Prep Plugin for release on WordPress.org (#23)

* Update translation text domain * Escape everything that should be escaped. * Add nonce checks where needed. * Sanitize all inputs. * Apply Code style changes across the codebase. * Correct many deprecation notices. * Optimize load order of many filters. * Add Proper Build script * Use emojii flags * Fix i18n deprecation notice for translating too early * Put all scripts in footer and load async
2025-04-14 11:36:46 -06:00
parent a31cfcb565
commit d88e50df38
1087 changed files with 12586 additions and 18535 deletions
--- a/inc/functions/url.php
+++ b/inc/functions/url.php
@ -21,10 +21,10 @@ function wu_get_current_url() {
 	 * the initiator URL.
 	 */
 	if (wp_doing_ajax() && isset($_SERVER['HTTP_REFERER'])) {
-		return $_SERVER['HTTP_REFERER'];
+		return wp_unslash($_SERVER['HTTP_REFERER']);
 	}

-	return (is_ssl() ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
+	return (is_ssl() ? 'https://' : 'http://') . strtolower(wp_unslash($_SERVER['HTTP_HOST'])) . $_SERVER['REQUEST_URI'];
 }

 /**
@ -86,7 +86,7 @@ function wu_ajax_url($when = null, $query_args = [], $site_id = false, $scheme =
 	$query_args['r']       = wp_create_nonce('wu-ajax-nonce');

 	if ($when) {
-		$query_args['wu-when'] = base64_encode($when);
+		$query_args['wu-when'] = base64_encode($when); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode
 	}

 	$url = add_query_arg($query_args, $base_url);