Showing 251 of 251 total issues
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. Open
Open
<td colspan="2"><?php _e( 'A password reset link will be sent to the user via email.' ); ?></td>
- Exclude checks
Detected usage of a non-sanitized input variable: $_POST Open
Open
confirm_delete_users( $_POST['allusers'] );
- Exclude checks
Detected usage of a non-sanitized input variable: $_POST Open
Open
$doaction = $_POST['action'] != -1 ? $_POST['action'] : $_POST['action2'];
- Exclude checks
No space found before comment text; expected "// require_once( ABSPATH . 'wp-admin/includes/menu.php' );" but found "//require_once( ABSPATH . 'wp-admin/includes/menu.php' );" Open
Open
//require_once( ABSPATH . 'wp-admin/includes/menu.php' );
- Exclude checks
Use Yoda Condition checks, you must. Open
Open
<?php if ( $user->user_email != get_global_option( 'admin_email' ) || ! is_global_administrator( $user->ID ) ) : ?>
- Exclude checks
Array item not aligned correctly; expected 4 spaces but found 8 Open
Open
'id' => 'overview',
- Exclude checks
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. Open
Open
<p><?php _e( 'Global administrator privileges cannot be removed because this user has the global admin email.', 'wp-global-admin' ); ?></p>
- Exclude checks
Detected usage of a non-validated input variable: $_POST Open
Open
confirm_delete_users( $_POST['allusers'] );
- Exclude checks
Each array item in a multi-line array declaration must end in a comma Open
Open
'<p>' . __( 'This screen sets and changes options for the entire setup as a whole. The settings on this page will affect all networks and sites.', 'wp-global-admin' ) . '</p>'
- Exclude checks
Detected usage of a non-sanitized input variable: $_POST Open
Open
foreach ( $_POST['blog'] as $id => $users ) {
- Exclude checks
Expected 1 spaces after opening bracket; 0 found Open
Open
'<p>' . __('<a href="https://github.com/felixarntz/wp-global-admin/wiki/Global-Admin-Settings-Screen" target="_blank">Documentation on Global Settings</a>', 'wp-global-admin' ) . '</p>'
- Exclude checks
Each array item in a multi-line array declaration must end in a comma Open
Open
'<p>' . __( 'You can make an existing user an additional global admin by going to the Edit User profile page and checking the box to grant that privilege.', 'wp-global-admin' ) . '</p>'
- Exclude checks
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. Open
Open
<th scope="row"><label for="admin_email"><?php _e( 'Global Admin Email', 'wp-global-admin' ) ?></label></th>
- Exclude checks
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. Open
Open
<?php _e( 'Allow network administrators to create new users', 'wp-global-admin' ); ?>
- Exclude checks
Detected usage of a non-validated input variable: $_SERVER Open
Open
$edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user_id_new ) ) );
- Exclude checks
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. Open
Open
<h1 id="add-new-user"><?php _e( 'Add New User' ); ?></h1>
- Exclude checks
Missing wp_unslash() before sanitization. Open
Open
confirm_delete_users( $_POST['allusers'] );
- Exclude checks
Use Yoda Condition checks, you must. Open
Open
if ( $details->userblog_id != get_network()->site_id ) { // main blog not a spam !
- Exclude checks
Use Yoda Condition checks, you must. Open
Open
if ( $i == 1 ) {
- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'. Open
Open
wp_die( __( 'Multinetwork support is not enabled.', 'wp-global-admin' ) );
- Exclude checks