Improve i18n, a11y, and security

src/js/components/SnippetForm/SnippetEditor/SnippetEditor.tsx

@@ -109,14 +109,12 @@ const SnippetTypeTabs: React.FC<SnippetTypeTabsProps> = ({
 				? <a
 					className="button button-large nav-tab-button nav-tab-inactive go-pro-button"
 					href="https://codesnippets.pro/pricing/"
-					title="Find more about Pro"
 					onClick={event => {
 						event.preventDefault()
 						openUpgradeDialog()
 					}}
 				>
-					{_x('Upgrade to ', 'Upgrade to Pro', 'code-snippets')}
-					<span className="badge">{_x('Pro', 'Upgrade to Pro', 'code-snippets')}</span>
+					{__('Upgrade to <span class="badge">Pro</span>', 'code-snippets')}
 				</a>
 				: null}
 		</h2>

src/php/admin-menus/class-import-menu.php

@@ -137,15 +137,22 @@ protected function print_messages() {
 				esc_html_e( 'No snippets were imported.', 'code-snippets' );
 
 			} else {
-				/* translators: 1: amount of snippets imported, 2: link to Snippets menu */
-				$text = _n(
-					'Successfully imported <strong>%1$d</strong> snippet. <a href="%2$s">Have fun!</a>',
-					'Successfully imported <strong>%1$d</strong> snippets. <a href="%2$s">Have fun!</a>',
-					$imported,
-					'code-snippets'
+				/* translators: %d: amount of snippets imported */
+				printf(
+					_n(
+						'Successfully imported %d snippet.',
+						'Successfully imported %d snippets.',
+						$imported,
+						'code-snippets'
+					),
+					'<strong>' . number_format_i18n(( $imported ) . '</strong>',
 				);
 
-				printf( wp_kses_post( $text ), esc_html( $imported ), esc_url( code_snippets()->get_menu_url( 'manage' ) ) );
+				printf(
+					' <a href="%s">%s</a>',
+					esc_url( code_snippets()->get_menu_url( 'manage' ) )
+					esc_html__( 'Have fun!', 'code-snippets' );
+				);
 			}
 
 			echo '</p></div>';

src/php/class-admin.php

@@ -110,13 +110,13 @@ public function plugin_action_links( array $actions, string $plugin_file ): arra
 				sprintf(
 					$format,
 					esc_url( code_snippets()->get_menu_url( 'settings' ) ),
-					esc_html__( 'Change plugin settings', 'code-snippets' ),
+					esc_attr__( 'Change plugin settings', 'code-snippets' ),
 					esc_html__( 'Settings', 'code-snippets' )
 				),
 				sprintf(
 					$format,
 					esc_url( code_snippets()->get_menu_url() ),
-					esc_html__( 'Manage your existing snippets', 'code-snippets' ),
+					esc_attr__( 'Manage your existing snippets', 'code-snippets' ),
 					esc_html__( 'Snippets', 'code-snippets' )
 				),
 			],
@@ -128,7 +128,7 @@ public function plugin_action_links( array $actions, string $plugin_file ): arra
 				'<a href="%1$s" title="%2$s" style="color: #d46f4d; font-weight: bold;" target="_blank">%3$s</a>',
 				'https://snipco.de/JE2i',
 				esc_attr__( 'Upgrade to Code Snippets Pro', 'code-snippets' ),
-				esc_html__( 'Get Pro', 'code-snippets' )
+				esc_attr__( 'Get Pro', 'code-snippets' )
 			);
 		}
 		return $actions;
@@ -297,7 +297,7 @@ public function print_notices() {
 		printf(
 			'<a href="%s" class="notice-dismiss"><span class="screen-reader-text">%s</span></a>',
 			esc_url( wp_nonce_url( add_query_arg( $meta_key, $notice ), $meta_key ) ),
-			esc_attr__( 'Dismiss', 'code-snippets' )
+			esc_html__( 'Dismiss', 'code-snippets' )
 		);
 
 		echo '</p></div>';

src/php/class-contextual-help.php

@@ -72,7 +72,7 @@ private function load_help_sidebar() {
 			'https://codesnippets.pro'                           => __( 'Plugin Website', 'code-snippets' ),
 		];
 
-		$contents = '<p><strong>' . __( 'For more information:', 'code-snippets' ) . "</strong></p>\n";
+		$contents = '<p><strong>' . esc_html__( 'For more information:', 'code-snippets' ) . "</strong></p>\n";
 
 		foreach ( $sidebar_links as $url => $label ) {
 			$contents .= "\n" . sprintf( '<p><a href="%s">%s</a></p>', esc_url( $url ), esc_html( $label ) );

src/php/class-list-table.php

@@ -292,7 +292,7 @@ protected function column_activate( Snippet $snippet ): string {
 		}
 
 		return sprintf(
-			'<a class="%s" href="%s" title="%s">&nbsp;</a> ',
+			'<a class="%1$s" href="%2$s" title="%3$s" aria-label="%3$s">&nbsp;</a> ',
 			esc_attr( $class ),
 			esc_url( $this->get_action_link( $action, $snippet ) ),
 			esc_attr( $label )

