Improve i18n, a11y, and security

src/js/components/SnippetForm/SnippetEditor/SnippetEditor.tsx

@@ -109,14 +109,12 @@ const SnippetTypeTabs: React.FC<SnippetTypeTabsProps> = ({
 				? <a
 					className="button button-large nav-tab-button nav-tab-inactive go-pro-button"
 					href="https://codesnippets.pro/pricing/"
-					title="Find more about Pro"
 					onClick={event => {
 						event.preventDefault()
 						openUpgradeDialog()
 					}}
 				>
-					{_x('Upgrade to ', 'Upgrade to Pro', 'code-snippets')}
-					<span className="badge">{_x('Pro', 'Upgrade to Pro', 'code-snippets')}</span>
+					{__('Upgrade to <span class="badge">Pro</span>', 'code-snippets')}
 				</a>
 				: null}
 		</h2>

src/js/components/SnippetForm/fields/ScopeInput.tsx

@@ -110,7 +110,7 @@ const ShortcodeInfo: React.FC = () => {
 					: __('After saving, you can copy a shortcode, or use the Classic Editor button, Block editor (Pro) or Elementor widget (Pro).', 'code-snippets')}
 				{' '}
 				<ExternalLink
-					href={__('https://help.codesnippets.pro/article/50-inserting-snippets', 'code-snippets')}
+					href="https://help.codesnippets.pro/article/50-inserting-snippets"
 				>
 					{__('Learn more', 'code-snippets')}
 				</ExternalLink>

src/php/admin-menus/class-import-menu.php

@@ -137,15 +137,22 @@ protected function print_messages() {
 				esc_html_e( 'No snippets were imported.', 'code-snippets' );
 
 			} else {
-				/* translators: 1: amount of snippets imported, 2: link to Snippets menu */
-				$text = _n(
-					'Successfully imported <strong>%1$d</strong> snippet. <a href="%2$s">Have fun!</a>',
-					'Successfully imported <strong>%1$d</strong> snippets. <a href="%2$s">Have fun!</a>',
-					$imported,
-					'code-snippets'
+				/* translators: %d: amount of snippets imported */
+				printf(
+					_n(
+						'Successfully imported %d snippet.',
+						'Successfully imported %d snippets.',
+						$imported,
+						'code-snippets'
+					),
+					'<strong>' . number_format_i18n(( $imported ) . '</strong>',
 				);
 
-				printf( wp_kses_post( $text ), esc_html( $imported ), esc_url( code_snippets()->get_menu_url( 'manage' ) ) );
+				printf(
+					' <a href="%s">%s</a>',
+					esc_url( code_snippets()->get_menu_url( 'manage' ) )
+					esc_html__( 'Have fun!', 'code-snippets' );
+				);
 			}
 
 			echo '</p></div>';

src/php/class-admin.php

@@ -110,13 +110,13 @@ public function plugin_action_links( array $actions, string $plugin_file ): arra
 				sprintf(
 					$format,
 					esc_url( code_snippets()->get_menu_url( 'settings' ) ),
-					esc_html__( 'Change plugin settings', 'code-snippets' ),
+					esc_attr__( 'Change plugin settings', 'code-snippets' ),
 					esc_html__( 'Settings', 'code-snippets' )
 				),
 				sprintf(
 					$format,
 					esc_url( code_snippets()->get_menu_url() ),
-					esc_html__( 'Manage your existing snippets', 'code-snippets' ),
+					esc_attr__( 'Manage your existing snippets', 'code-snippets' ),
 					esc_html__( 'Snippets', 'code-snippets' )
 				),
 			],
@@ -128,7 +128,7 @@ public function plugin_action_links( array $actions, string $plugin_file ): arra
 				'<a href="%1$s" title="%2$s" style="color: #d46f4d; font-weight: bold;" target="_blank">%3$s</a>',
 				'https://snipco.de/JE2i',
 				esc_attr__( 'Upgrade to Code Snippets Pro', 'code-snippets' ),
-				esc_html__( 'Get Pro', 'code-snippets' )
+				esc_attr__( 'Upgrade to Pro', 'code-snippets' )
 			);
 		}
 		return $actions;
@@ -297,7 +297,7 @@ public function print_notices() {
 		printf(
 			'<a href="%s" class="notice-dismiss"><span class="screen-reader-text">%s</span></a>',
 			esc_url( wp_nonce_url( add_query_arg( $meta_key, $notice ), $meta_key ) ),
-			esc_attr__( 'Dismiss', 'code-snippets' )
+			esc_html__( 'Dismiss', 'code-snippets' )
 		);
 
