Showing 251 of 251 total issues
Missing wp_unslash() before sanitization. Open
Open
check_admin_referer( 'edit-dashboard-widget_' . $_POST['widget_id'], 'dashboard-widget-nonce' );
- Exclude checks
Inline comments must end in full-stops, exclamation marks, or question marks Open
Open
ob_start(); // hack - but the same hack wp-admin/widgets.php uses
- Exclude checks
Missing wp_unslash() before sanitization. Open
Open
wp_dashboard_trigger_widget_control( $_POST['widget_id'] );
- Exclude checks
Detected usage of a non-sanitized input variable: $_SERVER Open
Open
$self = preg_replace( '|^.*/wp-admin/global/|i', '', $_SERVER['PHP_SELF'] );
- Exclude checks
Detected usage of a non-validated input variable: $_SERVER Open
Open
preg_match( '#/wp-admin/global/?(.*?)$#i', $_SERVER['PHP_SELF'], $self_matches );
- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'. Open
Open
__( 'Please note: WP Global Admin requires the WP Global Options plugin to be installed and activated. <a href="%s">Install plugin</a>.', 'wp-global-admin' ),
- Exclude checks
Missing wp_unslash() before sanitization. Open
Open
$usersearch = isset( $_REQUEST['s'] ) ? wp_unslash( trim( $_REQUEST['s'] ) ) : '';
- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'. Open
Open
echo ' - ' . __( 'Global Administrator' );
- Exclude checks
Detected usage of a non-validated input variable: $_SERVER Open
Open
$delete_link = esc_url( global_admin_url( add_query_arg( '_wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'users.php', 'deleteuser' ) . '&action=deleteuser&id=' . $user->ID ) ) );
- Exclude checks
Missing wp_unslash() before sanitization. Open
Open
$role = isset( $_REQUEST['role'] ) ? $_REQUEST['role'] : '';
- Exclude checks
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. Open
Open
<label class="screen-reader-text" for="search-networks"><?php _e( 'Search Networks', 'wp-global-admin' ); ?></label>
- Exclude checks
Expected 1 spaces before closing bracket; 0 found Open
Open
return apply_filters( 'global_home_url', $url, $path, $orig_scheme);
- Exclude checks
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. Open
Open
_e( 'Users removed from spam.' );
- Exclude checks
Terminating statement must be indented to the same level as the CASE body Open
Open
break;
- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'global_admin_url'. Open
Open
<a href="<?php echo global_admin_url( 'user-new.php' ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'user' ); ?></a>
- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'. Open
Open
printf( '<span class="subtitle">' . __( 'Search results for “%s”' ) . '</span>', esc_html( $usersearch ) );
- Exclude checks
Detected usage of a non-validated input variable: $_SERVER Open
Open
$edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) );
- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$primary'. Open
Open
echo $this->handle_row_actions( $user, 'networks', $primary );
- Exclude checks
Overriding WordPress globals is prohibited. Found assignment to $self Open
Open
$self = preg_replace( '|^.*/wp-admin/global/|i', '', $_SERVER['PHP_SELF'] );
- Exclude checks
Terminating statement must be indented to the same level as the CASE body Open
Open
break;
- Exclude checks