Issues - felixarntz/global-admin

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'.
Open

                __( 'Please note: WP Global Admin requires WordPress 4.9 or higher. <a href="%s">Deactivate plugin</a>.', 'wp-global-admin' ),

Found in wp-global-admin.php by phpcodesniffer

Exclude checks
- Disable engine
- Disable check

Missing wp_unslash() before sanitization.
Open

            $args['orderby'] = $_REQUEST['orderby'];

Found in wp-global-admin/wp-admin/includes/class-wp-ga-users-list-table.php by phpcodesniffer

Exclude checks
- Disable engine
- Disable check

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$data'.
Open

        echo '<td class="', $classes, ' has-row-actions" ', $data, '>';

Found in wp-global-admin/wp-admin/includes/class-wp-ga-users-list-table.php by phpcodesniffer

Exclude checks
- Disable engine
- Disable check

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$sentence'.
Open

        <p class="youhave"><?php echo $sentence; ?></p>

Found in wp-global-admin/wp-admin/includes/dashboard.php by phpcodesniffer

Exclude checks
- Disable engine
- Disable check

Detected usage of a non-sanitized input variable: $_REQUEST
Open

        $role = isset( $_REQUEST['role'] ) ? $_REQUEST['role'] : '';

Found in wp-global-admin/wp-admin/includes/class-wp-ga-users-list-table.php by phpcodesniffer

Exclude checks
- Disable engine
- Disable check

A gettext call containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
Open

        $role_links['global'] = "<a href='" . global_admin_url( 'users.php?role=global' ) . "'$class>" . sprintf( _n( 'Global Administrator <span class="count">(%s)</span>', 'Global Administrators <span class="count">(%s)</span>', $total_admins, 'wp-global-admin' ), number_format_i18n( $total_admins ) ) . '</a>';

Found in wp-global-admin/wp-admin/includes/class-wp-ga-users-list-table.php by phpcodesniffer

Exclude checks
- Disable engine
- Disable check

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$avatar'.
Open

        echo $avatar;

Found in wp-global-admin/wp-admin/includes/class-wp-ga-users-list-table.php by phpcodesniffer

Exclude checks
- Disable engine
- Disable check

Detected usage of a non-sanitized input variable: $_SERVER
Open

            $delete_link       = esc_url( global_admin_url( add_query_arg( '_wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'users.php', 'deleteuser' ) . '&amp;action=deleteuser&amp;id=' . $user->ID ) ) );

Found in wp-global-admin/wp-admin/includes/class-wp-ga-users-list-table.php by phpcodesniffer

Exclude checks
- Disable engine
- Disable check

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
Open

                <label class="screen-reader-text" for="search-users"><?php _e( 'Search Users', 'wp-global-admin' ); ?></label>

Found in wp-global-admin/wp-admin/includes/dashboard.php by phpcodesniffer

Exclude checks
- Disable engine
- Disable check

Missing wp_unslash() before sanitization.
Open

        $self = preg_replace( '|^.*/wp-admin/global/|i', '', $_SERVER['PHP_SELF'] );

Found in wp-global-admin/wp-admin/includes/hacks.php by phpcodesniffer

Exclude checks
- Disable engine
- Disable check

Overriding WordPress globals is prohibited. Found assignment to $menu
Open

    $menu    = array();

Found in wp-global-admin/wp-admin/includes/hacks.php by phpcodesniffer

Exclude checks
- Disable engine
- Disable check

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'wp_nonce_url'.
Open

                wp_nonce_url(

Found in wp-global-admin.php by phpcodesniffer

Exclude checks
- Disable engine
- Disable check

Overriding WordPress globals is prohibited. Found assignment to $mode
Open

            $mode = get_user_setting( 'global_users_list_mode', 'list' );

Found in wp-global-admin/wp-admin/includes/class-wp-ga-users-list-table.php by phpcodesniffer

Exclude checks
- Disable engine
- Disable check

Detected usage of a non-sanitized input variable: $_SERVER
Open

            $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) );

Found in wp-global-admin/wp-admin/includes/class-wp-ga-users-list-table.php by phpcodesniffer

Exclude checks
- Disable engine
- Disable check

Detected usage of a non-sanitized input variable: $_POST
Open

            check_admin_referer( 'edit-dashboard-widget_' . $_POST['widget_id'], 'dashboard-widget-nonce' );