 		echo '</p></div>';

src/php/class-contextual-help.php

@@ -72,7 +72,7 @@ private function load_help_sidebar() {
 			'https://codesnippets.pro'                           => __( 'Plugin Website', 'code-snippets' ),
 		];
 
-		$contents = '<p><strong>' . __( 'For more information:', 'code-snippets' ) . "</strong></p>\n";
+		$contents = sprintf( "<p><strong>%s</strong></p>\n", esc_html__( 'For more information:', 'code-snippets' ) );
 
 		foreach ( $sidebar_links as $url => $label ) {
 			$contents .= "\n" . sprintf( '<p><a href="%s">%s</a></p>', esc_url( $url ), esc_html( $label ) );
@@ -136,7 +136,8 @@ private function load_manage_help() {
 			[
 				__( 'Be sure to check your snippets for errors before you activate them, as a faulty snippet could bring your whole blog down. If your site starts doing strange things, deactivate all your snippets and activate them one at a time.', 'code-snippets' ),
 				__( "If something goes wrong with a snippet, and you can't use WordPress, you can cause all snippets to stop executing by turning on <strong>safe mode</strong>.", 'code-snippets' ),
-				__( 'You can find out how to enable safe mode in the <a href="https://help.codesnippets.pro/article/12-safe-mode">Code Snippets Pro Docs</a>.', 'code-snippets' ),
+				/* translators: %s: URL to Code Snippets Pro Docs */
+				sprintf( __( 'You can find out how to enable safe mode in the <a href="%s">Code Snippets Pro Docs</a>.', 'code-snippets' ), 'https://help.codesnippets.pro/article/12-safe-mode' )
 			]
 		);
 	}
@@ -151,7 +152,8 @@ private function load_edit_help() {
 			[
 				$this->get_intro_text() .
 				__( 'Here you can add a new snippet, or edit an existing one.', 'code-snippets' ),
-				__( "If you're not sure about the types of snippets you can add, take a look at the <a href=\"https://help.codesnippets.pro/collection/2-adding-snippets\">Code Snippets Pro Docs</a> for inspiration.", 'code-snippets' ),
+				/* translators: %s: URL to Code Snippets Pro Docs */
+				sprintf( __( "If you're not sure about the types of snippets you can add, take a look at the <a href=\"%s\">Code Snippets Pro Docs</a> for inspiration.", 'code-snippets' ), 'https://help.codesnippets.pro/collection/2-adding-snippets' ),
 			]
 		);
 
@@ -160,7 +162,7 @@ private function load_edit_help() {
 			__( 'Adding Snippets', 'code-snippets' ),
 			[
 				__( 'You need to fill out the name and code fields for your snippet to be added. While the description field will add more information about how your snippet works, what is does and where you found it, it is completely optional.', 'code-snippets' ),
-				__( 'Please be sure to check that your snippet is valid PHP code and will not produce errors before adding it through this page. While doing so will not become active straight away, it will help to minimise the chance of a faulty snippet becoming active on your site.', 'code-snippets' ),
+				__( 'Please be sure to check that your snippet is valid PHP code and will not produce errors before adding it through this page. While doing so will not become active straight away, it will help to minimize the chance of a faulty snippet becoming active on your site.', 'code-snippets' ),
 			]
 		);
 	}

