From 28595997e9a948cfee345a9f46c604c2d2920ca6 Mon Sep 17 00:00:00 2001 From: Rami Yushuvaev Date: Mon, 28 Apr 2025 18:20:57 +0300 Subject: [PATCH 1/9] Improve i18n, a11y, and security --- .../SnippetEditor/SnippetEditor.tsx | 4 +-- src/php/class-admin.php | 16 +++++------ src/php/class-contextual-help.php | 2 +- src/php/class-list-table.php | 2 +- .../cloud/class-cloud-search-list-table.php | 28 +++++++++++-------- src/php/cloud/list-table-shared-ops.php | 6 ++-- src/php/views/manage.php | 11 +++++--- src/php/views/partials/cloud-search.php | 2 +- src/php/views/partials/list-table-notices.php | 13 ++++++++- src/php/views/welcome.php | 8 +++--- 10 files changed, 55 insertions(+), 37 deletions(-) diff --git a/src/js/components/SnippetForm/SnippetEditor/SnippetEditor.tsx b/src/js/components/SnippetForm/SnippetEditor/SnippetEditor.tsx index 5873d299..36b68a7c 100644 --- a/src/js/components/SnippetForm/SnippetEditor/SnippetEditor.tsx +++ b/src/js/components/SnippetForm/SnippetEditor/SnippetEditor.tsx @@ -109,14 +109,12 @@ const SnippetTypeTabs: React.FC = ({ ? { event.preventDefault() openUpgradeDialog() }} > - {_x('Upgrade to ', 'Upgrade to Pro', 'code-snippets')} - {_x('Pro', 'Upgrade to Pro', 'code-snippets')} + {__('Upgrade to Pro', 'code-snippets')} : null} diff --git a/src/php/class-admin.php b/src/php/class-admin.php index cc4f77ec..913afe5e 100644 --- a/src/php/class-admin.php +++ b/src/php/class-admin.php @@ -103,20 +103,20 @@ public function plugin_action_links( array $actions, string $plugin_file ): arra return $actions; } - $format = '%3$s'; + $format = '%3$s'; $actions = array_merge( [ sprintf( $format, esc_url( code_snippets()->get_menu_url( 'settings' ) ), - esc_html__( 'Change plugin settings', 'code-snippets' ), + esc_attr__( 'Change plugin settings', 'code-snippets' ), esc_html__( 'Settings', 'code-snippets' ) ), sprintf( $format, esc_url( code_snippets()->get_menu_url() ), - esc_html__( 'Manage your existing snippets', 'code-snippets' ), + esc_attr__( 'Manage your existing snippets', 'code-snippets' ), esc_html__( 'Snippets', 'code-snippets' ) ), ], @@ -125,10 +125,10 @@ public function plugin_action_links( array $actions, string $plugin_file ): arra if ( ! code_snippets()->licensing->is_licensed() ) { $actions[] = sprintf( - '%3$s', + '%3$s', 'https://snipco.de/JE2i', esc_attr__( 'Upgrade to Code Snippets Pro', 'code-snippets' ), - esc_html__( 'Get Pro', 'code-snippets' ) + esc_attr__( 'Get Pro', 'code-snippets' ) ); } return $actions; @@ -148,7 +148,7 @@ public function plugin_row_meta( array $plugin_meta, string $plugin_file ): arra return $plugin_meta; } - $format = '%3$s'; + $format = '%3$s'; return array_merge( $plugin_meta, @@ -297,7 +297,7 @@ public function print_notices() { printf( '%s', esc_url( wp_nonce_url( add_query_arg( $meta_key, $notice ), $meta_key ) ), - esc_attr__( 'Dismiss', 'code-snippets' ) + esc_html__( 'Dismiss', 'code-snippets' ) ); echo '

'; @@ -321,7 +321,7 @@ public static function render_snippet_type_tab( string $type_name, string $label } elseif ( ! code_snippets()->licensing->is_licensed() && Plugin::is_pro_type( $type_name ) ) { printf( - '', + '', esc_attr( $type_name ), esc_attr__( 'Available in Code Snippets Pro (external link)', 'code-snippets' ) ); diff --git a/src/php/class-contextual-help.php b/src/php/class-contextual-help.php index 8dc7156c..a1ba4707 100644 --- a/src/php/class-contextual-help.php +++ b/src/php/class-contextual-help.php @@ -72,7 +72,7 @@ private function load_help_sidebar() { 'https://codesnippets.pro' => __( 'Plugin Website', 'code-snippets' ), ]; - $contents = '

' . __( 'For more information:', 'code-snippets' ) . "

\n"; + $contents = '

' . esc_html__( 'For more information:', 'code-snippets' ) . "

\n"; foreach ( $sidebar_links as $url => $label ) { $contents .= "\n" . sprintf( '

