wp-global-admin/wp-admin/includes/class-wp-ga-users-list-table.php
Method prepare_items has 51 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
public function prepare_items() {
global $usersearch, $role, $wpdb, $mode;
$usersearch = isset( $_REQUEST['s'] ) ? wp_unslash( trim( $_REQUEST['s'] ) ) : '';
Function prepare_items has a Cognitive Complexity of 13 (exceeds 5 allowed). Consider refactoring. Open
Open
public function prepare_items() {
global $usersearch, $role, $wpdb, $mode;
$usersearch = isset( $_REQUEST['s'] ) ? wp_unslash( trim( $_REQUEST['s'] ) ) : '';
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method column_networks has 31 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
public function column_networks( $user ) {
if ( ! function_exists( 'get_networks_of_user' ) ) {
return;
}
Function column_networks has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring. Open
Open
public function column_networks( $user ) {
if ( ! function_exists( 'get_networks_of_user' ) ) {
return;
}
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
The method prepare_items() has an NPath complexity of 1728. The configured NPath complexity threshold is 200. Open
Open
public function prepare_items() {
global $usersearch, $role, $wpdb, $mode;
$usersearch = isset( $_REQUEST['s'] ) ? wp_unslash( trim( $_REQUEST['s'] ) ) : '';
- Read upRead up
- Exclude checks
NPathComplexity
Since: 0.1
The NPath complexity of a method is the number of acyclic execution paths through that method. A threshold of 200 is generally considered the point where measures should be taken to reduce complexity.
Example
class Foo {
function bar() {
// lots of complicated code
}
}Source https://phpmd.org/rules/codesize.html#npathcomplexity
The method prepare_items() has a Cyclomatic Complexity of 14. The configured cyclomatic complexity threshold is 10. Open
Open
public function prepare_items() {
global $usersearch, $role, $wpdb, $mode;
$usersearch = isset( $_REQUEST['s'] ) ? wp_unslash( trim( $_REQUEST['s'] ) ) : '';
- Read upRead up
- Exclude checks
CyclomaticComplexity
Since: 0.1
Complexity is determined by the number of decision points in a method plus one for the method entry. The decision points are 'if', 'while', 'for', and 'case labels'. Generally, 1-4 is low complexity, 5-7 indicates moderate complexity, 8-10 is high complexity, and 11+ is very high complexity.
Example
// Cyclomatic Complexity = 11
class Foo {
1 public function example() {
2 if ($a == $b) {
3 if ($a1 == $b1) {
fiddle();
4 } elseif ($a2 == $b2) {
fiddle();
} else {
fiddle();
}
5 } elseif ($c == $d) {
6 while ($c == $d) {
fiddle();
}
7 } elseif ($e == $f) {
8 for ($n = 0; $n < $h; $n++) {
fiddle();
}
} else {
switch ($z) {
9 case 1:
fiddle();
break;
10 case 2:
fiddle();
break;
11 case 3:
fiddle();
break;
default:
fiddle();
break;
}
}
}
}Source https://phpmd.org/rules/codesize.html#cyclomaticcomplexity
Missing class import via use statement (line '109', column '25'). Open
Open
$wp_user_search = new WP_User_Query( $args );- Read upRead up
- Exclude checks
MissingImport
Since: 2.7.0
Importing all external classes in a file through use statements makes them clearly visible.
Example
function make() {
return new \stdClass();
}Source http://phpmd.org/rules/cleancode.html#MissingImport
Avoid unused local variables such as '$edit'. Open
Open
$edit = "<a href=\"{$edit_link}\">{$user->user_login}</a>";- Read upRead up
- Exclude checks
UnusedLocalVariable
Since: 0.2
Detects when a local variable is declared and/or assigned, but not used.
Example
class Foo {
public function doSomething()
{
$i = 5; // Unused
}
}Source https://phpmd.org/rules/unusedcode.html#unusedlocalvariable
Avoid unused local variables such as '$wpdb'. Open
Open
global $usersearch, $role, $wpdb, $mode;- Read upRead up
- Exclude checks
UnusedLocalVariable
Since: 0.2
Detects when a local variable is declared and/or assigned, but not used.
Example
class Foo {
public function doSomething()
{
$i = 5; // Unused
}
}Source https://phpmd.org/rules/unusedcode.html#unusedlocalvariable
Avoid excessively long variable names like $global_administrators. Keep variable name length under 20. Open
Open
$global_administrators = get_global_administrators();- Read upRead up
- Exclude checks
LongVariable
Since: 0.2
Detects when a field, formal or local variable is declared with a long name.
Example
class Something {
protected $reallyLongIntName = -3; // VIOLATION - Field
public static function main( array $interestingArgumentsList[] ) { // VIOLATION - Formal
$otherReallyLongName = -5; // VIOLATION - Local
for ($interestingIntIndex = 0; // VIOLATION - For
$interestingIntIndex < 10;
$interestingIntIndex++ ) {
}
}
}Source https://phpmd.org/rules/naming.html#longvariable
Avoid variables with short names like $i. Configured minimum length is 3. Open
Open
$i = 0;- Read upRead up
- Exclude checks
ShortVariable
Since: 0.2
Detects when a field, local, or parameter has a very short name.
