$_GET data not unslashed before sanitization. Use wp_unslash() or similar (`WordPress.Security.ValidatedSanitizedInput.MissingUnslash`)
^does anyone have experience with knowing if the order that wp_uslash
and sanitize_text_field goes when checking a request using isset? I keep getting WPCS (CPCS) error whenever I am formating this request in an admin setting/options page
$active_tab = ( ( null!= sanitize_text_field( wp_unslash( $_GET[ 'tab' ] )) ) )
? sanitize_key( wp_unslash( $_GET[ 'tab' ] ) ) : 'vertycal_options';
using wpunslash “before” sanitize still gets the same error… any insights please?