wp-global-admin/wp-admin/global/users.php
Avoid deeply nested control flow statements. Open
Open
if ( $details->userblog_id != get_network()->site_id ) { // main blog not a spam !
update_blog_status( $details->userblog_id, 'spam', '1' );
}Avoid deeply nested control flow statements. Open
Open
if ( is_global_administrator( $user->ID ) || is_super_admin( $user->ID ) ) {
wp_die( sprintf( __( 'Warning! User cannot be modified. The user %s is a network administrator.' ), esc_html( $user->user_login ) ) );
}Avoid deeply nested control flow statements. Open
Open
if ( ! current_user_can( 'delete_users' ) ) {
wp_die( __( 'Sorry, you are not allowed to access this page.' ), 403 );
}Detected usage of a non-validated input variable: $_POST Open
Open
if ( is_array( $_POST['user'] ) && ! empty( $_POST['user'] ) ) {- Exclude checks
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. Open
Open
_e( 'Users marked as spam.' );- Exclude checks
Detected usage of a non-validated input variable: $_POST Open
Open
confirm_delete_users( $_POST['allusers'] );- Exclude checks
Missing wp_unslash() before sanitization. Open
Open
$doaction = $_POST['action'] != -1 ? $_POST['action'] : $_POST['action2'];- Exclude checks
Missing wp_unslash() before sanitization. Open
Open
foreach ( (array) $_POST['allusers'] as $user_id ) {- Exclude checks
Detected usage of a non-sanitized input variable: $_POST Open
Open
foreach ( $_POST['user'] as $id ) {- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'. Open
Open
wp_die( __( 'Multinetwork support is not enabled.', 'wp-global-admin' ) );- Exclude checks
Detected usage of a non-validated input variable: $_GET Open
Open
$id = intval( $_GET['id'] );- Exclude checks
Missing wp_unslash() before sanitization. Open
Open
foreach ( $_POST['user'] as $id ) {- Exclude checks
Missing wp_unslash() before sanitization. Open
Open
$doaction = $_POST['action'] != -1 ? $_POST['action'] : $_POST['action2'];- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'. Open
Open
wp_die( sprintf( __( 'Warning! User cannot be modified. The user %s is a network administrator.' ), esc_html( $user->user_login ) ) );- Exclude checks
Missing wp_unslash() before sanitization. Open
Open
confirm_delete_users( $_POST['allusers'] );- Exclude checks
Use Yoda Condition checks, you must. Open
Open
$doaction = $_POST['action'] != -1 ? $_POST['action'] : $_POST['action2'];- Exclude checks
Terminating statement must be indented to the same level as the CASE body Open
Open
break;- Exclude checks
Detected usage of a non-sanitized input variable: $_POST Open
Open
confirm_delete_users( $_POST['allusers'] );- Exclude checks
Use Yoda Condition checks, you must. Open
Open
if ( $i == 1 ) {- Exclude checks
Detected usage of a non-sanitized input variable: $_POST Open
Open
foreach ( $_POST['blog'] as $id => $users ) {- Exclude checks
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. Open
Open
_e( 'User deleted.' );- Exclude checks
Terminating statement must be indented to the same level as the CASE body Open
Open
break;- Exclude checks
A gettext call containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders. Open
Open
wp_die( sprintf( __( 'Warning! User cannot be modified. The user %s is a network administrator.' ), esc_html( $user->user_login ) ) );- Exclude checks
Inline comments must end in full-stops, exclamation marks, or question marks Open
Open
$_POST['allusers'] = array( $id ); // confirm_delete_users() can only handle with arrays- Exclude checks
Missing wp_unslash() before sanitization. Open
Open
confirm_delete_users( $_POST['allusers'] );- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'. Open
Open
wp_die( __( 'You do not have permission to access this page.' ), 403 );- Exclude checks
Use Yoda Condition checks, you must. Open
Open
if ( $id != '0' && $id != '1' ) {- Exclude checks
Detected usage of a non-sanitized input variable: $_POST Open
Open
confirm_delete_users( $_POST['allusers'] );- Exclude checks
Detected usage of a non-sanitized input variable: $_POST Open
Open
$doaction = $_POST['action'] != -1 ? $_POST['action'] : $_POST['action2'];- Exclude checks
Detected usage of a non-sanitized input variable: $_POST Open
Open
foreach ( (array) $_POST['allusers'] as $user_id ) {- Exclude checks
Missing wp_unslash() before sanitization. Open
Open
$user_ids = (array) $_POST['allusers'];- Exclude checks
Detected usage of a non-sanitized input variable: $_POST Open
Open
$user_ids = (array) $_POST['allusers'];- Exclude checks
Use Yoda Condition checks, you must. Open
Open
if ( $details->userblog_id != get_network()->site_id ) { // main blog not a spam !- Exclude checks
Each array item in a multi-line array declaration must end in a comma Open
Open
'<p>' . __( 'You can make an existing user an additional global admin by going to the Edit User profile page and checking the box to grant that privilege.', 'wp-global-admin' ) . '</p>'- Exclude checks
Use Yoda Condition checks, you must. Open
Open
if ( isset( $_REQUEST['updated'] ) && $_REQUEST['updated'] == 'true' && ! empty( $_REQUEST['action'] ) ) {- Exclude checks
Use Yoda Condition checks, you must. Open
Open
if ( $id != '0' && $id != '1' ) {- Exclude checks
Detected usage of a non-sanitized input variable: $_POST Open
Open
$doaction = $_POST['action'] != -1 ? $_POST['action'] : $_POST['action2'];- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'. Open
Open
wp_die( __( 'Sorry, you are not allowed to access this page.' ), 403 );- Exclude checks
Missing wp_unslash() before sanitization. Open
Open
foreach ( $_POST['blog'] as $id => $users ) {- Exclude checks
Terminating statement must be indented to the same level as the CASE body Open
Open
break;- Exclude checks
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. Open
Open
_e( 'Users deleted.' );- Exclude checks
Terminating statement must be indented to the same level as the CASE body Open
Open
break;- Exclude checks
Terminating statement must be indented to the same level as the CASE body Open
Open
break;- Exclude checks
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. Open
Open
_e( 'Users removed from spam.' );- Exclude checks
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. Open
Open
_e( 'User added.' );- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'. Open
Open
printf( '<span class="subtitle">' . __( 'Search results for “%s”' ) . '</span>', esc_html( $usersearch ) );- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'global_admin_url'. Open
Open
<a href="<?php echo global_admin_url( 'user-new.php' ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'user' ); ?></a>- Exclude checks