diff --git a/includes/Admin.php b/includes/Admin.php index 74d2e05..3118822 100644 --- a/includes/Admin.php +++ b/includes/Admin.php @@ -102,6 +102,7 @@ public function render_admin_page() { 'optimizations' => __( 'Optimizations', 'flywp' ), ]; + // phpcs:ignore WordPress.Security.NonceVerification.Recommended $active_tab = isset( $_GET['tab'] ) && array_key_exists( $_GET['tab'], $tabs ) ? $_GET['tab'] : 'cache'; $site_info = $this->fetch_site_info(); $app_site_url = $this->get_site_url( $site_info ); diff --git a/includes/Admin/Litespeed.php b/includes/Admin/Litespeed.php index 480ff45..473e739 100644 --- a/includes/Admin/Litespeed.php +++ b/includes/Admin/Litespeed.php @@ -47,6 +47,7 @@ public function handle_enable_disable() { return; } + // phpcs:ignore WordPress.Security.NonceVerification.Recommended if ( isset( $_GET['_wpnonce'] ) && ! wp_verify_nonce( wp_unslash( $_GET['_wpnonce'] ), 'flywp-litespeed-nonce' ) ) { return; } @@ -56,6 +57,8 @@ public function handle_enable_disable() { } $valid_types = [ 'enable', 'disable' ]; + + // phpcs:ignore WordPress.Security.NonceVerification.Recommended $type = isset( $_GET['type'] ) && in_array( wp_unslash( $_GET['type'] ), $valid_types, true ) ? wp_unslash( $_GET['type'] ) : 'enable'; $status = $type === 'enable' ? '1' : '0'; $notice = $type === 'enable' ? 'lscache-enabled' : 'lscache-disabled'; diff --git a/includes/Api.php b/includes/Api.php index fc6efe1..85f7570 100644 --- a/includes/Api.php +++ b/includes/Api.php @@ -52,7 +52,7 @@ public function get_bearer_token() { return false; } - $auth_header = $_SERVER['HTTP_AUTHORIZATION']; + $auth_header = wp_unslash( $_SERVER['HTTP_AUTHORIZATION'] ); if ( ! preg_match( '/Bearer\s(\S+)/', $auth_header, $matches ) ) { return false; diff --git a/views/admin.php b/views/admin.php index cff7023..2181c84 100644 --- a/views/admin.php +++ b/views/admin.php @@ -18,7 +18,7 @@
$label ) { ?> - +
diff --git a/views/litespeed.php b/views/litespeed.php index eae6ac5..5bcec17 100644 --- a/views/litespeed.php +++ b/views/litespeed.php @@ -7,8 +7,8 @@ 'lscache-disabled' => __( 'Page Caching has been disabled.', 'flywp' ), ]; -if ( isset( $_GET['fly-notice'] ) && isset( $cache_messages[$_GET['fly-notice']] ) ) { - $notice = $cache_messages[$_GET['fly-notice']]; +if ( isset( $_GET['fly-notice'] ) && isset( $cache_messages[ $_GET['fly-notice'] ] ) ) { + $notice = $cache_messages[ $_GET['fly-notice'] ]; } ?> diff --git a/views/op-cache.php b/views/op-cache.php index 2b45527..1ecdcac 100644 --- a/views/op-cache.php +++ b/views/op-cache.php @@ -8,8 +8,8 @@ 'opcache-purged' => __( 'PHP OPcache has been cleared.', 'flywp' ), ]; -if ( isset( $_GET['fly-notice'] ) && isset( $cache_messages[$_GET['fly-notice']] ) ) { - $notice = $cache_messages[$_GET['fly-notice']]; +if ( isset( $_GET['fly-notice'] ) && isset( $cache_messages[ $_GET['fly-notice'] ] ) ) { + $notice = $cache_messages[ $_GET['fly-notice'] ]; } ?> diff --git a/views/page-cache.php b/views/page-cache.php index 7b46f06..c09c647 100644 --- a/views/page-cache.php +++ b/views/page-cache.php @@ -9,8 +9,8 @@ 'fastcgi-disabled' => __( 'Page Caching has been disabled.', 'flywp' ), ]; -if ( isset( $_GET['fly-notice'] ) && isset( $cache_messages[$_GET['fly-notice']] ) ) { - $notice = $cache_messages[$_GET['fly-notice']]; +if ( isset( $_GET['fly-notice'] ) && isset( $cache_messages[ $_GET['fly-notice'] ] ) ) { + $notice = $cache_messages[ $_GET['fly-notice'] ]; } ?>