Showing 251 of 251 total issues
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. Open
Open
_e( 'Users deleted.' );
- Exclude checks
Detected usage of a non-sanitized input variable: $_REQUEST Open
Open
$args['orderby'] = $_REQUEST['orderby'];
- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$edit_link'. Open
Open
<a href="<?php echo $edit_link; ?>" class="edit"><?php echo $user->user_login; ?></a>
- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<span class="$action">$link$sep</span>"'. Open
Open
echo "<span class='$action'>$link$sep</span>";
- Exclude checks
Use placeholders and $wpdb->prepare(); found $insert Open
Open
$wpdb->query( "INSERT INTO $wpdb->global_options ( option_name, option_value, autoload ) VALUES " . implode( ', ', $insert ) );
- Exclude checks
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. Open
Open
_e( 'User added.' );
- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$classes'. Open
Open
echo '<td class="', $classes, ' has-row-actions" ', $data, '>';
- Exclude checks
Detected usage of a non-validated input variable: $_SERVER Open
Open
if ( 'POST' == $_SERVER['REQUEST_METHOD'] && isset( $_POST['widget_id'] ) ) {
- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'network_admin_url'. Open
Open
<form action="<?php echo network_admin_url( 'users.php' ); ?>" method="get">
- Exclude checks
Overriding WordPress globals is prohibited. Found assignment to $submenu Open
Open
$submenu = array();
- Exclude checks
Overriding WordPress globals is prohibited. Found assignment to $pagenow Open
Open
$pagenow = trim( $pagenow, '/' );
- Exclude checks
Detected usage of a non-sanitized input variable: $_REQUEST Open
Open
$usersearch = isset( $_REQUEST['s'] ) ? wp_unslash( trim( $_REQUEST['s'] ) ) : '';
- Exclude checks
Detected usage of a non-sanitized input variable: $_REQUEST Open
Open
$args['order'] = $_REQUEST['order'];
- Exclude checks
Overriding WordPress globals is prohibited. Found assignment to $wp_dashboard_control_callbacks Open
Open
$wp_dashboard_control_callbacks = array();
- Exclude checks
Missing wp_unslash() before sanitization. Open
Open
preg_match( '#/wp-admin/global/?(.*?)$#i', $_SERVER['PHP_SELF'], $self_matches );
- Exclude checks
Overriding WordPress globals is prohibited. Found assignment to $pagenow Open
Open
$pagenow = 'index.php';
- Exclude checks
Missing wp_unslash() before sanitization. Open
Open
$args['order'] = $_REQUEST['order'];
- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$network'. Open
Open
echo '<span class="network-' . $network->id . '" >';
- Exclude checks
Overriding WordPress globals is prohibited. Found assignment to $pagenow Open
Open
$pagenow = strtolower( $self_matches[1] );
- Exclude checks
A gettext call containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders. Open
Open
$blogname = sprintf( __( 'Global Admin: %s' ), esc_html( get_global_option( 'global_name' ) ) );
- Exclude checks