Found in wp-global-admin/wp-admin/includes/dashboard.php by phpcodesniffer

Exclude checks
- Disable engine
- Disable check

Overriding WordPress globals is prohibited. Found assignment to $role
Open

        $role = isset( $_REQUEST['role'] ) ? $_REQUEST['role'] : '';

Found in wp-global-admin/wp-admin/includes/class-wp-ga-users-list-table.php by phpcodesniffer

Exclude checks
- Disable engine
- Disable check

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'.
Open

        echo $this->column_networks( $user );

Found in wp-global-admin/wp-admin/includes/class-wp-ga-users-list-table.php by phpcodesniffer

Exclude checks
- Disable engine
- Disable check

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$path'.
Open

            echo '<a href="' . esc_url( network_admin_url( 'site-info.php?id=' . $network->id ) ) . '">' . $network->domain . $path . '</a>';

Found in wp-global-admin/wp-admin/includes/class-wp-ga-users-list-table.php by phpcodesniffer

Exclude checks
- Disable engine
- Disable check

Overriding WordPress globals is prohibited. Found assignment to $usersearch
Open

        $usersearch = isset( $_REQUEST['s'] ) ? wp_unslash( trim( $_REQUEST['s'] ) ) : '';

Found in wp-global-admin/wp-admin/includes/class-wp-ga-users-list-table.php by phpcodesniffer

Exclude checks
- Disable engine
- Disable check

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$user'.
Open

            <a href="<?php echo $edit_link; ?>" class="edit"><?php echo $user->user_login; ?></a>

Found in wp-global-admin/wp-admin/includes/class-wp-ga-users-list-table.php by phpcodesniffer

Exclude checks
- Disable engine
- Disable check

felixarntz/global-admin

Showing 251 of 251 total issues

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'.
Open

Missing wp_unslash() before sanitization.
Open

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$data'.
Open

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$sentence'.
Open

Detected usage of a non-sanitized input variable: $_REQUEST
Open

A gettext call containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
Open

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$avatar'.
Open

Detected usage of a non-sanitized input variable: $_SERVER
Open

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
Open

Missing wp_unslash() before sanitization.
Open

Overriding WordPress globals is prohibited. Found assignment to $menu
Open

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'wp_nonce_url'.
Open

Overriding WordPress globals is prohibited. Found assignment to $mode
Open

Detected usage of a non-sanitized input variable: $_SERVER
Open

Detected usage of a non-sanitized input variable: $_POST
Open

Overriding WordPress globals is prohibited. Found assignment to $role
Open

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'.
Open

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$path'.
Open

Overriding WordPress globals is prohibited. Found assignment to $usersearch
Open

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$user'.
Open

Severity

Category

Status

Source

Language

felixarntz/global-admin

Showing 251 of 251 total issues

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'. Open

Missing wp_unslash() before sanitization. Open

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$data'. Open

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$sentence'. Open

Detected usage of a non-sanitized input variable: $_REQUEST Open

A gettext call containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders. Open

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$avatar'. Open

Detected usage of a non-sanitized input variable: $_SERVER Open

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. Open

Missing wp_unslash() before sanitization. Open

Overriding WordPress globals is prohibited. Found assignment to $menu Open

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'wp_nonce_url'. Open

Overriding WordPress globals is prohibited. Found assignment to $mode Open

Detected usage of a non-sanitized input variable: $_SERVER Open

Detected usage of a non-sanitized input variable: $_POST Open

Overriding WordPress globals is prohibited. Found assignment to $role Open

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'. Open

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$path'. Open

Overriding WordPress globals is prohibited. Found assignment to $usersearch Open

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$user'. Open

Severity

Category

Status

Source

Language

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'.
Open

Missing wp_unslash() before sanitization.
Open

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$data'.
Open

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$sentence'.
Open

Detected usage of a non-sanitized input variable: $_REQUEST
Open

A gettext call containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
Open

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$avatar'.
Open

Detected usage of a non-sanitized input variable: $_SERVER
Open

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
Open

Missing wp_unslash() before sanitization.
Open

Overriding WordPress globals is prohibited. Found assignment to $menu
Open

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'wp_nonce_url'.
Open

Overriding WordPress globals is prohibited. Found assignment to $mode
Open

Detected usage of a non-sanitized input variable: $_SERVER
Open

Detected usage of a non-sanitized input variable: $_POST
Open

Overriding WordPress globals is prohibited. Found assignment to $role
Open

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'.
Open

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$path'.
Open

Overriding WordPress globals is prohibited. Found assignment to $usersearch
Open

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$user'.
Open