WIP

includes/Admin.php

@@ -102,6 +102,7 @@ public function render_admin_page() {
             'optimizations' => __( 'Optimizations', 'flywp' ),
         ];
 
+        // phpcs:ignore WordPress.Security.NonceVerification.Recommended
         $active_tab     = isset( $_GET['tab'] ) && array_key_exists( $_GET['tab'], $tabs ) ? $_GET['tab'] : 'cache';
         $site_info      = $this->fetch_site_info();
         $app_site_url   = $this->get_site_url( $site_info );

includes/Admin/Litespeed.php

@@ -47,6 +47,7 @@ public function handle_enable_disable() {
             return;
         }
 
+        // phpcs:ignore WordPress.Security.NonceVerification.Recommended
         if ( isset( $_GET['_wpnonce'] ) && ! wp_verify_nonce( wp_unslash( $_GET['_wpnonce'] ), 'flywp-litespeed-nonce' ) ) {
             return;
         }
@@ -56,6 +57,8 @@ public function handle_enable_disable() {
         }
 
         $valid_types = [ 'enable', 'disable' ];
+
+        // phpcs:ignore WordPress.Security.NonceVerification.Recommended
         $type        = isset( $_GET['type'] ) && in_array( wp_unslash( $_GET['type'] ), $valid_types, true ) ? wp_unslash( $_GET['type'] ) : 'enable';
         $status      = $type === 'enable' ? '1' : '0';
         $notice      = $type === 'enable' ? 'lscache-enabled' : 'lscache-disabled';

includes/Api.php

@@ -52,7 +52,7 @@ public function get_bearer_token() {
             return false;
         }
 
-        $auth_header = $_SERVER['HTTP_AUTHORIZATION'];
+        $auth_header = wp_unslash( $_SERVER['HTTP_AUTHORIZATION'] );
 
         if ( ! preg_match( '/Bearer\s(\S+)/', $auth_header, $matches ) ) {
             return false;

views/admin.php

@@ -18,7 +18,7 @@
 
             <div class="fw-flex -fw-mb-px fw-gap-2">
                 <?php foreach ( $tabs as $key => $label ) { ?>
-                    <a href="<?php echo esc_url( add_query_arg( ['tab' => $key ], $this->page_url() ) ); ?>" class="fw-block fw-px-4 fw-py-3 fw-text-sm -m fw-text-gray-800 fw-no-underline fw-outline-none focus:fw-outline-none <?php echo $key === $active_tab ? 'fw-border-b-2 fw-border-indigo-500 fw-font-semibold' : ''; ?>"><?php echo $label; ?></a>
+                    <a href="<?php echo esc_url( add_query_arg( [ 'tab' => $key ], $this->page_url() ) ); ?>" class="fw-block fw-px-4 fw-py-3 fw-text-sm -m fw-text-gray-800 fw-no-underline fw-outline-none focus:fw-outline-none <?php echo $key === $active_tab ? 'fw-border-b-2 fw-border-indigo-500 fw-font-semibold' : ''; ?>"><?php echo $label; ?></a>
                 <?php } ?>
             </div>
         </div>

views/litespeed.php

@@ -7,8 +7,8 @@
     'lscache-disabled' => __( 'Page Caching has been disabled.', 'flywp' ),
 ];
 
-if ( isset( $_GET['fly-notice'] ) && isset( $cache_messages[$_GET['fly-notice']] ) ) {
-    $notice = $cache_messages[$_GET['fly-notice']];
+if ( isset( $_GET['fly-notice'] ) && isset( $cache_messages[ $_GET['fly-notice'] ] ) ) {
+    $notice = $cache_messages[ $_GET['fly-notice'] ];
 }
 ?>
 

views/op-cache.php

@@ -8,8 +8,8 @@
     'opcache-purged'   => __( 'PHP OPcache has been cleared.', 'flywp' ),
 ];
 
-if ( isset( $_GET['fly-notice'] ) && isset( $cache_messages[$_GET['fly-notice']] ) ) {
-    $notice = $cache_messages[$_GET['fly-notice']];
+if ( isset( $_GET['fly-notice'] ) && isset( $cache_messages[ $_GET['fly-notice'] ] ) ) {
+    $notice = $cache_messages[ $_GET['fly-notice'] ];
 }
 ?>
 

views/page-cache.php

@@ -9,8 +9,8 @@
     'fastcgi-disabled' => __( 'Page Caching has been disabled.', 'flywp' ),
 ];
 
-if ( isset( $_GET['fly-notice'] ) && isset( $cache_messages[$_GET['fly-notice']] ) ) {
-    $notice = $cache_messages[$_GET['fly-notice']];
+if ( isset( $_GET['fly-notice'] ) && isset( $cache_messages[ $_GET['fly-notice'] ] ) ) {
+    $notice = $cache_messages[ $_GET['fly-notice'] ];
 }
 ?>