Hi,
I just read the new WP requirement of ThemeForest and I found out you need to use the Envato Theme Check plugin. Now my issue is why this is an error? (below)
WARNING: Found $_SERVER in the file templates/template-login.php. PHP Global Variable found. Ensure the context is safe and reliable.
Line 39: 'redirect' => ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'],
Why does the “redirect” an error? I get that code in WordPress codex here -> https://codex.wordpress.org/Function_Reference/wp_login_form
How did you fix yours? Anyone can enlighten me about this one?
Thank You!
That’s not an error, it’s a warning, and it should be safe to ignore in this case.
The warning is merely informing you that $_SERVER variables can contain user input. Yes, HTTP_HOST and REQUEST_URI can be modified by the user in some circumstances, but in this case it can’t do any harm.
ic. so if I have that message is that okay?
Well I’ve never seen a review involving this type of situation, but there’s really nothing wrong with your code. You can alternatively use the $wp global to get the current URL - it’s the same thing in the end though.
$url = home_url(add_query_arg(array(), $wp->request));
2 Likes
I can’t really see the need of accessing $_SERVER in a theme.