Add missing unslash calls (#40)

class-duouniversal-utilities.php

@@ -87,23 +87,20 @@ function duo_get_uri() {
 		// paths (for which protocols are not required/enforced), and REQUEST_URI
 		// always includes the leading slash in the URI path.
 		if ( ! isset( $_SERVER['REQUEST_URI'] )
-            // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash
-			|| ( ! empty( $_SERVER['QUERY_STRING'] ) && ! strpos( \sanitize_url( $_SERVER['REQUEST_URI'] ), '?', 0 ) )
+			|| ( ! empty( $_SERVER['QUERY_STRING'] ) && ! strpos( \sanitize_url( \wp_unslash( $_SERVER['REQUEST_URI'] ) ), '?', 0 ) )
 		) {
 			if ( ! isset( $_SERVER['PHP_SELF'] ) ) {
 				throw new Exception( 'Could not determine request URI' );
 			}
-            // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash
-			$current_uri = isset( $_SERVER['PHP_SELF'] ) ? substr( \sanitize_url( $_SERVER['PHP_SELF'] ), 1 ) : null;
+			$current_uri = isset( $_SERVER['PHP_SELF'] ) ? substr( \sanitize_url( \wp_unslash( $_SERVER['PHP_SELF'] ) ), 1 ) : null;
 			if ( isset( $_SERVER['QUERY_STRING'] ) ) {
-                // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash
-				$current_uri = \sanitize_url( $current_uri . '?' . $_SERVER['QUERY_STRING'] );
+				$current_uri = \sanitize_url( $current_uri . '?' . \wp_unslash( $_SERVER['QUERY_STRING'] ) );
 			}
 
 			return $current_uri;
 		} else {
             // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash
-			return \sanitize_url( $_SERVER['REQUEST_URI'] );
+			return \sanitize_url( \wp_unslash( $_SERVER['REQUEST_URI'] ) );
 		}
 	}