Example
class Something {
private $q = 15; // VIOLATION - Field
public static function main( array $as ) { // VIOLATION - Formal
$r = 20 + $this->q; // VIOLATION - Local
for (int $i = 0; $i < 10; $i++) { // Not a Violation (inside FOR)
$r += $this->q;
}
}
}Source https://phpmd.org/rules/naming.html#shortvariable
Overriding WordPress globals is prohibited. Found assignment to $role Open
Open
$role = isset( $_REQUEST['role'] ) ? $_REQUEST['role'] : '';- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<span class="$action">$link$sep</span>"'. Open
Open
echo "<span class='$action'>$link$sep</span>";- Exclude checks
Missing wp_unslash() before sanitization. Open
Open
$args['order'] = $_REQUEST['order'];- Exclude checks
Missing wp_unslash() before sanitization. Open
Open
$args['orderby'] = $_REQUEST['orderby'];- Exclude checks
Detected usage of a non-sanitized input variable: $_REQUEST Open
Open
$role = isset( $_REQUEST['role'] ) ? $_REQUEST['role'] : '';- Exclude checks
Overriding WordPress globals is prohibited. Found assignment to $usersearch Open
Open
$usersearch = isset( $_REQUEST['s'] ) ? wp_unslash( trim( $_REQUEST['s'] ) ) : '';- Exclude checks
A gettext call containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders. Open
Open
$role_links['global'] = "<a href='" . global_admin_url( 'users.php?role=global' ) . "'$class>" . sprintf( _n( 'Global Administrator <span class="count">(%s)</span>', 'Global Administrators <span class="count">(%s)</span>', $total_admins, 'wp-global-admin' ), number_format_i18n( $total_admins ) ) . '</a>';- Exclude checks
A gettext call containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders. Open
Open
$role_links['all'] = "<a href='" . global_admin_url( 'users.php' ) . "'$class>" . sprintf( _nx( 'All <span class="count">(%s)</span>', 'All <span class="count">(%s)</span>', $total_users, 'users', 'wp-global-admin' ), number_format_i18n( $total_users ) ) . '</a>';- Exclude checks
Detected usage of a non-validated input variable: $_SERVER Open
Open
$edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) );- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'. Open
Open
echo $this->column_networks( $user );- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$network'. Open
Open
echo '<a href="' . esc_url( network_admin_url( 'site-info.php?id=' . $network->id ) ) . '">' . $network->domain . $path . '</a>';- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$data'. Open
Open
echo '<td class="', $classes, ' has-row-actions" ', $data, '>';- Exclude checks
Detected usage of a non-sanitized input variable: $_REQUEST Open
Open
$args['order'] = $_REQUEST['order'];- Exclude checks
Detected usage of a non-validated input variable: $_SERVER Open
Open
$delete_link = esc_url( global_admin_url( add_query_arg( '_wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'users.php', 'deleteuser' ) . '&action=deleteuser&id=' . $user->ID ) ) );- Exclude checks
Overriding WordPress globals is prohibited. Found assignment to $mode Open
Open
$mode = get_user_setting( 'global_users_list_mode', 'list' );- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$avatar'. Open
Open
echo $avatar;- Exclude checks
Overriding WordPress globals is prohibited. Found assignment to $mode Open
Open
$mode = 'excerpt' === $_REQUEST['mode'] ? 'excerpt' : 'list';- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$primary'. Open
Open
echo $this->handle_row_actions( $user, 'networks', $primary );- Exclude checks
Detected usage of a non-sanitized input variable: $_SERVER Open
Open
$delete_link = esc_url( global_admin_url( add_query_arg( '_wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'users.php', 'deleteuser' ) . '&action=deleteuser&id=' . $user->ID ) ) );- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$user'. Open
Open
<a href="<?php echo $edit_link; ?>" class="edit"><?php echo $user->user_login; ?></a>- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$path'. Open
Open
echo '<a href="' . esc_url( network_admin_url( 'site-info.php?id=' . $network->id ) ) . '">' . $network->domain . $path . '</a>';- Exclude checks
Detected usage of a non-sanitized input variable: $_REQUEST Open
Open
$usersearch = isset( $_REQUEST['s'] ) ? wp_unslash( trim( $_REQUEST['s'] ) ) : '';- Exclude checks
Missing wp_unslash() before sanitization. Open
Open
$role = isset( $_REQUEST['role'] ) ? $_REQUEST['role'] : '';- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$classes'. Open
Open
echo '<td class="', $classes, ' has-row-actions" ', $data, '>';- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'. Open
Open
echo $this->handle_row_actions( $user, 'networks', $primary );- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'. Open
Open
echo ' - ' . __( 'Global Administrator' );- Exclude checks
Detected usage of a non-validated input variable: $_SERVER Open
Open
$edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) );- Exclude checks
Missing wp_unslash() before sanitization. Open
Open
$usersearch = isset( $_REQUEST['s'] ) ? wp_unslash( trim( $_REQUEST['s'] ) ) : '';- Exclude checks
Detected usage of a non-sanitized input variable: $_REQUEST Open
Open
$args['orderby'] = $_REQUEST['orderby'];- Exclude checks
Detected usage of a non-sanitized input variable: $_SERVER Open
Open
$edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) );- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$edit_link'. Open
Open
<a href="<?php echo $edit_link; ?>" class="edit"><?php echo $user->user_login; ?></a>- Exclude checks
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$network'. Open
Open
echo '<span class="network-' . $network->id . '" >';- Exclude checks
Detected usage of a non-sanitized input variable: $_SERVER Open
Open
$edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) );- Exclude checks