-1

I have small WP plugin, in it I have php Ajax handler file, where I can not use wordpress methods. In this file I do simple check:

isset($_REQUEST['action']) && 'woocommerce_refund_line_items' !== strval($_REQUEST['action'])

When I try to pass WC phpcs standards I always get an error:

Detected usage of a non-sanitized input variable:

$_REQUEST['action']
(WordPress.Security.ValidatedSanitizedInput.InputNotSanitized)

Same happen for $_SERVER variables also. How can I solve this problem? Thanks!

halfelf
  • 9,737
  • 13
  • 54
  • 63
user3186945
  • 1
  • 2
  • Have you searched a bit? Read: [Validating Sanitizing and Escaping User Data Wordpress](https://codex.wordpress.org/Validating_Sanitizing_and_Escaping_User_Data) documentation: Everything is explained. – LoicTheAztec Sep 13 '19 at 12:29
  • I search lot, an saw this page, but the methods there are no reachable from my file. If I start including all WP files may be I would be able to use them, but how much files I must include? – user3186945 Sep 13 '19 at 12:55
  • That are not methods, but WordPress functions… If Wordpress is not enabled on your php file, you should change your question title removing WordPress and WooCommerce everywhere. Then just search *"How to sanitize PHP $_REQUEST variable"* instead. – LoicTheAztec Sep 13 '19 at 14:46
  • I put this title because the file is part of WP (WooCommerce) plugin, and I must cover PHPCS WC standards. – user3186945 Sep 16 '19 at 07:26

1 Answers1

-1

Finally I found the answer for myself, I hope this could be in help for someone. So, do not use separate ajax handler, just call default WP file - wp-admin/admin-ajax.php in your wp_localize_script.

Use the two hooks - wp_ajax_ and wp_ajax_nopriv_ (again in your index file) and all WP methods and functions will be available.

user3186945
  • 1
  • 2
  • 1
    Nobody can't guess that with your question requirements and details as your question was unclear and your code not testable… So this is not really useful to anybody. Remember that: Questions seeking debugging help must include the desired behavior, a specific problem or error and the shortest code necessary to reproduce it in the question itself. Questions **without a clear problem statement are not useful to other readers**. See: [How to create a Minimal, Reproducible Example](https://stackoverflow.com/help/minimal-reproducible-example). – LoicTheAztec Sep 16 '19 at 13:29