%s

', esc_url( $url ), esc_html( $label ) ); diff --git a/src/php/class-list-table.php b/src/php/class-list-table.php index ecb02017..3eaa15b2 100644 --- a/src/php/class-list-table.php +++ b/src/php/class-list-table.php @@ -292,7 +292,7 @@ protected function column_activate( Snippet $snippet ): string { } return sprintf( - '  ', + '  ', esc_attr( $class ), esc_url( $this->get_action_link( $action, $snippet ) ), esc_attr( $label ) diff --git a/src/php/cloud/class-cloud-search-list-table.php b/src/php/cloud/class-cloud-search-list-table.php index 69068510..af0d3583 100644 --- a/src/php/cloud/class-cloud-search-list-table.php +++ b/src/php/cloud/class-cloud-search-list-table.php @@ -117,7 +117,7 @@ public function display_rows() { */ foreach ( $this->items as $item ) { ?> -
+
', esc_url( code_snippets()->get_snippet_edit_url( $link->local_id ) ) ); } else { printf( - '', + '', '#TB_inline?&width=700&height=500&inlineId=show-code-preview', esc_attr__( 'Preview this snippet', 'code-snippets' ), esc_attr( $item->id ), @@ -163,14 +163,12 @@ public function display_rows() {

%s', + '%s %s', + esc_html__( 'Codevault:', 'code-snippets' ); esc_url( sprintf( 'https://codesnippets.cloud/codevault/%s', $item->codevault ) ), esc_html( $item->codevault ) ); - ?>

@@ -250,14 +248,22 @@ public function display_rows() {
- + ', esc_html__( 'Not indicated by author', 'code-snippets' ), ''; + printf( + '%s', + esc_html__( 'Not indicated by author', 'code-snippets' ) + ); } else { - // translators: tested status. - $text = sprintf( __( 'Author states %s', 'code-snippets' ), $wp_tested ); - echo '', esc_html( $text ), ''; + printf( + '%s', + sprintf( + // translators: %s: tested status. + __( 'Author states %s', 'code-snippets' ), + $wp_tested + ) + ); } ?>
diff --git a/src/php/cloud/list-table-shared-ops.php b/src/php/cloud/list-table-shared-ops.php index 2623f979..1a6ab2bc 100644 --- a/src/php/cloud/list-table-shared-ops.php +++ b/src/php/cloud/list-table-shared-ops.php @@ -125,7 +125,7 @@ function cloud_lts_build_action_links( Cloud_Snippet $cloud_snippet, string $sou $thickbox_url = '#TB_inline?&width=700&height=500&inlineId=show-code-preview'; $thickbox_link = sprintf( - '%s', + '%s', esc_url( $thickbox_url ), esc_attr( $cloud_snippet->name ), $additional_classes, @@ -224,7 +224,7 @@ function cloud_lts_pagination( string $which, string $source, int $total_items, $page_links[] = sprintf( '%s', esc_url( add_query_arg( $source . '_page', min( $total_pages, $current + 1 ), $current_url ) ), - __( 'Next page' ), + esc_html__( 'Next page', 'code-snippets' ), '›' ); } @@ -235,7 +235,7 @@ function cloud_lts_pagination( string $which, string $source, int $total_items, $page_links[] = sprintf( '%s', esc_url( add_query_arg( $source . '_page', $total_pages, $current_url ) ), - __( 'Last page', 'code-snippets' ), + esc_html__( 'Last page', 'code-snippets' ), '»' ); } diff --git a/src/php/views/manage.php b/src/php/views/manage.php index 8a76ac79..2e1572ec 100644 --- a/src/php/views/manage.php +++ b/src/php/views/manage.php @@ -28,8 +28,11 @@ [ 'span' => [ 'class' => [ 'highlight-yellow' ] ] ] ); - $feedback_url = __( 'mailto:team@codesnippets.pro?subject=Code Snippet Beta Test Feedback', 'code-snippets' ); - printf( ' %s', esc_url( $feedback_url ), esc_html__( 'Click here to submit your feedback', 'code-snippets' ) ); + printf( + ' %s', + esc_url( __( 'mailto:team@codesnippets.pro?subject=Code Snippet Beta Test Feedback', 'code-snippets' ) ), + esc_html__( 'Click here to submit your feedback', 'code-snippets' ) + ); echo '

'; } @@ -58,7 +61,7 @@ ?> + aria-label=""> Pro', 'code-snippets' ), [ 'span' => [ 'class' => 'badge' ] ] ); ?> @@ -79,7 +82,7 @@ ], 'css' => [ __( 'Style snippets are written in CSS and loaded in the admin area or on the site front-end, just like the theme style.css.', 'code-snippets' ), - esc_html__( 'Learn more about style snippets →', 'code-snippets' ), + __( 'Learn more about style snippets →', 'code-snippets' ), 'https://codesnippets.pro/learn-css/', ], 'js' => [ diff --git a/src/php/views/partials/cloud-search.php b/src/php/views/partials/cloud-search.php index 29ee9b7a..078399ed 100644 --- a/src/php/views/partials/cloud-search.php +++ b/src/php/views/partials/cloud-search.php @@ -53,7 +53,7 @@ + placeholder="">