wp-global-admin/wp-admin/global/user-new.php
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. Open
Open
<th scope="row"><label for="email"><?php _e( 'Email' ); ?></label></th>
- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'. Open
Open
wp_die( __( 'Cannot create an empty user.' ) );
- Exclude checks
Detected usage of a non-validated input variable: $_POST Open
Open
if ( ! is_array( $_POST['user'] ) ) {
- Exclude checks
Detected usage of a non-validated input variable: $_POST Open
Open
$user = wp_unslash( $_POST['user'] );
- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$msg'. Open
Open
echo '<div id="message" class="updated notice is-dismissible"><p>' . $msg . '</p></div>';
- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'global_admin_url'. Open
Open
<form action="<?php echo global_admin_url( 'user-new.php?action=add-user' ); ?>" id="adduser" method="post" novalidate="novalidate">
- Exclude checks
Detected usage of a non-validated input variable: $_SERVER Open
Open
$edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user_id_new ) ) );
- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'. Open
Open
wp_die( __( 'Multinetwork support is not enabled.', 'wp-global-admin' ) );
- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<p>$message</p>"'. Open
Open
echo "<p>$message</p>";
- Exclude checks
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. Open
Open
<td colspan="2"><?php _e( 'A password reset link will be sent to the user via email.' ); ?></td>
- Exclude checks
Detected usage of a non-sanitized input variable: $_POST Open
Open
$user = wp_unslash( $_POST['user'] );
- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'. Open
Open
wp_die( __( 'Sorry, you are not allowed to add users to this setup.', 'wp-global-admin' ) );
- Exclude checks
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. Open
Open
<h1 id="add-new-user"><?php _e( 'Add New User' ); ?></h1>
- Exclude checks
Detected usage of a non-sanitized input variable: $_SERVER Open
Open
$edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user_id_new ) ) );
- Exclude checks
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. Open
Open
<th scope="row"><label for="username"><?php _e( 'Username' ); ?></label></th>
- Exclude checks