src/php/class-list-table.php

@@ -292,7 +292,7 @@ protected function column_activate( Snippet $snippet ): string {
 		}
 
 		return sprintf(
-			'<a class="%s" href="%s" title="%s">&nbsp;</a> ',
+			'<a class="%1$s" href="%2$s" title="%3$s" aria-label="%3$s">&nbsp;</a> ',
 			esc_attr( $class ),
 			esc_url( $this->get_action_link( $action, $snippet ) ),
 			esc_attr( $label )

src/php/cloud/class-cloud-search-list-table.php

@@ -117,7 +117,7 @@ public function display_rows() {
 		 */
 		foreach ( $this->items as $item ) {
 			?>
-			<div class="plugin-card cloud-search-card plugin-card-<?php echo sanitize_html_class( $item->id ); ?>">
+			<div class="plugin-card cloud-search-card plugin-card-<?php echo esc_attr( $item->id ); ?>">
 				<?php
 				cloud_lts_display_column_hidden_input( 'code', $item );
 				cloud_lts_display_column_hidden_input( 'name', $item );
@@ -163,14 +163,12 @@ public function display_rows() {
 						<p class="authors">
 							<cite>
 								<?php
-								esc_html_e( 'Codevault: ', 'code-snippets' );
-
 								printf(
-									'<a target="_blank" href="%s">%s</a>',
+									'%s <a target="_blank" href="%s">%s</a>',
+									esc_html__( 'Codevault:', 'code-snippets' );
 									esc_url( sprintf( 'https://codesnippets.cloud/codevault/%s', $item->codevault ) ),
 									esc_html( $item->codevault )
 								);
-
 								?>
 							</cite>
 						</p>
@@ -250,14 +248,22 @@ public function display_rows() {
 						</div>
 					</div>
 					<div class="column-compatibility">
-						<strong><?php esc_html_e( 'WP Compatability:', 'code-snippets' ); ?></strong>
+						<strong><?php esc_html_e( 'WP Compatibility:', 'code-snippets' ); ?></strong>
 						<?php
 						if ( empty( $wp_tested ) ) {
-							echo '<span class="compatibility-untested">', esc_html__( 'Not indicated by author', 'code-snippets' ), '</span>';
+							printf(
+								'<span class="compatibility-untested">%s</span>',
+								esc_html__( 'Not indicated by author', 'code-snippets' )
+							);
 						} else {
-							// translators: tested status.
-							$text = sprintf( __( 'Author states %s', 'code-snippets' ), $wp_tested );
-							echo '<span class="compatibility-compatible">', esc_html( $text ), '</span>';
+							printf(
+								'<span class="compatibility-compatible">%s</span>',
+								sprintf(
+									// translators: %s: tested status.
+									__( 'Author states %s', 'code-snippets' ),
+									$wp_tested
+								)
+							);
 						}
 						?>
 					</div>

src/php/cloud/list-table-shared-ops.php

@@ -125,7 +125,7 @@ function cloud_lts_build_action_links( Cloud_Snippet $cloud_snippet, string $sou
 	$thickbox_url = '#TB_inline?&width=700&height=500&inlineId=show-code-preview';
 
