Skip to content

Commit

Permalink
LINT
Browse files Browse the repository at this point in the history
  • Loading branch information
puntope committed Dec 20, 2024
1 parent 695e191 commit 2f48ae8
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ public function initialize_woocommerceanalytics_session() {
if ( ! isset( $_COOKIE['woocommerceanalytics_session'] ) ) {
$session_id = wp_generate_uuid4();
$this->session_id = $session_id;
$this->landing_page = esc_url_raw( wp_unslash( ( empty( $_SERVER['HTTPS'] ) ? 'http' : 'https' ) . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]" ) );
$this->landing_page = wp_unslash( sanitize_url( ( empty( $_SERVER['HTTPS'] ) ? 'http' : 'https' ) . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]" ) );

Check failure on line 71 in projects/packages/woocommerce-analytics/src/class-universal.php

View workflow job for this annotation

GitHub Actions / PHP Code Sniffer (non-excluded files only)

Detected usage of a non-sanitized, non-validated input variable _SERVER: "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]" (WordPress.Security.ValidatedSanitizedInput.InputNotValidatedNotSanitized)

Check failure on line 71 in projects/packages/woocommerce-analytics/src/class-universal.php

View workflow job for this annotation

GitHub Actions / PHP Code Sniffer (non-excluded files only)

Detected usage of a non-sanitized, non-validated input variable _SERVER: "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]" (WordPress.Security.ValidatedSanitizedInput.InputNotValidatedNotSanitized)
setcookie(
'woocommerceanalytics_session',
wp_json_encode(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -263,7 +263,7 @@ public function find_cart_checkout_content_sources() {
* @return array Array of standard event props.
*/
public function get_common_properties() {
$session_data = json_decode( wp_unslash( $_COOKIE['woocommerceanalytics_session'] ?? '' ), true ) ?? array();
$session_data = json_decode( wp_unslash( sanitize_text_field( $_COOKIE['woocommerceanalytics_session'] ?? '' ) ), true ) ?? array();

Check failure on line 266 in projects/packages/woocommerce-analytics/src/class-woo-analytics-trait.php

View workflow job for this annotation

GitHub Actions / PHP Code Sniffer (non-excluded files only)

$_COOKIE['woocommerceanalytics_session'] not unslashed before sanitization. Use wp_unslash() or similar (WordPress.Security.ValidatedSanitizedInput.MissingUnslash)
$session_id = sanitize_text_field( $session_data['session_id'] ?? $this->session_id );
$landing_page = sanitize_url( $session_data['landing_page'] ?? $this->landing_page );
$site_info = array(
Expand Down

0 comments on commit 2f48ae8

Please sign in to comment.