t() documentation specifically mentions the ! placeholder to be used for things like links and markup-containing strings, since @ and % are HTML-escaped. Many t() functions purposely include the ! placeholder, and filter the input earlier.
It's definitely important to encourage the user of the proper placeholder for security purposes, so maybe, if this check can't be removed entirely, a simple notice would be better than a big, ugly, red 'critical' error notice.
Reference: #1805588-1: Make honeypot pass coder review.
Comments
Comment #1
geerlingguy commentedHere's the relevant code from honeypot.module:
Comment #2
klausiCoder 7.x is frozen now and will not receive updates. Coder 8.x-2.x can be used to check code for any Drupal version, Coder 8.x-2.x also supports the phpcbf command to automatically fix conding standard errors. Please check if this issue is still relevant and reopen against that version if necessary.