 	$thickbox_link = sprintf(
-		'<a href="%s" title="%s" class="cloud-snippet-preview cloud-snippet-preview-style thickbox %s" data-snippet="%s" data-lang="%s">%s</a>',
+		'<a href="%s" aria-label="%s" class="cloud-snippet-preview cloud-snippet-preview-style thickbox %s" data-snippet="%s" data-lang="%s">%s</a>',
 		esc_url( $thickbox_url ),
 		esc_attr( $cloud_snippet->name ),
 		$additional_classes,
@@ -224,7 +224,7 @@ function cloud_lts_pagination( string $which, string $source, int $total_items,
 		$page_links[] = sprintf(
 			'<a class="next-page button" href="%s"><span class="screen-reader-text">%s</span><span aria-hidden="true">%s</span></a>',
 			esc_url( add_query_arg( $source . '_page', min( $total_pages, $current + 1 ), $current_url ) ),
-			__( 'Next page' ),
+			esc_html__( 'Next page', 'code-snippets' ),
 			'&rsaquo;'
 		);
 	}
@@ -235,7 +235,7 @@ function cloud_lts_pagination( string $which, string $source, int $total_items,
 		$page_links[] = sprintf(
 			'<a class="last-page button" href="%s"><span class="screen-reader-text">%s</span><span aria-hidden="true">%s</span></a>',
 			esc_url( add_query_arg( $source . '_page', $total_pages, $current_url ) ),
-			__( 'Last page', 'code-snippets' ),
+			esc_html__( 'Last page', 'code-snippets' ),
 			'&raquo;'
 		);
 	}

src/php/front-end/class-front-end.php

@@ -303,11 +303,12 @@ public function render_content_shortcode( array $atts ): string {
 			}
 
 			/* translators: 1: snippet name, 2: snippet edit link */
-			$text = __( '<strong>%1$s</strong> is currently inactive. You can <a href="%2$s">edit this snippet</a> to activate it and make it visible. This message will not appear in the published post.', 'code-snippets' );
-
+			$text = __( '%1$s is currently inactive. You can <a href="%2$s">edit this snippet</a> to activate it and make it visible. This message will not appear in the published post.', 'code-snippets' );
+			$snippet_name = '<strong>' . $snippet->name . '</strong>';
 			$edit_url = add_query_arg( 'id', $snippet->id, code_snippets()->get_menu_url( 'edit' ) );
+
 			return wp_kses(
-				sprintf( $text, $snippet->name, $edit_url ),
+				sprintf( $text, $snippet_name, $edit_url ),
 				[
 					'strong' => [],
 					'a'      => [

src/php/views/manage.php

@@ -28,8 +28,11 @@
 		[ 'span' => [ 'class' => [ 'highlight-yellow' ] ] ]
 	);
 
-	$feedback_url = __( 'mailto:team@codesnippets.pro?subject=Code Snippet Beta Test Feedback', 'code-snippets' );
-	printf( ' <a href="%s">%s</a>', esc_url( $feedback_url ), esc_html__( 'Click here to submit your feedback', 'code-snippets' ) );
+	printf(
+		' <a href="%s">%s</a>',
+		esc_url( __( 'mailto:team@codesnippets.pro?subject=Code Snippet Beta Test Feedback', 'code-snippets' ) ),
+		esc_html__( 'Click here to submit your feedback', 'code-snippets' )
+	);
 	echo '</p></div>';
 }
 
@@ -58,7 +61,7 @@
 		?>
 		<a class="button button-large nav-tab-button nav-tab-inactive go-pro-button"
 		   href="https://codesnippets.pro/pricing/" target="_blank"
-		   title="<?php esc_html_e( 'Find more about Pro (opens in external tab)', 'code-snippets' ); ?>">
+		   aria-label="<?php esc_attr_e( 'Find more about Pro (opens in external tab)', 'code-snippets' ); ?>">
 			<?php echo wp_kses( __( 'Upgrade to <span class="badge">Pro</span>', 'code-snippets' ), [ 'span' => [ 'class' => 'badge' ] ] ); ?>
 			<span class="dashicons dashicons-external"></span>
 		</a>
@@ -79,7 +82,7 @@
 		],
 		'css'   => [
 			__( 'Style snippets are written in CSS and loaded in the admin area or on the site front-end, just like the theme style.css.', 'code-snippets' ),
-			esc_html__( 'Learn more about style snippets &rarr;', 'code-snippets' ),
+			__( 'Learn more about style snippets &rarr;', 'code-snippets' ),
 			'https://codesnippets.pro/learn-css/',
 		],
 		'js'    => [

src/php/views/partials/cloud-search.php

@@ -53,7 +53,7 @@
 		</select>
 		<input type="text" id="cloud_search" name="cloud_search" class="cloud_search"
 		       value="<?php echo esc_html( $search_query ); ?>"
-		       placeholder="<?php esc_html_e( 'e.g. Remove unused javascript…', 'code-snippets' ); ?>">
+		       placeholder="<?php esc_attr_e( 'e.g. Remove unused javascript…', 'code-snippets' ); ?>">
 
