pattern>
+		<exclude-pattern>*/src/WP_CLI/ValidatingPluginUpgrader\.php$</exclude-pattern>
+		<exclude-pattern>*/src/WP_CLI/ValidatingThemeUpgrader\.php$</exclude-pattern>
+		<exclude-pattern>*/src/WP_CLI/PackageValidator\.php$</exclude-pattern>
+		<exclude-pattern>*/src/WP_CLI/UpgraderWithValidation\.php$</exclude-pattern>
 		<exclude-pattern>*/src/WP_CLI/Parse(Plugin|Theme)NameInput\.php$</exclude-pattern>
 	</rule>
 

src/WP_CLI/PackageValidator.php

@@ -78,7 +78,7 @@ private static function is_unzip_available() {
 			// Suppress output to avoid cluttering the console.
 			$null_device = '\\' === DIRECTORY_SEPARATOR ? 'NUL' : '/dev/null';
 			$result      = WP_CLI::launch(
-				sprintf( 'unzip -v > %s 2>&1', $null_device ),
+				'unzip -v > ' . escapeshellarg( $null_device ) . ' 2>&1',
 				false,
 				true
 			);
@@ -97,11 +97,7 @@ private static function is_unzip_available() {
 	private static function validate_with_unzip( $file_path ) {
 		// Suppress output - use platform-appropriate null device.
 		$null_device = '\\' === DIRECTORY_SEPARATOR ? 'NUL' : '/dev/null';
-		$command     = sprintf(
-			'unzip -t %s > %s 2>&1',
-			escapeshellarg( $file_path ),
-			$null_device
-		);
+		$command     = 'unzip -t ' . escapeshellarg( $file_path ) . ' > ' . escapeshellarg( $null_device ) . ' 2>&1';
 
 		$result = WP_CLI::launch(
 			$command,
@@ -130,6 +126,16 @@ public static function delete_corrupted_file( $file_path ) {
 			return true;
 		}
 
-		return @unlink( $file_path );
+		$result = unlink( $file_path );
+
+		// Log if deletion failed, but don't throw an error.
+		if ( ! $result ) {
+			WP_CLI::debug(
+				sprintf( 'Failed to delete corrupted file: %s', $file_path ),
+				'extension-command'
+			);
+		}
+
+		return $result;
 	}
 }