felixarntz/global-admin

View on GitHub

Showing 251 of 251 total issues

Overriding WordPress globals is prohibited. Found assignment to $menu
Open

        $menu[5] = $networks_menu;

No space found before comment text; expected "// require_once( dirname( dirname( __FILE__ ) ) . '/admin.php' );" but found "//require_once( dirname( dirname( __FILE__ ) ) . '/admin.php' );"
Open

//require_once( dirname( dirname( __FILE__ ) ) . '/admin.php' );

Processing form data without nonce verification.
Open

        if ( ! empty( $_POST['global_administrator'] ) ) {

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$msg'.
Open

        echo '<div id="message" class="updated notice is-dismissible"><p>' . $msg . '</p></div>';

Inline comments must end in full-stops, exclamation marks, or question marks
Open

//require_once( dirname( dirname( __FILE__ ) ) . '/admin.php' );

A gettext call containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
Open

                                    wp_die( sprintf( __( 'Warning! User cannot be modified. The user %s is a network administrator.' ), esc_html( $user->user_login ) ) );

Expected 1 spaces after opening bracket; 0 found
Open

    '<p>' . __('<a href="https://github.com/felixarntz/wp-global-admin/wiki/Global-Admin" target="_blank">Documentation on the Global Admin</a>', 'wp-global-admin' ) . '</p>'

Inline comments must end in full-stops, exclamation marks, or question marks
Open

//require_once( ABSPATH . 'wp-admin/includes/menu.php' );

Array item not aligned correctly; expected 4 spaces but found 8
Open

        'content' =>

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
Open

                        <?php _e( 'This address is used for admin purposes.', 'wp-global-admin' ); ?>

Detected usage of a non-validated input variable: $_POST
Open

    if ( ! is_array( $_POST['user'] ) ) {

Inline comments must end in full-stops, exclamation marks, or question marks
Open

                $_POST['allusers'] = array( $id ); // confirm_delete_users() can only handle with arrays

There must be no blank line following an inline comment
Open

//require_once( dirname( dirname( __FILE__ ) ) . '/admin.php' );

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'.
Open

    wp_die( __( 'Multinetwork support is not enabled.', 'wp-global-admin' ) );

No space found before comment text; expected "// TODO: what do we need here? What makes sense?" but found "//TODO: what do we need here? What makes sense?"
Open

            //TODO: what do we need here? What makes sense?

Inline PHP statement must end with a semicolon
Open

                <th scope="row"><label for="admin_email"><?php _e( 'Global Admin Email', 'wp-global-admin' ) ?></label></th>

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'.
Open

        wp_die( __( 'Cannot create an empty user.' ) );

Detected usage of a non-validated input variable: $_POST
Open

                confirm_delete_users( $_POST['allusers'] );

Detected usage of a non-sanitized input variable: $_POST
Open

                confirm_delete_users( $_POST['allusers'] );

Missing wp_unslash() before sanitization.
Open

                $doaction     = $_POST['action'] != -1 ? $_POST['action'] : $_POST['action2'];
Severity
Category
Status
Source
Language