src/php/cloud/class-cloud-search-list-table.php

@@ -117,7 +117,7 @@ public function display_rows() {
 		 */
 		foreach ( $this->items as $item ) {
 			?>
-			<div class="plugin-card cloud-search-card plugin-card-<?php echo sanitize_html_class( $item->id ); ?>">
+			<div class="plugin-card cloud-search-card plugin-card-<?php echo esc_attr( $item->id ); ?>">
 				<?php
 				cloud_lts_display_column_hidden_input( 'code', $item );
 				cloud_lts_display_column_hidden_input( 'name', $item );
@@ -163,14 +163,12 @@ public function display_rows() {
 						<p class="authors">
 							<cite>
 								<?php
-								esc_html_e( 'Codevault: ', 'code-snippets' );
-
 								printf(
-									'<a target="_blank" href="%s">%s</a>',
+									'%s <a target="_blank" href="%s">%s</a>',
+									esc_html__( 'Codevault:', 'code-snippets' );
 									esc_url( sprintf( 'https://codesnippets.cloud/codevault/%s', $item->codevault ) ),
 									esc_html( $item->codevault )
 								);
-
 								?>
 							</cite>
 						</p>
@@ -250,14 +248,22 @@ public function display_rows() {
 						</div>
 					</div>
 					<div class="column-compatibility">
-						<strong><?php esc_html_e( 'WP Compatability:', 'code-snippets' ); ?></strong>
+						<strong><?php esc_html_e( 'WP Compatibility:', 'code-snippets' ); ?></strong>
 						<?php
 						if ( empty( $wp_tested ) ) {
-							echo '<span class="compatibility-untested">', esc_html__( 'Not indicated by author', 'code-snippets' ), '</span>';
+							printf(
+								'<span class="compatibility-untested">%s</span>',
+								esc_html__( 'Not indicated by author', 'code-snippets' )
+							);
 						} else {
-							// translators: tested status.
-							$text = sprintf( __( 'Author states %s', 'code-snippets' ), $wp_tested );
-							echo '<span class="compatibility-compatible">', esc_html( $text ), '</span>';
+							printf(
+								'<span class="compatibility-compatible">%s</span>',
+								sprintf(
+									// translators: %s: tested status.
+									__( 'Author states %s', 'code-snippets' ),
+									$wp_tested
+								)
+							);
 						}
 						?>
 					</div>

src/php/cloud/list-table-shared-ops.php

@@ -125,7 +125,7 @@ function cloud_lts_build_action_links( Cloud_Snippet $cloud_snippet, string $sou
 	$thickbox_url = '#TB_inline?&width=700&height=500&inlineId=show-code-preview';
 
 	$thickbox_link = sprintf(
-		'<a href="%s" title="%s" class="cloud-snippet-preview cloud-snippet-preview-style thickbox %s" data-snippet="%s" data-lang="%s">%s</a>',
+		'<a href="%s" aria-label="%s" class="cloud-snippet-preview cloud-snippet-preview-style thickbox %s" data-snippet="%s" data-lang="%s">%s</a>',
 		esc_url( $thickbox_url ),
 		esc_attr( $cloud_snippet->name ),
 		$additional_classes,
@@ -224,7 +224,7 @@ function cloud_lts_pagination( string $which, string $source, int $total_items,
 		$page_links[] = sprintf(
 			'<a class="next-page button" href="%s"><span class="screen-reader-text">%s</span><span aria-hidden="true">%s</span></a>',
 			esc_url( add_query_arg( $source . '_page', min( $total_pages, $current + 1 ), $current_url ) ),
-			__( 'Next page' ),
+			esc_html__( 'Next page', 'code-snippets' ),
 			'&rsaquo;'
 		);
 	}
@@ -235,7 +235,7 @@ function cloud_lts_pagination( string $which, string $source, int $total_items,
 		$page_links[] = sprintf(
 			'<a class="last-page button" href="%s"><span class="screen-reader-text">%s</span><span aria-hidden="true">%s</span></a>',
 			esc_url( add_query_arg( $source . '_page', $total_pages, $current_url ) ),
-			__( 'Last page', 'code-snippets' ),
+			esc_html__( 'Last page', 'code-snippets' ),
 			'&raquo;'
 		);
 	}

src/php/views/manage.php

@@ -28,8 +28,11 @@
 		[ 'span' => [ 'class' => [ 'highlight-yellow' ] ] ]
 	);
 
-	$feedback_url = __( 'mailto:team@codesnippets.pro?subject=Code Snippet Beta Test Feedback', 'code-snippets' );
-	printf( ' <a href="%s">%s</a>', esc_url( $feedback_url ), esc_html__( 'Click here to submit your feedback', 'code-snippets' ) );
+	printf(
+		' <a href="%s">%s</a>',
+		esc_url( __( 'mailto:team@codesnippets.pro?subject=Code Snippet Beta Test Feedback', 'code-snippets' ) ),
+		esc_html__( 'Click here to submit your feedback', 'code-snippets' )
+	);
 	echo '</p></div>';
 }
 
