Found $_SERVER in the file


I just read the new WP requirement of ThemeForest and I found out you need to use the Envato Theme Check plugin. Now my issue is why this is an error? (below)

WARNING: Found $_SERVER in the file templates/template-login.php. PHP Global Variable found. Ensure the context is safe and reliable.

    Line 39: 'redirect' => ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'],

Why does the “redirect” an error? I get that code in WordPress codex here ->

How did you fix yours? Anyone can enlighten me about this one?
Thank You!

That’s not an error, it’s a warning, and it should be safe to ignore in this case.

The warning is merely informing you that $_SERVER variables can contain user input. Yes, HTTP_HOST and REQUEST_URI can be modified by the user in some circumstances, but in this case it can’t do any harm.

ic. so if I have that message is that okay?

Well I’ve never seen a review involving this type of situation, but there’s really nothing wrong with your code. You can alternatively use the $wp global to get the current URL - it’s the same thing in the end though.

$url = home_url(add_query_arg(array(), $wp->request));

Thanks for the help!

1 Like

I can’t really see the need of accessing $_SERVER in a theme.