diff --git a/includes/wc-template-functions.php b/includes/wc-template-functions.php
index 393a1750f462f..7d857c43fbd66 100644
--- a/includes/wc-template-functions.php
+++ b/includes/wc-template-functions.php
@@ -699,7 +699,7 @@ function wc_product_class( $class = '', $product_id = null ) {
*/
function wc_query_string_form_fields( $values = null, $exclude = array(), $current_key = '', $return = false ) {
if ( is_null( $values ) ) {
- $values = $_GET; // WPCS: input var ok, CSRF ok.
+ $values = $_GET; // phpcs:ignore WordPress.Security.NonceVerification.Recommended
} elseif ( is_string( $values ) ) {
$url_parts = wp_parse_url( $values );
$values = array();
@@ -707,9 +707,8 @@ function wc_query_string_form_fields( $values = null, $exclude = array(), $curre
if ( ! empty( $url_parts['query'] ) ) {
// This is to preserve full-stops, pluses and spaces in the query string when ran through parse_str.
$replace_chars = array(
- '.' => '{dot}',
- '+' => '{plus}',
- '%20' => '{space}',
+ '.' => '{dot}',
+ '+' => '{plus}',
);
$query_string = str_replace( array_keys( $replace_chars ), array_values( $replace_chars ), $url_parts['query'] );
@@ -745,7 +744,7 @@ function wc_query_string_form_fields( $values = null, $exclude = array(), $curre
return $html;
}
- echo $html; // WPCS: XSS ok.
+ echo $html; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
}
/**
diff --git a/tests/unit-tests/templates/functions.php b/tests/unit-tests/templates/functions.php
index efc9d524bf4a3..cf0a1c0ea16c4 100644
--- a/tests/unit-tests/templates/functions.php
+++ b/tests/unit-tests/templates/functions.php
@@ -139,7 +139,7 @@ public function test_wc_query_string_form_fields() {
$this->assertEquals( $expected_html, $actual_html );
$actual_html = wc_query_string_form_fields( '?test%20something=something%20else', array(), '', true );
- $expected_html = '';
+ $expected_html = '';
$this->assertEquals( $expected_html, $actual_html );
}
}