Showing 251 of 251 total issues
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'. Open
Open
__( 'Please note: WP Global Admin requires WordPress 4.9 or higher. <a href="%s">Deactivate plugin</a>.', 'wp-global-admin' ),
- Exclude checks
Missing wp_unslash() before sanitization. Open
Open
$args['orderby'] = $_REQUEST['orderby'];
- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$data'. Open
Open
echo '<td class="', $classes, ' has-row-actions" ', $data, '>';
- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$sentence'. Open
Open
<p class="youhave"><?php echo $sentence; ?></p>
- Exclude checks
Detected usage of a non-sanitized input variable: $_REQUEST Open
Open
$role = isset( $_REQUEST['role'] ) ? $_REQUEST['role'] : '';
- Exclude checks
A gettext call containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders. Open
Open
$role_links['global'] = "<a href='" . global_admin_url( 'users.php?role=global' ) . "'$class>" . sprintf( _n( 'Global Administrator <span class="count">(%s)</span>', 'Global Administrators <span class="count">(%s)</span>', $total_admins, 'wp-global-admin' ), number_format_i18n( $total_admins ) ) . '</a>';
- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$avatar'. Open
Open
echo $avatar;
- Exclude checks
Detected usage of a non-sanitized input variable: $_SERVER Open
Open
$delete_link = esc_url( global_admin_url( add_query_arg( '_wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'users.php', 'deleteuser' ) . '&action=deleteuser&id=' . $user->ID ) ) );
- Exclude checks
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. Open
Open
<label class="screen-reader-text" for="search-users"><?php _e( 'Search Users', 'wp-global-admin' ); ?></label>
- Exclude checks
Missing wp_unslash() before sanitization. Open
Open
$self = preg_replace( '|^.*/wp-admin/global/|i', '', $_SERVER['PHP_SELF'] );
- Exclude checks
Overriding WordPress globals is prohibited. Found assignment to $menu Open
Open
$menu = array();
- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'wp_nonce_url'. Open
Open
wp_nonce_url(
- Exclude checks
Overriding WordPress globals is prohibited. Found assignment to $mode Open
Open
$mode = get_user_setting( 'global_users_list_mode', 'list' );
- Exclude checks
Detected usage of a non-sanitized input variable: $_SERVER Open
Open
$edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) );
- Exclude checks
Detected usage of a non-sanitized input variable: $_POST Open
Open
check_admin_referer( 'edit-dashboard-widget_' . $_POST['widget_id'], 'dashboard-widget-nonce' );
- Exclude checks
Overriding WordPress globals is prohibited. Found assignment to $role Open
Open
$role = isset( $_REQUEST['role'] ) ? $_REQUEST['role'] : '';
- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'. Open
Open
echo $this->column_networks( $user );
- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$path'. Open
Open
echo '<a href="' . esc_url( network_admin_url( 'site-info.php?id=' . $network->id ) ) . '">' . $network->domain . $path . '</a>';
- Exclude checks
Overriding WordPress globals is prohibited. Found assignment to $usersearch Open
Open
$usersearch = isset( $_REQUEST['s'] ) ? wp_unslash( trim( $_REQUEST['s'] ) ) : '';
- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$user'. Open
Open
<a href="<?php echo $edit_link; ?>" class="edit"><?php echo $user->user_login; ?></a>
- Exclude checks