@@ -58,7 +61,7 @@
 		?>
 		<a class="button button-large nav-tab-button nav-tab-inactive go-pro-button"
 		   href="https://codesnippets.pro/pricing/" target="_blank"
-		   title="<?php esc_html_e( 'Find more about Pro (opens in external tab)', 'code-snippets' ); ?>">
+		   aria-label="<?php esc_attr_e( 'Find more about Pro (opens in external tab)', 'code-snippets' ); ?>">
 			<?php echo wp_kses( __( 'Upgrade to <span class="badge">Pro</span>', 'code-snippets' ), [ 'span' => [ 'class' => 'badge' ] ] ); ?>
 			<span class="dashicons dashicons-external"></span>
 		</a>
@@ -79,7 +82,7 @@
 		],
 		'css'   => [
 			__( 'Style snippets are written in CSS and loaded in the admin area or on the site front-end, just like the theme style.css.', 'code-snippets' ),
-			esc_html__( 'Learn more about style snippets &rarr;', 'code-snippets' ),
+			__( 'Learn more about style snippets &rarr;', 'code-snippets' ),
 			'https://codesnippets.pro/learn-css/',
 		],
 		'js'    => [

src/php/views/partials/cloud-search.php

@@ -53,7 +53,7 @@
 		</select>
 		<input type="text" id="cloud_search" name="cloud_search" class="cloud_search"
 		       value="<?php echo esc_html( $search_query ); ?>"
-		       placeholder="<?php esc_html_e( 'e.g. Remove unused javascript…', 'code-snippets' ); ?>">
+		       placeholder="<?php esc_attr_e( 'e.g. Remove unused javascript…', 'code-snippets' ); ?>">
 
 		<button type="submit" id="cloud-search-submit" class="button">
 			<?php esc_html_e( 'Search Cloud', 'code-snippets' ); ?>

src/php/views/partials/list-table-notices.php

@@ -18,7 +18,18 @@
 	?>
 	<div id="message" class="notice notice-error fade is-dismissible">
 		<p>
-			<?php echo wp_kses_post( __( '<strong>Warning:</strong> Safe mode is active and snippets will not execute! Remove the <code>CODE_SNIPPETS_SAFE_MODE</code> constant from <code>wp-config.php</code> to turn off safe mode.', 'code-snippets' ) ); ?>
+			<?php
+			printf(
+				'<strong>%s</strong> %s',
+				esc_html__( 'Warning:', 'code-snippets' ),
+				sprintf(
+					// translators: 1: constant name, 2: file name.
+					esc_html__( 'Safe mode is active and snippets will not execute! Remove the %1$s constant from %2$s file to turn off safe mode.', 'code-snippets' )
+					'<code>CODE_SNIPPETS_SAFE_MODE</code>',
+					'<code>wp-config.php</code>',
+				)
+			);
+			?>
 
 			<a href="https://help.codesnippets.pro/article/12-safe-mode" target="_blank">
 				<?php esc_html_e( 'Help', 'code-snippets' ); ?>

src/php/views/welcome.php

@@ -80,7 +80,7 @@ class="csp-link-<?php echo esc_attr( $link_name ); ?>">
 		<h1>📰 <?php esc_html_e( 'Latest news', 'code-snippets' ); ?></h1>
 		<div class="csp-cards">
 			<a class="csp-card" href="<?php echo esc_url( $hero['follow_url'] ); ?>" target="_blank"
-			   title="<?php esc_html_e( 'Read more', 'code-snippets' ); ?>">
+			   title="<?php esc_attr_e( 'Read more', 'code-snippets' ); ?>">
 				<header>
 					<span class="dashicons dashicons-external"></span>
 					<h2><?php echo esc_html( $hero['name'] ); ?></h2>
@@ -95,7 +95,7 @@ class="csp-link-<?php echo esc_attr( $link_name ); ?>">
 			</a>
 
 			<a class="csp-card" href="https://wordpress.org/plugins/code-snippets/changelog" target="_blank"
-			   title="<?php esc_html_e( 'Read the full changelog', 'code-snippets' ); ?>">
+			   title="<?php esc_attr_e( 'Read the full changelog', 'code-snippets' ); ?>">
 				<header>
 					<span class="dashicons dashicons-external"></span>
 					<h2><?php esc_html_e( 'Latest changes', 'code-snippets' ); ?></h2>
@@ -148,7 +148,7 @@ class="csp-link-<?php echo esc_attr( $link_name ); ?>">
 			<?php foreach ( $this->api->get_features() as $feature ) { ?>
 				<a class="csp-card"
 				   href="<?php echo esc_url( $feature['follow_url'] ); ?>" target="_blank"
-				   title="<?php esc_html_e( 'Read more', 'code-snippets' ); ?>">
+				   title="<?php esc_attr_e( 'Read more', 'code-snippets' ); ?>">
 					<figure>
 						<img src="<?php echo esc_url( $feature['image_url'] ); ?>"
 						     alt="<?php esc_attr_e( 'Feature image', 'code-snippets' ); ?>">