search

envato / envato-theme-check

The WordPress Theme Check plugin for Envato
GNU General Public License v2.0
208 stars 57 forks source link

$_SERVER not allowed? Isn't it safe? #14

Closed AivahThemes closed 6 years ago

AivahThemes commented 6 years ago

I got an issue while checking the theme to test with this plugin.

WARNING: Found $_SERVER in the file template-success.php. PHP Global Variable found. Ensure the context is safe and reliable.
Line 109: $storeup_bk_user_ip = isset( sanitize_text_field( $_SERVER['REMOTE_ADDR'] ) )
Line 110: ? sanitize_text_field( $_SERVER['REMOTE_ADDR'] ) : 'N/A';

Same with another file..

WARNING: Found $_SERVER in the file admin-interface.php. PHP Global Variable found. Ensure the context is safe and reliable.
Line 225: <form action='<?php echo esc_attr( $_SERVER['REQUEST_URI'] ) ?>' method='post' style='display:inline' id='atpf

How to sanitize the code the above code?

scottparry commented 6 years ago

This isn't an issue. Certain global variables are unsafe and/or unreliable. The reviewers will check each instance and provide feedback.

cyberwani commented 5 years ago

It can be useful if a verification method is integrated to check only unsafe and/or unreliable global variables.