Found $_SERVER in the file


#1

Hi,

I just read the new WP requirement of ThemeForest and I found out you need to use the Envato Theme Check plugin. Now my issue is why this is an error? (below)

WARNING: Found $_SERVER in the file templates/template-login.php. PHP Global Variable found. Ensure the context is safe and reliable.

    Line 39: 'redirect' => ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'],

Why does the “redirect” an error? I get that code in WordPress codex here -> https://codex.wordpress.org/Function_Reference/wp_login_form

How did you fix yours? Anyone can enlighten me about this one?
Thank You!


#2

That’s not an error, it’s a warning, and it should be safe to ignore in this case.

The warning is merely informing you that $_SERVER variables can contain user input. Yes, HTTP_HOST and REQUEST_URI can be modified by the user in some circumstances, but in this case it can’t do any harm.


#3

ic. so if I have that message is that okay?


#4

Well I’ve never seen a review involving this type of situation, but there’s really nothing wrong with your code. You can alternatively use the $wp global to get the current URL - it’s the same thing in the end though.

$url = home_url(add_query_arg(array(), $wp->request));

#5

Thanks for the help!


#6

I can’t really see the need of accessing $_SERVER in a theme.