Update class-srm-redirect.php to check $_SERVER['REQUEST_URI']#427
Update class-srm-redirect.php to check $_SERVER['REQUEST_URI']#427
Conversation
❌ Error( severity 5 ): Detected usage of a possibly undefined superglobal array index: $_SERVER['REQUEST_URI']. Use isset() or empty() to check the index exists before using it (WordPress.Security.ValidatedSanitizedInput.InputNotValidated).
There was a problem hiding this comment.
Pull Request Overview
This PR addresses a WordPress coding standards violation by adding proper validation for the $_SERVER['REQUEST_URI'] superglobal before accessing it.
- Added
isset()check using null coalescing operator for$_SERVER['REQUEST_URI']
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
|
Coincidently I was looking at this a few minutes ago. WordPress ensures the value is populated in the Let me know if I am missing something... |
|
@peterwilsoncc hmm.. interesting. is a valid bug/incorrect code. |
|
@peterwilsoncc note that @turtlepod has some OSS time this/next week, so if there's an update needed here please share |
| * @returns {string} Request path. | ||
| */ | ||
| $requested_path = esc_url_raw( apply_filters( 'srm_requested_path', sanitize_text_field( wp_unslash( $_SERVER['REQUEST_URI'] ) ) ?? '' ) ); | ||
| $requested_path = esc_url_raw( apply_filters( 'srm_requested_path', sanitize_text_field( wp_unslash( $_SERVER['REQUEST_URI'] ?? '' ) ) ) ); |
There was a problem hiding this comment.
| $requested_path = esc_url_raw( apply_filters( 'srm_requested_path', sanitize_text_field( wp_unslash( $_SERVER['REQUEST_URI'] ?? '' ) ) ) ); | |
| $requested_path = esc_url_raw( apply_filters( 'srm_requested_path', sanitize_text_field( wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) ); |
I think the null coalescence can be removed all together as it's not possible for the value to be so in WP due to these lines.
There was a problem hiding this comment.
i don't think that's a good idea. even when it's not needed. it's still getting flagged by wp coding standard.
There was a problem hiding this comment.
Is the sniff because the global may not be defined, if so I think we can use a phpcs ignore rather than add code that won't be hit.
How about a phpcs:ignore WordPress.Sniff.Name -- see class-simple-local-avatars.php()
3 participants
Description of the Change
This PR fixes a PHP error reported by the WordPress coding standards:
The issue was caused by incorrect logic when checking
$_SERVER['REQUEST_URI'].This update ensures the value is validated before use, preventing potential PHP notices and improving code safety.
Benefits
How to Test the Change
$_SERVER['REQUEST_URI'](e.g., URL-based logic or redirects).Changelog Entry
Fixed – Added a proper check for
$_SERVER['REQUEST_URI']to prevent undefined index errors and improve input validation.(WordPress.Security.ValidatedSanitizedInput.InputNotValidated)
Credits
Props @turtlepod
Checklist