Hello,
They are not false positive as we are asking authors to ensure that their php file is not called directly.
You are asking authors to do it, but you are unwilling to do it yourself? If that’s the intent, why is your system saying class only files are okay? The links I provided *are* class only files.
Ironically, your class that performs the check, allows direct access without guards. If the intent is for all class files to explicitly not allow direct access, why does yours?
https://plugins.trac.wordpress.org/browser/plugin-check/trunk/includes/Checker/Checks/Plugin_Repo/Direct_File_Access_Check.php#L173
More examples of your own classes being flagged for missing_direct_file_access_protection for the exact same reason (because you have add_action() within a class method):
https://plugins.trac.wordpress.org/browser/plugin-check/trunk/includes/Admin/Admin_Page.php
https://plugins.trac.wordpress.org/browser/plugin-check/trunk/includes/Admin/Settings_Page.php
This is the first version. We will improve it based on the cases you mentioned. Stay tuned!