 		<button type="submit" id="cloud-search-submit" class="button">
 			<?php esc_html_e( 'Search Cloud', 'code-snippets' ); ?>

src/php/views/partials/list-table-notices.php

@@ -18,7 +18,18 @@
 	?>
 	<div id="message" class="notice notice-error fade is-dismissible">
 		<p>
-			<?php echo wp_kses_post( __( '<strong>Warning:</strong> Safe mode is active and snippets will not execute! Remove the <code>CODE_SNIPPETS_SAFE_MODE</code> constant from <code>wp-config.php</code> to turn off safe mode.', 'code-snippets' ) ); ?>
+			<?php
+			printf(
+				'<strong>%s</strong> %s',
+				esc_html__( 'Warning:', 'code-snippets' ),
+				sprintf(
+					// translators: 1: constant name, 2: file name.
+					esc_html__( 'Safe mode is active and snippets will not execute! Remove the %1$s constant from %2$s file to turn off safe mode.', 'code-snippets' )
+					'<code>CODE_SNIPPETS_SAFE_MODE</code>',
+					'<code>wp-config.php</code>',
+				)
+			);
+			?>
 
 			<a href="https://help.codesnippets.pro/article/12-safe-mode" target="_blank">
 				<?php esc_html_e( 'Help', 'code-snippets' ); ?>

src/php/views/welcome.php

@@ -80,7 +80,7 @@ class="csp-link-<?php echo esc_attr( $link_name ); ?>">
 		<h1>📰 <?php esc_html_e( 'Latest news', 'code-snippets' ); ?></h1>
 		<div class="csp-cards">
 			<a class="csp-card" href="<?php echo esc_url( $hero['follow_url'] ); ?>" target="_blank"
-			   title="<?php esc_html_e( 'Read more', 'code-snippets' ); ?>">
+			   title="<?php esc_attr_e( 'Read more', 'code-snippets' ); ?>">
 				<header>
 					<span class="dashicons dashicons-external"></span>
 					<h2><?php echo esc_html( $hero['name'] ); ?></h2>
@@ -95,7 +95,7 @@ class="csp-link-<?php echo esc_attr( $link_name ); ?>">
 			</a>
 
 			<a class="csp-card" href="https://wordpress.org/plugins/code-snippets/changelog" target="_blank"
-			   title="<?php esc_html_e( 'Read the full changelog', 'code-snippets' ); ?>">
+			   title="<?php esc_attr_e( 'Read the full changelog', 'code-snippets' ); ?>">
 				<header>
 					<span class="dashicons dashicons-external"></span>
 					<h2><?php esc_html_e( 'Latest changes', 'code-snippets' ); ?></h2>
@@ -148,7 +148,7 @@ class="csp-link-<?php echo esc_attr( $link_name ); ?>">
 			<?php foreach ( $this->api->get_features() as $feature ) { ?>
 				<a class="csp-card"
 				   href="<?php echo esc_url( $feature['follow_url'] ); ?>" target="_blank"
-				   title="<?php esc_html_e( 'Read more', 'code-snippets' ); ?>">
+				   title="<?php esc_attr_e( 'Read more', 'code-snippets' ); ?>">
 					<figure>
 						<img src="<?php echo esc_url( $feature['image_url'] ); ?>"
 						     alt="<?php esc_attr_e( 'Feature image', 'code-snippets' ); ?>">