t() documentation specifically mentions the ! placeholder to be used for things like links and markup-containing strings, since @ and % are HTML-escaped. Many t() functions purposely include the ! placeholder, and filter the input earlier.

It's definitely important to encourage the user of the proper placeholder for security purposes, so maybe, if this check can't be removed entirely, a simple notice would be better than a big, ugly, red 'critical' error notice.

Reference: #1805588-1: Make honeypot pass coder review.

Comments

geerlingguy’s picture

Here's the relevant code from honeypot.module:

/**
 * Implements hook_install().
 */
function honeypot_install() {
  drupal_set_message(st("Honeypot installed successfully. Please !link to protect your forms from spam bots.", array(
    '!link' => l(st('configure Honeypot'), 'admin/config/content/honeypot')
  )));
}
klausi’s picture

Issue summary: View changes
Status: Active » Closed (won't fix)

Coder 7.x is frozen now and will not receive updates. Coder 8.x-2.x can be used to check code for any Drupal version, Coder 8.x-2.x also supports the phpcbf command to automatically fix conding standard errors. Please check if this issue is still relevant and reopen against that version if necessary.