-
-
Notifications
You must be signed in to change notification settings - Fork 460
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Get rid of all $_POST errors #510
Comments
So, either whitelist it with a flag (Also see https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/wiki/Whitelisting-code-which-flags-errors) or if it's a known system, you can use |
To fix the error, you need to validate that the if ( isset( $_POST['auth_step'] ) && 'Yes' === $_POST['auth_step'] ) ) {} |
If I use isset and sanitize and also comment it to flag the variable.
I still get
|
Should I use sanitize_text_field() in Yoda condition ? |
No. PHPCS will correctly detect that sanitization isn't required here, since this is just a comparison of the value. This should avoid all of those errors: if ( isset( $_POST['auth_step'] ) && 'Yes' === $_POST['auth_step'] ) { // Input var okay |
@JDGrimes yes, It worked. Needed a dot at the end of comment though.
btw What will be the scenario for the statement below ??
Should I sanitize and unslash in this case ? |
Yes. In fact, since an nonce doesn't contain characters that would need to be slashed, so you could just use So you can use |
I see. @JDGrimes I am moving into right direction now So, for the scenarios below.
I should refactor the above statements like this
but why it needs to be wp_unslash() ?? |
It needs It is strange, I know. See https://core.trac.wordpress.org/ticket/24106, https://core.trac.wordpress.org/ticket/18322, and #172. |
I see What would be the best case for URL inputs ?
can we refactor the above statement like this ?
|
I think the easiest thing to do is to use update_option( 'ANALYTIFY_REDIRECT_URI', esc_url_raw( wp_unslash( $_POST['analytify_redirect_uri'] ) ) ); // Input var okay.
I think if you want to use $_POST['analytify_redirect_uri'] = wp_unslash( $_POST['analytify_redirect_uri'] ); // Input var, sanitization okay.
update_option( 'ANALYTIFY_REDIRECT_URI', filter_input( INPUT_POST, 'analytify_redirect_uri', FILTER_VALIDATE_URL ) ); // Input var okay. You could use update_option( 'ANALYTIFY_REDIRECT_URI', wp_unslash( filter_input( INPUT_POST, 'analytify_redirect_uri', FILTER_VALIDATE_URL ) ) ); // Input var okay. |
@JDGrimes Thanks a ton. This discussion is really adding a lot of value to me and everyone who wants their code according to WPCS. What would be the best way for Array inputs e.g I have a multi select dropdown and if I use
It returns an error that Array to String Conversion. |
@hiddenpearls There is a page in our wiki that discusses how to sanitize array inputs. |
@JDGrimes I edited that page. Actually, first parameter of the array_map should be valid callback function like below.
|
I've created a wiki page based on these questions: https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/wiki/Fixing-errors-for-input-data |
I am still getting the error with Screenshot: https://tinyurl.com/ycvt3e73 |
@emfluenceindia This issue has been closed for two years. Opening a new issue will probably have more effect. |
Thank you. I will do as you suggested. |
hello everyone, I am using PHPCS and WP Coding Standards setup for cleaning all the errors in my plugin code but $_POST errors are really confusing like
above statement triggers these errors
How I can get of this error and warning ? What is the best way to write this statement ?
The text was updated successfully, but these errors were encountered: