Changeset 2580769

Timestamp:

08/10/2021 09:51:14 AM (5 years ago)

Author:

newsplugin.com

Message:

Update to version 1.1.0 from GitHub

Location:

newsplugin

Files:

• tags/1.1.0 (copied) (copied from newsplugin/trunk)
• tags/1.1.0/.editorconfig (added)
• tags/1.1.0/composer.json (added)
• tags/1.1.0/composer.lock (added)
• tags/1.1.0/news-plugin-utils.php (modified) (24 diffs)
• tags/1.1.0/news-plugin-widget.php (modified) (47 diffs)
• tags/1.1.0/news-plugin.php (modified) (41 diffs)
• tags/1.1.0/phpcs.xml.dist (added)
• tags/1.1.0/readme.txt (modified) (2 diffs)
• tags/1.1.0/save_style.php (modified) (2 diffs)
• tags/1.1.0/send_feedback.php (modified) (7 diffs)
• trunk/.editorconfig (added)
• trunk/composer.json (added)
• trunk/composer.lock (added)
• trunk/news-plugin-utils.php (modified) (24 diffs)
• trunk/news-plugin-widget.php (modified) (47 diffs)
• trunk/news-plugin.php (modified) (41 diffs)
• trunk/phpcs.xml.dist (added)
• trunk/readme.txt (modified) (2 diffs)
• trunk/save_style.php (modified) (2 diffs)
• trunk/send_feedback.php (modified) (7 diffs)

newsplugin/tags/1.1.0/news-plugin-utils.php

@@ -1 +1 @@
 <?php
+
+/**
+ * Utils
+ *
+ * @package    WordPress
+ * @subpackage News Plugin
+ * @since 1.0.0
+ */
 
 // Prevent ourselves from being run directly.
@@ -5 +13 @@
 
 if (!function_exists('json_last_error_msg')) {
+
+    /**
+     * Get error message
+     *
+     * @return string
+     */
     function json_last_error_msg()
     {
-        static $ERRORS = array(
+        static $ERRORS = [
             JSON_ERROR_NONE => 'No error',
             JSON_ERROR_DEPTH => 'Maximum stack depth exceeded',
@@ -14 +28 @@
             JSON_ERROR_SYNTAX => 'Syntax error',
             JSON_ERROR_UTF8 => 'Malformed UTF-8 characters, possibly incorrectly encoded'
-        );
+        ];
 
         $error = json_last_error();
@@ -21 +35 @@
 }
 
+/**
+ * Utils
+ *
+ * @package News Plugin
+ */
 class News_Plugin_Utils
-{ // Although maybe namespace would suffice
-
-    static $np_version = NULL;
-
-    static function np_version()
+{
+
+    /**
+     * Plugin version
+     *
+     * @var mixed
+     */
+    public static $np_version = null;
+
+    /**
+     * Get plugin version
+     *
+     * @return mixed
+     */
+    public static function np_version()
     {
         if (self::$np_version) {
             return (self::$np_version);
         }
+        // phpcs:ignore WordPress.CodeAnalysis.AssignmentInCondition.Found
         if (self::$np_version = get_option('news_plugin_version')) {
             return (self::$np_version);
@@ -37 +67 @@
     }
 
-    static function np_version_hard()
+    /**
+     * Get plugin version from plugin file
+     *
+     * @return mixed
+     */
+    public static function np_version_hard()
     {
         if (!function_exists('get_plugin_data')) {
@@ -49 +84 @@
     }
 
-    static function user_agent($type)
+    /**
+     * Create a plugin specific user agent
+     *
+     * @param string $type Type of the user agent.
+     * @return string
+     */
+    public static function user_agent($type)
     {
         global $wp_version;
@@ -56 +97 @@
     }
 
-    static function http_remote_get_curl($url)
+    /**
+     * CURL request
+     *
+     * TODO: replace with WP function
+     *
+     * @param string $url Request URL.
+     * @return string[]|(string|bool)[]
+     */
+    public static function http_remote_get_curl($url)
     {
         if (!function_exists('curl_version')) {
-            return (array('', 'Error: CURL disabled or not installed'));
+            return (['', 'Error: CURL disabled or not installed']);
         }
         if (!function_exists('curl_init') || !function_exists('curl_exec')) {
-            return (array('', 'Error: CURL disabled by security settings'));
+            return (['', 'Error: CURL disabled by security settings']);
         }
         $ch = curl_init($url);
@@ -75 +124 @@
         }
         curl_close($ch);
-        return array($output, $error);
-    }
-
-    static function http_remote_get_socket($url)
+        return [$output, $error];
+    }
+
+    /**
+     * Get socket request
+     *
+     * @param string $url Request URL.
+     * @return string[]
+     */
+    public static function http_remote_get_socket($url)
     {
         if (!function_exists('stream_socket_client')) {
-            return (array('', 'Error: Socket disabled'));
+            return (['', 'Error: Socket disabled']);
         }
         $aURL = parse_url($url);
         $addr = $aURL['host'];
-        $secure_transport = ($aURL['scheme'] == 'ssl' || $aURL['scheme'] == 'https');
+        $secure_transport = ($aURL['scheme'] === 'ssl' || $aURL['scheme'] === 'https');
         if (!isset($aURL['port'])) {
             if ($secure_transport) {
@@ -100 +155 @@
         $socket = stream_socket_client($proto . $addr . ':' . $aURL['port'], $errno, $errorMessage, 10, STREAM_CLIENT_CONNECT);
         if ($socket === false) {
-            return (array('', 'Socket error: ' . $errorMessage));
+            return (['', 'Socket error: ' . $errorMessage]);
         }
         $url = $aURL['path'];
@@ -113 +168 @@
         fclose($socket);
         if (preg_match('/^(.*?)\r?\n\r?\n(.*)$/s', $output, $m)) {
-            return (array($m[2], ''));
-        }
-        return (array($output, ''));
-    }
-
-    static function http_test_evaluate($ret)
+            return ([$m[2], '']);
+        }
+        return ([$output, '']);
+    }
+
+    /**
+     * Test content checker
+     * TODO - move to proper testing suit
+     *
+     * @param mixed $ret Retrieved content.
+     * @return mixed
+     */
+    public static function http_test_evaluate($ret)
     {
         if ((!$ret[1]) && (!preg_match('/var swfobject=function()/s', $ret[0]))) {
@@ -127 +189 @@
     }
 
-    static $test_url = 'http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js';
-
-    static function http_remote_get_curl_test()
+    /**
+     * Test URL
+     *
+     * @var string
+     */
+    public static $test_url = 'http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js';
+
+    /**
+     * Test Curl funcion
+     * TODO - move to proper testing suit
+     *
+     * @return mixed
+     */
+    public static function http_remote_get_curl_test()
     {
         $ret = self::http_remote_get_curl(self::$test_url);
@@ -135 +208 @@
     }
 
-    static function http_remote_get_socket_test()
+    /**
+     * Test Get Socket
+     * TODO - move to proper testing suit
+     *
+     * @return mixed
+     */
+    public static function http_remote_get_socket_test()
     {
         $ret = self::http_remote_get_socket(self::$test_url);
@@ -141 +220 @@
     }
 
-    static $test_url_ssl = 'https://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js';
-
-    static function http_remote_get_curl_test_ssl()
+    /**
+     * Test URL for SSL
+     *
+     * @var string
+     */
+    public static $test_url_ssl = 'https://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js';
+
+    /**
+     * Test Curl with SSL
+     * TODO - move to proper testing suit
+     *
+     * @return mixed
+     */
+    public static function http_remote_get_curl_test_ssl()
     {
         $ret = self::http_remote_get_curl(self::$test_url_ssl);
@@ -149 +239 @@
     }
 
-    static function http_remote_get_socket_test_ssl()
+    /**
+     * Test Get Socket with SSL
+     * TODO - move to proper testing suit
+     *
+     * @return mixed
+     */
+    public static function http_remote_get_socket_test_ssl()
     {
         $ret = self::http_remote_get_socket(self::$test_url_ssl);
@@ -155 +251 @@
     }
 
-    static $api_root = 'http://api.newsplugin.com/';
-    static $api_ping_path = 'ping';
-
-    static function http_ping_evaluate($var)
+    /**
+     * API root
+     *
+     * @var string
+     */
+    public static $api_root = 'http://api.newsplugin.com/';
+
+    /**
+     * API ping PATH
+     *
+     * @var string
+     */
+    public static $api_ping_path = 'ping';
+
+    /**
+     * Evaluate HTTP ping
+     *
+     * @param mixed $var Variable.
+     * @return mixed
+     */
+    public static function http_ping_evaluate($var)
     {
         $output = $var[0];
@@ -174 +287 @@
     }
 
-    static function http_remote_get_curl_ping()
+    /**
+     * CURL ping
+     *
+     * @return mixed
+     */
+    public static function http_remote_get_curl_ping()
     {
         $var = self::http_remote_get_curl(self::$api_root . self::$api_ping_path);
@@ -180 +298 @@
     }
 
-    static function http_remote_get_socket_ping()
+    /**
+     * Get Socket ping
+     *
+     * @return mixed
+     */
+    public static function http_remote_get_socket_ping()
     {
         $var = self::http_remote_get_socket(self::$api_root . self::$api_ping_path);
@@ -186 +309 @@
     }
 
-    static function generic_remote_get($url, $method)
+    /**
+     * Remote GET request
+     *
+     * @param string $url Request URL.
+     * @param string $method Method type.
+     * @return mixed
+     */
+    public static function generic_remote_get($url, $method)
     {
         switch ($method) {
             case 'wp':
-                $ret = wp_remote_get($url, array('timeout' => 10, 'user-agent' => self::user_agent('wp')));
+                $ret = wp_remote_get($url, ['timeout' => 10, 'user-agent' => self::user_agent('wp')]);
                 if (is_array($ret)) {
-                    return (array($ret['body'], ''));
+                    return ([$ret['body'], '']);
                 }
                 $ret = self::generic_remote_get($url, 'curl');
@@ -209 +339 @@
     }
 
-    static function generic_api_call($path, $args = NULL)
+    /**
+     * Call API
+     *
+     * @param string     $path Path withing the URL.
+     * @param mixed|null $args Arguments.
+     * @return mixed
+     */
+    public static function generic_api_call($path, $args = null)
     {
         $key = get_option('news_plugin_api_key');
-        $args = $args ? $args : array();
+        $args = $args ? $args : [];
         $args['k'] = $key;
         $url = self::$api_root . $path;
@@ -219 +356 @@
         $ret = self::generic_remote_get($url, $method ? $method : 'wp');
         if ($ret[1]) {
-            $currentTime = date('y-m-d h:i:s', time());
+            $currentTime = gmdate('y-m-d h:i:s', time());
+            // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.Changed, WordPress.PHP.DevelopmentFunctions.error_log_debug_backtrace
             $backtrace = debug_backtrace();
+            // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_error_log
             error_log("$currentTime  -->   " . "Error accessing API point " . self::$api_root . "$path: " . $ret[1] . "  Log Generation Details :      Filename: " . $backtrace[0]['file'] . "   at Line number : " . $backtrace[0]['line'] . "\n\n", 3, __DIR__ . "/logs/plugin-logs.txt");
-            return (NULL);
+            return (null);
         }
         return (json_decode($ret[0]));
     }
 
-    static function get_user_info()
+    /**
+     * Get user info
+     *
+     * @return mixed
+     */
+    public static function get_user_info()
     {
         return (self::generic_api_call('user_info'));
     }
 
-    static function get_system_info_version()
+    /**
+     * Get system info version
+     * TODO: What a magic constant it is?
+     */
+    public static function get_system_info_version()
     {
         return (1.0002);
     }
 
-    static function get_system_db_info()
-    {
-        global $wpdb; /* Recommended by https://codex.wordpress.org/Class_Reference/wpdb */
+    /**
+     * Get System DB info
+     *
+     * @return array
+     */
+    public static function get_system_db_info()
+    {
+        global $wpdb;
 
         if (!empty($wpdb->use_mysqli)) {
-            /* See also http://fw2s.com/how-to-get-complete-mysql-version-in-wordpress/
-               Note: use_mysqli is private and dbh is protected, BUT wpdb class is allowing
-               to access then through getters and setters anyway. Backward compatibility.
-             */
-            return (array(
+            /*
+             See also http://fw2s.com/how-to-get-complete-mysql-version-in-wordpress/
+               Note: use_mysqli is private and dbh is protected, BUT wpdb class is allowing
+               to access then through getters and setters anyway. Backward compatibility.
+             */
+            return ([
                 'mysql_method'          => 'mysqli',
                 'mysql_server_info'     => mysqli_get_server_info($wpdb->dbh),
                 'mysql_client_info'     => mysqli_get_client_info($wpdb->dbh),
                 'mysql_proto_info'      => mysqli_get_proto_info($wpdb->dbh),
-            ));
+            ]);
         } else {
-            return (array(
+            return ([
                 'mysql_method'          => 'mysql',
+                // phpcs:ignore PHPCompatibility.Extensions.RemovedExtensions.mysql_DeprecatedRemoved
                 'mysql_server_info'     => mysql_get_server_info(),
+                // phpcs:ignore PHPCompatibility.Extensions.RemovedExtensions.mysql_DeprecatedRemoved
                 'mysql_client_info'     => mysql_get_client_info(),
+                // phpcs:ignore PHPCompatibility.Extensions.RemovedExtensions.mysql_DeprecatedRemoved
                 'mysql_proto_info'      => mysql_get_proto_info(),
-            ));
-        }
-    }
-
-    static function get_system_info()
+            ]);
+        }
+    }
+
+    /**
+     * Get system info
+     *
+     * @return array
+     */
+    public static function get_system_info()
     {
         $my_theme = wp_get_theme();
@@ -285 +447 @@
         $db_info = self::get_system_db_info();
 
-        $system_info = array(
+        $system_info = [
             'info_version' => self::get_system_info_version(),
             'api_key'      => get_option('news_plugin_api_key'), /* We need to refresh on api key change ... */
-            'wordpress_env' => array(
+            'wordpress_env' => [
                 'siteurl'               => get_bloginfo('url'),
                 'version'               => get_bloginfo('version'),
@@ -296 +458 @@
                 'theme_version'         => $my_theme->get('Version'),
                 'theme_AuthorURI'       => $my_theme->get('AuthorURI'),
-            ),
-            'system_env' => array(
+            ],
+            'system_env' => [
                 'php_version'           => phpversion(),
-                'SERVER_SOFTWARE'       => $_SERVER['SERVER_SOFTWARE'],
+                'SERVER_SOFTWARE'       => isset($_SERVER['SERVER_SOFTWARE']) ? sanitize_text_field(wp_unslash($_SERVER['SERVER_SOFTWARE'])) : null,
                 'SERVER_OS'             => PHP_OS,
-                'SERVER_IP_ADDRESS'     => $_SERVER['SERVER_ADDR'],
-                'HTTP_HOST'             => $_SERVER['HTTP_HOST'],
-                'SERVER_NAME'           => $_SERVER['SERVER_NAME'],
-                'HTTP_USER_AGENT'       => $_SERVER['HTTP_USER_AGENT'],
-                'HTTP_ACCEPT'           => $_SERVER['HTTP_ACCEPT'],
+                'SERVER_IP_ADDRESS'     => isset($_SERVER['SERVER_ADDR']) ? sanitize_text_field(wp_unslash($_SERVER['SERVER_ADDR'])) : null,
+                'HTTP_HOST'             => isset($_SERVER['HTTP_HOST']) ? sanitize_text_field(wp_unslash($_SERVER['HTTP_HOST'])) : null,
+                'SERVER_NAME'           => isset($_SERVER['SERVER_NAME']) ? sanitize_text_field(wp_unslash($_SERVER['SERVER_NAME'])) : null,
+                'HTTP_USER_AGENT'       => isset($_SERVER['HTTP_USER_AGENT']) ? sanitize_text_field(wp_unslash($_SERVER['HTTP_USER_AGENT'])) : null,
+                'HTTP_ACCEPT'           => isset($_SERVER['HTTP_ACCEPT']) ? sanitize_text_field(wp_unslash($_SERVER['HTTP_ACCEPT'])) : null,
                 'memory_limit'          => ini_get('memory_limit'),
                 'execution_time'        => ini_get('max_execution_time'),
@@ -320 +482 @@
                 'socket_status'         => $socket_test[1] ? $socket_test[1] : 'OK',
                 'socket_status_ssl'     => $socket_test_ssl[1] ? $socket_test_ssl[1] : 'OK',
-            ),
-            'newsplugin_env' => array(
+            ],
+            'newsplugin_env' => [
                 'REGISTERED EMAIL'      => $user_info ? $user_info->email : 'error or unregistered',
                 'USER STATUS'           => $user_info ? $user_info->status : 'error or unregistered',
@@ -327 +489 @@
                 'curl_ping'             => $curl_ping[1] ? $curl_ping[1] : ('OK from ' . $curl_ping[0]->client),
                 'socket_ping'           => $socket_ping[1] ? $socket_ping[1] : ('OK from ' . $socket_ping[0]->client),
-            )
-        );
-        if ($curl_test[1] == $curl_test_ssl[1]) {
+            ]
+        ];
+        if ($curl_test[1] === $curl_test_ssl[1]) {
             unset($system_info['system_env']['curl_status_ssl']);
         }
-        if ($socket_test[1] == $socket_test_ssl[1]) {
+        if ($socket_test[1] === $socket_test_ssl[1]) {
             unset($system_info['system_env']['socket_status_ssl']);
         }

newsplugin/tags/1.1.0/news-plugin-widget.php

@@ -1 +1 @@
 <?php
+
+/**
+ * Widget
+ *
+ * @package    WordPress
+ * @subpackage News Plugin
+ * @since 1.0.0
+ */
 
 // Prevent ourselves from being run directly.
@@ -13 +21 @@
      * Register widget with WordPress.
      */
-    function __construct()
+    public function __construct()
     {
         parent::__construct(
             'news_plugin_widget',
             __('NewsPlugin', 'news_plugin'),
-            array('description' => __('Create custom newsfeeds and let fresh relevant news appear on your website (or approve and publish them manually).', 'news_plugin'),)
+            ['description' => __('Create custom newsfeeds and let fresh relevant news appear on your website (or approve and publish them manually).', 'news_plugin'),]
         );
     }
@@ -40 +48 @@
     private function current_options()
     {
-        $opts = get_option('news_plugin_widget_options', array());
-        $opts = (isset($opts[$this->widget_id()])) ? $opts[$this->widget_id()] : array();
+        $opts = get_option('news_plugin_widget_options', []);
+        $opts = (isset($opts[$this->widget_id()])) ? $opts[$this->widget_id()] : [];
         return $opts;
     }
@@ -47 +55 @@
     /**
      * Update the private options specific for this widget.
+     *
+     * @param mixed $args Arguments.
+     * @return mixed
      */
     private function update_options($args)
     {
-        $opts = get_option('news_plugin_widget_options', array());
+        $opts = get_option('news_plugin_widget_options', []);
         $opts[$this->widget_id()] = $args;
         update_option('news_plugin_widget_options', $opts);
@@ -62 +73 @@
     {
         $opts = $this->current_options();
-        $posts = (isset($opts['excluded'])) ? $opts['excluded'] : array();
+        $posts = (isset($opts['excluded'])) ? $opts['excluded'] : [];
         return $posts;
     }
@@ -68 +79 @@
     /**
      * Add given id to the list of excluded posts.
+     *
+     * @param int $id ID.
+     * @param int $limit Limit.
+     * @return array
      */
     private function exclude_post($id, $limit = 100)
@@ -86 +101 @@
     {
         $opts = $this->current_options();
-        $posts = array();
+        $posts = [];
         $opts['excluded'] = $posts;
         $this->update_options($opts);
@@ -98 +113 @@
     {
         $opts = $this->current_options();
-        $posts = (isset($opts['favorite'])) ? $opts['favorite'] : array();
+        $posts = (isset($opts['favorite'])) ? $opts['favorite'] : [];
         return $posts;
     }
@@ -104 +119 @@
     /**
      * Add given id to the list of favorite posts.
+     *
+     * @param int $id ID.
+     * @param int $limit Limit.
+     * @return array
      */
     private function star_favorite_post($id, $limit = 100)
@@ -118 +137 @@
     /**
      * Remove given id from the list of favorite posts.
+     *
+     * @param int $id ID.
+     * @return mixed
      */
     private function unstar_favorite_post($id)
@@ -123 +145 @@
         $opts = $this->current_options();
         $posts = $this->favorite_posts();
-        $posts = array_diff($posts, array($id));
+        $posts = array_diff($posts, [$id]);
         $opts['favorite'] = $posts;
         $this->update_options($opts);
@@ -135 +157 @@
     {
         $opts = $this->current_options();
-        $posts = array();
+        $posts = [];
         $opts['favorite'] = $posts;
         $this->update_options($opts);
@@ -152 +174 @@
     /**
      * Set the timestamp of the last publishing in manual publishing mode.
+     *
+     * @param int $time Timestamp.
+     * @return mixed
      */
     private function update_publish_time($time)
@@ -163 +188 @@
     /**
      * Prepare the args for URL managing posts of this widget.
+     *
+     * @param string $action Action name.
+     * @param int    $arg Number of arguments.
+     * @return array
      */
     private function create_action_args($action, $arg = 0)
     {
-        return array(
+        return [
             'news_plugin_instance' => $this->widget_id(),
             'news_plugin_action' => $action,
             'news_plugin_arg' => $arg,
-        );
+            '_wpnonce' => wp_create_nonce('news_plugin_url_nonce'),
+        ];
     }
 
@@ -178 +208 @@
     private function parse_action_args()
     {
-        if ((!isset($_GET['news_plugin_instance'])) || ($_GET['news_plugin_instance'] != $this->widget_id())) {
-            return array();
-        }
-        return array(
-            'action' => isset($_GET['news_plugin_action']) ? $_GET['news_plugin_action'] : '',
-            'arg' => isset($_GET['news_plugin_arg']) ? $_GET['news_plugin_arg'] : '',
-        );
+        // Verify nonce.
+        $nonce = isset($_GET['news_plugin_url_nonce']) ? sanitize_key($_GET['news_plugin_url_nonce']) : null;
+        if ($nonce && !wp_verify_nonce($nonce) && $_GET['news_plugin_instance']) {
+            die(esc_html__('1 - Security check failed. Try to submit the form once again.', 'news_plugin'));
+        }
+
+        if ((!isset($_GET['news_plugin_instance'])) || ($_GET['news_plugin_instance'] !== $this->widget_id())) {
+            return [];
+        }
+        return [
+            'action' => isset($_GET['news_plugin_action']) ? sanitize_key(wp_unslash($_GET['news_plugin_action'])) : '',
+            'arg' => isset($_GET['news_plugin_arg']) ? sanitize_key(wp_unslash($_GET['news_plugin_arg'])) : '',
+        ];
     }
 
@@ -220 +256 @@
     private function edit_mode_enabled()
     {
+        // Verify nonce.
+        $nonce = isset($_GET['news_plugin_url_nonce']) ? sanitize_key($_GET['news_plugin_url_nonce']) : null;
+        if ($nonce && !wp_verify_nonce($nonce) && isset($_GET['news_plugin_action']) ) {
+            die(esc_html__('2 - Security check failed. Try to submit the form once again.', 'news_plugin'));
+        }
+
         if (isset($_GET['news_plugin_action'])) {
-            $action = $_GET['news_plugin_action'];
+            $action = sanitize_key(wp_unslash($_GET['news_plugin_action']));
             return !empty($action);
         }
@@ -228 +270 @@
     /**
      * Manage the feed as necessary.
+     *
+     * @param mixed $opts Options.
+     * @return void
      */
     private function manage($opts)
     {
         switch ($this->current_action()) {
-            case 'exclude': {
-                    $id = sanitize_key($this->current_arg());
-                    $limit = max(100, 2 * $opts['count']);
-                    $this->exclude_post($id, $limit);
-                    break;
-                }
-            case 'star': {
-                    $id = sanitize_key($this->current_arg());
-                    $limit = max(100, 2 * $opts['count']);
-                    $this->star_favorite_post($id, $limit);
-                    break;
-                }
-            case 'unstar': {
-                    $id = sanitize_key($this->current_arg());
-                    $this->unstar_favorite_post($id);
-                    break;
-                }
-            case 'reset': {
-                    $this->reset_excluded_posts();
-                    $this->reset_favorite_posts();
-                    break;
-                }
-            case 'publish': {
-                    $time = min(time(), absint($this->current_arg()));
-                    $this->update_publish_time($time);
-                    break;
-                }
+            case 'exclude':
+                $id = sanitize_key($this->current_arg());
+                $limit = max(100, 2 * $opts['count']);
+                $this->exclude_post($id, $limit);
+                break;
+            case 'star':
+                $id = sanitize_key($this->current_arg());
+                $limit = max(100, 2 * $opts['count']);
+                $this->star_favorite_post($id, $limit);
+                break;
+            case 'unstar':
+                $id = sanitize_key($this->current_arg());
+                $this->unstar_favorite_post($id);
+                break;
+            case 'reset':
+                $this->reset_excluded_posts();
+                $this->reset_favorite_posts();
+                break;
+            case 'publish':
+                $time = min(time(), absint($this->current_arg()));
+                $this->update_publish_time($time);
+                break;
         }
     }
@@ -264 +304 @@
     /**
      * Silly helper for returning caching duration for fetch_feed().
-     */
-    function get_feed_caching_duration($seconds)
+     *
+     * @return int
+     */
+    public function get_feed_caching_duration()
     {
         return 3600;
@@ -272 +314 @@
     /**
      * Get our data feed.
+     *
+     * @param int   $time Time.
+     * @param mixed $opts Options.
+     * @param int   $limit Limit.
+     * @return SimplePie|WP_Error|null
      */
     private function get_feed($time, $opts, $limit = 100)
@@ -277 +324 @@
         $key = get_option('news_plugin_api_key');
 
-        $args = array(
+        $args = [
             'k' => $key,
             'q' => $opts['keywords'],
@@ -283 +330 @@
             'c' => $opts['count'],
             't' => $opts['title']
-            // o offset
-            // a after
-            // b before
-        );
-
-        if ($opts['feed_mode'] == 'manual') {
+            // o offset.
+            // a after.
+            // b before.
+        ];
+
+        if ($opts['feed_mode'] === 'manual') {
             if (!($this->can_manage() && $this->edit_mode_enabled())) {
                 $time = $this->publish_time();
@@ -328 +375 @@
 
         // Talk about stupid API. Like if the cache duration couldn't be a simple parameter.
-        $cache_filter = array($this, 'get_feed_caching_duration');
+        $cache_filter = [$this, 'get_feed_caching_duration'];
         add_filter('wp_feed_cache_transient_lifetime', $cache_filter);
         $feed = fetch_feed($url);
         remove_filter('wp_feed_cache_transient_lifetime', $cache_filter);
 
-        return (is_wp_error($feed) ? NULL : $feed);
-    }
-
+        return (is_wp_error($feed) ? null : $feed);
+    }
+
+    /**
+     * CSS style helpers
+     *
+     * @param mixed $style Style.
+     * @param mixed $type Type.
+     * @return string
+     */
     private function compute_style_helper($style, $type)
     {
@@ -343 +397 @@
         $ret = '';
         if ($style[$type]['size']) {
-            $ret .= 'font-size: ' . $style[$type]['size'] . 'px;';
+            $ret .= 'font-size:' . $style[$type]['size'] . 'px;';
         }
         if ($style[$type]['color']) {
@@ -351 +405 @@
             $ret .= 'font-family:' . $style[$type]['font_family'] . ';';
         }
-        if (!$ret) {
-            return ($ret);
-        }
-        return (' style="' . $ret . '"');
+        if ($ret) {
+            return ' style=' . $ret ;
+        }
     }
 
@@ -370 +423 @@
 
         if (!isset($rss)) {
-            _e('Feed fetch failed ', 'news_plugin');
+            esc_html_e('Feed fetch failed ', 'news_plugin');
             return;
         }
 
-        $manual_mode = ($opts['feed_mode'] == 'manual');
+        $manual_mode = ($opts['feed_mode'] === 'manual');
 
         $exclude = array_fill_keys($this->excluded_posts(), true);
@@ -393 +446 @@
                 $args = $this->create_action_args('reset');
                 echo '<a href="' . esc_attr(add_query_arg($args)) . '">';
-                echo 'Reset';
+                esc_html_e('Reset', 'news_plugin');
                 echo '</a>';
 
@@ -400 +453 @@
                     echo ' | ';
                     echo '<a href="' . esc_attr(add_query_arg($args)) . '">';
-                    echo 'Publish Headlines';
+                    esc_html_e('Publish Headlines', 'news_plugin');
                     echo '</a>';
                 }
 
-                $args = $this->create_action_args(NULL, NULL);
+                $args = $this->create_action_args(null, null);
                 echo ' | ';
                 echo '<a href="' . esc_attr(add_query_arg($args)) . '">';
-                echo 'Leave Edit Newsfeed Mode';
+                esc_html_e('Leave Edit Newsfeed Mode', 'news_plugin');
                 echo '</a>';
 
@@ -415 +468 @@
                 echo '<p class="news-plugin-edit-buttons">';
                 echo '<a href="' . esc_attr(add_query_arg($args)) . '">';
-                echo 'Edit Newsfeed Mode';
+                esc_html_e('Edit Newsfeed Mode', 'news_plugin');
                 echo '</a>';
             }
@@ -421 +474 @@
             if ($manual_mode) {
                 $t = $this->publish_time();
-                if ($t == 0) {
+                if ($t === 0) {
                     if ($this->edit_mode_enabled()) {
                         echo '<p>';
-                        echo 'No headlines published yet.';
+                        esc_html_e('No headlines published yet.', 'news_plugin');
                         echo '</p>';
                     } else {
                         echo '<p>';
-                        echo 'No headlines published yet. Use the Edit Newsfeed Mode to edit and publish your feed.';
+                        esc_html_e('No headlines published yet. Use the Edit Newsfeed Mode to edit and publish your feed.', 'news_plugin');
                         echo '</p>';
                     }
                 } else {
-                    $t = date('d M Y H:i', $t);
+                    // TODO localize properly.
+                    $t = gmdate('d M Y H:i', $t);
                     echo '<p>';
-                    echo "Headlines last published on {$t}.";
+                    // TODO localize properly.
+                    echo esc_html("Headlines last published on {$t}.");
                     echo '</p>';
                 }
@@ -442 +497 @@
                 if ($manual_mode) {
                     echo '<p>';
-                    echo "Once published, only the first {$limit} headline" . ($limit == 1 ? '' : 's') . " will be displayed in your feed.";
+                    // TODO localize properly.
+                    echo esc_html("Once published, only the first {$limit} headline" . ($limit === 1 ? '' : 's') . " will be displayed in your feed.");
+                    // TODO localize properly.
                     echo ' You can <span style="font-size:110%;">&#9734;</span>&nbsp;Star individual headlines to move them to the top or &#10005;&nbsp;Remove them from the feed. Click Reset to undo these changes.';
-                    echo ' Don’t forget to Publish Headlines when you are done.';
+                    esc_html_e(' Don’t forget to Publish Headlines when you are done.', 'news_plugin');
                     echo '</p>';
                 } else {
                     echo '<p>';
+                    // TODO localize properly.
                     echo 'You can <span style="font-size:110%;">&#9734;</span>&nbsp;Star individual headlines to move them to the top or &#10005;&nbsp;Remove them from the feed. Click Reset to undo these changes.';
                     echo '</p>';
@@ -460 +518 @@
         $index = 0;
 
-        if ($opts['wp_uid'] && (intval($opts['wp_uid']) != 0)) {
+        if ($opts['wp_uid'] && (intval($opts['wp_uid']) !== 0)) {
             $userID = intval($opts['wp_uid']);
         } else {
@@ -479 +537 @@
                 }
 
-                if (!empty($favorite[$id]) xor ($pass == 0)) {
+                if (!empty($favorite[$id]) xor ($pass === 0)) {
                     continue;
                 }
 
-                if ($index == $limit) {
+                if ($index === $limit) {
                     echo '<hr>';
                 }
 
                 echo '<li>';
-                if ($opts['link_follow'] == 'no') {
+                if ($opts['link_follow'] === 'no') {
                     $s_follow = ' rel="nofollow"';
                 } else {
@@ -498 +556 @@
                     $s_target = '';
                 }
-                echo '<a href="' . esc_attr($item->get_permalink()) . '"' . $s_target . $s_follow . '>';
+                echo '<a href="' . esc_url($item->get_permalink()) . '"' . esc_attr($s_target) . esc_attr($s_follow) . '>';
                 $style = $this->compute_style_helper($style_news, 'article_headline');
-                echo '<span class="news-plugin-title"' . $style . '>';
+                echo '<span class="news-plugin-title"' . esc_attr($style) . '>';
                 echo esc_html($item->get_title());
                 echo '</span>';
@@ -507 +565 @@
                     echo "\n";
                     $style = $this->compute_style_helper($style_news, 'article_date');
-                    echo '<span class="news-plugin-date"' . $style . '>';
+                    echo '<span class="news-plugin-date"' . esc_attr($style) . '>';
                     echo esc_html($item->get_date(get_option('date_format') . ' ' . get_option('time_format')));
                     echo '</span>';
@@ -513 +571 @@
                 if ($opts['show_source']) {
                     // Because RSS doesn't support the source field, we use the author field.
-                    // $source = $item->get_source() ;
                     $source = $item->get_author();
-                    if ($source) $source = $source->get_email();
+                    if ($source) {
+                        $source = $source->get_email();
+                    }
                     if (!empty($source)) {
                         echo "\n";
                         $style = $this->compute_style_helper($style_news, 'article_sources');
-                        echo '<span class="news-plugin-source"' . $style . '>';
+                        echo '<span class="news-plugin-source"' . esc_attr($style) . '>';
                         echo esc_html($source);
                         echo '</span>';
@@ -527 +586 @@
                     echo "\n";
                     $style = $this->compute_style_helper($style_news, 'article_abstract');
-                    echo '<span class="news-plugin-abstract"' . $style . '>';
+                    echo '<span class="news-plugin-abstract"' . esc_attr($style) . '>';
                     echo esc_html($item->get_description());
                     echo '</span>';
@@ -535 +594 @@
                     $args = $this->create_action_args('exclude', $id);
                     echo ' &nbsp; <a href="' . esc_attr(add_query_arg($args)) . '">';
-                    // echo 'X' ;
                     echo '<span style="text-decoration: underline;">';
                     echo '&#10005;&nbsp;Remove';
@@ -543 +601 @@
                         $args = $this->create_action_args('unstar', $id);
                         echo ' <a href="' . esc_attr(add_query_arg($args)) . '">';
-                        // echo '-' ;
                         echo '<span style="text-decoration: underline;">';
                         echo '<span style="font-size:110%;">&#9733;</span>&nbsp;Unstar';
@@ -551 +608 @@
                         $args = $this->create_action_args('star', $id);
                         echo ' <a href="' . esc_attr(add_query_arg($args)) . '">';
-                        // echo '+' ;
                         echo '<span style="text-decoration: underline;">';
                         echo '<span style="font-size:110%;">&#9734;</span>&nbsp;Star';
@@ -565 +621 @@
         }
         echo '</ul>';
-
-        //Error in Option Page
-        // newserroforwp_log("NewsPlugin Option Page");
     }
 
@@ -589 +642 @@
         if (empty($key)) {
             if ($this->can_manage()) {
-?>
+                ?>
                 <p>
-                    Your feed is currently inactive.
-                    Please enter your Activation Key on the
-                    <a href="<?php echo admin_url('admin.php?page=news-plugin-settings') ?>">NewsPlugin Settings</a>
-                    page first.
+                    <?php esc_html_e('Your feed is currently inactive.', 'news_plugin'); ?>
+                    <?php esc_html_e('Please enter your Activation Key on the', 'news_plugin'); ?>
+                    <a href="<?php echo esc_url(admin_url('admin.php?page=news-plugin-settings')) ?>"><?php esc_html_e('NewsPlugin Settings', 'news_plugin'); ?></a>
+                    <?php esc_html_e('page first', 'news_plugin'); ?>.
                 </p>
-            <?php
+                <?php
             }
             return;
@@ -607 +660 @@
         $title = apply_filters('widget_title', $opts['title']);
 
-        echo $args['before_widget'];
-        if (!empty($title))
-            echo $args['before_title'] . $title . $args['after_title'];
+        echo wp_kses_post($args['before_widget']);
+        if (!empty($title)) {
+            echo wp_kses_post($args['before_title'] . $title . $args['after_title']);
+        }
         $this->content($opts);
-        echo $args['after_widget'];
+        echo wp_kses_post($args['after_widget']);
     }
 
@@ -627 +681 @@
             ?>
             <p>
-                Please enter your Activation Key on the
-                <a href="<?php echo admin_url('admin.php?page=news-plugin-settings') ?>">NewsPlugin Settings</a>
-                page first.
+                <?php esc_html_e('Please enter your Activation Key on the', 'news_plugin'); ?>
+                <a href="<?php echo esc_url(admin_url('admin.php?page=news-plugin-settings')); ?>"><?php esc_html_e('NewsPlugin Settings', 'news_plugin'); ?></a>
+                <?php esc_html_e('page first.', 'news_plugin'); ?>
             </p>
-        <?php
+            <?php
             return;
         }
@@ -726 +780 @@
 
         // Force expert user mode for now.
-        // $user_mode = get_option( 'news_plugin_user_mode' ) ;
+        // $user_mode = get_option( 'news_plugin_user_mode' ); .
         $user_mode = 2;
 
         ?>
         <p>
-            <label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Newsfeed Name:'); ?></label>
-            <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>">
+            <label for="<?php echo esc_attr($this->get_field_id('title')); ?>"><?php esc_html_e('Newsfeed Name:', 'news_plugin'); ?></label>
+            <input class="widefat" id="<?php echo esc_attr($this->get_field_id('title')); ?>" name="<?php echo esc_attr($this->get_field_name('title')); ?>" type="text" value="<?php echo esc_attr($title); ?>">
             <br>
-            <small>Give your feed a good name.</small>
+            <small><?php esc_html_e('Give your feed a good name.', 'news_plugin'); ?></small>
             <br>
-            <small>Example: Canada Solar Energy News</small>
+            <small><?php esc_html_e('Example: Canada Solar Energy News', 'news_plugin'); ?></small>
         </p>
         <p>
-            <label for="<?php echo $this->get_field_id('keywords'); ?>"><?php _e('Keywords:'); ?></label>
-            <input class="widefat" id="<?php echo $this->get_field_id('keywords'); ?>" name="<?php echo $this->get_field_name('keywords'); ?>" type="text" value="<?php echo esc_attr($keywords); ?>">
+            <label for="<?php echo esc_attr($this->get_field_id('keywords')); ?>"><?php esc_html_e('Keywords:', 'news_plugin'); ?></label>
+            <input class="widefat" id="<?php echo esc_attr($this->get_field_id('keywords')); ?>" name="<?php echo esc_attr($this->get_field_name('keywords')); ?>" type="text" value="<?php echo esc_attr($keywords); ?>">
             <br>
-            <small>Use keywords to find relevant news.</small>
+            <small><?php esc_html_e('Use keywords to find relevant news.', 'news_plugin'); ?></small>
             <br>
-            <small>Example: canada &amp; "solar energy"</small>
+            <small><?php esc_html_e('Example: canada &amp; "solar energy"', 'news_plugin'); ?></small>
             <br>
-            <small>Read the <a href="http://newsplugin.com/faq#keyword-tips" target="_blank">FAQ</a> for more keywords tips and examples.</small>
+            <small><?php printf(esc_html__('Read the %S for more keywords tips and examples.', 'news_plugin'), '<a href="http://newsplugin.com/faq#keyword-tips" target="_blank">' . esc_html__('FAQ', 'news_plugin') . '</a'); ?></small>
         </p>
         <p>
-            <label for="<?php echo $this->get_field_id('count'); ?>"><?php _e('Number of Articles:'); ?></label>
-            <input class="widefat" id="<?php echo $this->get_field_id('count'); ?>" name="<?php echo $this->get_field_name('count'); ?>" type="text" value="<?php echo $count; ?>">
+            <label for="<?php echo esc_attr($this->get_field_id('count')); ?>"><?php esc_html_e('Number of Articles:', 'news_plugin'); ?></label>
+            <input class="widefat" id="<?php echo esc_attr($this->get_field_id('count')); ?>" name="<?php echo esc_attr($this->get_field_name('count')); ?>" type="text" value="<?php echo esc_attr($count); ?>">
             <br>
-            <small>Set how many headlines to show in your feed.</small>
+            <small><?php esc_html_e('Set how many headlines to show in your feed.', 'news_plugin'); ?></small>
             <br>
-            <small>Example: 10</small>
+            <small><?php esc_html_e('Example: 10', 'news_plugin'); ?></small>
         </p>
         <p>
-            <input id="<?php echo $this->get_field_id('show_date'); ?>" name="<?php echo $this->get_field_name('show_date'); ?>" type="checkbox" <?php if ($show_date) echo 'checked="checked"' ?>>
-            <label for="<?php echo $this->get_field_id('show_date'); ?>"><?php _e('Show Dates'); ?></label>
+            <input id="<?php echo esc_attr($this->get_field_id('show_date')); ?>" name="<?php echo esc_attr($this->get_field_name('show_date')); ?>" type="checkbox" <?php if ($show_date) {
+                echo 'checked="checked"';
+                       } ?>>
+            <label for="<?php echo esc_attr($this->get_field_id('show_date')); ?>"><?php esc_html_e('Show Dates', 'news_plugin'); ?></label>
         </p>
         <p>
-            <input id="<?php echo $this->get_field_id('show_source'); ?>" name="<?php echo $this->get_field_name('show_source'); ?>" type="checkbox" <?php if ($show_source) echo 'checked="checked"' ?>>
-            <label for="<?php echo $this->get_field_id('show_source'); ?>"><?php _e('Show Sources'); ?></label>
+            <input id="<?php echo esc_attr($this->get_field_id('show_source')); ?>" name="<?php echo esc_attr($this->get_field_name('show_source')); ?>" type="checkbox" <?php if ($show_source) {
+                echo 'checked="checked"';
+                       } ?>>
+            <label for="<?php echo esc_attr($this->get_field_id('show_source')); ?>"><?php esc_html_e('Show Sources', 'news_plugin'); ?></label>
         </p>
         <p>
-            <input id="<?php echo $this->get_field_id('show_abstract'); ?>" name="<?php echo $this->get_field_name('show_abstract'); ?>" type="checkbox" <?php if ($show_abstract) echo 'checked="checked"' ?>>
-            <label for="<?php echo $this->get_field_id('show_abstract'); ?>"><?php _e('Show Abstracts'); ?></label>
+            <input id="<?php echo esc_attr($this->get_field_id('show_abstract')); ?>" name="<?php echo esc_attr($this->get_field_name('show_abstract')); ?>" type="checkbox" <?php if ($show_abstract) {
+                echo 'checked="checked"';
+                       } ?>>
+            <label for="<?php echo esc_attr($this->get_field_id('show_abstract')); ?>"><?php esc_html_e('Show Abstracts', 'news_plugin'); ?></label>
             <br>
-            <small>By default, your feed displays headlines only. You can add more information.</small>
+            <small><?php esc_html_e('By default, your feed displays headlines only. You can add more information.', 'news_plugin'); ?></small>
             <br>
-            <small>Example: New Reports on Canada Solar Energy, 12 Feb 2015 (BBC)</small>
+            <small><?php esc_html_e('Example: New Reports on Canada Solar Energy, 12 Feb 2015 (BBC)', 'news_plugin'); ?></small>
         </p>
         <?php
         if ($user_mode > 0) {
-
             /*
-        <p>
-        <label for="<?php echo $this->get_field_id( 'sources' ); ?>"><?php _e( 'Sources:' ); ?></label>
-        <input class="widefat" id="<?php echo $this->get_field_id( 'sources' ); ?>" name="<?php echo $this->get_field_name( 'sources' ); ?>" type="text" value="<?php echo esc_attr( $sources ) ; ?>">
-        <br>
-        <small>Show news from only selected sources. Leave blank for all sources.</small>
-        <br>
-        <small>Example: BBC</small>
-        </p>
-        <p>
-        <label for="<?php echo $this->get_field_id( 'excluded_sources' ); ?>"><?php _e( 'Excluded Sources:' ); ?></label>
-        <input class="widefat" id="<?php echo $this->get_field_id( 'excluded_sources' ); ?>" name="<?php echo $this->get_field_name( 'excluded_sources' ); ?>" type="text" value="<?php echo esc_attr( $excluded_sources ) ; ?>">
-        <br>
-        <small>Don’t show news from selected sources.</small>
-        <br>
-        <small>Example: BBC</small>
-        </p>
-        */
-
-        ?>
+        <p>
+        <label for="<?php echo $this->get_field_id( 'sources' ); ?>"><?php _e( 'Sources:' ); ?></label>
+        <input class="widefat" id="<?php echo $this->get_field_id( 'sources' ); ?>" name="<?php echo $this->get_field_name( 'sources' ); ?>" type="text" value="<?php echo esc_attr( $sources ) ; ?>">
+        <br>
+        <small>Show news from only selected sources. Leave blank for all sources.</small>
+        <br>
+        <small>Example: BBC</small>
+        </p>
+        <p>
+        <label for="<?php echo $this->get_field_id( 'excluded_sources' ); ?>"><?php _e( 'Excluded Sources:' ); ?></label>
+        <input class="widefat" id="<?php echo $this->get_field_id( 'excluded_sources' ); ?>" name="<?php echo $this->get_field_name( 'excluded_sources' ); ?>" type="text" value="<?php echo esc_attr( $excluded_sources ) ; ?>">
+        <br>
+        <small>Don’t show news from selected sources.</small>
+        <br>
+        <small>Example: BBC</small>
+        </p>
+        */
+
+            ?>
             <p>
-                <label for="<?php echo $this->get_field_id('search_mode'); ?>"><?php _e('Search Mode:'); ?></label>
-                <select class="widefat" id="<?php echo $this->get_field_id('search_mode'); ?>" name="<?php echo $this->get_field_name('search_mode'); ?>">
-                    <option value="">Default</option>
-                    <option value="title" <?php if ($search_mode == "title") echo 'selected="selected"' ?>>Headlines Only</option>
-                    <option value="text" <?php if ($search_mode == "text") echo 'selected="selected"' ?>>Headlines &amp; Full Text</option>
+                <label for="<?php echo esc_attr($this->get_field_id('search_mode')); ?>"><?php esc_html_e('Search Mode:', 'news_plugin'); ?></label>
+                <select class="widefat" id="<?php echo esc_attr($this->get_field_id('search_mode')); ?>" name="<?php echo esc_attr($this->get_field_name('search_mode')); ?>">
+                    <option value=""><?php esc_html_e('Default', 'news_plugin'); ?></option>
+                    <option value="title" <?php if ($search_mode === "title") {
+                        echo 'selected="selected"';
+                                          } ?>><?php esc_html_e('Headlines Only', 'news_plugin'); ?></option>
+                    <option value="text" <?php if ($search_mode === "text") {
+                        echo 'selected="selected"';
+                                         } ?>><?php esc_html_e('Headlines &amp; Full Text', 'news_plugin'); ?></option>
                 </select>
                 <br>
-                <small>Show news that has your keywords in a headline or anywhere in an article. Default is headlines and full text.</small>
+                <small><?php esc_html_e('Show news that has your keywords in a headline or anywhere in an article. Default is headlines and full text.', 'news_plugin'); ?></small>
             </p>
 
             <?php
             /*
-        <p>
-        <label for="<?php echo $this->get_field_id( 'search_type' ); ?>"><?php _e( 'Search Type:' ); ?></label>
-        <select class="widefat" id="<?php echo $this->get_field_id( 'search_type' ); ?>" name="<?php echo $this->get_field_name( 'search_type' ); ?>">
-        <option value="">Default</option>
-        <option value="news" <?php if ( $search_type == "news" ) echo 'selected="selected"' ?>>News</option>
-        <option value="pr" <?php if ( $search_type == "pr" ) echo 'selected="selected"' ?>>Press Releases</option>
-        <option value="event"<?php if ( $search_type == "event" ) echo 'selected="selected"' ?>>Events</option>
-        </select>
-        <br>
-        <small>Show only selected types of news. Default is a combination of all types.</small>
-        </p>
-        */
+        <p>
+        <label for="<?php echo $this->get_field_id( 'search_type' ); ?>"><?php _e( 'Search Type:' ); ?></label>
+        <select class="widefat" id="<?php echo $this->get_field_id( 'search_type' ); ?>" name="<?php echo $this->get_field_name( 'search_type' ); ?>">
+        <option value="">Default</option>
+        <option value="news" <?php if ( $search_type == "news" ) echo 'selected="selected"' ?>>News</option>
+        <option value="pr" <?php if ( $search_type == "pr" ) echo 'selected="selected"' ?>>Press Releases</option>
+        <option value="event"<?php if ( $search_type == "event" ) echo 'selected="selected"' ?>>Events</option>
+        </select>
+        <br>
+        <small>Show only selected types of news. Default is a combination of all types.</small>
+        </p>
+        */
             ?>
 
             <p>
-                <label for="<?php echo $this->get_field_id('sort_mode'); ?>"><?php _e('Sort Mode:'); ?></label>
-                <select class="widefat" id="<?php echo $this->get_field_id('sort_mode'); ?>" name="<?php echo $this->get_field_name('sort_mode'); ?>">
-                    <option value="">Default</option>
-                    <option value="relevance" <?php if ($sort_mode == "relevance") echo 'selected="selected"' ?>>Relevance</option>
-                    <option value="date" <?php if ($sort_mode == "date") echo 'selected="selected"' ?>>Date</option>
+                <label for="<?php echo esc_attr($this->get_field_id('sort_mode')); ?>"><?php esc_html_e('Sort Mode:', 'news_plugin'); ?></label>
+                <select class="widefat" id="<?php echo esc_attr($this->get_field_id('sort_mode')); ?>" name="<?php echo esc_attr($this->get_field_name('sort_mode')); ?>">
+                    <option value=""><?php esc_html_e('Default', 'news_plugin'); ?></option>
+                    <option value="relevance" <?php if ($sort_mode === "relevance") {
+                        echo 'selected="selected"';
+                                              } ?>><?php esc_html_e('Relevance', 'news_plugin'); ?></option>
+                    <option value="date" <?php if ($sort_mode === "date") {
+                        echo 'selected="selected"';
+                                         } ?>><?php esc_html_e('Date', 'news_plugin'); ?></option>
                 </select>
                 <br>
-                <small>Show headlines sorted by date or relevance. Default is by relevance.</small>
+                <small><?php esc_html_e('Show headlines sorted by date or relevance. Default is by relevance.', 'news_plugin'); ?></small>
             </p>
             <p>
-                <label for="<?php echo $this->get_field_id('age'); ?>"><?php _e('News Age Limit (in hours):'); ?></label>
-                <input class="widefat" id="<?php echo $this->get_field_id('age'); ?>" name="<?php echo $this->get_field_name('age'); ?>" type="text" value="<?php echo $age; ?>">
+                <label for="<?php echo esc_attr($this->get_field_id('age')); ?>"><?php esc_html_e('News Age Limit (in hours):', 'news_plugin'); ?></label>
+                <input class="widefat" id="<?php echo esc_attr($this->get_field_id('age')); ?>" name="<?php echo esc_attr($this->get_field_name('age')); ?>" type="text" value="<?php echo esc_attr($age); ?>">
                 <br>
-                <small>Don’t show articles older than given period. 0 means no limit.</small>
+                <small><?php esc_html_e('Don’t show articles older than given period. 0 means no limit.', 'news_plugin'); ?></small>
             </p>
             <p>
-                <label for="<?php echo $this->get_field_id('link_open_mode'); ?>"><?php _e('Link mode:'); ?></label>
-                <select class="widefat" id="<?php echo $this->get_field_id('link_open_mode'); ?>" name="<?php echo $this->get_field_name('link_open_mode'); ?>">
-                    <option value="">Default</option>
-                    <option value="_self" <?php if ($link_open_mode == "_self") echo 'selected="selected"' ?>>Same Window</option>
-                    <option value="_blank" <?php if ($link_open_mode == "_blank") echo 'selected="selected"' ?>>New Tab</option>
+                <label for="<?php echo esc_attr($this->get_field_id('link_open_mode')); ?>"><?php esc_html_e('Link mode:', 'news_plugin'); ?></label>
+                <select class="widefat" id="<?php echo esc_attr($this->get_field_id('link_open_mode')); ?>" name="<?php echo esc_attr($this->get_field_name('link_open_mode')); ?>">
+                    <option value=""><?php esc_html_e('Default', 'news_plugin'); ?></option>
+                    <option value="_self" <?php if ($link_open_mode === "_self") {
+                        echo 'selected="selected"';
+                                          } ?>><?php esc_html_e('Same Window', 'news_plugin'); ?></option>
+                    <option value="_blank" <?php if ($link_open_mode === "_blank") {
+                        echo 'selected="selected"';
+                                           } ?>><?php esc_html_e('New Tab', 'news_plugin'); ?></option>
                 </select>
-                <label for="<?php echo $this->get_field_id('link_follow'); ?>"><?php _e('Follow mode:'); ?></label>
-                <select class="widefat" id="<?php echo $this->get_field_id('link_follow'); ?>" name="<?php echo $this->get_field_name('link_follow'); ?>">
-                    <option value="">Default</option>
-                    <option value="yes" <?php if ($link_follow == "yes") echo 'selected="selected"' ?>>Follow</option>
-                    <option value="no" <?php if ($link_follow == "no") echo 'selected="selected"' ?>>Nofollow</option>
+                <label for="<?php echo esc_attr($this->get_field_id('link_follow')); ?>"><?php esc_html_e('Follow mode:', 'news_plugin'); ?></label>
+                <select class="widefat" id="<?php echo esc_attr($this->get_field_id('link_follow')); ?>" name="<?php echo esc_attr($this->get_field_name('link_follow')); ?>">
+                    <option value=""><?php esc_html_e('Default', 'news_plugin'); ?></option>
+                    <option value="yes" <?php if ($link_follow === "yes") {
+                        echo 'selected="selected"';
+                                        } ?>><?php esc_html_e('Follow', 'news_plugin'); ?></option>
+                    <option value="no" <?php if ($link_follow === "no") {
+                        echo 'selected="selected"';
+                                       } ?>><?php esc_html_e('Nofollow', 'news_plugin'); ?></option>
                 </select>
 
                 <?php
-
                 /*
-        <br>
-        <small>Choose where headlines in your feed link to. These can be either direct links to original articles (bbc.co.uk) or those articles can be framed with your custom name/links.</small>
-        </p>
-        <p>
-        <label for="<?php echo $this->get_field_id( 'link_type' ); ?>"><?php _e( 'Link mode:' ); ?></label>
-        <select class="widefat" id="<?php echo $this->get_field_id( 'link_type' ); ?>" name="<?php echo $this->get_field_name( 'link_type' ); ?>">
-        <option value="">Default</option>
-        <option value="frame" <?php if ( $link_type == "frame" ) echo 'selected="selected"' ?>>Framed</option>
-        <option value="orig"<?php if ( $link_type == "orig" ) echo 'selected="selected"' ?>>Original</option>
-        </select>
-        <br>
-        <small>Choose where headlines in your feed link to. These can be either direct links to original articles (bbc.co.uk) or those articles can be framed with your custom name/links.</small>
-        </p>
-        */
+        <br>
+        <small>Choose where headlines in your feed link to. These can be either direct links to original articles (bbc.co.uk) or those articles can be framed with your custom name/links.</small>
+        </p>
+        <p>
+        <label for="<?php echo $this->get_field_id( 'link_type' ); ?>"><?php _e( 'Link mode:' ); ?></label>
+        <select class="widefat" id="<?php echo $this->get_field_id( 'link_type' ); ?>" name="<?php echo $this->get_field_name( 'link_type' ); ?>">
+        <option value="">Default</option>
+        <option value="frame" <?php if ( $link_type == "frame" ) echo 'selected="selected"' ?>>Framed</option>
+        <option value="orig"<?php if ( $link_type == "orig" ) echo 'selected="selected"' ?>>Original</option>
+        </select>
+        <br>
+        <small>Choose where headlines in your feed link to. These can be either direct links to original articles (bbc.co.uk) or those articles can be framed with your custom name/links.</small>
+        </p>
+        */
 
                 ?>
@@ -876 +950 @@
             ?>
                 <p>
-                    <label for="<?php echo $this->get_field_id('feed_mode'); ?>"><?php _e('Feed publishing:'); ?></label>
-                    <select class="widefat" id="<?php echo $this->get_field_id('feed_mode'); ?>" name="<?php echo $this->get_field_name('feed_mode'); ?>">
-                        <option value="">Default</option>
-                        <option value="auto" <?php if ($feed_mode == "auto") echo 'selected="selected"' ?>>Automatic</option>
-                        <option value="manual" <?php if ($feed_mode == "manual") echo 'selected="selected"' ?>>Manual</option>
+                    <label for="<?php echo esc_attr($this->get_field_id('feed_mode')); ?>"><?php esc_html_e('Feed publishing:', 'news_plugin'); ?></label>
+                    <select class="widefat" id="<?php echo esc_attr($this->get_field_id('feed_mode')); ?>" name="<?php echo esc_attr($this->get_field_name('feed_mode')); ?>">
+                        <option value=""><?php esc_html_e('Default', 'news_plugin'); ?></option>
+                        <option value="auto" <?php if ($feed_mode === "auto") {
+                            echo 'selected="selected"';
+                                             } ?>><?php esc_html_e('Automatic', 'news_plugin'); ?></option>
+                        <option value="manual" <?php if ($feed_mode === "manual") {
+                            echo 'selected="selected"';
+                                               } ?>><?php esc_html_e('Manual', 'news_plugin'); ?></option>
                     </select>
                     <br>
-                    <small>Your feed can be automatically updated with new headlines, or you can choose headlines and publish them manually using news buffering. Default is automatic.</small>
+                    <small><?php esc_html_e('Your feed can be automatically updated with new headlines, or you can choose headlines and publish them manually using news buffering. Default is automatic.', 'news_plugin'); ?></small>
                 </p>
-    <?php
+            <?php
         }
     }
@@ -901 +979 @@
     public function update($new_opts, $old_opts)
     {
-        $opts = array();
-        $opts['title'] = (!empty($new_opts['title'])) ? strip_tags($new_opts['title']) : '';
-        $opts['keywords'] = (!empty($new_opts['keywords'])) ? strip_tags($new_opts['keywords']) : '';
+        $opts = [];
+        $opts['title'] = (!empty($new_opts['title'])) ? wp_strip_all_tags($new_opts['title']) : '';
+        $opts['keywords'] = (!empty($new_opts['keywords'])) ? wp_strip_all_tags($new_opts['keywords']) : '';
         $opts['count'] = (!empty($new_opts['count'])) ? absint($new_opts['count']) : 5;
         $opts['age'] = (!empty($new_opts['age'])) ? absint($new_opts['age']) : 0;
-        $opts['sources'] = (!empty($new_opts['sources'])) ? strip_tags($new_opts['sources']) : '';
-        $opts['excluded_sources'] = (!empty($new_opts['excluded_sources'])) ? strip_tags($new_opts['excluded_sources']) : '';
-        $opts['search_mode'] = (!empty($new_opts['search_mode'])) ? strip_tags($new_opts['search_mode']) : '';
-        $opts['search_type'] = (!empty($new_opts['search_type'])) ? strip_tags($new_opts['search_type']) : '';
-        $opts['sort_mode'] = (!empty($new_opts['sort_mode'])) ? strip_tags($new_opts['sort_mode']) : '';
-        $opts['link_open_mode'] = (!empty($new_opts['link_open_mode'])) ? strip_tags($new_opts['link_open_mode']) : '';
-        $opts['link_follow'] = (!empty($new_opts['link_follow'])) ? strip_tags($new_opts['link_follow']) : '';
-        $opts['link_type'] = (!empty($new_opts['link_type'])) ? strip_tags($new_opts['link_type']) : '';
+        $opts['sources'] = (!empty($new_opts['sources'])) ? wp_strip_all_tags($new_opts['sources']) : '';
+        $opts['excluded_sources'] = (!empty($new_opts['excluded_sources'])) ? wp_strip_all_tags($new_opts['excluded_sources']) : '';
+        $opts['search_mode'] = (!empty($new_opts['search_mode'])) ? wp_strip_all_tags($new_opts['search_mode']) : '';
+        $opts['search_type'] = (!empty($new_opts['search_type'])) ? wp_strip_all_tags($new_opts['search_type']) : '';
+        $opts['sort_mode'] = (!empty($new_opts['sort_mode'])) ? wp_strip_all_tags($new_opts['sort_mode']) : '';
+        $opts['link_open_mode'] = (!empty($new_opts['link_open_mode'])) ? wp_strip_all_tags($new_opts['link_open_mode']) : '';
+        $opts['link_follow'] = (!empty($new_opts['link_follow'])) ? wp_strip_all_tags($new_opts['link_follow']) : '';
+        $opts['link_type'] = (!empty($new_opts['link_type'])) ? wp_strip_all_tags($new_opts['link_type']) : '';
         $opts['show_date'] = !empty($new_opts['show_date']);
         $opts['show_source'] = !empty($new_opts['show_source']);
         $opts['show_abstract'] = !empty($new_opts['show_abstract']);
-        $opts['feed_mode'] = (!empty($new_opts['feed_mode'])) ? strip_tags($new_opts['feed_mode']) : '';
+        $opts['feed_mode'] = (!empty($new_opts['feed_mode'])) ? wp_strip_all_tags($new_opts['feed_mode']) : '';
         $opts['wp_uid'] = (!isset($new_opts['wp_uid']) || empty($new_opts['wp_uid'])) ? get_current_user_id() : $new_opts['wp_uid'];
 
@@ -923 +1001 @@
     }
 }
-    ?>
+?>

newsplugin/tags/1.1.0/news-plugin.php

@@ -1 +1 @@
 <?php
-/*
-Plugin Name: NewsPlugin
-Plugin URI: http://newsplugin.com/
-Description: Create custom newsfeeds for your website. Choose keywords, number of articles and other settings, put the feed wherever you want using widgets or shortcodes, and watch the fresh relevant news headlines appear on your pages (or approve and publish them manually). You can always shape the news right from your website, remove unwanted articles or star the good ones. Thanks for using the NewsPlugin, and we hope you like it.
-Author: newsplugin.com
-Version: 1.0.18
-Author URI: http://newsplugin.com/
-*/
+
+/**
+ * Plugin Name: NewsPlugin
+ * Plugin URI: http://newsplugin.com/
+ * Description: Create custom newsfeeds for your website. Choose keywords, number of articles and  * other settings, put the feed wherever you want using widgets or shortcodes, and watch the fresh  * relevant news headlines appear on your pages (or approve and publish them manually).
+ * Author: newsplugin.com
+ * Text Domain: news_plugin
+ * Domain Path: /languages
+ * Version: 1.1.0
+ * Author URI: http://newsplugin.com/
+ *
+ * @package    WordPress
+ * @subpackage News Plugin
+ * @since 1.0.0
+ */
 
 // Prevent ourselves from being run directly.
@@ -27 +34 @@
      * Register plugin with WordPress.
      */
-    function __construct()
-    {
+    public function __construct()
+    {
+
+        add_action('init', [$this, 'localize']);
+
         // Widgets.
-        add_action('widgets_init', array($this, 'widgets_init'));
-        add_action('admin_init', array($this, 'admin_init'));
-        add_action('admin_menu', array($this, 'admin_menu'));
-        add_action('admin_init', array(&$this, 'register_help_section'));
-        add_action('admin_init', array(&$this, 'register_activation_section'));
-        add_action('admin_init', array(&$this, 'register_shortcode_section'));
-        add_action('admin_init', array(&$this, 'register_style_section'));
-        add_action('admin_init', array(&$this, 'register_feed_section'));
-        add_action('admin_init', array(&$this, 'register_status_section'));
-        add_action('admin_enqueue_scripts', array($this, 'register_admin_scripts'));
-        add_action('wp_enqueue_scripts', array($this, 'register_styles'));
-
-        add_action('admin_post_nopriv_news_plugin_save_style', array($this, 'handle_save_style'));
-        add_action('admin_post_news_plugin_save_style', array($this, 'handle_save_style'));
-        add_action('admin_post_nopriv_news_plugin_send_feedback', array($this, 'handle_send_feedback'));
-        add_action('admin_post_news_plugin_send_feedback', array($this, 'handle_send_feedback'));
-        add_action('admin_post_nopriv_news_plugin_update_system_info', array($this, 'handle_update_system_info'));
-        add_action('admin_post_news_plugin_update_system_info', array($this, 'handle_update_system_info'));
-
-        add_action('admin_init', array($this, 'refresh_plugin_version'));
-
-        register_activation_hook(__FILE__, array($this, 'userSystemCheck_create'));
-        register_deactivation_hook(__FILE__, array($this, 'userSystemCheck_deactivation'));
+        add_action('widgets_init', [$this, 'widgets_init']);
+        add_action('admin_init', [$this, 'admin_init']);
+        add_action('admin_menu', [$this, 'admin_menu']);
+        add_action('admin_init', [&$this, 'register_help_section']);
+        add_action('admin_init', [&$this, 'register_activation_section']);
+        add_action('admin_init', [&$this, 'register_shortcode_section']);
+        add_action('admin_init', [&$this, 'register_style_section']);
+        add_action('admin_init', [&$this, 'register_feed_section']);
+        add_action('admin_init', [&$this, 'register_status_section']);
+        add_action('admin_enqueue_scripts', [$this, 'register_admin_scripts']);
+        add_action('wp_enqueue_scripts', [$this, 'register_styles']);
+
+        add_action('admin_post_nopriv_news_plugin_save_style', [$this, 'handle_save_style']);
+        add_action('admin_post_news_plugin_save_style', [$this, 'handle_save_style']);
+        add_action('admin_post_nopriv_news_plugin_send_feedback', [$this, 'handle_send_feedback']);
+        add_action('admin_post_news_plugin_send_feedback', [$this, 'handle_send_feedback']);
+        add_action('admin_post_nopriv_news_plugin_update_system_info', [$this, 'handle_update_system_info']);
+        add_action('admin_post_news_plugin_update_system_info', [$this, 'handle_update_system_info']);
+
+        add_action('admin_init', [$this, 'refresh_plugin_version']);
+
+        register_activation_hook(__FILE__, [$this, 'userSystemCheck_create']);
+        register_deactivation_hook(__FILE__, [$this, 'userSystemCheck_deactivation']);
         $usc = get_option('newsPlugin_system_info');
         $api_key = get_option('news_plugin_api_key');
@@ -58 +68 @@
             !$usc ||
             !isset($usc['info_version']) || ($usc['info_version'] < News_Plugin_Utils::get_system_info_version()) ||
-            !isset($usc['api_key']) || ($usc['api_key'] != $api_key)
+            !isset($usc['api_key']) || ($usc['api_key'] !== $api_key)
         ) {
             update_option('newsPlugin_system_info', News_Plugin_Utils::get_system_info());
@@ -64 +74 @@
     }
 
-    function userSystemCheck_create()
+    /**
+     * Do on user system check creation
+     *
+     * @return void
+     */
+    public function userSystemCheck_create()
     {
         add_option('newsPlugin_system_info', News_Plugin_Utils::get_system_info());
         add_option('news_plugin_url_method', false);
     }
-    function userSystemCheck_deactivation()
+
+    /**
+     * Do on system check deactivation
+     *
+     * @return void
+     */
+    public function userSystemCheck_deactivation()
     {
         delete_option('newsPlugin_system_info');
     }
 
-    function refresh_plugin_version()
+    /**
+     * Refresh plugin version
+     *
+     * @return void
+     */
+    public function refresh_plugin_version()
     {
         if (function_exists('get_plugin_data')) {
@@ -86 +112 @@
 
     /**
+     * Load plugin textdomain
+     *
+     * @return void
+     */
+    public function localize()
+    {
+        load_plugin_textdomain('news_plugin', false, basename(dirname(__FILE__)) . '/languages');
+    }
+
+    /**
      * Register the plugin widget, widget areas and widget shorcodes.
      */
-    function widgets_init()
+    public function widgets_init()
     {
         register_widget('News_Plugin_Widget');
         for ($area = 1; $area <= 4; $area++) {
-            register_sidebar(array(
+            register_sidebar([
                 'name' => "NewsPlugin Widget Area {$area}",
                 'id' => "newsplugin_widgets_{$area}",
@@ -98 +134 @@
                 'before_widget' => '<div id="%1$s" class="widget %2$s">',
                 'after_widget' => '</div>'
-            ));
+            ]);
         }
-        add_shortcode('newsplugin_widgets', array($this, 'widget_area_shortcode'));
-        add_shortcode('newsplugin_feed', array($this, 'feed_shortcode'));
+        add_shortcode('newsplugin_widgets', [$this, 'widget_area_shortcode']);
+        add_shortcode('newsplugin_feed', [$this, 'feed_shortcode']);
     }
 
     /**
      * Process the widget area shortcode.
-     */
-    function widget_area_shortcode($attrs)
-    {
-        $a = shortcode_atts(array('area' => '1'), $attrs);
+     *
+     * @param array $attrs Attributes.
+     * @return string|false
+     */
+    public function widget_area_shortcode($attrs)
+    {
+        $a = shortcode_atts(['area' => '1'], $attrs);
         $sidebar = "newsplugin_widgets_{$a['area']}";
         ob_start();
@@ -121 +160 @@
 
 
-    //[feed_shortcode title="" keywords="News" count="" age="" sources="" excluded_sources="" search_mode="" search_type="" sort_mode="" link_type="" show_date="" show_source="" show_abstract="" feed_mode=""]
+    // [feed_shortcode title="" keywords="News" count="" age="" sources="" excluded_sources="" search_mode="" search_type="" sort_mode="" link_type="" show_date="" show_source="" show_abstract="" feed_mode=""]
 
     /**
      * Process the newsfeed shortcode.
-     */
-    function feed_shortcode($attrs)
-    {
-        $attrs = shortcode_atts(array(
+     *
+     * @param array $attrs Attributes.
+     * @return string|false
+     */
+    public function feed_shortcode($attrs)
+    {
+        $attrs = shortcode_atts([
             'id' => '',
             'title' => '',
@@ -147 +189 @@
             'feed_mode' => '',
             'wp_uid' => ''
-        ), $attrs);
+        ], $attrs);
         $newswid = new News_Plugin_Widget();
-        $a = $newswid->update($attrs, array());
+        $a = $newswid->update($attrs, []);
         $a['id'] = $attrs['id'];
         ob_start();
-        the_widget('News_Plugin_Widget', $a, array());
+        the_widget('News_Plugin_Widget', $a, []);
         return ob_get_clean();
     }
@@ -159 +201 @@
      * Register the plugin CSS style.
      */
-    function register_styles()
-    {
-        wp_register_style('news-plugin', plugin_dir_url(__FILE__) . 'assets/css/news-plugin.css', array(), "0.1");
+    public function register_styles()
+    {
+        wp_register_style('news-plugin', plugin_dir_url(__FILE__) . 'assets/css/news-plugin.css', [], "0.1");
         wp_enqueue_style('news-plugin');
     }
 
-    function register_admin_scripts()
+    /**
+     * Register admin scripts
+     *
+     * @return void
+     */
+    public function register_admin_scripts()
     {
         $assets_path = plugin_dir_url(__FILE__) . 'assets/';
+        // phpcs:ignore WordPress.WP.EnqueuedResourceParameters.MissingVersion
         wp_enqueue_style('news-plugin', $assets_path . 'css/news-plugin.css');
-        wp_enqueue_script('news-plugin', $assets_path . 'js/jscolor.min.js');
+        // phpcs:ignore WordPress.WP.EnqueuedResourceParameters.MissingVersion, WordPress.WP.EnqueuedResourceParameters.NoExplicitVersion
+        wp_enqueue_script('news-plugin', $assets_path . 'js/jscolor.min.js', [], false, true);
     }
 
@@ -175 +224 @@
      * Register the plugin options.
      */
-    function admin_init()
+    public function admin_init()
     {
         add_settings_section(
             'default',
-            NULL,
-            NULL,
+            null,
+            null,
             'news-plugin-settings'
         );
@@ -187 +236 @@
             'news_plugin_api_key',
             __('Activation Key:', 'news_plugin'),
-            array($this, 'settings_api_key'),
+            [$this, 'settings_api_key'],
             'news-plugin-settings',
             'default'
@@ -194 +243 @@
             'news-plugin-settings',
             'news_plugin_api_key',
-            array($this, 'validate_api_key')
+            [$this, 'validate_api_key']
         );
 
-        /* Disable User Mode for now.
-       add_settings_field(
-           'news_plugin_user_mode',
-           __('Choose User Mode:','news_plugin'),
-           array( $this, 'settings_user_mode' ),
-           'news-plugin-settings',
-           'default'
-       );
-       register_setting(
-           'news-plugin-settings',
-           'news_plugin_user_mode',
-           array( $this, 'validate_user_mode' )
-       );
-       */
+        /*
+         Disable User Mode for now.
+       add_settings_field(
+           'news_plugin_user_mode',
+           __('Choose User Mode:','news_plugin'),
+           array( $this, 'settings_user_mode' ),
+           'news-plugin-settings',
+           'default'
+       );
+       register_setting(
+           'news-plugin-settings',
+           'news_plugin_user_mode',
+           array( $this, 'validate_user_mode' )
+       );
+       */
     }
 
@@ -216 +266 @@
      * Register the plugin menu.
      */
-    function admin_menu()
+    public function admin_menu()
     {
         add_menu_page(
@@ -223 +273 @@
             'manage_options',
             'news-plugin-settings',
-            array($this, 'newsplugin_options_page'),
+            [$this, 'newsplugin_options_page'],
             'dashicons-megaphone',
             '3'
         );
-        add_filter('plugin_action_links_' . plugin_basename(__FILE__), array($this, 'add_action_links'));
+        add_filter('plugin_action_links_' . plugin_basename(__FILE__), [$this, 'add_action_links']);
     }
 
@@ -235 +285 @@
      * when registering settings
      */
-    private $status_settings_key = 'newsplugin_status_settings';
+    /**
+     * Key - $status
+     *
+     * @var string
+     */
+     private $status_settings_key = 'newsplugin_status_settings';
+    /**
+     * Key - feed
+     *
+     * @var string
+     */
     private $feed_settings_key = 'newsplugin_feed_settings';
+    /**
+     * Key - style
+     *
+     * @var string
+     */
     private $style_settings_key = 'newsplugin_style_settings';
+    /**
+     * Key - activation
+     *
+     * @var string
+     */
     private $activation_settings_key = 'newsplugin_activation_settings';
+    /**
+     * Key - shortcode
+     *
+     * @var string
+     */
     private $shortcode_settings_key = 'newsplugin_shortcode_settings';
+    /**
+     * Key - help
+     *
+     * @var string
+     */
     private $help_settings_key = 'newsplugin_help_settings';
+    /**
+     * Key - key
+     *
+     * @var string
+     */
     private $plugin_options_key = 'news-plugin-settings';
-    private $plugin_settings_tabs = array();
-
-    /*
-     * Registering the sections.
-     */
-    function register_status_section()
+    /**
+     * Key - tabs
+     *
+     * @var array
+     */
+    private $plugin_settings_tabs = [];
+
+    /**
+     * Registering the sections - status
+     *
+     * @return void
+     */
+    public function register_status_section()
     {
         $this->plugin_settings_tabs[$this->status_settings_key] = 'Server Information';
     }
-    function register_feed_section()
+    /**
+     * Registering the sections - feed
+     *
+     * @return void
+     */
+    public function register_feed_section()
     {
         $this->plugin_settings_tabs[$this->feed_settings_key] = 'Send Feedback';
     }
-    function register_style_section()
+    /**
+     * Registering the sections - style
+     *
+     * @return void
+     */
+    public function register_style_section()
     {
         $this->plugin_settings_tabs[$this->style_settings_key] = 'Customize Styles';
     }
-    function register_activation_section()
+    /**
+     * Registering the sections - activation
+     *
+     * @return void
+     */
+    public function register_activation_section()
     {
         $this->plugin_settings_tabs[$this->activation_settings_key] = 'Activate NewsPlugin';
     }
-    function register_shortcode_section()
+    /**
+     * Registering the sections - shortcode
+     *
+     * @return void
+     */
+    public function register_shortcode_section()
     {
         $this->plugin_settings_tabs[$this->shortcode_settings_key] = 'Generate Shortcode';
     }
-    function register_help_section()
+    /**
+     * Registering the sections - help
+     *
+     * @return void
+     */
+    public function register_help_section()
     {
         $this->plugin_settings_tabs[$this->help_settings_key] = 'Instructions!';
     }
 
-    function get_with_default($arr, $a, $b, $def)
-    { /* Grrr this should be language construct ... oh. It will be. PHP 7. https://wiki.php.net/rfc/isset_ternary */
+    /**
+     * Get value with default
+     *
+     * @param array  $arr Array.
+     * @param string $a First index.
+     * @param string $b Second index.
+     * @param mixed  $def Default.
+     * @return mixed
+     */
+    public function get_with_default($arr, $a, $b, $def)
+    {
+ /* Grrr this should be language construct ... oh. It will be. PHP 7. https://wiki.php.net/rfc/isset_ternary */
         if (!is_array($arr)) {
             return $def;
@@ -286 +413 @@
     }
 
-    /*
+    /**
      * Plugin Options page rendering goes here, checks
      * for active tab and replaces key with the related
      * settings key. Uses the plugin_options_tabs method
      * to render the tabs.
-     */
-    function newsplugin_options_page()
-    {
-        $tab = isset($_GET['tab']) ? $_GET['tab'] : $this->help_settings_key;
-?>
+     *
+     * @return void
+     */
+    public function newsplugin_options_page()
+    {
+
+        // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+        $tab = isset($_GET['tab']) ? sanitize_title_with_dashes(wp_unslash($_GET['tab'])) : $this->help_settings_key;
+        ?>
         <div class="wrap">
             <h2>NewsPlugin Settings</h2>
@@ -302 +433 @@
             if (empty($key)) { ?>
                 <div class="error">
-                    <p><a href="<?php echo admin_url('admin.php?page=news-plugin-settings&tab=newsplugin_activation_settings'); ?>">Add Activation Key</a> to the NewsPlugin. Otherwise, the generated shortcodes or NewsPlugin widgets will not work!</p>
+                    <p><a href="<?php echo esc_url(admin_url('admin.php?page=news-plugin-settings&tab=newsplugin_activation_settings')); ?>">Add Activation Key</a> to the NewsPlugin. Otherwise, the generated shortcodes or NewsPlugin widgets will not work!</p>
                 </div>
             <?php } ?>
@@ -312 +443 @@
                     <?php submit_button(); ?>
                 </form>
-            <?php } else if ($tab === $this->shortcode_settings_key && !empty($key)) { ?>
+            <?php } elseif ($tab === $this->shortcode_settings_key && !empty($key)) { ?>
                 <table id="shortcodeTable" class="form-table">
                     <tr>
@@ -546 +677 @@
                             shortcode_params += " age='" + newsplugin_age + "'";
                         }
-                        shortcode_params += " wp_uid='<?php echo get_current_user_id(); ?>'";
+                        shortcode_params += " wp_uid='<?php echo esc_attr(get_current_user_id()); ?>'";
                         var html = "<p>Press Ctrl+C to copy to clipboard and paste it in your posts or pages.</p>";
                         html += "<p><textarea id='shortcode-field' onfocus='this.select()' onclick='this.select()' readonly='readonly' style='width:400px; height:200px; max-width:400px; max-height:200px; min-width:400px; min-height:200px;'>[newsplugin_feed id='" + new Date().valueOf() + "'" + shortcode_params + "]</textarea></p>";
@@ -555 +686 @@
                     }
                 </script>
-            <?php } else if ($tab === $this->help_settings_key) { ?>
+            <?php } elseif ($tab === $this->help_settings_key) { ?>
                 <h3>Instructions</h3>
                 <p>Please read the instructions below carefully to easily setup and use the NewsPlugin.</p>
-                <p><strong>1. Enter Activation Key:</strong><br>First of all, enter your Activation Key in the <a href="<?php echo admin_url('admin.php?page=news-plugin-settings&tab=' . $this->activation_settings_key) ?>">Activate</a> tab.</p>
-                <p><strong>2. Create Newsfeeds:</strong><br>Create your newsfeed by generating a shortcode from <a href="<?php echo admin_url('admin.php?page=news-plugin-settings&tab=' . $this->shortcode_settings_key) ?>">Generate Shortcode</a> tab. Put that shortcode in posts or pages where you want to display your newsfeed.<br>OR<br>create your newsfeed from <a href="<?php echo admin_url('widgets.php') ?>">Appearance &gt; Widgets</a>. From the widgets panel drag the "NewsPlugin" widget to the desired sidebar or widget area where you want to show your newsfeed. Edit the widget features to create/edit your newsfeed. Choose the name, number of headlines, keywords and other settings.</p>
+                <p><strong>1. Enter Activation Key:</strong><br>First of all, enter your Activation Key in the <a href="<?php echo esc_url(admin_url('admin.php?page=news-plugin-settings&tab=' . $this->activation_settings_key)); ?>">Activate</a> tab.</p>
+                <p><strong>2. Create Newsfeeds:</strong><br>Create your newsfeed by generating a shortcode from <a href="<?php echo esc_url(admin_url('admin.php?page=news-plugin-settings&tab=' . $this->shortcode_settings_key)); ?>">Generate Shortcode</a> tab. Put that shortcode in posts or pages where you want to display your newsfeed.<br>OR<br>create your newsfeed from <a href="<?php echo esc_url(admin_url('widgets.php')); ?>">Appearance &gt; Widgets</a>. From the widgets panel drag the "NewsPlugin" widget to the desired sidebar or widget area where you want to show your newsfeed. Edit the widget features to create/edit your newsfeed. Choose the name, number of headlines, keywords and other settings.</p>
                 <p><strong>3. Edit Headlines (if you want to):</strong><br>You can remove unwanted headlines or star the good ones right from your site. Note that you must be logged in to WordPress as an administrator or an editor to see the 'Edit Newsfeed Mode' link on your page (next to your newsfeed).</p>
                 <h3>Support</h3>
@@ -569 +700 @@
                 $style_news = get_user_meta($userID, 'news_style_dashbord_style', 'true');
 
-                $font_family = array();
-                $font_family = array("Arial", "Cambria", "Algerian", "Copperplate", "Lucida Console", "Times New Roman", "Impact", "Monaco", "Georgia", "Optima");
-            ?>
-                <h3>Style news plugin widgets created by user <?php echo $user->display_name; ?></h3>
+                $font_family = [];
+                $font_family = ["Arial", "Cambria", "Algerian", "Copperplate", "Lucida Console", "Times New Roman", "Impact", "Monaco", "Georgia", "Optima"];
+                ?>
+                <h3>Style news plugin widgets created by user <?php echo esc_html($user->display_name); ?></h3>
                 <div class="news-row-style">
                     <div class="style_left">
                         <form action="<?php echo esc_url(admin_url('admin-post.php')); ?>" method="post">
+                            <?php wp_nonce_field('news_plugin_save_style', 'news_plugin_save_style_field'); ?>
                             <input type="hidden" name="action" value="news_plugin_save_style">
                             <h3>Newsfeed Title</h3>
                             <h4>Color</h4>
                             <?php
-                            echo '<input class="jscolor" name="title_color" id="title_color" type="text" value="' . $this->get_with_default($style_news, 'newsfeed_title', 'color', '') . '" /><br>';
+                            echo '<input class="jscolor" name="title_color" id="title_color" type="text" value="' . esc_attr($this->get_with_default($style_news, 'newsfeed_title', 'color', '')) . '" /><br>';
                             echo '<h4>Size</h4>';
                             echo '<select name="title_size" id="title_size">';
                             $v = $this->get_with_default($style_news, 'newsfeed_title', 'size', '');
-                            echo '<option value="' . $v . '">' . $v . '</option>';
+                            echo '<option value="' . esc_attr($v) . '">' . esc_html($v) . '</option>';
                             for ($i = 10; $i <= 50; $i++) {
-                                if ($i == $v) {
+                                if ($i === $v) {
                                 } else {
-                                    echo '<option value="' . $i . '">' . $i . '</option>';
+                                    echo '<option value="' . esc_attr($i) . '">' . esc_html($i) . '</option>';
                                 }
                             }
@@ -595 +727 @@
                             echo '<select name="title_font" id="title_font">';
                             $v = $this->get_with_default($style_news, 'newsfeed_title', 'font_family', '');
-                            echo '<option value="' . $v . '">' . $v . '</option>';
+                            echo '<option value="' . esc_attr($v) . '">' . esc_html($v) . '</option>';
                             if ($v) {
                                 echo '<option value="">Unchanged (theme default)</option>';
                             }
                             foreach ($font_family as $fonts) {
-                                if ($fonts == $v) {
+                                if ($fonts === $v) {
                                 } else {
-                                    echo '<option value="' . $fonts . '">' . $fonts . '</option>';
+                                    echo '<option value="' . esc_attr($fonts) . '">' . esc_html($fonts) . '</option>';
                                 }
                             }
@@ -608 +740 @@
                             echo '<h3>Article Headline</h3>';
                             echo '<h4>Color</h4>';
-                            echo '<input class="jscolor" name="news_title_color" id="news_title_color" type="text" value="' . $this->get_with_default($style_news, 'article_headline', 'color', '') . '" /><br>';
+                            echo '<input class="jscolor" name="news_title_color" id="news_title_color" type="text" value="' . esc_attr($this->get_with_default($style_news, 'article_headline', 'color', '')) . '" /><br>';
                             echo '<h4>Size</h4>';
                             echo '<select name="news_title_size" id="news_title_size">';
                             $v = $this->get_with_default($style_news, 'article_headline', 'size', '');
-                            echo '<option value="' . $v . '">' . $v . '</option>';
+                            echo '<option value="' . esc_attr($v) . '">' . esc_html($v) . '</option>';
                             for ($i = 10; $i <= 50; $i++) {
-                                if ($i == $v) {
+                                if ($i === $v) {
                                 } else {
-                                    echo '<option value="' . $i . '">' . $i . '</option>';
+                                    echo '<option value="' . esc_attr($i) . '">' . esc_html($i) . '</option>';
                                 }
                             }
@@ -623 +755 @@
                             echo '<select name="news_title_family" id="news_title_family">';
                             $v = $this->get_with_default($style_news, 'article_headline', 'font_family', '');
-                            echo '<option value="' . $v . '">' . $v . '</option>';
+                            echo '<option value="' . esc_attr($v) . '">' . esc_html($v) . '</option>';
                             if ($v) {
                                 echo '<option value="">Unchanged (theme default)</option>';
                             }
                             foreach ($font_family as $fonts) {
-                                if ($fonts == $v) {
+                                if ($fonts === $v) {
                                 } else {
-                                    echo '<option value="' . $fonts . '">' . $fonts . '</option>';
+                                    echo '<option value="' . esc_attr($fonts) . '">' . esc_html($fonts) . '</option>';
                                 }
                             }
@@ -636 +768 @@
                             echo '<h3>Article Abstract</h3>';
                             echo '<h4>Color</h4>';
-                            echo '<input class="jscolor" name="abstract_font_color" id="abstract_font_color" type="text" value="' . $this->get_with_default($style_news, 'article_abstract', 'color', '') . '" /><br>';
+                            echo '<input class="jscolor" name="abstract_font_color" id="abstract_font_color" type="text" value="' . esc_attr($this->get_with_default($style_news, 'article_abstract', 'color', '')) . '" /><br>';
                             echo '<h4>Size</h4>';
                             echo '<select name="abstract_font_size" id="abstract_font_size">';
                             $v = $this->get_with_default($style_news, 'article_abstract', 'size', '');
-                            echo '<option value="' . $v . '">' . $v . '</option>';
+                            echo '<option value="' . esc_attr($v) . '">' . esc_html($v) . '</option>';
                             for ($i = 10; $i <= 50; $i++) {
-                                if ($i == $v) {
+                                if ($i === $v) {
                                 } else {
-                                    echo '<option value="' . $i . '">' . $i . '</option>';
+                                    echo '<option value="' . esc_attr($i) . '">' . esc_html($i) . '</option>';
                                 }
                             }
@@ -651 +783 @@
                             echo '<select name="abstract_font_family" id="abstract_font_family">';
                             $v = $this->get_with_default($style_news, 'article_abstract', 'font_family', '');
-                            echo '<option value="' . $v . '">' . $v . '</option>';
+                            echo '<option value="' . esc_attr($v) . '">' . esc_html($v) . '</option>';
                             if ($v) {
                                 echo '<option value="">Unchanged (theme default)</option>';
                             }
                             foreach ($font_family as $fonts) {
-                                if ($fonts == $v) {
+                                if ($fonts === $v) {
                                 } else {
-                                    echo '<option value="' . $fonts . '">' . $fonts . '</option>';
+                                    echo '<option value="' . esc_attr($fonts) . '">' . esc_html($fonts) . '</option>';
                                 }
                             }
@@ -668 +800 @@
                             echo '<h4>Color</h4>';
 
-                            echo '<input class="jscolor" name="news_date_color" id="news_date_color" type="text" value="' . $this->get_with_default($style_news, 'article_date', 'color', '') . '" /><br>';
+                            echo '<input class="jscolor" name="news_date_color" id="news_date_color" type="text" value="' . esc_attr($this->get_with_default($style_news, 'article_date', 'color', '')) . '" /><br>';
 
                             echo '<h4>Size</h4>';
@@ -675 +807 @@
 
                             $v = $this->get_with_default($style_news, 'article_date', 'size', '');
-                            echo '<option value="' . $v . '">' . $v . '</option>';
+                            echo '<option value="' . esc_attr($v) . '">' . esc_html($v) . '</option>';
 
                             for ($i = 10; $i <= 50; $i++) {
-
-                                if ($i == $v) {
+                                if ($i === $v) {
                                 } else {
-
-                                    echo '<option value="' . $i . '">' . $i . '</option>';
+                                    echo '<option value="' . esc_attr($i) . '">' . esc_html($i) . '</option>';
                                 }
                             }
@@ -690 +820 @@
                             echo '<select name="date_font" id="date_font">';
                             $v = $this->get_with_default($style_news, 'article_date', 'font_family', '');
-                            echo '<option value="' . $v . '">' . $v . '</option>';
+                            echo '<option value="' . esc_attr($v) . '">' . esc_html($v) . '</option>';
                             if ($v) {
                                 echo '<option value="">Unchanged (theme default)</option>';
                             }
                             foreach ($font_family as $fonts) {
-                                if ($fonts == $v) {
+                                if ($fonts === $v) {
                                 } else {
-                                    echo '<option value="' . $fonts . '">' . $fonts . '</option>';
+                                    echo '<option value="' . esc_attr($fonts) . '">' . esc_html($fonts) . '</option>';
                                 }
                             }
@@ -706 +836 @@
                             echo '<h4>Color</h4>';
 
-                            echo '<input class="jscolor" name="source_color" id="source_color" type="text" value="' . $this->get_with_default($style_news, 'article_sources', 'color', '') . '" /><br>';
+                            echo '<input class="jscolor" name="source_color" id="source_color" type="text" value="' . esc_attr($this->get_with_default($style_news, 'article_sources', 'color', '')) . '" /><br>';
 
                             echo '<h4>Size</h4>';
@@ -713 +843 @@
 
                             $v = $this->get_with_default($style_news, 'article_sources', 'size', '');
-                            echo '<option value="' . $v . '">' . $v . '</option>';
+                            echo '<option value="' . esc_attr($v) . '">' . esc_html($v) . '</option>';
 
                             for ($i = 10; $i <= 50; $i++) {
-
-                                if ($i == $v) {
+                                if ($i === $v) {
                                 } else {
-
-                                    echo '<option value="' . $i . '">' . $i . '</option>';
+                                    echo '<option value="' . esc_attr($i) . '">' . esc_html($i) . '</option>';
                                 }
                             }
@@ -728 +856 @@
                             echo '<select name="source_font" id="source_font">';
                             $v = $this->get_with_default($style_news, 'article_sources', 'font_family', '');
-                            echo '<option value="' . $v . '">' . $v . '</option>';
+                            echo '<option value="' . esc_attr($v) . '">' . esc_html($v) . '</option>';
                             if ($v) {
                                 echo '<option value="">Unchanged (theme default)</option>';
                             }
                             foreach ($font_family as $fonts) {
-                                if ($fonts == $v) {
+                                if ($fonts === $v) {
                                 } else {
-                                    echo '<option value="' . $fonts . '">' . $fonts . '</option>';
+                                    echo '<option value="' . esc_attr($fonts) . '">' . esc_html($fonts) . '</option>';
                                 }
                             }
@@ -751 +879 @@
                             ?>
 
-                        <?php } elseif ($tab === $this->feed_settings_key) {
+            <?php } elseif ($tab === $this->feed_settings_key) {
                         echo '<div class="feeds-row-style">';
                         echo '<div>';
-                        if (isset($_GET['status'])) {
-                            if ($_GET['status'] == 1) {
-                                echo '<span><h3>Your message has been sent.<br/>Thank you.</h3></span>';
-                            } else {
-                                echo '<span><h3>Error sending message. Please use the form at <a href="https://www.newsplugin.com/contact/">https://www.newsplugin.com/contact/</a>, don' . "'" . 't forget to include the server informations and mention that the plugin feedback page failed.</span></h3>';
-                            }
-                        } ?>
+                // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+                if (isset($_GET['status'])) {
+                    // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+                    if (intval($_GET['status']) === 1) {
+                        echo '<span><h3>Your message has been sent.<br/>Thank you.</h3></span>';
+                    } else {
+                        echo '<span><h3>Error sending message. Please use the form at <a href="https://www.newsplugin.com/contact/">https://www.newsplugin.com/contact/</a>, don' . "'" . 't forget to include the server informations and mention that the plugin feedback page failed.</span></h3>';
+                    }
+                } ?>
                     </div>
                     <form action="<?php echo esc_url(admin_url('admin-post.php')); ?>" method="post" id="feed_form">
+                        <?php wp_nonce_field('news_plugin_send_feedback', 'news_plugin_send_feedback_field'); ?>
                         <input type="hidden" name="action" value="news_plugin_send_feedback">
                         <div class="feed_left">
-                            <h3>From</h3><?php
-                                            if ($user_info = News_Plugin_Utils::get_user_info()) {
-                                                $email = $user_info->email;
-                                            } else {
-                                                $email = '';
-                                            }
-                                            echo '<input class="text notsobig" name="feed_from" id="feed_from" type="email" size="64" value="' . $email . '"/><br>';
+                            <h3><?php esc_html_e('Email', 'news_plugin'); ?></h3><?php
+                            $user_info = News_Plugin_Utils::get_user_info();
+                            if ($user_info) {
+                                $email = $user_info->email;
+                            } else {
+                                $email = '';
+                            }
+                                            echo '<input class="text notsobig" name="feed_from" id="feed_from" type="email" size="64" value="' . esc_attr($email) . '"/><br>';
                                             echo '<h3>Subject</h3>';
                                             echo '<input class="text notsobig" name="feed_subject" id="feed_subject" type="text" size="64" /><br>';
                                             echo '<h3>Description</h3>';
                                             echo '<textarea form="feed_form" class="notsobig" name="feed_desc" id="taid" cols="64" rows="10">';
-                                            /* echo '<div id="sys_status_data">';
-                echo '</div>'; */
                                             echo '</textarea><br>';
                                             echo '<p class="submit">';
@@ -799 +929 @@
 
                                             $results = get_option('newsPlugin_system_info');
-                                            foreach ($results['wordpress_env'] as $key => $value) {
-                                                $key_Name = str_replace('_', ' ', $key);
-                                                echo '<tr>
-                            <td data-export-label="' . $key . '">' . strtoupper($key_Name) . ' :</td>
-                            <td>' . $value . '</td>
+                            foreach ($results['wordpress_env'] as $key => $value) {
+                                $key_Name = str_replace('_', ' ', $key);
+                                echo '<tr>
+                            <td data-export-label="' . esc_attr($key) . '">' . esc_html(strtoupper($key_Name)) . ' :</td>
+                            <td>' . esc_html($value) . '</td>
                         </tr>';
-                                            }
-                                            foreach ($results['system_env'] as $key => $value) {
-                                                $key_Name = str_replace('_', ' ', $key);
-                                                echo '<tr>
-                            <td data-export-label="' . $key . '">' . strtoupper($key_Name) . ' :</td>
-                            <td>' . $value . '</td>
+                            }
+                            foreach ($results['system_env'] as $key => $value) {
+                                $key_Name = str_replace('_', ' ', $key);
+                                echo '<tr>
+                            <td data-export-label="' . esc_attr($key) . '">' . esc_html(strtoupper($key_Name)) . ' :</td>
+                            <td>' . esc_html($value) . '</td>
                         </tr>';
-                                            }
-                                            foreach ($results['newsplugin_env'] as $key => $value) {
-                                                $key_Name = str_replace('_', ' ', $key);
-                                                echo '<tr>
-                            <td data-export-label="' . $key . '">' . strtoupper($key_Name) . ' :</td>
-                            <td>' . $value . '</td>
+                            }
+                            foreach ($results['newsplugin_env'] as $key => $value) {
+                                $key_Name = str_replace('_', ' ', $key);
+                                echo '<tr>
+                            <td data-export-label="' . esc_attr($key) . '">' . esc_html(strtoupper($key_Name)) . ' :</td>
+                            <td>' . esc_html($value) . '</td>
                         </tr>';
-                                            }
+                            }
 
                                             echo '</tbody>';
@@ -826 +956 @@
                                             echo '<div class="log_div">';
                                             $myfilename = plugin_dir_url(__FILE__) . "logs/plugin-logs.txt";
+                                            // phpcs:ignore WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents
                                             $content = file_exists($myfilename) ? file_get_contents($myfilename) : false;
                                             $v = ($content === false) ? '' : ' checked="checked"';
-                                            echo '<h2><input type="checkbox" id="errors_div" onclick="showError(this)"' . $v . '/> Include Custom Logs</h2>';
+                                            echo '<h2><input type="checkbox" id="errors_div" onclick="showError(this)"' . esc_html($v) . '/> Include Custom Logs</h2>';
                                             echo '</div>';
                                             echo '<div class="feed_system_preview" id="error_show_div">';
-                                            echo '<textarea id="errors_logs" name="noLog_errors" form="feed_form" style="display:none;">"' . $content . '"</textarea>';
-                                            if ($content !== false) {
-                                                echo '<p><strong>"' . $content . '"</strong></p>';
-                                            }
+                                            echo '<textarea id="errors_logs" name="noLog_errors" form="feed_form" style="display:none;">"' . esc_html($content) . '"</textarea>';
+                            if ($content !== false) {
+                                echo '<p><strong>"' . esc_html($content) . '"</strong></p>';
+                            }
                                             echo '</div>';
                                             echo '</div>';
@@ -840 +971 @@
 
                                             echo '</div>';
-                                            ?>
+                            ?>
                             <script>
                                 function showDiv(box) {
@@ -867 +998 @@
                             </script>
 
-                        <?php } elseif ($tab === $this->status_settings_key) { ?>
+            <?php } elseif ($tab === $this->status_settings_key) { ?>
                             <form action="<?php echo esc_url(admin_url('admin-post.php')); ?>" method="post">
+                                <?php wp_nonce_field('news_plugin_update_system_info'); ?>
                                 <input type="hidden" name="action" value="news_plugin_update_system_info">
                                 <p class="submit">
@@ -882 +1014 @@
                                         $key_Name = str_replace('_', ' ', $key);
                                         echo '<tr>
-                            <td data-export-label="' . $key . '">' . strtoupper($key_Name) . ' :</td>
-                            <td>' . $value . '</td>
+                            <td data-export-label="' . esc_attr($key) . '">' . esc_html(strtoupper($key_Name)) . ' :</td>
+                            <td>' . esc_html($value) . '</td>
                         </tr>';
                                     }
@@ -890 +1022 @@
                                         $key_Name = str_replace('_', ' ', $key);
                                         echo '<tr>
-                            <td data-export-label="' . $key . '">' . strtoupper($key_Name) . ' :</td>
-                            <td>' . $value . '</td>
+                            <td data-export-label="' . esc_attr($key) . '">' . esc_html(strtoupper($key_Name)) . ' :</td>
+                            <td>' . esc_html($value) . '</td>
                         </tr>';
                                     }
@@ -898 +1030 @@
                                         $key_Name = str_replace('_', ' ', $key);
                                         echo '<tr>
-                            <td data-export-label="' . $key . '">' . strtoupper($key_Name) . ' :</td>
-                            <td>' . $value . '</td>
+                            <td data-export-label="' . esc_attr($key) . '">' . esc_html(strtoupper($key_Name)) . ' :</td>
+                            <td>' . esc_html($value) . '</td>
                         </tr>';
                                     }
@@ -906 +1038 @@
 
                                     ?>
-                                <?php } ?>
+            <?php } ?>
                         </div>
                 <?php
-            }
-
-            /*
+    }
+
+    /**
      * Renders our tabs in the plugin options page,
      * walks through the object's tabs array and prints
      * them one by one. Provides the heading for the
      * plugin_options_page method.
-     */
-            function newsplugin_options_tabs($current_tab)
-            {
-                echo '<h2 class="nav-tab-wrapper">';
-                foreach ($this->plugin_settings_tabs as $tab_key => $tab_caption) {
-                    $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
-                    echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->plugin_options_key . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
-                }
-                echo '</h2>';
-            }
-
-            /**
-             * Add link to the options page to the plugin action links.
-             */
-            function add_action_links($default_links)
-            {
-                $links = array(
-                    '<a href="' . admin_url('admin.php?page=news-plugin-settings') . '">Settings</a>',
-                );
-                return array_merge($links, $default_links);
-            }
-
-            /**
-             * Render the API key settings.
-             */
-            function settings_api_key()
-            {
-                $v = get_option('news_plugin_api_key');
-                echo '<input class="regular-text" name="news_plugin_api_key" id="news_plugin_api_key" type="text" size="64" value="' . esc_attr($v) . '" />';
-                echo '<p class="description">';
-                echo 'You can get it at <a href="http://my.newsplugin.com/register" target="_blank">http://my.newsplugin.com/register</a>.';
-                echo '</p>';
-            }
-
-            /**
-             * Validate the API key settings.
-             */
-            function validate_api_key($input)
-            {
-                return sanitize_text_field($input);
-            }
-
-            /**
-             * Render the user mode settings.
-             */
-            function settings_user_mode()
-            {
-                $v = get_option('news_plugin_user_mode');
-                echo '<p>';
-                echo '<input type="radio" name="news_plugin_user_mode" id="news_plugin_user_mode_0" value="0"', ($v == 0 ? ' checked="checked"' : ''), '>';
-                echo '<label for="news_plugin_user_mode_0">Basic - Simple &amp; easy way to start with.</label>';
-                echo '<br>';
-                echo '<input type="radio" name="news_plugin_user_mode" id="news_plugin_user_mode_1" value="1"', ($v == 1 ? ' checked="checked"' : ''), '>';
-                echo '<label for="news_plugin_user_mode_1">Advanced - More features for advanced users.</label>';
-                echo '<br>';
-                echo '<input type="radio" name="news_plugin_user_mode" id="news_plugin_user_mode_2" value="2"', ($v == 2 ? ' checked="checked"' : ''), '>';
-                echo '<label for="news_plugin_user_mode_2">Expert - Manual publishing mode for professionals.</label>';
-                echo '</p>';
-            }
-
-            /**
-             * Validate the user mode settings.
-             */
-            function validate_user_mode($input)
-            {
-                $v = absint($input);
-                return ($v < 3 ? $v : 0);
-            }
-
-            function handle_update_system_info()
-            {
-                update_option('newsPlugin_system_info', News_Plugin_Utils::get_system_info());
-                $redirect = admin_url('admin.php') . '?page=news-plugin-settings&tab=newsplugin_status_settings';
-                wp_redirect($redirect);
-            }
-            function handle_save_style()
-            {
-                include(plugin_dir_path(__FILE__) . 'save_style.php');
-            }
-            function handle_send_feedback()
-            {
-                include(plugin_dir_path(__FILE__) . 'send_feedback.php');
-            }
+     *
+     * @param string $current_tab Current tab ID.
+     * @return void
+     */
+    public function newsplugin_options_tabs($current_tab)
+    {
+        echo '<h2 class="nav-tab-wrapper">';
+        foreach ($this->plugin_settings_tabs as $tab_key => $tab_caption) {
+            $active = $current_tab === $tab_key ? 'nav-tab-active' : '';
+            echo '<a class="nav-tab ' . esc_attr($active) . '" href="?page=' . esc_attr($this->plugin_options_key) . '&tab=' . esc_attr($tab_key) . '">' . esc_html($tab_caption) . '</a>';
         }
-
-        // Hook ourselves into the Wordpress.
+        echo '</h2>';
+    }
+
+    /**
+     * Add link to the options page to the plugin action links.
+     *
+     * @param array $default_links Default links.
+     * @return array
+     */
+    public function add_action_links($default_links)
+    {
+        $links = [
+            '<a href="' . admin_url('admin.php?page=news-plugin-settings') . '">Settings</a>',
+        ];
+        return array_merge($links, $default_links);
+    }
+
+    /**
+     * Render the API key settings.
+     */
+    public function settings_api_key()
+    {
+        $v = get_option('news_plugin_api_key');
+        echo '<input class="regular-text" name="news_plugin_api_key" id="news_plugin_api_key" type="text" size="64" value="' . esc_attr($v) . '" />';
+        echo '<p class="description">';
+        echo 'You can get it at <a href="http://my.newsplugin.com/register" target="_blank">http://my.newsplugin.com/register</a>.';
+        echo '</p>';
+    }
+
+    /**
+     * Validate the API key settings.
+     *
+     * @param string $input API key.
+     * @return string
+     */
+    public function validate_api_key($input)
+    {
+        return sanitize_text_field($input);
+    }
+
+    /**
+     * Render the user mode settings.
+     */
+    public function settings_user_mode()
+    {
+        $v = get_option('news_plugin_user_mode');
+        echo '<p>';
+        echo '<input type="radio" name="news_plugin_user_mode" id="news_plugin_user_mode_0" value="0"', ($v === 0 ? ' checked="checked"' : ''), '>';
+        echo '<label for="news_plugin_user_mode_0">Basic - Simple &amp; easy way to start with.</label>';
+        echo '<br>';
+        echo '<input type="radio" name="news_plugin_user_mode" id="news_plugin_user_mode_1" value="1"', ($v === 1 ? ' checked="checked"' : ''), '>';
+        echo '<label for="news_plugin_user_mode_1">Advanced - More features for advanced users.</label>';
+        echo '<br>';
+        echo '<input type="radio" name="news_plugin_user_mode" id="news_plugin_user_mode_2" value="2"', ($v === 2 ? ' checked="checked"' : ''), '>';
+        echo '<label for="news_plugin_user_mode_2">Expert - Manual publishing mode for professionals.</label>';
+        echo '</p>';
+    }
+
+    /**
+     * Validate the user mode settings.
+     *
+     * @param int $input User mode ID (?).
+     * @return int
+     */
+    public function validate_user_mode($input)
+    {
+        $v = absint($input);
+        return ($v < 3 ? $v : 0);
+    }
+
+    /**
+     * Update stystem info
+     *
+     * @return void
+     */
+    public function handle_update_system_info()
+    {
+        update_option('newsPlugin_system_info', News_Plugin_Utils::get_system_info());
+        $redirect = admin_url('admin.php') . '?page=news-plugin-settings&tab=newsplugin_status_settings';
+        wp_safe_redirect($redirect);
+    }
+
+    /**
+     * Save CSS styles
+     *
+     * @return void
+     */
+    public function handle_save_style()
+    {
+        include(plugin_dir_path(__FILE__) . 'save_style.php');
+    }
+
+    /**
+     * Send feedback
+     *
+     * @return void
+     */
+    public function handle_send_feedback()
+    {
+        include(plugin_dir_path(__FILE__) . 'send_feedback.php');
+    }
+}
+
+        // Hook ourselves into the WordPress.
         new News_Plugin();
 
-                ?>
+?>

newsplugin/tags/1.1.0/readme.txt

@@ -3 +3 @@
 Tags: news, news plugin, news feed, news feeds, newsfeed, newsfeeds, news syndication
 Requires at least: 3.9
-Tested up to: 5.7
-Stable tag: 1.0.18
+Tested up to: 5.8
+Stable tag: 1.1.0
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -73 +73 @@
 == Changelog ==
 
-= 1.0.18 (September 18, 2020 )=
+= 1.1.0 =
+
+* Vulnerability fixes:
+    * All output should be run through an escaping function
+    * Sanitize content
+    * Strictly check types
+    * Process forms with nonces
+* Improvement: Enable plugin localization & make at least some strings localizable
+
+= 1.0.18 (September 18, 2020) =
 
 * Improvement: Format date & time according to WP settings

newsplugin/tags/1.1.0/save_style.php

@@ -1 +1 @@
 <?php
-if (function_exists('wp_get_current_user')) {
-    $current_user = wp_get_current_user();
-} else {
-    global $current_user;
-    wp_get_current_user();
+
+/**
+ * Save CSS styles
+ *
+ * @package    WordPress
+ * @subpackage News Plugin
+ * @since 1.0.0
+ */
+
+// Verify nonce.
+$nonce = isset($_POST['news_plugin_save_style_field']) ? sanitize_key($_POST['news_plugin_save_style_field']) : null;
+if (! $nonce || ! wp_verify_nonce($nonce, 'news_plugin_save_style')) {
+    die(esc_html__('4 - Security check failed. Try to submit the form once again.', 'news_plugin'));
 }
-$userID = $current_user->ID;
 
-$default_Value = $_POST['default_values_style'];
-$styleDash = array(
-    'newsfeed_title' => array(
-        'color'         =>  $_POST['title_color'],
-        'size'          =>  $_POST['title_size'],
-        'font_family'   =>  $_POST['title_font']
-    ),
-    'article_headline' => array(
-        'color'         =>  $_POST['news_title_color'],
-        'size'          =>  $_POST['news_title_size'],
-        'font_family'   =>  $_POST['news_title_family']
-    ),
-    'article_abstract' => array(
-        'color'         =>  $_POST['abstract_font_color'],
-        'size'          =>  $_POST['abstract_font_size'],
-        'font_family'   =>  $_POST['abstract_font_family']
-    ),
-    'article_date' => array(
-        'color'         =>  $_POST['news_date_color'],
-        'size'          =>  $_POST['news_date_size'],
-        'font_family'   =>  $_POST['date_font']
-    ),
-    'article_sources' => array(
-        'color'         =>  $_POST['source_color'],
-        'size'          =>  $_POST['source_size'],
-        'font_family'   =>  $_POST['source_font']
-    )
-);
+$user = wp_get_current_user();
+$userID = $user->ID;
+$default_Value = isset($_POST['default_values_style']) ? sanitize_key(wp_unslash($_POST['default_values_style'])) : null;
+$styleDash = [
+ 'newsfeed_title' => [
+      'color'         =>  isset($_POST['title_color']) ? sanitize_key(wp_unslash($_POST['title_color'])) : null,
+     'size'          =>  isset($_POST['title_size']) ? sanitize_key(wp_unslash($_POST['title_size'])) : null,
+      'font_family'   =>  isset($_POST['title_font']) ? sanitize_key(wp_unslash($_POST['title_font'])) : null
+  ],
+ 'article_headline' => [
+        'color'         =>  isset($_POST['news_title_color']) ? sanitize_key(wp_unslash($_POST['news_title_color'])) : null,
+        'size'          =>  isset($_POST['news_title_size']) ? sanitize_key(wp_unslash($_POST['news_title_size'])) : null,
+     'font_family'   =>  isset($_POST['news_title_family']) ? sanitize_key(wp_unslash($_POST['news_title_family'])) : null
+ ],
+ 'article_abstract' => [
+        'color'         =>  isset($_POST['abstract_font_color']) ? sanitize_key(wp_unslash($_POST['abstract_font_color'])) : null,
+     'size'          =>  isset($_POST['abstract_font_size']) ? sanitize_key(wp_unslash($_POST['abstract_font_size'])) : null,
+      'font_family'   =>  isset($_POST['abstract_font_family']) ? sanitize_key(wp_unslash($_POST['abstract_font_family'])) : null,
+ ],
+ 'article_date' => [
+        'color'         =>  isset($_POST['news_date_color']) ? sanitize_key(wp_unslash($_POST['news_date_color'])) : null,
+     'size'          =>  isset($_POST['news_date_size']) ? sanitize_key(wp_unslash($_POST['news_date_size'])) : null,
+      'font_family'   =>  isset($_POST['date_font']) ? sanitize_key(wp_unslash($_POST['date_font'])) : null,
+ ],
+ 'article_sources' => [
+     'color'         =>  isset($_POST['source_color']) ? sanitize_key(wp_unslash($_POST['source_color'])) : null,
+        'size'          =>  isset($_POST['source_size']) ? sanitize_key(wp_unslash($_POST['source_size'])) : null,
+     'font_family'   =>  isset($_POST['source_font']) ? sanitize_key(wp_unslash($_POST['source_font'])) : null,
+ ]
+];
+
 if (isset($default_Value)) {
-    $default_values = array(
-        'newsfeed_title' => array(
-            'color'         =>  '000000',
-            'size'          =>  22,
-            'font_family'   =>  'Times New Roman'
-        ),
-        'article_headline' => array(
-            'color'         =>  '000000',
-            'size'          =>  18,
-            'font_family'   =>  'Times New Roman'
-        ),
-        'article_abstract' => array(
-            'color'         =>  '000000',
-            'size'          =>  14,
-            'font_family'   =>  'Times New Roman'
-        ),
-        'article_date' => array(
-            'color'         =>  '000000',
-            'size'          =>  12,
-            'font_family'   =>  'Times New Roman'
-        ),
-        'article_sources' => array(
-            'color'         =>  '000000',
-            'size'          =>  12,
-            'font_family'   =>  'Times New Roman'
-        )
-    );
+    $default_values = [
+        'newsfeed_title' => [
+            'color'         =>  '000000',
+            'size'          =>  22,
+    'font_family'   =>  'Times New Roman'
+        ],
+        'article_headline' => [
+            'color'         =>  '000000',
+            'size'          =>  18,
+            'font_family'   =>  'Times New Roman'
+        ],
+        'article_abstract' => [
+            'color'         =>  '000000',
+            'size'          =>  14,
+            'font_family'   =>  'Times New Roman'
+        ],
+        'article_date' => [
+            'color'         =>  '000000',
+            'size'          =>  12,
+            'font_family'   =>  'Times New Roman'
+        ],
+        'article_sources' => [
+            'color'         =>  '000000',
+            'size'          =>  12,
+            'font_family'   =>  'Times New Roman'
+        ]
+    ];
     update_user_meta($userID, 'news_style_dashbord_style', $default_values);
 } else {
@@ -70 +80 @@
 
 $redirect = admin_url('admin.php') . '?page=news-plugin-settings&tab=newsplugin_style_settings';
-wp_redirect($redirect);
+wp_safe_redirect($redirect);
+exit();

newsplugin/tags/1.1.0/send_feedback.php

@@ -1 +1 @@
 <?php
-$to         = '[email protected]';
-$from           = $_POST['feed_from'];
-$subject        = $_POST['feed_subject'];
-$description        = $_POST['feed_desc'];
-$errors_logs        = isset($_POST['errors_logs']) ? $_POST['errors_logs'] : false;
-$insert_sys_info    = isset($_POST['insert_sys_info']) ? $_POST['insert_sys_info'] : false;
+
+/**
+ * Send Feedback
+ *
+ * @package    WordPress
+ * @subpackage News Plugin
+ * @since 1.0.0
+ */
+
+// Verify nonce.
+$nonce = isset($_POST['news_plugin_send_feedback_field']) ? sanitize_key($_POST['news_plugin_send_feedback_field']) : null;
+if (!$nonce || !wp_verify_nonce($nonce, 'news_plugin_send_feedback')) {
+    die(esc_html__('5 - Security check failed. Try to submit the form once again.', 'news_plugin'));
+}
+
+$to         = '[email protected]';
+$from           = isset($_POST['feed_from']) ? sanitize_text_field(wp_unslash($_POST['feed_from'])) : '';
+$subject        = isset($_POST['feed_subject']) ? sanitize_text_field(wp_unslash($_POST['feed_subject'])) : '';
+$description        = isset($_POST['feed_desc']) ? sanitize_text_field(wp_unslash($_POST['feed_desc'])) : '';
+$errors_logs        = isset($_POST['errors_logs']) ? sanitize_text_field(wp_unslash($_POST['errors_logs'])) : false;
+$insert_sys_info    = isset($_POST['insert_sys_info']) ? sanitize_text_field(wp_unslash($_POST['insert_sys_info'])) : false;
 
 if (!$from) {
-    if ($user_info = News_Plugin_Utils::get_user_info()) {
+    $user_info = News_Plugin_Utils::get_user_info();
+    if ($user_info) {
         $from = $user_info->email;
     }
@@ -23 +39 @@
 
 if (isset($errors_logs)) {
-
     $message .= "<tr style='background: #eee;'><strong>Errors on plugin :</strong></tr>\n";
     $message .= '<tr><p>' . $errors_logs . '</p></tr>' . "\n";
 }
 
-// if(isset($insert_sys_info)) {
-
-// $results = get_option( 'newsPlugin_system_info' );
-$results = News_Plugin_Utils::get_system_info(); // Always get fresh
-$message .= "<tr style='background: #eee;'><td cellspan='2'><strong>WORDPRESS ENVIRONMENT :</strong></td></tr>\n";
+$results = News_Plugin_Utils::get_system_info(); // Always get fresh.
+$message .= "<tr style='background: #eee;'><td cellspan='2'><strong>WordPress ENVIRONMENT :</strong></td></tr>\n";
 foreach ($results['wordpress_env'] as $key => $value) {
-
     $key_Name = str_replace('_', ' ', $key);
     $message .= '<tr><td><strong>' . strtoupper($key_Name) . '</strong> </td><td>' . $value . '</td></tr>' . "\n";
@@ -40 +51 @@
 $message .= "<tr style='background: #eee;'><td cellspan='2'><strong>SYSTEM ENVIRONMENT :</strong></td></tr>\n";
 foreach ($results['system_env'] as $key => $value) {
-
     $key_Name = str_replace('_', ' ', $key);
     $message .= '<tr><td><strong>' . strtoupper($key_Name) . '</strong> </td><td>' . $value . '</td></tr>' . "\n";
@@ -46 +56 @@
 $message .= "<tr style='background: #eee;'><td cellspan='2'><strong>NEWSPLUGIN ENVIRONMENT :</strong></td></tr>\n";
 foreach ($results['newsplugin_env'] as $key => $value) {
-
     $key_Name = str_replace('_', ' ', $key);
     $message .= '<tr><td><strong>' . strtoupper($key_Name) . '</strong> </td><td>' . $value . '</td></tr>' . "\n";
 }
-// }
 
 $message .= '</tbody>';
@@ -56 +64 @@
 $message .= "</body></html>";
 
+/**
+ * Set content type helper
+ *
+ * @return string
+ */
 function news_plugin_wp_set_content_type()
 {
@@ -61 +74 @@
 }
 add_filter('wp_mail_content_type', 'news_plugin_wp_set_content_type');
+
 $headers .= news_plugin_wp_set_content_type();
 
@@ -71 +85 @@
 
 remove_filter('wp_mail_content_type', 'news_plugin_wp_set_content_type');
-wp_redirect($redirect);
+wp_safe_redirect($redirect);
+exit();

newsplugin/trunk/news-plugin-utils.php

@@ -1 +1 @@
 <?php
+
+/**
+ * Utils
+ *
+ * @package    WordPress
+ * @subpackage News Plugin
+ * @since 1.0.0
+ */
 
 // Prevent ourselves from being run directly.
@@ -5 +13 @@
 
 if (!function_exists('json_last_error_msg')) {
+
+    /**
+     * Get error message
+     *
+     * @return string
+     */
     function json_last_error_msg()
     {
-        static $ERRORS = array(
+        static $ERRORS = [
             JSON_ERROR_NONE => 'No error',
             JSON_ERROR_DEPTH => 'Maximum stack depth exceeded',
@@ -14 +28 @@
             JSON_ERROR_SYNTAX => 'Syntax error',
             JSON_ERROR_UTF8 => 'Malformed UTF-8 characters, possibly incorrectly encoded'
-        );
+        ];
 
         $error = json_last_error();
@@ -21 +35 @@
 }
 
+/**
+ * Utils
+ *
+ * @package News Plugin
+ */
 class News_Plugin_Utils
-{ // Although maybe namespace would suffice
-
-    static $np_version = NULL;
-
-    static function np_version()
+{
+
+    /**
+     * Plugin version
+     *
+     * @var mixed
+     */
+    public static $np_version = null;
+
+    /**
+     * Get plugin version
+     *
+     * @return mixed
+     */
+    public static function np_version()
     {
         if (self::$np_version) {
             return (self::$np_version);
         }
+        // phpcs:ignore WordPress.CodeAnalysis.AssignmentInCondition.Found
         if (self::$np_version = get_option('news_plugin_version')) {
             return (self::$np_version);
@@ -37 +67 @@
     }
 
-    static function np_version_hard()
+    /**
+     * Get plugin version from plugin file
+     *
+     * @return mixed
+     */
+    public static function np_version_hard()
     {
         if (!function_exists('get_plugin_data')) {
@@ -49 +84 @@
     }
 
-    static function user_agent($type)
+    /**
+     * Create a plugin specific user agent
+     *
+     * @param string $type Type of the user agent.
+     * @return string
+     */
+    public static function user_agent($type)
     {
         global $wp_version;
@@ -56 +97 @@
     }
 
-    static function http_remote_get_curl($url)
+    /**
+     * CURL request
+     *
+     * TODO: replace with WP function
+     *
+     * @param string $url Request URL.
+     * @return string[]|(string|bool)[]
+     */
+    public static function http_remote_get_curl($url)
     {
         if (!function_exists('curl_version')) {
-            return (array('', 'Error: CURL disabled or not installed'));
+            return (['', 'Error: CURL disabled or not installed']);
         }
         if (!function_exists('curl_init') || !function_exists('curl_exec')) {
-            return (array('', 'Error: CURL disabled by security settings'));
+            return (['', 'Error: CURL disabled by security settings']);
         }
         $ch = curl_init($url);
@@ -75 +124 @@
         }
         curl_close($ch);
-        return array($output, $error);
-    }
-
-    static function http_remote_get_socket($url)
+        return [$output, $error];
+    }
+
+    /**
+     * Get socket request
+     *
+     * @param string $url Request URL.
+     * @return string[]
+     */
+    public static function http_remote_get_socket($url)
     {
         if (!function_exists('stream_socket_client')) {
-            return (array('', 'Error: Socket disabled'));
+            return (['', 'Error: Socket disabled']);
         }
         $aURL = parse_url($url);
         $addr = $aURL['host'];
-        $secure_transport = ($aURL['scheme'] == 'ssl' || $aURL['scheme'] == 'https');
+        $secure_transport = ($aURL['scheme'] === 'ssl' || $aURL['scheme'] === 'https');
         if (!isset($aURL['port'])) {
             if ($secure_transport) {
@@ -100 +155 @@
         $socket = stream_socket_client($proto . $addr . ':' . $aURL['port'], $errno, $errorMessage, 10, STREAM_CLIENT_CONNECT);
         if ($socket === false) {
-            return (array('', 'Socket error: ' . $errorMessage));
+            return (['', 'Socket error: ' . $errorMessage]);
         }
         $url = $aURL['path'];
@@ -113 +168 @@
         fclose($socket);
         if (preg_match('/^(.*?)\r?\n\r?\n(.*)$/s', $output, $m)) {
-            return (array($m[2], ''));
-        }
-        return (array($output, ''));
-    }
-
-    static function http_test_evaluate($ret)
+            return ([$m[2], '']);
+        }
+        return ([$output, '']);
+    }
+
+    /**
+     * Test content checker
+     * TODO - move to proper testing suit
+     *
+     * @param mixed $ret Retrieved content.
+     * @return mixed
+     */
+    public static function http_test_evaluate($ret)
     {
         if ((!$ret[1]) && (!preg_match('/var swfobject=function()/s', $ret[0]))) {
@@ -127 +189 @@
     }
 
-    static $test_url = 'http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js';
-
-    static function http_remote_get_curl_test()
+    /**
+     * Test URL
+     *
+     * @var string
+     */
+    public static $test_url = 'http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js';
+
+    /**
+     * Test Curl funcion
+     * TODO - move to proper testing suit
+     *
+     * @return mixed
+     */
+    public static function http_remote_get_curl_test()
     {
         $ret = self::http_remote_get_curl(self::$test_url);
@@ -135 +208 @@
     }
 
-    static function http_remote_get_socket_test()
+    /**
+     * Test Get Socket
+     * TODO - move to proper testing suit
+     *
+     * @return mixed
+     */
+    public static function http_remote_get_socket_test()
     {
         $ret = self::http_remote_get_socket(self::$test_url);
@@ -141 +220 @@
     }
 
-    static $test_url_ssl = 'https://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js';
-
-    static function http_remote_get_curl_test_ssl()
+    /**
+     * Test URL for SSL
+     *
+     * @var string
+     */
+    public static $test_url_ssl = 'https://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js';
+
+    /**
+     * Test Curl with SSL
+     * TODO - move to proper testing suit
+     *
+     * @return mixed
+     */
+    public static function http_remote_get_curl_test_ssl()
     {
         $ret = self::http_remote_get_curl(self::$test_url_ssl);
@@ -149 +239 @@
     }
 
-    static function http_remote_get_socket_test_ssl()
+    /**
+     * Test Get Socket with SSL
+     * TODO - move to proper testing suit
+     *
+     * @return mixed
+     */
+    public static function http_remote_get_socket_test_ssl()
     {
         $ret = self::http_remote_get_socket(self::$test_url_ssl);
@@ -155 +251 @@
     }
 
-    static $api_root = 'http://api.newsplugin.com/';
-    static $api_ping_path = 'ping';
-
-    static function http_ping_evaluate($var)
+    /**
+     * API root
+     *
+     * @var string
+     */
+    public static $api_root = 'http://api.newsplugin.com/';
+
+    /**
+     * API ping PATH
+     *
+     * @var string
+     */
+    public static $api_ping_path = 'ping';
+
+    /**
+     * Evaluate HTTP ping
+     *
+     * @param mixed $var Variable.
+     * @return mixed
+     */
+    public static function http_ping_evaluate($var)
     {
         $output = $var[0];
@@ -174 +287 @@
     }
 
-    static function http_remote_get_curl_ping()
+    /**
+     * CURL ping
+     *
+     * @return mixed
+     */
+    public static function http_remote_get_curl_ping()
     {
         $var = self::http_remote_get_curl(self::$api_root . self::$api_ping_path);
@@ -180 +298 @@
     }
 
-    static function http_remote_get_socket_ping()
+    /**
+     * Get Socket ping
+     *
+     * @return mixed
+     */
+    public static function http_remote_get_socket_ping()
     {
         $var = self::http_remote_get_socket(self::$api_root . self::$api_ping_path);
@@ -186 +309 @@
     }
 
-    static function generic_remote_get($url, $method)
+    /**
+     * Remote GET request
+     *
+     * @param string $url Request URL.
+     * @param string $method Method type.
+     * @return mixed
+     */
+    public static function generic_remote_get($url, $method)
     {
         switch ($method) {
             case 'wp':
-                $ret = wp_remote_get($url, array('timeout' => 10, 'user-agent' => self::user_agent('wp')));
+                $ret = wp_remote_get($url, ['timeout' => 10, 'user-agent' => self::user_agent('wp')]);
                 if (is_array($ret)) {
-                    return (array($ret['body'], ''));
+                    return ([$ret['body'], '']);
                 }
                 $ret = self::generic_remote_get($url, 'curl');
@@ -209 +339 @@
     }
 
-    static function generic_api_call($path, $args = NULL)
+    /**
+     * Call API
+     *
+     * @param string     $path Path withing the URL.
+     * @param mixed|null $args Arguments.
+     * @return mixed
+     */
+    public static function generic_api_call($path, $args = null)
     {
         $key = get_option('news_plugin_api_key');
-        $args = $args ? $args : array();
+        $args = $args ? $args : [];
         $args['k'] = $key;
         $url = self::$api_root . $path;
@@ -219 +356 @@
         $ret = self::generic_remote_get($url, $method ? $method : 'wp');
         if ($ret[1]) {
-            $currentTime = date('y-m-d h:i:s', time());
+            $currentTime = gmdate('y-m-d h:i:s', time());
+            // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.Changed, WordPress.PHP.DevelopmentFunctions.error_log_debug_backtrace
             $backtrace = debug_backtrace();
+            // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_error_log
             error_log("$currentTime  -->   " . "Error accessing API point " . self::$api_root . "$path: " . $ret[1] . "  Log Generation Details :      Filename: " . $backtrace[0]['file'] . "   at Line number : " . $backtrace[0]['line'] . "\n\n", 3, __DIR__ . "/logs/plugin-logs.txt");
-            return (NULL);
+            return (null);
         }
         return (json_decode($ret[0]));
     }
 
-    static function get_user_info()
+    /**
+     * Get user info
+     *
+     * @return mixed
+     */
+    public static function get_user_info()
     {
         return (self::generic_api_call('user_info'));
     }
 
-    static function get_system_info_version()
+    /**
+     * Get system info version
+     * TODO: What a magic constant it is?
+     */
+    public static function get_system_info_version()
     {
         return (1.0002);
     }
 
-    static function get_system_db_info()
-    {
-        global $wpdb; /* Recommended by https://codex.wordpress.org/Class_Reference/wpdb */
+    /**
+     * Get System DB info
+     *
+     * @return array
+     */
+    public static function get_system_db_info()
+    {
+        global $wpdb;
 
         if (!empty($wpdb->use_mysqli)) {
-            /* See also http://fw2s.com/how-to-get-complete-mysql-version-in-wordpress/
-               Note: use_mysqli is private and dbh is protected, BUT wpdb class is allowing
-               to access then through getters and setters anyway. Backward compatibility.
-             */
-            return (array(
+            /*
+             See also http://fw2s.com/how-to-get-complete-mysql-version-in-wordpress/
+               Note: use_mysqli is private and dbh is protected, BUT wpdb class is allowing
+               to access then through getters and setters anyway. Backward compatibility.
+             */
+            return ([
                 'mysql_method'          => 'mysqli',
                 'mysql_server_info'     => mysqli_get_server_info($wpdb->dbh),
                 'mysql_client_info'     => mysqli_get_client_info($wpdb->dbh),
                 'mysql_proto_info'      => mysqli_get_proto_info($wpdb->dbh),
-            ));
+            ]);
         } else {
-            return (array(
+            return ([
                 'mysql_method'          => 'mysql',
+                // phpcs:ignore PHPCompatibility.Extensions.RemovedExtensions.mysql_DeprecatedRemoved
                 'mysql_server_info'     => mysql_get_server_info(),
+                // phpcs:ignore PHPCompatibility.Extensions.RemovedExtensions.mysql_DeprecatedRemoved
                 'mysql_client_info'     => mysql_get_client_info(),
+                // phpcs:ignore PHPCompatibility.Extensions.RemovedExtensions.mysql_DeprecatedRemoved
                 'mysql_proto_info'      => mysql_get_proto_info(),
-            ));
-        }
-    }
-
-    static function get_system_info()
+            ]);
+        }
+    }
+
+    /**
+     * Get system info
+     *
+     * @return array
+     */
+    public static function get_system_info()
     {
         $my_theme = wp_get_theme();
@@ -285 +447 @@
         $db_info = self::get_system_db_info();
 
-        $system_info = array(
+        $system_info = [
             'info_version' => self::get_system_info_version(),
             'api_key'      => get_option('news_plugin_api_key'), /* We need to refresh on api key change ... */
-            'wordpress_env' => array(
+            'wordpress_env' => [
                 'siteurl'               => get_bloginfo('url'),
                 'version'               => get_bloginfo('version'),
@@ -296 +458 @@
                 'theme_version'         => $my_theme->get('Version'),
                 'theme_AuthorURI'       => $my_theme->get('AuthorURI'),
-            ),
-            'system_env' => array(
+            ],
+            'system_env' => [
                 'php_version'           => phpversion(),
-                'SERVER_SOFTWARE'       => $_SERVER['SERVER_SOFTWARE'],
+                'SERVER_SOFTWARE'       => isset($_SERVER['SERVER_SOFTWARE']) ? sanitize_text_field(wp_unslash($_SERVER['SERVER_SOFTWARE'])) : null,
                 'SERVER_OS'             => PHP_OS,
-                'SERVER_IP_ADDRESS'     => $_SERVER['SERVER_ADDR'],
-                'HTTP_HOST'             => $_SERVER['HTTP_HOST'],
-                'SERVER_NAME'           => $_SERVER['SERVER_NAME'],
-                'HTTP_USER_AGENT'       => $_SERVER['HTTP_USER_AGENT'],
-                'HTTP_ACCEPT'           => $_SERVER['HTTP_ACCEPT'],
+                'SERVER_IP_ADDRESS'     => isset($_SERVER['SERVER_ADDR']) ? sanitize_text_field(wp_unslash($_SERVER['SERVER_ADDR'])) : null,
+                'HTTP_HOST'             => isset($_SERVER['HTTP_HOST']) ? sanitize_text_field(wp_unslash($_SERVER['HTTP_HOST'])) : null,
+                'SERVER_NAME'           => isset($_SERVER['SERVER_NAME']) ? sanitize_text_field(wp_unslash($_SERVER['SERVER_NAME'])) : null,
+                'HTTP_USER_AGENT'       => isset($_SERVER['HTTP_USER_AGENT']) ? sanitize_text_field(wp_unslash($_SERVER['HTTP_USER_AGENT'])) : null,
+                'HTTP_ACCEPT'           => isset($_SERVER['HTTP_ACCEPT']) ? sanitize_text_field(wp_unslash($_SERVER['HTTP_ACCEPT'])) : null,
                 'memory_limit'          => ini_get('memory_limit'),
                 'execution_time'        => ini_get('max_execution_time'),
@@ -320 +482 @@
                 'socket_status'         => $socket_test[1] ? $socket_test[1] : 'OK',
                 'socket_status_ssl'     => $socket_test_ssl[1] ? $socket_test_ssl[1] : 'OK',
-            ),
-            'newsplugin_env' => array(
+            ],
+            'newsplugin_env' => [
                 'REGISTERED EMAIL'      => $user_info ? $user_info->email : 'error or unregistered',
                 'USER STATUS'           => $user_info ? $user_info->status : 'error or unregistered',
@@ -327 +489 @@
                 'curl_ping'             => $curl_ping[1] ? $curl_ping[1] : ('OK from ' . $curl_ping[0]->client),
                 'socket_ping'           => $socket_ping[1] ? $socket_ping[1] : ('OK from ' . $socket_ping[0]->client),
-            )
-        );
-        if ($curl_test[1] == $curl_test_ssl[1]) {
+            ]
+        ];
+        if ($curl_test[1] === $curl_test_ssl[1]) {
             unset($system_info['system_env']['curl_status_ssl']);
         }
-        if ($socket_test[1] == $socket_test_ssl[1]) {
+        if ($socket_test[1] === $socket_test_ssl[1]) {
             unset($system_info['system_env']['socket_status_ssl']);
         }

newsplugin/trunk/news-plugin-widget.php

@@ -1 +1 @@
 <?php
+
+/**
+ * Widget
+ *
+ * @package    WordPress
+ * @subpackage News Plugin
+ * @since 1.0.0
+ */
 
 // Prevent ourselves from being run directly.
@@ -13 +21 @@
      * Register widget with WordPress.
      */
-    function __construct()
+    public function __construct()
     {
         parent::__construct(
             'news_plugin_widget',
             __('NewsPlugin', 'news_plugin'),
-            array('description' => __('Create custom newsfeeds and let fresh relevant news appear on your website (or approve and publish them manually).', 'news_plugin'),)
+            ['description' => __('Create custom newsfeeds and let fresh relevant news appear on your website (or approve and publish them manually).', 'news_plugin'),]
         );
     }
@@ -40 +48 @@
     private function current_options()
     {
-        $opts = get_option('news_plugin_widget_options', array());
-        $opts = (isset($opts[$this->widget_id()])) ? $opts[$this->widget_id()] : array();
+        $opts = get_option('news_plugin_widget_options', []);
+        $opts = (isset($opts[$this->widget_id()])) ? $opts[$this->widget_id()] : [];
         return $opts;
     }
@@ -47 +55 @@
     /**
      * Update the private options specific for this widget.
+     *
+     * @param mixed $args Arguments.
+     * @return mixed
      */
     private function update_options($args)
     {
-        $opts = get_option('news_plugin_widget_options', array());
+        $opts = get_option('news_plugin_widget_options', []);
         $opts[$this->widget_id()] = $args;
         update_option('news_plugin_widget_options', $opts);
@@ -62 +73 @@
     {
         $opts = $this->current_options();
-        $posts = (isset($opts['excluded'])) ? $opts['excluded'] : array();
+        $posts = (isset($opts['excluded'])) ? $opts['excluded'] : [];
         return $posts;
     }
@@ -68 +79 @@
     /**
      * Add given id to the list of excluded posts.
+     *
+     * @param int $id ID.
+     * @param int $limit Limit.
+     * @return array
      */
     private function exclude_post($id, $limit = 100)
@@ -86 +101 @@
     {
         $opts = $this->current_options();
-        $posts = array();
+        $posts = [];
         $opts['excluded'] = $posts;
         $this->update_options($opts);
@@ -98 +113 @@
     {
         $opts = $this->current_options();
-        $posts = (isset($opts['favorite'])) ? $opts['favorite'] : array();
+        $posts = (isset($opts['favorite'])) ? $opts['favorite'] : [];
         return $posts;
     }
@@ -104 +119 @@
     /**
      * Add given id to the list of favorite posts.
+     *
+     * @param int $id ID.
+     * @param int $limit Limit.
+     * @return array
      */
     private function star_favorite_post($id, $limit = 100)
@@ -118 +137 @@
     /**
      * Remove given id from the list of favorite posts.
+     *
+     * @param int $id ID.
+     * @return mixed
      */
     private function unstar_favorite_post($id)
@@ -123 +145 @@
         $opts = $this->current_options();
         $posts = $this->favorite_posts();
-        $posts = array_diff($posts, array($id));
+        $posts = array_diff($posts, [$id]);
         $opts['favorite'] = $posts;
         $this->update_options($opts);
@@ -135 +157 @@
     {
         $opts = $this->current_options();
-        $posts = array();
+        $posts = [];
         $opts['favorite'] = $posts;
         $this->update_options($opts);
@@ -152 +174 @@
     /**
      * Set the timestamp of the last publishing in manual publishing mode.
+     *
+     * @param int $time Timestamp.
+     * @return mixed
      */
     private function update_publish_time($time)
@@ -163 +188 @@
     /**
      * Prepare the args for URL managing posts of this widget.
+     *
+     * @param string $action Action name.
+     * @param int    $arg Number of arguments.
+     * @return array
      */
     private function create_action_args($action, $arg = 0)
     {
-        return array(
+        return [
             'news_plugin_instance' => $this->widget_id(),
             'news_plugin_action' => $action,
             'news_plugin_arg' => $arg,
-        );
+            '_wpnonce' => wp_create_nonce('news_plugin_url_nonce'),
+        ];
     }
 
@@ -178 +208 @@
     private function parse_action_args()
     {
-        if ((!isset($_GET['news_plugin_instance'])) || ($_GET['news_plugin_instance'] != $this->widget_id())) {
-            return array();
-        }
-        return array(
-            'action' => isset($_GET['news_plugin_action']) ? $_GET['news_plugin_action'] : '',
-            'arg' => isset($_GET['news_plugin_arg']) ? $_GET['news_plugin_arg'] : '',
-        );
+        // Verify nonce.
+        $nonce = isset($_GET['news_plugin_url_nonce']) ? sanitize_key($_GET['news_plugin_url_nonce']) : null;
+        if ($nonce && !wp_verify_nonce($nonce) && $_GET['news_plugin_instance']) {
+            die(esc_html__('1 - Security check failed. Try to submit the form once again.', 'news_plugin'));
+        }
+
+        if ((!isset($_GET['news_plugin_instance'])) || ($_GET['news_plugin_instance'] !== $this->widget_id())) {
+            return [];
+        }
+        return [
+            'action' => isset($_GET['news_plugin_action']) ? sanitize_key(wp_unslash($_GET['news_plugin_action'])) : '',
+            'arg' => isset($_GET['news_plugin_arg']) ? sanitize_key(wp_unslash($_GET['news_plugin_arg'])) : '',
+        ];
     }
 
@@ -220 +256 @@
     private function edit_mode_enabled()
     {
+        // Verify nonce.
+        $nonce = isset($_GET['news_plugin_url_nonce']) ? sanitize_key($_GET['news_plugin_url_nonce']) : null;
+        if ($nonce && !wp_verify_nonce($nonce) && isset($_GET['news_plugin_action']) ) {
+            die(esc_html__('2 - Security check failed. Try to submit the form once again.', 'news_plugin'));
+        }
+
         if (isset($_GET['news_plugin_action'])) {
-            $action = $_GET['news_plugin_action'];
+            $action = sanitize_key(wp_unslash($_GET['news_plugin_action']));
             return !empty($action);
         }
@@ -228 +270 @@
     /**
      * Manage the feed as necessary.
+     *
+     * @param mixed $opts Options.
+     * @return void
      */
     private function manage($opts)
     {
         switch ($this->current_action()) {
-            case 'exclude': {
-                    $id = sanitize_key($this->current_arg());
-                    $limit = max(100, 2 * $opts['count']);
-                    $this->exclude_post($id, $limit);
-                    break;
-                }
-            case 'star': {
-                    $id = sanitize_key($this->current_arg());
-                    $limit = max(100, 2 * $opts['count']);
-                    $this->star_favorite_post($id, $limit);
-                    break;
-                }
-            case 'unstar': {
-                    $id = sanitize_key($this->current_arg());
-                    $this->unstar_favorite_post($id);
-                    break;
-                }
-            case 'reset': {
-                    $this->reset_excluded_posts();
-                    $this->reset_favorite_posts();
-                    break;
-                }
-            case 'publish': {
-                    $time = min(time(), absint($this->current_arg()));
-                    $this->update_publish_time($time);
-                    break;
-                }
+            case 'exclude':
+                $id = sanitize_key($this->current_arg());
+                $limit = max(100, 2 * $opts['count']);
+                $this->exclude_post($id, $limit);
+                break;
+            case 'star':
+                $id = sanitize_key($this->current_arg());
+                $limit = max(100, 2 * $opts['count']);
+                $this->star_favorite_post($id, $limit);
+                break;
+            case 'unstar':
+                $id = sanitize_key($this->current_arg());
+                $this->unstar_favorite_post($id);
+                break;
+            case 'reset':
+                $this->reset_excluded_posts();
+                $this->reset_favorite_posts();
+                break;
+            case 'publish':
+                $time = min(time(), absint($this->current_arg()));
+                $this->update_publish_time($time);
+                break;
         }
     }
@@ -264 +304 @@
     /**
      * Silly helper for returning caching duration for fetch_feed().
-     */
-    function get_feed_caching_duration($seconds)
+     *
+     * @return int
+     */
+    public function get_feed_caching_duration()
     {
         return 3600;
@@ -272 +314 @@
     /**
      * Get our data feed.
+     *
+     * @param int   $time Time.
+     * @param mixed $opts Options.
+     * @param int   $limit Limit.
+     * @return SimplePie|WP_Error|null
      */
     private function get_feed($time, $opts, $limit = 100)
@@ -277 +324 @@
         $key = get_option('news_plugin_api_key');
 
-        $args = array(
+        $args = [
             'k' => $key,
             'q' => $opts['keywords'],
@@ -283 +330 @@
             'c' => $opts['count'],
             't' => $opts['title']
-            // o offset
-            // a after
-            // b before
-        );
-
-        if ($opts['feed_mode'] == 'manual') {
+            // o offset.
+            // a after.
+            // b before.
+        ];
+
+        if ($opts['feed_mode'] === 'manual') {
             if (!($this->can_manage() && $this->edit_mode_enabled())) {
                 $time = $this->publish_time();
@@ -328 +375 @@
 
         // Talk about stupid API. Like if the cache duration couldn't be a simple parameter.
-        $cache_filter = array($this, 'get_feed_caching_duration');
+        $cache_filter = [$this, 'get_feed_caching_duration'];
         add_filter('wp_feed_cache_transient_lifetime', $cache_filter);
         $feed = fetch_feed($url);
         remove_filter('wp_feed_cache_transient_lifetime', $cache_filter);
 
-        return (is_wp_error($feed) ? NULL : $feed);
-    }
-
+        return (is_wp_error($feed) ? null : $feed);
+    }
+
+    /**
+     * CSS style helpers
+     *
+     * @param mixed $style Style.
+     * @param mixed $type Type.
+     * @return string
+     */
     private function compute_style_helper($style, $type)
     {
@@ -343 +397 @@
         $ret = '';
         if ($style[$type]['size']) {
-            $ret .= 'font-size: ' . $style[$type]['size'] . 'px;';
+            $ret .= 'font-size:' . $style[$type]['size'] . 'px;';
         }
         if ($style[$type]['color']) {
@@ -351 +405 @@
             $ret .= 'font-family:' . $style[$type]['font_family'] . ';';
         }
-        if (!$ret) {
-            return ($ret);
-        }
-        return (' style="' . $ret . '"');
+        if ($ret) {
+            return ' style=' . $ret ;
+        }
     }
 
@@ -370 +423 @@
 
         if (!isset($rss)) {
-            _e('Feed fetch failed ', 'news_plugin');
+            esc_html_e('Feed fetch failed ', 'news_plugin');
             return;
         }
 
-        $manual_mode = ($opts['feed_mode'] == 'manual');
+        $manual_mode = ($opts['feed_mode'] === 'manual');
 
         $exclude = array_fill_keys($this->excluded_posts(), true);
@@ -393 +446 @@
                 $args = $this->create_action_args('reset');
                 echo '<a href="' . esc_attr(add_query_arg($args)) . '">';
-                echo 'Reset';
+                esc_html_e('Reset', 'news_plugin');
                 echo '</a>';
 
@@ -400 +453 @@
                     echo ' | ';
                     echo '<a href="' . esc_attr(add_query_arg($args)) . '">';
-                    echo 'Publish Headlines';
+                    esc_html_e('Publish Headlines', 'news_plugin');
                     echo '</a>';
                 }
 
-                $args = $this->create_action_args(NULL, NULL);
+                $args = $this->create_action_args(null, null);
                 echo ' | ';
                 echo '<a href="' . esc_attr(add_query_arg($args)) . '">';
-                echo 'Leave Edit Newsfeed Mode';
+                esc_html_e('Leave Edit Newsfeed Mode', 'news_plugin');
                 echo '</a>';
 
@@ -415 +468 @@
                 echo '<p class="news-plugin-edit-buttons">';
                 echo '<a href="' . esc_attr(add_query_arg($args)) . '">';
-                echo 'Edit Newsfeed Mode';
+                esc_html_e('Edit Newsfeed Mode', 'news_plugin');
                 echo '</a>';
             }
@@ -421 +474 @@
             if ($manual_mode) {
                 $t = $this->publish_time();
-                if ($t == 0) {
+                if ($t === 0) {
                     if ($this->edit_mode_enabled()) {
                         echo '<p>';
-                        echo 'No headlines published yet.';
+                        esc_html_e('No headlines published yet.', 'news_plugin');
                         echo '</p>';
                     } else {
                         echo '<p>';
-                        echo 'No headlines published yet. Use the Edit Newsfeed Mode to edit and publish your feed.';
+                        esc_html_e('No headlines published yet. Use the Edit Newsfeed Mode to edit and publish your feed.', 'news_plugin');
                         echo '</p>';
                     }
                 } else {
-                    $t = date('d M Y H:i', $t);
+                    // TODO localize properly.
+                    $t = gmdate('d M Y H:i', $t);
                     echo '<p>';
-                    echo "Headlines last published on {$t}.";
+                    // TODO localize properly.
+                    echo esc_html("Headlines last published on {$t}.");
                     echo '</p>';
                 }
@@ -442 +497 @@
                 if ($manual_mode) {
                     echo '<p>';
-                    echo "Once published, only the first {$limit} headline" . ($limit == 1 ? '' : 's') . " will be displayed in your feed.";
+                    // TODO localize properly.
+                    echo esc_html("Once published, only the first {$limit} headline" . ($limit === 1 ? '' : 's') . " will be displayed in your feed.");
+                    // TODO localize properly.
                     echo ' You can <span style="font-size:110%;">&#9734;</span>&nbsp;Star individual headlines to move them to the top or &#10005;&nbsp;Remove them from the feed. Click Reset to undo these changes.';
-                    echo ' Don’t forget to Publish Headlines when you are done.';
+                    esc_html_e(' Don’t forget to Publish Headlines when you are done.', 'news_plugin');
                     echo '</p>';
                 } else {
                     echo '<p>';
+                    // TODO localize properly.
                     echo 'You can <span style="font-size:110%;">&#9734;</span>&nbsp;Star individual headlines to move them to the top or &#10005;&nbsp;Remove them from the feed. Click Reset to undo these changes.';
                     echo '</p>';
@@ -460 +518 @@
         $index = 0;
 
-        if ($opts['wp_uid'] && (intval($opts['wp_uid']) != 0)) {
+        if ($opts['wp_uid'] && (intval($opts['wp_uid']) !== 0)) {
             $userID = intval($opts['wp_uid']);
         } else {
@@ -479 +537 @@
                 }
 
-                if (!empty($favorite[$id]) xor ($pass == 0)) {
+                if (!empty($favorite[$id]) xor ($pass === 0)) {
                     continue;
                 }
 
-                if ($index == $limit) {
+                if ($index === $limit) {
                     echo '<hr>';
                 }
 
                 echo '<li>';
-                if ($opts['link_follow'] == 'no') {
+                if ($opts['link_follow'] === 'no') {
                     $s_follow = ' rel="nofollow"';
                 } else {
@@ -498 +556 @@
                     $s_target = '';
                 }
-                echo '<a href="' . esc_attr($item->get_permalink()) . '"' . $s_target . $s_follow . '>';
+                echo '<a href="' . esc_url($item->get_permalink()) . '"' . esc_attr($s_target) . esc_attr($s_follow) . '>';
                 $style = $this->compute_style_helper($style_news, 'article_headline');
-                echo '<span class="news-plugin-title"' . $style . '>';
+                echo '<span class="news-plugin-title"' . esc_attr($style) . '>';
                 echo esc_html($item->get_title());
                 echo '</span>';
@@ -507 +565 @@
                     echo "\n";
                     $style = $this->compute_style_helper($style_news, 'article_date');
-                    echo '<span class="news-plugin-date"' . $style . '>';
+                    echo '<span class="news-plugin-date"' . esc_attr($style) . '>';
                     echo esc_html($item->get_date(get_option('date_format') . ' ' . get_option('time_format')));
                     echo '</span>';
@@ -513 +571 @@
                 if ($opts['show_source']) {
                     // Because RSS doesn't support the source field, we use the author field.
-                    // $source = $item->get_source() ;
                     $source = $item->get_author();
-                    if ($source) $source = $source->get_email();
+                    if ($source) {
+                        $source = $source->get_email();
+                    }
                     if (!empty($source)) {
                         echo "\n";
                         $style = $this->compute_style_helper($style_news, 'article_sources');
-                        echo '<span class="news-plugin-source"' . $style . '>';
+                        echo '<span class="news-plugin-source"' . esc_attr($style) . '>';
                         echo esc_html($source);
                         echo '</span>';
@@ -527 +586 @@
                     echo "\n";
                     $style = $this->compute_style_helper($style_news, 'article_abstract');
-                    echo '<span class="news-plugin-abstract"' . $style . '>';
+                    echo '<span class="news-plugin-abstract"' . esc_attr($style) . '>';
                     echo esc_html($item->get_description());
                     echo '</span>';
@@ -535 +594 @@
                     $args = $this->create_action_args('exclude', $id);
                     echo ' &nbsp; <a href="' . esc_attr(add_query_arg($args)) . '">';
-                    // echo 'X' ;
                     echo '<span style="text-decoration: underline;">';
                     echo '&#10005;&nbsp;Remove';
@@ -543 +601 @@
                         $args = $this->create_action_args('unstar', $id);
                         echo ' <a href="' . esc_attr(add_query_arg($args)) . '">';
-                        // echo '-' ;
                         echo '<span style="text-decoration: underline;">';
                         echo '<span style="font-size:110%;">&#9733;</span>&nbsp;Unstar';
@@ -551 +608 @@
                         $args = $this->create_action_args('star', $id);
                         echo ' <a href="' . esc_attr(add_query_arg($args)) . '">';
-                        // echo '+' ;
                         echo '<span style="text-decoration: underline;">';
                         echo '<span style="font-size:110%;">&#9734;</span>&nbsp;Star';
@@ -565 +621 @@
         }
         echo '</ul>';
-
-        //Error in Option Page
-        // newserroforwp_log("NewsPlugin Option Page");
     }
 
@@ -589 +642 @@
         if (empty($key)) {
             if ($this->can_manage()) {
-?>
+                ?>
                 <p>
-                    Your feed is currently inactive.
-                    Please enter your Activation Key on the
-                    <a href="<?php echo admin_url('admin.php?page=news-plugin-settings') ?>">NewsPlugin Settings</a>
-                    page first.
+                    <?php esc_html_e('Your feed is currently inactive.', 'news_plugin'); ?>
+                    <?php esc_html_e('Please enter your Activation Key on the', 'news_plugin'); ?>
+                    <a href="<?php echo esc_url(admin_url('admin.php?page=news-plugin-settings')) ?>"><?php esc_html_e('NewsPlugin Settings', 'news_plugin'); ?></a>
+                    <?php esc_html_e('page first', 'news_plugin'); ?>.
                 </p>
-            <?php
+                <?php
             }
             return;
@@ -607 +660 @@
         $title = apply_filters('widget_title', $opts['title']);
 
-        echo $args['before_widget'];
-        if (!empty($title))
-            echo $args['before_title'] . $title . $args['after_title'];
+        echo wp_kses_post($args['before_widget']);
+        if (!empty($title)) {
+            echo wp_kses_post($args['before_title'] . $title . $args['after_title']);
+        }
         $this->content($opts);
-        echo $args['after_widget'];
+        echo wp_kses_post($args['after_widget']);
     }
 
@@ -627 +681 @@
             ?>
             <p>
-                Please enter your Activation Key on the
-                <a href="<?php echo admin_url('admin.php?page=news-plugin-settings') ?>">NewsPlugin Settings</a>
-                page first.
+                <?php esc_html_e('Please enter your Activation Key on the', 'news_plugin'); ?>
+                <a href="<?php echo esc_url(admin_url('admin.php?page=news-plugin-settings')); ?>"><?php esc_html_e('NewsPlugin Settings', 'news_plugin'); ?></a>
+                <?php esc_html_e('page first.', 'news_plugin'); ?>
             </p>
-        <?php
+            <?php
             return;
         }
@@ -726 +780 @@
 
         // Force expert user mode for now.
-        // $user_mode = get_option( 'news_plugin_user_mode' ) ;
+        // $user_mode = get_option( 'news_plugin_user_mode' ); .
         $user_mode = 2;
 
         ?>
         <p>
-            <label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Newsfeed Name:'); ?></label>
-            <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>">
+            <label for="<?php echo esc_attr($this->get_field_id('title')); ?>"><?php esc_html_e('Newsfeed Name:', 'news_plugin'); ?></label>
+            <input class="widefat" id="<?php echo esc_attr($this->get_field_id('title')); ?>" name="<?php echo esc_attr($this->get_field_name('title')); ?>" type="text" value="<?php echo esc_attr($title); ?>">
             <br>
-            <small>Give your feed a good name.</small>
+            <small><?php esc_html_e('Give your feed a good name.', 'news_plugin'); ?></small>
             <br>
-            <small>Example: Canada Solar Energy News</small>
+            <small><?php esc_html_e('Example: Canada Solar Energy News', 'news_plugin'); ?></small>
         </p>
         <p>
-            <label for="<?php echo $this->get_field_id('keywords'); ?>"><?php _e('Keywords:'); ?></label>
-            <input class="widefat" id="<?php echo $this->get_field_id('keywords'); ?>" name="<?php echo $this->get_field_name('keywords'); ?>" type="text" value="<?php echo esc_attr($keywords); ?>">
+            <label for="<?php echo esc_attr($this->get_field_id('keywords')); ?>"><?php esc_html_e('Keywords:', 'news_plugin'); ?></label>
+            <input class="widefat" id="<?php echo esc_attr($this->get_field_id('keywords')); ?>" name="<?php echo esc_attr($this->get_field_name('keywords')); ?>" type="text" value="<?php echo esc_attr($keywords); ?>">
             <br>
-            <small>Use keywords to find relevant news.</small>
+            <small><?php esc_html_e('Use keywords to find relevant news.', 'news_plugin'); ?></small>
             <br>
-            <small>Example: canada &amp; "solar energy"</small>
+            <small><?php esc_html_e('Example: canada &amp; "solar energy"', 'news_plugin'); ?></small>
             <br>
-            <small>Read the <a href="http://newsplugin.com/faq#keyword-tips" target="_blank">FAQ</a> for more keywords tips and examples.</small>
+            <small><?php printf(esc_html__('Read the %S for more keywords tips and examples.', 'news_plugin'), '<a href="http://newsplugin.com/faq#keyword-tips" target="_blank">' . esc_html__('FAQ', 'news_plugin') . '</a'); ?></small>
         </p>
         <p>
-            <label for="<?php echo $this->get_field_id('count'); ?>"><?php _e('Number of Articles:'); ?></label>
-            <input class="widefat" id="<?php echo $this->get_field_id('count'); ?>" name="<?php echo $this->get_field_name('count'); ?>" type="text" value="<?php echo $count; ?>">
+            <label for="<?php echo esc_attr($this->get_field_id('count')); ?>"><?php esc_html_e('Number of Articles:', 'news_plugin'); ?></label>
+            <input class="widefat" id="<?php echo esc_attr($this->get_field_id('count')); ?>" name="<?php echo esc_attr($this->get_field_name('count')); ?>" type="text" value="<?php echo esc_attr($count); ?>">
             <br>
-            <small>Set how many headlines to show in your feed.</small>
+            <small><?php esc_html_e('Set how many headlines to show in your feed.', 'news_plugin'); ?></small>
             <br>
-            <small>Example: 10</small>
+            <small><?php esc_html_e('Example: 10', 'news_plugin'); ?></small>
         </p>
         <p>
-            <input id="<?php echo $this->get_field_id('show_date'); ?>" name="<?php echo $this->get_field_name('show_date'); ?>" type="checkbox" <?php if ($show_date) echo 'checked="checked"' ?>>
-            <label for="<?php echo $this->get_field_id('show_date'); ?>"><?php _e('Show Dates'); ?></label>
+            <input id="<?php echo esc_attr($this->get_field_id('show_date')); ?>" name="<?php echo esc_attr($this->get_field_name('show_date')); ?>" type="checkbox" <?php if ($show_date) {
+                echo 'checked="checked"';
+                       } ?>>
+            <label for="<?php echo esc_attr($this->get_field_id('show_date')); ?>"><?php esc_html_e('Show Dates', 'news_plugin'); ?></label>
         </p>
         <p>
-            <input id="<?php echo $this->get_field_id('show_source'); ?>" name="<?php echo $this->get_field_name('show_source'); ?>" type="checkbox" <?php if ($show_source) echo 'checked="checked"' ?>>
-            <label for="<?php echo $this->get_field_id('show_source'); ?>"><?php _e('Show Sources'); ?></label>
+            <input id="<?php echo esc_attr($this->get_field_id('show_source')); ?>" name="<?php echo esc_attr($this->get_field_name('show_source')); ?>" type="checkbox" <?php if ($show_source) {
+                echo 'checked="checked"';
+                       } ?>>
+            <label for="<?php echo esc_attr($this->get_field_id('show_source')); ?>"><?php esc_html_e('Show Sources', 'news_plugin'); ?></label>
         </p>
         <p>
-            <input id="<?php echo $this->get_field_id('show_abstract'); ?>" name="<?php echo $this->get_field_name('show_abstract'); ?>" type="checkbox" <?php if ($show_abstract) echo 'checked="checked"' ?>>
-            <label for="<?php echo $this->get_field_id('show_abstract'); ?>"><?php _e('Show Abstracts'); ?></label>
+            <input id="<?php echo esc_attr($this->get_field_id('show_abstract')); ?>" name="<?php echo esc_attr($this->get_field_name('show_abstract')); ?>" type="checkbox" <?php if ($show_abstract) {
+                echo 'checked="checked"';
+                       } ?>>
+            <label for="<?php echo esc_attr($this->get_field_id('show_abstract')); ?>"><?php esc_html_e('Show Abstracts', 'news_plugin'); ?></label>
             <br>
-            <small>By default, your feed displays headlines only. You can add more information.</small>
+            <small><?php esc_html_e('By default, your feed displays headlines only. You can add more information.', 'news_plugin'); ?></small>
             <br>
-            <small>Example: New Reports on Canada Solar Energy, 12 Feb 2015 (BBC)</small>
+            <small><?php esc_html_e('Example: New Reports on Canada Solar Energy, 12 Feb 2015 (BBC)', 'news_plugin'); ?></small>
         </p>
         <?php
         if ($user_mode > 0) {
-
             /*
-        <p>
-        <label for="<?php echo $this->get_field_id( 'sources' ); ?>"><?php _e( 'Sources:' ); ?></label>
-        <input class="widefat" id="<?php echo $this->get_field_id( 'sources' ); ?>" name="<?php echo $this->get_field_name( 'sources' ); ?>" type="text" value="<?php echo esc_attr( $sources ) ; ?>">
-        <br>
-        <small>Show news from only selected sources. Leave blank for all sources.</small>
-        <br>
-        <small>Example: BBC</small>
-        </p>
-        <p>
-        <label for="<?php echo $this->get_field_id( 'excluded_sources' ); ?>"><?php _e( 'Excluded Sources:' ); ?></label>
-        <input class="widefat" id="<?php echo $this->get_field_id( 'excluded_sources' ); ?>" name="<?php echo $this->get_field_name( 'excluded_sources' ); ?>" type="text" value="<?php echo esc_attr( $excluded_sources ) ; ?>">
-        <br>
-        <small>Don’t show news from selected sources.</small>
-        <br>
-        <small>Example: BBC</small>
-        </p>
-        */
-
-        ?>
+        <p>
+        <label for="<?php echo $this->get_field_id( 'sources' ); ?>"><?php _e( 'Sources:' ); ?></label>
+        <input class="widefat" id="<?php echo $this->get_field_id( 'sources' ); ?>" name="<?php echo $this->get_field_name( 'sources' ); ?>" type="text" value="<?php echo esc_attr( $sources ) ; ?>">
+        <br>
+        <small>Show news from only selected sources. Leave blank for all sources.</small>
+        <br>
+        <small>Example: BBC</small>
+        </p>
+        <p>
+        <label for="<?php echo $this->get_field_id( 'excluded_sources' ); ?>"><?php _e( 'Excluded Sources:' ); ?></label>
+        <input class="widefat" id="<?php echo $this->get_field_id( 'excluded_sources' ); ?>" name="<?php echo $this->get_field_name( 'excluded_sources' ); ?>" type="text" value="<?php echo esc_attr( $excluded_sources ) ; ?>">
+        <br>
+        <small>Don’t show news from selected sources.</small>
+        <br>
+        <small>Example: BBC</small>
+        </p>
+        */
+
+            ?>
             <p>
-                <label for="<?php echo $this->get_field_id('search_mode'); ?>"><?php _e('Search Mode:'); ?></label>
-                <select class="widefat" id="<?php echo $this->get_field_id('search_mode'); ?>" name="<?php echo $this->get_field_name('search_mode'); ?>">
-                    <option value="">Default</option>
-                    <option value="title" <?php if ($search_mode == "title") echo 'selected="selected"' ?>>Headlines Only</option>
-                    <option value="text" <?php if ($search_mode == "text") echo 'selected="selected"' ?>>Headlines &amp; Full Text</option>
+                <label for="<?php echo esc_attr($this->get_field_id('search_mode')); ?>"><?php esc_html_e('Search Mode:', 'news_plugin'); ?></label>
+                <select class="widefat" id="<?php echo esc_attr($this->get_field_id('search_mode')); ?>" name="<?php echo esc_attr($this->get_field_name('search_mode')); ?>">
+                    <option value=""><?php esc_html_e('Default', 'news_plugin'); ?></option>
+                    <option value="title" <?php if ($search_mode === "title") {
+                        echo 'selected="selected"';
+                                          } ?>><?php esc_html_e('Headlines Only', 'news_plugin'); ?></option>
+                    <option value="text" <?php if ($search_mode === "text") {
+                        echo 'selected="selected"';
+                                         } ?>><?php esc_html_e('Headlines &amp; Full Text', 'news_plugin'); ?></option>
                 </select>
                 <br>
-                <small>Show news that has your keywords in a headline or anywhere in an article. Default is headlines and full text.</small>
+                <small><?php esc_html_e('Show news that has your keywords in a headline or anywhere in an article. Default is headlines and full text.', 'news_plugin'); ?></small>
             </p>
 
             <?php
             /*
-        <p>
-        <label for="<?php echo $this->get_field_id( 'search_type' ); ?>"><?php _e( 'Search Type:' ); ?></label>
-        <select class="widefat" id="<?php echo $this->get_field_id( 'search_type' ); ?>" name="<?php echo $this->get_field_name( 'search_type' ); ?>">
-        <option value="">Default</option>
-        <option value="news" <?php if ( $search_type == "news" ) echo 'selected="selected"' ?>>News</option>
-        <option value="pr" <?php if ( $search_type == "pr" ) echo 'selected="selected"' ?>>Press Releases</option>
-        <option value="event"<?php if ( $search_type == "event" ) echo 'selected="selected"' ?>>Events</option>
-        </select>
-        <br>
-        <small>Show only selected types of news. Default is a combination of all types.</small>
-        </p>
-        */
+        <p>
+        <label for="<?php echo $this->get_field_id( 'search_type' ); ?>"><?php _e( 'Search Type:' ); ?></label>
+        <select class="widefat" id="<?php echo $this->get_field_id( 'search_type' ); ?>" name="<?php echo $this->get_field_name( 'search_type' ); ?>">
+        <option value="">Default</option>
+        <option value="news" <?php if ( $search_type == "news" ) echo 'selected="selected"' ?>>News</option>
+        <option value="pr" <?php if ( $search_type == "pr" ) echo 'selected="selected"' ?>>Press Releases</option>
+        <option value="event"<?php if ( $search_type == "event" ) echo 'selected="selected"' ?>>Events</option>
+        </select>
+        <br>
+        <small>Show only selected types of news. Default is a combination of all types.</small>
+        </p>
+        */
             ?>
 
             <p>
-                <label for="<?php echo $this->get_field_id('sort_mode'); ?>"><?php _e('Sort Mode:'); ?></label>
-                <select class="widefat" id="<?php echo $this->get_field_id('sort_mode'); ?>" name="<?php echo $this->get_field_name('sort_mode'); ?>">
-                    <option value="">Default</option>
-                    <option value="relevance" <?php if ($sort_mode == "relevance") echo 'selected="selected"' ?>>Relevance</option>
-                    <option value="date" <?php if ($sort_mode == "date") echo 'selected="selected"' ?>>Date</option>
+                <label for="<?php echo esc_attr($this->get_field_id('sort_mode')); ?>"><?php esc_html_e('Sort Mode:', 'news_plugin'); ?></label>
+                <select class="widefat" id="<?php echo esc_attr($this->get_field_id('sort_mode')); ?>" name="<?php echo esc_attr($this->get_field_name('sort_mode')); ?>">
+                    <option value=""><?php esc_html_e('Default', 'news_plugin'); ?></option>
+                    <option value="relevance" <?php if ($sort_mode === "relevance") {
+                        echo 'selected="selected"';
+                                              } ?>><?php esc_html_e('Relevance', 'news_plugin'); ?></option>
+                    <option value="date" <?php if ($sort_mode === "date") {
+                        echo 'selected="selected"';
+                                         } ?>><?php esc_html_e('Date', 'news_plugin'); ?></option>
                 </select>
                 <br>
-                <small>Show headlines sorted by date or relevance. Default is by relevance.</small>
+                <small><?php esc_html_e('Show headlines sorted by date or relevance. Default is by relevance.', 'news_plugin'); ?></small>
             </p>
             <p>
-                <label for="<?php echo $this->get_field_id('age'); ?>"><?php _e('News Age Limit (in hours):'); ?></label>
-                <input class="widefat" id="<?php echo $this->get_field_id('age'); ?>" name="<?php echo $this->get_field_name('age'); ?>" type="text" value="<?php echo $age; ?>">
+                <label for="<?php echo esc_attr($this->get_field_id('age')); ?>"><?php esc_html_e('News Age Limit (in hours):', 'news_plugin'); ?></label>
+                <input class="widefat" id="<?php echo esc_attr($this->get_field_id('age')); ?>" name="<?php echo esc_attr($this->get_field_name('age')); ?>" type="text" value="<?php echo esc_attr($age); ?>">
                 <br>
-                <small>Don’t show articles older than given period. 0 means no limit.</small>
+                <small><?php esc_html_e('Don’t show articles older than given period. 0 means no limit.', 'news_plugin'); ?></small>
             </p>
             <p>
-                <label for="<?php echo $this->get_field_id('link_open_mode'); ?>"><?php _e('Link mode:'); ?></label>
-                <select class="widefat" id="<?php echo $this->get_field_id('link_open_mode'); ?>" name="<?php echo $this->get_field_name('link_open_mode'); ?>">
-                    <option value="">Default</option>
-                    <option value="_self" <?php if ($link_open_mode == "_self") echo 'selected="selected"' ?>>Same Window</option>
-                    <option value="_blank" <?php if ($link_open_mode == "_blank") echo 'selected="selected"' ?>>New Tab</option>
+                <label for="<?php echo esc_attr($this->get_field_id('link_open_mode')); ?>"><?php esc_html_e('Link mode:', 'news_plugin'); ?></label>
+                <select class="widefat" id="<?php echo esc_attr($this->get_field_id('link_open_mode')); ?>" name="<?php echo esc_attr($this->get_field_name('link_open_mode')); ?>">
+                    <option value=""><?php esc_html_e('Default', 'news_plugin'); ?></option>
+                    <option value="_self" <?php if ($link_open_mode === "_self") {
+                        echo 'selected="selected"';
+                                          } ?>><?php esc_html_e('Same Window', 'news_plugin'); ?></option>
+                    <option value="_blank" <?php if ($link_open_mode === "_blank") {
+                        echo 'selected="selected"';
+                                           } ?>><?php esc_html_e('New Tab', 'news_plugin'); ?></option>
                 </select>
-                <label for="<?php echo $this->get_field_id('link_follow'); ?>"><?php _e('Follow mode:'); ?></label>
-                <select class="widefat" id="<?php echo $this->get_field_id('link_follow'); ?>" name="<?php echo $this->get_field_name('link_follow'); ?>">
-                    <option value="">Default</option>
-                    <option value="yes" <?php if ($link_follow == "yes") echo 'selected="selected"' ?>>Follow</option>
-                    <option value="no" <?php if ($link_follow == "no") echo 'selected="selected"' ?>>Nofollow</option>
+                <label for="<?php echo esc_attr($this->get_field_id('link_follow')); ?>"><?php esc_html_e('Follow mode:', 'news_plugin'); ?></label>
+                <select class="widefat" id="<?php echo esc_attr($this->get_field_id('link_follow')); ?>" name="<?php echo esc_attr($this->get_field_name('link_follow')); ?>">
+                    <option value=""><?php esc_html_e('Default', 'news_plugin'); ?></option>
+                    <option value="yes" <?php if ($link_follow === "yes") {
+                        echo 'selected="selected"';
+                                        } ?>><?php esc_html_e('Follow', 'news_plugin'); ?></option>
+                    <option value="no" <?php if ($link_follow === "no") {
+                        echo 'selected="selected"';
+                                       } ?>><?php esc_html_e('Nofollow', 'news_plugin'); ?></option>
                 </select>
 
                 <?php
-
                 /*
-        <br>
-        <small>Choose where headlines in your feed link to. These can be either direct links to original articles (bbc.co.uk) or those articles can be framed with your custom name/links.</small>
-        </p>
-        <p>
-        <label for="<?php echo $this->get_field_id( 'link_type' ); ?>"><?php _e( 'Link mode:' ); ?></label>
-        <select class="widefat" id="<?php echo $this->get_field_id( 'link_type' ); ?>" name="<?php echo $this->get_field_name( 'link_type' ); ?>">
-        <option value="">Default</option>
-        <option value="frame" <?php if ( $link_type == "frame" ) echo 'selected="selected"' ?>>Framed</option>
-        <option value="orig"<?php if ( $link_type == "orig" ) echo 'selected="selected"' ?>>Original</option>
-        </select>
-        <br>
-        <small>Choose where headlines in your feed link to. These can be either direct links to original articles (bbc.co.uk) or those articles can be framed with your custom name/links.</small>
-        </p>
-        */
+        <br>
+        <small>Choose where headlines in your feed link to. These can be either direct links to original articles (bbc.co.uk) or those articles can be framed with your custom name/links.</small>
+        </p>
+        <p>
+        <label for="<?php echo $this->get_field_id( 'link_type' ); ?>"><?php _e( 'Link mode:' ); ?></label>
+        <select class="widefat" id="<?php echo $this->get_field_id( 'link_type' ); ?>" name="<?php echo $this->get_field_name( 'link_type' ); ?>">
+        <option value="">Default</option>
+        <option value="frame" <?php if ( $link_type == "frame" ) echo 'selected="selected"' ?>>Framed</option>
+        <option value="orig"<?php if ( $link_type == "orig" ) echo 'selected="selected"' ?>>Original</option>
+        </select>
+        <br>
+        <small>Choose where headlines in your feed link to. These can be either direct links to original articles (bbc.co.uk) or those articles can be framed with your custom name/links.</small>
+        </p>
+        */
 
                 ?>
@@ -876 +950 @@
             ?>
                 <p>
-                    <label for="<?php echo $this->get_field_id('feed_mode'); ?>"><?php _e('Feed publishing:'); ?></label>
-                    <select class="widefat" id="<?php echo $this->get_field_id('feed_mode'); ?>" name="<?php echo $this->get_field_name('feed_mode'); ?>">
-                        <option value="">Default</option>
-                        <option value="auto" <?php if ($feed_mode == "auto") echo 'selected="selected"' ?>>Automatic</option>
-                        <option value="manual" <?php if ($feed_mode == "manual") echo 'selected="selected"' ?>>Manual</option>
+                    <label for="<?php echo esc_attr($this->get_field_id('feed_mode')); ?>"><?php esc_html_e('Feed publishing:', 'news_plugin'); ?></label>
+                    <select class="widefat" id="<?php echo esc_attr($this->get_field_id('feed_mode')); ?>" name="<?php echo esc_attr($this->get_field_name('feed_mode')); ?>">
+                        <option value=""><?php esc_html_e('Default', 'news_plugin'); ?></option>
+                        <option value="auto" <?php if ($feed_mode === "auto") {
+                            echo 'selected="selected"';
+                                             } ?>><?php esc_html_e('Automatic', 'news_plugin'); ?></option>
+                        <option value="manual" <?php if ($feed_mode === "manual") {
+                            echo 'selected="selected"';
+                                               } ?>><?php esc_html_e('Manual', 'news_plugin'); ?></option>
                     </select>
                     <br>
-                    <small>Your feed can be automatically updated with new headlines, or you can choose headlines and publish them manually using news buffering. Default is automatic.</small>
+                    <small><?php esc_html_e('Your feed can be automatically updated with new headlines, or you can choose headlines and publish them manually using news buffering. Default is automatic.', 'news_plugin'); ?></small>
                 </p>
-    <?php
+            <?php
         }
     }
@@ -901 +979 @@
     public function update($new_opts, $old_opts)
     {
-        $opts = array();
-        $opts['title'] = (!empty($new_opts['title'])) ? strip_tags($new_opts['title']) : '';
-        $opts['keywords'] = (!empty($new_opts['keywords'])) ? strip_tags($new_opts['keywords']) : '';
+        $opts = [];
+        $opts['title'] = (!empty($new_opts['title'])) ? wp_strip_all_tags($new_opts['title']) : '';
+        $opts['keywords'] = (!empty($new_opts['keywords'])) ? wp_strip_all_tags($new_opts['keywords']) : '';
         $opts['count'] = (!empty($new_opts['count'])) ? absint($new_opts['count']) : 5;
         $opts['age'] = (!empty($new_opts['age'])) ? absint($new_opts['age']) : 0;
-        $opts['sources'] = (!empty($new_opts['sources'])) ? strip_tags($new_opts['sources']) : '';
-        $opts['excluded_sources'] = (!empty($new_opts['excluded_sources'])) ? strip_tags($new_opts['excluded_sources']) : '';
-        $opts['search_mode'] = (!empty($new_opts['search_mode'])) ? strip_tags($new_opts['search_mode']) : '';
-        $opts['search_type'] = (!empty($new_opts['search_type'])) ? strip_tags($new_opts['search_type']) : '';
-        $opts['sort_mode'] = (!empty($new_opts['sort_mode'])) ? strip_tags($new_opts['sort_mode']) : '';
-        $opts['link_open_mode'] = (!empty($new_opts['link_open_mode'])) ? strip_tags($new_opts['link_open_mode']) : '';
-        $opts['link_follow'] = (!empty($new_opts['link_follow'])) ? strip_tags($new_opts['link_follow']) : '';
-        $opts['link_type'] = (!empty($new_opts['link_type'])) ? strip_tags($new_opts['link_type']) : '';
+        $opts['sources'] = (!empty($new_opts['sources'])) ? wp_strip_all_tags($new_opts['sources']) : '';
+        $opts['excluded_sources'] = (!empty($new_opts['excluded_sources'])) ? wp_strip_all_tags($new_opts['excluded_sources']) : '';
+        $opts['search_mode'] = (!empty($new_opts['search_mode'])) ? wp_strip_all_tags($new_opts['search_mode']) : '';
+        $opts['search_type'] = (!empty($new_opts['search_type'])) ? wp_strip_all_tags($new_opts['search_type']) : '';
+        $opts['sort_mode'] = (!empty($new_opts['sort_mode'])) ? wp_strip_all_tags($new_opts['sort_mode']) : '';
+        $opts['link_open_mode'] = (!empty($new_opts['link_open_mode'])) ? wp_strip_all_tags($new_opts['link_open_mode']) : '';
+        $opts['link_follow'] = (!empty($new_opts['link_follow'])) ? wp_strip_all_tags($new_opts['link_follow']) : '';
+        $opts['link_type'] = (!empty($new_opts['link_type'])) ? wp_strip_all_tags($new_opts['link_type']) : '';
         $opts['show_date'] = !empty($new_opts['show_date']);
         $opts['show_source'] = !empty($new_opts['show_source']);
         $opts['show_abstract'] = !empty($new_opts['show_abstract']);
-        $opts['feed_mode'] = (!empty($new_opts['feed_mode'])) ? strip_tags($new_opts['feed_mode']) : '';
+        $opts['feed_mode'] = (!empty($new_opts['feed_mode'])) ? wp_strip_all_tags($new_opts['feed_mode']) : '';
         $opts['wp_uid'] = (!isset($new_opts['wp_uid']) || empty($new_opts['wp_uid'])) ? get_current_user_id() : $new_opts['wp_uid'];
 
@@ -923 +1001 @@
     }
 }
-    ?>
+?>

newsplugin/trunk/news-plugin.php

@@ -1 +1 @@
 <?php
-/*
-Plugin Name: NewsPlugin
-Plugin URI: http://newsplugin.com/
-Description: Create custom newsfeeds for your website. Choose keywords, number of articles and other settings, put the feed wherever you want using widgets or shortcodes, and watch the fresh relevant news headlines appear on your pages (or approve and publish them manually). You can always shape the news right from your website, remove unwanted articles or star the good ones. Thanks for using the NewsPlugin, and we hope you like it.
-Author: newsplugin.com
-Version: 1.0.18
-Author URI: http://newsplugin.com/
-*/
+
+/**
+ * Plugin Name: NewsPlugin
+ * Plugin URI: http://newsplugin.com/
+ * Description: Create custom newsfeeds for your website. Choose keywords, number of articles and  * other settings, put the feed wherever you want using widgets or shortcodes, and watch the fresh  * relevant news headlines appear on your pages (or approve and publish them manually).
+ * Author: newsplugin.com
+ * Text Domain: news_plugin
+ * Domain Path: /languages
+ * Version: 1.1.0
+ * Author URI: http://newsplugin.com/
+ *
+ * @package    WordPress
+ * @subpackage News Plugin
+ * @since 1.0.0
+ */
 
 // Prevent ourselves from being run directly.
@@ -27 +34 @@
      * Register plugin with WordPress.
      */
-    function __construct()
-    {
+    public function __construct()
+    {
+
+        add_action('init', [$this, 'localize']);
+
         // Widgets.
-        add_action('widgets_init', array($this, 'widgets_init'));
-        add_action('admin_init', array($this, 'admin_init'));
-        add_action('admin_menu', array($this, 'admin_menu'));
-        add_action('admin_init', array(&$this, 'register_help_section'));
-        add_action('admin_init', array(&$this, 'register_activation_section'));
-        add_action('admin_init', array(&$this, 'register_shortcode_section'));
-        add_action('admin_init', array(&$this, 'register_style_section'));
-        add_action('admin_init', array(&$this, 'register_feed_section'));
-        add_action('admin_init', array(&$this, 'register_status_section'));
-        add_action('admin_enqueue_scripts', array($this, 'register_admin_scripts'));
-        add_action('wp_enqueue_scripts', array($this, 'register_styles'));
-
-        add_action('admin_post_nopriv_news_plugin_save_style', array($this, 'handle_save_style'));
-        add_action('admin_post_news_plugin_save_style', array($this, 'handle_save_style'));
-        add_action('admin_post_nopriv_news_plugin_send_feedback', array($this, 'handle_send_feedback'));
-        add_action('admin_post_news_plugin_send_feedback', array($this, 'handle_send_feedback'));
-        add_action('admin_post_nopriv_news_plugin_update_system_info', array($this, 'handle_update_system_info'));
-        add_action('admin_post_news_plugin_update_system_info', array($this, 'handle_update_system_info'));
-
-        add_action('admin_init', array($this, 'refresh_plugin_version'));
-
-        register_activation_hook(__FILE__, array($this, 'userSystemCheck_create'));
-        register_deactivation_hook(__FILE__, array($this, 'userSystemCheck_deactivation'));
+        add_action('widgets_init', [$this, 'widgets_init']);
+        add_action('admin_init', [$this, 'admin_init']);
+        add_action('admin_menu', [$this, 'admin_menu']);
+        add_action('admin_init', [&$this, 'register_help_section']);
+        add_action('admin_init', [&$this, 'register_activation_section']);
+        add_action('admin_init', [&$this, 'register_shortcode_section']);
+        add_action('admin_init', [&$this, 'register_style_section']);
+        add_action('admin_init', [&$this, 'register_feed_section']);
+        add_action('admin_init', [&$this, 'register_status_section']);
+        add_action('admin_enqueue_scripts', [$this, 'register_admin_scripts']);
+        add_action('wp_enqueue_scripts', [$this, 'register_styles']);
+
+        add_action('admin_post_nopriv_news_plugin_save_style', [$this, 'handle_save_style']);
+        add_action('admin_post_news_plugin_save_style', [$this, 'handle_save_style']);
+        add_action('admin_post_nopriv_news_plugin_send_feedback', [$this, 'handle_send_feedback']);
+        add_action('admin_post_news_plugin_send_feedback', [$this, 'handle_send_feedback']);
+        add_action('admin_post_nopriv_news_plugin_update_system_info', [$this, 'handle_update_system_info']);
+        add_action('admin_post_news_plugin_update_system_info', [$this, 'handle_update_system_info']);
+
+        add_action('admin_init', [$this, 'refresh_plugin_version']);
+
+        register_activation_hook(__FILE__, [$this, 'userSystemCheck_create']);
+        register_deactivation_hook(__FILE__, [$this, 'userSystemCheck_deactivation']);
         $usc = get_option('newsPlugin_system_info');
         $api_key = get_option('news_plugin_api_key');
@@ -58 +68 @@
             !$usc ||
             !isset($usc['info_version']) || ($usc['info_version'] < News_Plugin_Utils::get_system_info_version()) ||
-            !isset($usc['api_key']) || ($usc['api_key'] != $api_key)
+            !isset($usc['api_key']) || ($usc['api_key'] !== $api_key)
         ) {
             update_option('newsPlugin_system_info', News_Plugin_Utils::get_system_info());
@@ -64 +74 @@
     }
 
-    function userSystemCheck_create()
+    /**
+     * Do on user system check creation
+     *
+     * @return void
+     */
+    public function userSystemCheck_create()
     {
         add_option('newsPlugin_system_info', News_Plugin_Utils::get_system_info());
         add_option('news_plugin_url_method', false);
     }
-    function userSystemCheck_deactivation()
+
+    /**
+     * Do on system check deactivation
+     *
+     * @return void
+     */
+    public function userSystemCheck_deactivation()
     {
         delete_option('newsPlugin_system_info');
     }
 
-    function refresh_plugin_version()
+    /**
+     * Refresh plugin version
+     *
+     * @return void
+     */
+    public function refresh_plugin_version()
     {
         if (function_exists('get_plugin_data')) {
@@ -86 +112 @@
 
     /**
+     * Load plugin textdomain
+     *
+     * @return void
+     */
+    public function localize()
+    {
+        load_plugin_textdomain('news_plugin', false, basename(dirname(__FILE__)) . '/languages');
+    }
+
+    /**
      * Register the plugin widget, widget areas and widget shorcodes.
      */
-    function widgets_init()
+    public function widgets_init()
     {
         register_widget('News_Plugin_Widget');
         for ($area = 1; $area <= 4; $area++) {
-            register_sidebar(array(
+            register_sidebar([
                 'name' => "NewsPlugin Widget Area {$area}",
                 'id' => "newsplugin_widgets_{$area}",
@@ -98 +134 @@
                 'before_widget' => '<div id="%1$s" class="widget %2$s">',
                 'after_widget' => '</div>'
-            ));
+            ]);
         }
-        add_shortcode('newsplugin_widgets', array($this, 'widget_area_shortcode'));
-        add_shortcode('newsplugin_feed', array($this, 'feed_shortcode'));
+        add_shortcode('newsplugin_widgets', [$this, 'widget_area_shortcode']);
+        add_shortcode('newsplugin_feed', [$this, 'feed_shortcode']);
     }
 
     /**
      * Process the widget area shortcode.
-     */
-    function widget_area_shortcode($attrs)
-    {
-        $a = shortcode_atts(array('area' => '1'), $attrs);
+     *
+     * @param array $attrs Attributes.
+     * @return string|false
+     */
+    public function widget_area_shortcode($attrs)
+    {
+        $a = shortcode_atts(['area' => '1'], $attrs);
         $sidebar = "newsplugin_widgets_{$a['area']}";
         ob_start();
@@ -121 +160 @@
 
 
-    //[feed_shortcode title="" keywords="News" count="" age="" sources="" excluded_sources="" search_mode="" search_type="" sort_mode="" link_type="" show_date="" show_source="" show_abstract="" feed_mode=""]
+    // [feed_shortcode title="" keywords="News" count="" age="" sources="" excluded_sources="" search_mode="" search_type="" sort_mode="" link_type="" show_date="" show_source="" show_abstract="" feed_mode=""]
 
     /**
      * Process the newsfeed shortcode.
-     */
-    function feed_shortcode($attrs)
-    {
-        $attrs = shortcode_atts(array(
+     *
+     * @param array $attrs Attributes.
+     * @return string|false
+     */
+    public function feed_shortcode($attrs)
+    {
+        $attrs = shortcode_atts([
             'id' => '',
             'title' => '',
@@ -147 +189 @@
             'feed_mode' => '',
             'wp_uid' => ''
-        ), $attrs);
+        ], $attrs);
         $newswid = new News_Plugin_Widget();
-        $a = $newswid->update($attrs, array());
+        $a = $newswid->update($attrs, []);
         $a['id'] = $attrs['id'];
         ob_start();
-        the_widget('News_Plugin_Widget', $a, array());
+        the_widget('News_Plugin_Widget', $a, []);
         return ob_get_clean();
     }
@@ -159 +201 @@
      * Register the plugin CSS style.
      */
-    function register_styles()
-    {
-        wp_register_style('news-plugin', plugin_dir_url(__FILE__) . 'assets/css/news-plugin.css', array(), "0.1");
+    public function register_styles()
+    {
+        wp_register_style('news-plugin', plugin_dir_url(__FILE__) . 'assets/css/news-plugin.css', [], "0.1");
         wp_enqueue_style('news-plugin');
     }
 
-    function register_admin_scripts()
+    /**
+     * Register admin scripts
+     *
+     * @return void
+     */
+    public function register_admin_scripts()
     {
         $assets_path = plugin_dir_url(__FILE__) . 'assets/';
+        // phpcs:ignore WordPress.WP.EnqueuedResourceParameters.MissingVersion
         wp_enqueue_style('news-plugin', $assets_path . 'css/news-plugin.css');
-        wp_enqueue_script('news-plugin', $assets_path . 'js/jscolor.min.js');
+        // phpcs:ignore WordPress.WP.EnqueuedResourceParameters.MissingVersion, WordPress.WP.EnqueuedResourceParameters.NoExplicitVersion
+        wp_enqueue_script('news-plugin', $assets_path . 'js/jscolor.min.js', [], false, true);
     }
 
@@ -175 +224 @@
      * Register the plugin options.
      */
-    function admin_init()
+    public function admin_init()
     {
         add_settings_section(
             'default',
-            NULL,
-            NULL,
+            null,
+            null,
             'news-plugin-settings'
         );
@@ -187 +236 @@
             'news_plugin_api_key',
             __('Activation Key:', 'news_plugin'),
-            array($this, 'settings_api_key'),
+            [$this, 'settings_api_key'],
             'news-plugin-settings',
             'default'
@@ -194 +243 @@
             'news-plugin-settings',
             'news_plugin_api_key',
-            array($this, 'validate_api_key')
+            [$this, 'validate_api_key']
         );
 
-        /* Disable User Mode for now.
-       add_settings_field(
-           'news_plugin_user_mode',
-           __('Choose User Mode:','news_plugin'),
-           array( $this, 'settings_user_mode' ),
-           'news-plugin-settings',
-           'default'
-       );
-       register_setting(
-           'news-plugin-settings',
-           'news_plugin_user_mode',
-           array( $this, 'validate_user_mode' )
-       );
-       */
+        /*
+         Disable User Mode for now.
+       add_settings_field(
+           'news_plugin_user_mode',
+           __('Choose User Mode:','news_plugin'),
+           array( $this, 'settings_user_mode' ),
+           'news-plugin-settings',
+           'default'
+       );
+       register_setting(
+           'news-plugin-settings',
+           'news_plugin_user_mode',
+           array( $this, 'validate_user_mode' )
+       );
+       */
     }
 
@@ -216 +266 @@
      * Register the plugin menu.
      */
-    function admin_menu()
+    public function admin_menu()
     {
         add_menu_page(
@@ -223 +273 @@
             'manage_options',
             'news-plugin-settings',
-            array($this, 'newsplugin_options_page'),
+            [$this, 'newsplugin_options_page'],
             'dashicons-megaphone',
             '3'
         );
-        add_filter('plugin_action_links_' . plugin_basename(__FILE__), array($this, 'add_action_links'));
+        add_filter('plugin_action_links_' . plugin_basename(__FILE__), [$this, 'add_action_links']);
     }
 
@@ -235 +285 @@
      * when registering settings
      */
-    private $status_settings_key = 'newsplugin_status_settings';
+    /**
+     * Key - $status
+     *
+     * @var string
+     */
+     private $status_settings_key = 'newsplugin_status_settings';
+    /**
+     * Key - feed
+     *
+     * @var string
+     */
     private $feed_settings_key = 'newsplugin_feed_settings';
+    /**
+     * Key - style
+     *
+     * @var string
+     */
     private $style_settings_key = 'newsplugin_style_settings';
+    /**
+     * Key - activation
+     *
+     * @var string
+     */
     private $activation_settings_key = 'newsplugin_activation_settings';
+    /**
+     * Key - shortcode
+     *
+     * @var string
+     */
     private $shortcode_settings_key = 'newsplugin_shortcode_settings';
+    /**
+     * Key - help
+     *
+     * @var string
+     */
     private $help_settings_key = 'newsplugin_help_settings';
+    /**
+     * Key - key
+     *
+     * @var string
+     */
     private $plugin_options_key = 'news-plugin-settings';
-    private $plugin_settings_tabs = array();
-
-    /*
-     * Registering the sections.
-     */
-    function register_status_section()
+    /**
+     * Key - tabs
+     *
+     * @var array
+     */
+    private $plugin_settings_tabs = [];
+
+    /**
+     * Registering the sections - status
+     *
+     * @return void
+     */
+    public function register_status_section()
     {
         $this->plugin_settings_tabs[$this->status_settings_key] = 'Server Information';
     }
-    function register_feed_section()
+    /**
+     * Registering the sections - feed
+     *
+     * @return void
+     */
+    public function register_feed_section()
     {
         $this->plugin_settings_tabs[$this->feed_settings_key] = 'Send Feedback';
     }
-    function register_style_section()
+    /**
+     * Registering the sections - style
+     *
+     * @return void
+     */
+    public function register_style_section()
     {
         $this->plugin_settings_tabs[$this->style_settings_key] = 'Customize Styles';
     }
-    function register_activation_section()
+    /**
+     * Registering the sections - activation
+     *
+     * @return void
+     */
+    public function register_activation_section()
     {
         $this->plugin_settings_tabs[$this->activation_settings_key] = 'Activate NewsPlugin';
     }
-    function register_shortcode_section()
+    /**
+     * Registering the sections - shortcode
+     *
+     * @return void
+     */
+    public function register_shortcode_section()
     {
         $this->plugin_settings_tabs[$this->shortcode_settings_key] = 'Generate Shortcode';
     }
-    function register_help_section()
+    /**
+     * Registering the sections - help
+     *
+     * @return void
+     */
+    public function register_help_section()
     {
         $this->plugin_settings_tabs[$this->help_settings_key] = 'Instructions!';
     }
 
-    function get_with_default($arr, $a, $b, $def)
-    { /* Grrr this should be language construct ... oh. It will be. PHP 7. https://wiki.php.net/rfc/isset_ternary */
+    /**
+     * Get value with default
+     *
+     * @param array  $arr Array.
+     * @param string $a First index.
+     * @param string $b Second index.
+     * @param mixed  $def Default.
+     * @return mixed
+     */
+    public function get_with_default($arr, $a, $b, $def)
+    {
+ /* Grrr this should be language construct ... oh. It will be. PHP 7. https://wiki.php.net/rfc/isset_ternary */
         if (!is_array($arr)) {
             return $def;
@@ -286 +413 @@
     }
 
-    /*
+    /**
      * Plugin Options page rendering goes here, checks
      * for active tab and replaces key with the related
      * settings key. Uses the plugin_options_tabs method
      * to render the tabs.
-     */
-    function newsplugin_options_page()
-    {
-        $tab = isset($_GET['tab']) ? $_GET['tab'] : $this->help_settings_key;
-?>
+     *
+     * @return void
+     */
+    public function newsplugin_options_page()
+    {
+
+        // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+        $tab = isset($_GET['tab']) ? sanitize_title_with_dashes(wp_unslash($_GET['tab'])) : $this->help_settings_key;
+        ?>
         <div class="wrap">
             <h2>NewsPlugin Settings</h2>
@@ -302 +433 @@
             if (empty($key)) { ?>
                 <div class="error">
-                    <p><a href="<?php echo admin_url('admin.php?page=news-plugin-settings&tab=newsplugin_activation_settings'); ?>">Add Activation Key</a> to the NewsPlugin. Otherwise, the generated shortcodes or NewsPlugin widgets will not work!</p>
+                    <p><a href="<?php echo esc_url(admin_url('admin.php?page=news-plugin-settings&tab=newsplugin_activation_settings')); ?>">Add Activation Key</a> to the NewsPlugin. Otherwise, the generated shortcodes or NewsPlugin widgets will not work!</p>
                 </div>
             <?php } ?>
@@ -312 +443 @@
                     <?php submit_button(); ?>
                 </form>
-            <?php } else if ($tab === $this->shortcode_settings_key && !empty($key)) { ?>
+            <?php } elseif ($tab === $this->shortcode_settings_key && !empty($key)) { ?>
                 <table id="shortcodeTable" class="form-table">
                     <tr>
@@ -546 +677 @@
                             shortcode_params += " age='" + newsplugin_age + "'";
                         }
-                        shortcode_params += " wp_uid='<?php echo get_current_user_id(); ?>'";
+                        shortcode_params += " wp_uid='<?php echo esc_attr(get_current_user_id()); ?>'";
                         var html = "<p>Press Ctrl+C to copy to clipboard and paste it in your posts or pages.</p>";
                         html += "<p><textarea id='shortcode-field' onfocus='this.select()' onclick='this.select()' readonly='readonly' style='width:400px; height:200px; max-width:400px; max-height:200px; min-width:400px; min-height:200px;'>[newsplugin_feed id='" + new Date().valueOf() + "'" + shortcode_params + "]</textarea></p>";
@@ -555 +686 @@
                     }
                 </script>
-            <?php } else if ($tab === $this->help_settings_key) { ?>
+            <?php } elseif ($tab === $this->help_settings_key) { ?>
                 <h3>Instructions</h3>
                 <p>Please read the instructions below carefully to easily setup and use the NewsPlugin.</p>
-                <p><strong>1. Enter Activation Key:</strong><br>First of all, enter your Activation Key in the <a href="<?php echo admin_url('admin.php?page=news-plugin-settings&tab=' . $this->activation_settings_key) ?>">Activate</a> tab.</p>
-                <p><strong>2. Create Newsfeeds:</strong><br>Create your newsfeed by generating a shortcode from <a href="<?php echo admin_url('admin.php?page=news-plugin-settings&tab=' . $this->shortcode_settings_key) ?>">Generate Shortcode</a> tab. Put that shortcode in posts or pages where you want to display your newsfeed.<br>OR<br>create your newsfeed from <a href="<?php echo admin_url('widgets.php') ?>">Appearance &gt; Widgets</a>. From the widgets panel drag the "NewsPlugin" widget to the desired sidebar or widget area where you want to show your newsfeed. Edit the widget features to create/edit your newsfeed. Choose the name, number of headlines, keywords and other settings.</p>
+                <p><strong>1. Enter Activation Key:</strong><br>First of all, enter your Activation Key in the <a href="<?php echo esc_url(admin_url('admin.php?page=news-plugin-settings&tab=' . $this->activation_settings_key)); ?>">Activate</a> tab.</p>
+                <p><strong>2. Create Newsfeeds:</strong><br>Create your newsfeed by generating a shortcode from <a href="<?php echo esc_url(admin_url('admin.php?page=news-plugin-settings&tab=' . $this->shortcode_settings_key)); ?>">Generate Shortcode</a> tab. Put that shortcode in posts or pages where you want to display your newsfeed.<br>OR<br>create your newsfeed from <a href="<?php echo esc_url(admin_url('widgets.php')); ?>">Appearance &gt; Widgets</a>. From the widgets panel drag the "NewsPlugin" widget to the desired sidebar or widget area where you want to show your newsfeed. Edit the widget features to create/edit your newsfeed. Choose the name, number of headlines, keywords and other settings.</p>
                 <p><strong>3. Edit Headlines (if you want to):</strong><br>You can remove unwanted headlines or star the good ones right from your site. Note that you must be logged in to WordPress as an administrator or an editor to see the 'Edit Newsfeed Mode' link on your page (next to your newsfeed).</p>
                 <h3>Support</h3>
@@ -569 +700 @@
                 $style_news = get_user_meta($userID, 'news_style_dashbord_style', 'true');
 
-                $font_family = array();
-                $font_family = array("Arial", "Cambria", "Algerian", "Copperplate", "Lucida Console", "Times New Roman", "Impact", "Monaco", "Georgia", "Optima");
-            ?>
-                <h3>Style news plugin widgets created by user <?php echo $user->display_name; ?></h3>
+                $font_family = [];
+                $font_family = ["Arial", "Cambria", "Algerian", "Copperplate", "Lucida Console", "Times New Roman", "Impact", "Monaco", "Georgia", "Optima"];
+                ?>
+                <h3>Style news plugin widgets created by user <?php echo esc_html($user->display_name); ?></h3>
                 <div class="news-row-style">
                     <div class="style_left">
                         <form action="<?php echo esc_url(admin_url('admin-post.php')); ?>" method="post">
+                            <?php wp_nonce_field('news_plugin_save_style', 'news_plugin_save_style_field'); ?>
                             <input type="hidden" name="action" value="news_plugin_save_style">
                             <h3>Newsfeed Title</h3>
                             <h4>Color</h4>
                             <?php
-                            echo '<input class="jscolor" name="title_color" id="title_color" type="text" value="' . $this->get_with_default($style_news, 'newsfeed_title', 'color', '') . '" /><br>';
+                            echo '<input class="jscolor" name="title_color" id="title_color" type="text" value="' . esc_attr($this->get_with_default($style_news, 'newsfeed_title', 'color', '')) . '" /><br>';
                             echo '<h4>Size</h4>';
                             echo '<select name="title_size" id="title_size">';
                             $v = $this->get_with_default($style_news, 'newsfeed_title', 'size', '');
-                            echo '<option value="' . $v . '">' . $v . '</option>';
+                            echo '<option value="' . esc_attr($v) . '">' . esc_html($v) . '</option>';
                             for ($i = 10; $i <= 50; $i++) {
-                                if ($i == $v) {
+                                if ($i === $v) {
                                 } else {
-                                    echo '<option value="' . $i . '">' . $i . '</option>';
+                                    echo '<option value="' . esc_attr($i) . '">' . esc_html($i) . '</option>';
                                 }
                             }
@@ -595 +727 @@
                             echo '<select name="title_font" id="title_font">';
                             $v = $this->get_with_default($style_news, 'newsfeed_title', 'font_family', '');
-                            echo '<option value="' . $v . '">' . $v . '</option>';
+                            echo '<option value="' . esc_attr($v) . '">' . esc_html($v) . '</option>';
                             if ($v) {
                                 echo '<option value="">Unchanged (theme default)</option>';
                             }
                             foreach ($font_family as $fonts) {
-                                if ($fonts == $v) {
+                                if ($fonts === $v) {
                                 } else {
-                                    echo '<option value="' . $fonts . '">' . $fonts . '</option>';
+                                    echo '<option value="' . esc_attr($fonts) . '">' . esc_html($fonts) . '</option>';
                                 }
                             }
@@ -608 +740 @@
                             echo '<h3>Article Headline</h3>';
                             echo '<h4>Color</h4>';
-                            echo '<input class="jscolor" name="news_title_color" id="news_title_color" type="text" value="' . $this->get_with_default($style_news, 'article_headline', 'color', '') . '" /><br>';
+                            echo '<input class="jscolor" name="news_title_color" id="news_title_color" type="text" value="' . esc_attr($this->get_with_default($style_news, 'article_headline', 'color', '')) . '" /><br>';
                             echo '<h4>Size</h4>';
                             echo '<select name="news_title_size" id="news_title_size">';
                             $v = $this->get_with_default($style_news, 'article_headline', 'size', '');
-                            echo '<option value="' . $v . '">' . $v . '</option>';
+                            echo '<option value="' . esc_attr($v) . '">' . esc_html($v) . '</option>';
                             for ($i = 10; $i <= 50; $i++) {
-                                if ($i == $v) {
+                                if ($i === $v) {
                                 } else {
-                                    echo '<option value="' . $i . '">' . $i . '</option>';
+                                    echo '<option value="' . esc_attr($i) . '">' . esc_html($i) . '</option>';
                                 }
                             }
@@ -623 +755 @@
                             echo '<select name="news_title_family" id="news_title_family">';
                             $v = $this->get_with_default($style_news, 'article_headline', 'font_family', '');
-                            echo '<option value="' . $v . '">' . $v . '</option>';
+                            echo '<option value="' . esc_attr($v) . '">' . esc_html($v) . '</option>';
                             if ($v) {
                                 echo '<option value="">Unchanged (theme default)</option>';
                             }
                             foreach ($font_family as $fonts) {
-                                if ($fonts == $v) {
+                                if ($fonts === $v) {
                                 } else {
-                                    echo '<option value="' . $fonts . '">' . $fonts . '</option>';
+                                    echo '<option value="' . esc_attr($fonts) . '">' . esc_html($fonts) . '</option>';
                                 }
                             }
@@ -636 +768 @@
                             echo '<h3>Article Abstract</h3>';
                             echo '<h4>Color</h4>';
-                            echo '<input class="jscolor" name="abstract_font_color" id="abstract_font_color" type="text" value="' . $this->get_with_default($style_news, 'article_abstract', 'color', '') . '" /><br>';
+                            echo '<input class="jscolor" name="abstract_font_color" id="abstract_font_color" type="text" value="' . esc_attr($this->get_with_default($style_news, 'article_abstract', 'color', '')) . '" /><br>';
                             echo '<h4>Size</h4>';
                             echo '<select name="abstract_font_size" id="abstract_font_size">';
                             $v = $this->get_with_default($style_news, 'article_abstract', 'size', '');
-                            echo '<option value="' . $v . '">' . $v . '</option>';
+                            echo '<option value="' . esc_attr($v) . '">' . esc_html($v) . '</option>';
                             for ($i = 10; $i <= 50; $i++) {
-                                if ($i == $v) {
+                                if ($i === $v) {
                                 } else {
-                                    echo '<option value="' . $i . '">' . $i . '</option>';
+                                    echo '<option value="' . esc_attr($i) . '">' . esc_html($i) . '</option>';
                                 }
                             }
@@ -651 +783 @@
                             echo '<select name="abstract_font_family" id="abstract_font_family">';
                             $v = $this->get_with_default($style_news, 'article_abstract', 'font_family', '');
-                            echo '<option value="' . $v . '">' . $v . '</option>';
+                            echo '<option value="' . esc_attr($v) . '">' . esc_html($v) . '</option>';
                             if ($v) {
                                 echo '<option value="">Unchanged (theme default)</option>';
                             }
                             foreach ($font_family as $fonts) {
-                                if ($fonts == $v) {
+                                if ($fonts === $v) {
                                 } else {
-                                    echo '<option value="' . $fonts . '">' . $fonts . '</option>';
+                                    echo '<option value="' . esc_attr($fonts) . '">' . esc_html($fonts) . '</option>';
                                 }
                             }
@@ -668 +800 @@
                             echo '<h4>Color</h4>';
 
-                            echo '<input class="jscolor" name="news_date_color" id="news_date_color" type="text" value="' . $this->get_with_default($style_news, 'article_date', 'color', '') . '" /><br>';
+                            echo '<input class="jscolor" name="news_date_color" id="news_date_color" type="text" value="' . esc_attr($this->get_with_default($style_news, 'article_date', 'color', '')) . '" /><br>';
 
                             echo '<h4>Size</h4>';
@@ -675 +807 @@
 
                             $v = $this->get_with_default($style_news, 'article_date', 'size', '');
-                            echo '<option value="' . $v . '">' . $v . '</option>';
+                            echo '<option value="' . esc_attr($v) . '">' . esc_html($v) . '</option>';
 
                             for ($i = 10; $i <= 50; $i++) {
-
-                                if ($i == $v) {
+                                if ($i === $v) {
                                 } else {
-
-                                    echo '<option value="' . $i . '">' . $i . '</option>';
+                                    echo '<option value="' . esc_attr($i) . '">' . esc_html($i) . '</option>';
                                 }
                             }
@@ -690 +820 @@
                             echo '<select name="date_font" id="date_font">';
                             $v = $this->get_with_default($style_news, 'article_date', 'font_family', '');
-                            echo '<option value="' . $v . '">' . $v . '</option>';
+                            echo '<option value="' . esc_attr($v) . '">' . esc_html($v) . '</option>';
                             if ($v) {
                                 echo '<option value="">Unchanged (theme default)</option>';
                             }
                             foreach ($font_family as $fonts) {
-                                if ($fonts == $v) {
+                                if ($fonts === $v) {
                                 } else {
-                                    echo '<option value="' . $fonts . '">' . $fonts . '</option>';
+                                    echo '<option value="' . esc_attr($fonts) . '">' . esc_html($fonts) . '</option>';
                                 }
                             }
@@ -706 +836 @@
                             echo '<h4>Color</h4>';
 
-                            echo '<input class="jscolor" name="source_color" id="source_color" type="text" value="' . $this->get_with_default($style_news, 'article_sources', 'color', '') . '" /><br>';
+                            echo '<input class="jscolor" name="source_color" id="source_color" type="text" value="' . esc_attr($this->get_with_default($style_news, 'article_sources', 'color', '')) . '" /><br>';
 
                             echo '<h4>Size</h4>';
@@ -713 +843 @@
 
                             $v = $this->get_with_default($style_news, 'article_sources', 'size', '');
-                            echo '<option value="' . $v . '">' . $v . '</option>';
+                            echo '<option value="' . esc_attr($v) . '">' . esc_html($v) . '</option>';
 
                             for ($i = 10; $i <= 50; $i++) {
-
-                                if ($i == $v) {
+                                if ($i === $v) {
                                 } else {
-
-                                    echo '<option value="' . $i . '">' . $i . '</option>';
+                                    echo '<option value="' . esc_attr($i) . '">' . esc_html($i) . '</option>';
                                 }
                             }
@@ -728 +856 @@
                             echo '<select name="source_font" id="source_font">';
                             $v = $this->get_with_default($style_news, 'article_sources', 'font_family', '');
-                            echo '<option value="' . $v . '">' . $v . '</option>';
+                            echo '<option value="' . esc_attr($v) . '">' . esc_html($v) . '</option>';
                             if ($v) {
                                 echo '<option value="">Unchanged (theme default)</option>';
                             }
                             foreach ($font_family as $fonts) {
-                                if ($fonts == $v) {
+                                if ($fonts === $v) {
                                 } else {
-                                    echo '<option value="' . $fonts . '">' . $fonts . '</option>';
+                                    echo '<option value="' . esc_attr($fonts) . '">' . esc_html($fonts) . '</option>';
                                 }
                             }
@@ -751 +879 @@
                             ?>
 
-                        <?php } elseif ($tab === $this->feed_settings_key) {
+            <?php } elseif ($tab === $this->feed_settings_key) {
                         echo '<div class="feeds-row-style">';
                         echo '<div>';
-                        if (isset($_GET['status'])) {
-                            if ($_GET['status'] == 1) {
-                                echo '<span><h3>Your message has been sent.<br/>Thank you.</h3></span>';
-                            } else {
-                                echo '<span><h3>Error sending message. Please use the form at <a href="https://www.newsplugin.com/contact/">https://www.newsplugin.com/contact/</a>, don' . "'" . 't forget to include the server informations and mention that the plugin feedback page failed.</span></h3>';
-                            }
-                        } ?>
+                // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+                if (isset($_GET['status'])) {
+                    // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+                    if (intval($_GET['status']) === 1) {
+                        echo '<span><h3>Your message has been sent.<br/>Thank you.</h3></span>';
+                    } else {
+                        echo '<span><h3>Error sending message. Please use the form at <a href="https://www.newsplugin.com/contact/">https://www.newsplugin.com/contact/</a>, don' . "'" . 't forget to include the server informations and mention that the plugin feedback page failed.</span></h3>';
+                    }
+                } ?>
                     </div>
                     <form action="<?php echo esc_url(admin_url('admin-post.php')); ?>" method="post" id="feed_form">
+                        <?php wp_nonce_field('news_plugin_send_feedback', 'news_plugin_send_feedback_field'); ?>
                         <input type="hidden" name="action" value="news_plugin_send_feedback">
                         <div class="feed_left">
-                            <h3>From</h3><?php
-                                            if ($user_info = News_Plugin_Utils::get_user_info()) {
-                                                $email = $user_info->email;
-                                            } else {
-                                                $email = '';
-                                            }
-                                            echo '<input class="text notsobig" name="feed_from" id="feed_from" type="email" size="64" value="' . $email . '"/><br>';
+                            <h3><?php esc_html_e('Email', 'news_plugin'); ?></h3><?php
+                            $user_info = News_Plugin_Utils::get_user_info();
+                            if ($user_info) {
+                                $email = $user_info->email;
+                            } else {
+                                $email = '';
+                            }
+                                            echo '<input class="text notsobig" name="feed_from" id="feed_from" type="email" size="64" value="' . esc_attr($email) . '"/><br>';
                                             echo '<h3>Subject</h3>';
                                             echo '<input class="text notsobig" name="feed_subject" id="feed_subject" type="text" size="64" /><br>';
                                             echo '<h3>Description</h3>';
                                             echo '<textarea form="feed_form" class="notsobig" name="feed_desc" id="taid" cols="64" rows="10">';
-                                            /* echo '<div id="sys_status_data">';
-                echo '</div>'; */
                                             echo '</textarea><br>';
                                             echo '<p class="submit">';
@@ -799 +929 @@
 
                                             $results = get_option('newsPlugin_system_info');
-                                            foreach ($results['wordpress_env'] as $key => $value) {
-                                                $key_Name = str_replace('_', ' ', $key);
-                                                echo '<tr>
-                            <td data-export-label="' . $key . '">' . strtoupper($key_Name) . ' :</td>
-                            <td>' . $value . '</td>
+                            foreach ($results['wordpress_env'] as $key => $value) {
+                                $key_Name = str_replace('_', ' ', $key);
+                                echo '<tr>
+                            <td data-export-label="' . esc_attr($key) . '">' . esc_html(strtoupper($key_Name)) . ' :</td>
+                            <td>' . esc_html($value) . '</td>
                         </tr>';
-                                            }
-                                            foreach ($results['system_env'] as $key => $value) {
-                                                $key_Name = str_replace('_', ' ', $key);
-                                                echo '<tr>
-                            <td data-export-label="' . $key . '">' . strtoupper($key_Name) . ' :</td>
-                            <td>' . $value . '</td>
+                            }
+                            foreach ($results['system_env'] as $key => $value) {
+                                $key_Name = str_replace('_', ' ', $key);
+                                echo '<tr>
+                            <td data-export-label="' . esc_attr($key) . '">' . esc_html(strtoupper($key_Name)) . ' :</td>
+                            <td>' . esc_html($value) . '</td>
                         </tr>';
-                                            }
-                                            foreach ($results['newsplugin_env'] as $key => $value) {
-                                                $key_Name = str_replace('_', ' ', $key);
-                                                echo '<tr>
-                            <td data-export-label="' . $key . '">' . strtoupper($key_Name) . ' :</td>
-                            <td>' . $value . '</td>
+                            }
+                            foreach ($results['newsplugin_env'] as $key => $value) {
+                                $key_Name = str_replace('_', ' ', $key);
+                                echo '<tr>
+                            <td data-export-label="' . esc_attr($key) . '">' . esc_html(strtoupper($key_Name)) . ' :</td>
+                            <td>' . esc_html($value) . '</td>
                         </tr>';
-                                            }
+                            }
 
                                             echo '</tbody>';
@@ -826 +956 @@
                                             echo '<div class="log_div">';
                                             $myfilename = plugin_dir_url(__FILE__) . "logs/plugin-logs.txt";
+                                            // phpcs:ignore WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents
                                             $content = file_exists($myfilename) ? file_get_contents($myfilename) : false;
                                             $v = ($content === false) ? '' : ' checked="checked"';
-                                            echo '<h2><input type="checkbox" id="errors_div" onclick="showError(this)"' . $v . '/> Include Custom Logs</h2>';
+                                            echo '<h2><input type="checkbox" id="errors_div" onclick="showError(this)"' . esc_html($v) . '/> Include Custom Logs</h2>';
                                             echo '</div>';
                                             echo '<div class="feed_system_preview" id="error_show_div">';
-                                            echo '<textarea id="errors_logs" name="noLog_errors" form="feed_form" style="display:none;">"' . $content . '"</textarea>';
-                                            if ($content !== false) {
-                                                echo '<p><strong>"' . $content . '"</strong></p>';
-                                            }
+                                            echo '<textarea id="errors_logs" name="noLog_errors" form="feed_form" style="display:none;">"' . esc_html($content) . '"</textarea>';
+                            if ($content !== false) {
+                                echo '<p><strong>"' . esc_html($content) . '"</strong></p>';
+                            }
                                             echo '</div>';
                                             echo '</div>';
@@ -840 +971 @@
 
                                             echo '</div>';
-                                            ?>
+                            ?>
                             <script>
                                 function showDiv(box) {
@@ -867 +998 @@
                             </script>
 
-                        <?php } elseif ($tab === $this->status_settings_key) { ?>
+            <?php } elseif ($tab === $this->status_settings_key) { ?>
                             <form action="<?php echo esc_url(admin_url('admin-post.php')); ?>" method="post">
+                                <?php wp_nonce_field('news_plugin_update_system_info'); ?>
                                 <input type="hidden" name="action" value="news_plugin_update_system_info">
                                 <p class="submit">
@@ -882 +1014 @@
                                         $key_Name = str_replace('_', ' ', $key);
                                         echo '<tr>
-                            <td data-export-label="' . $key . '">' . strtoupper($key_Name) . ' :</td>
-                            <td>' . $value . '</td>
+                            <td data-export-label="' . esc_attr($key) . '">' . esc_html(strtoupper($key_Name)) . ' :</td>
+                            <td>' . esc_html($value) . '</td>
                         </tr>';
                                     }
@@ -890 +1022 @@
                                         $key_Name = str_replace('_', ' ', $key);
                                         echo '<tr>
-                            <td data-export-label="' . $key . '">' . strtoupper($key_Name) . ' :</td>
-                            <td>' . $value . '</td>
+                            <td data-export-label="' . esc_attr($key) . '">' . esc_html(strtoupper($key_Name)) . ' :</td>
+                            <td>' . esc_html($value) . '</td>
                         </tr>';
                                     }
@@ -898 +1030 @@
                                         $key_Name = str_replace('_', ' ', $key);
                                         echo '<tr>
-                            <td data-export-label="' . $key . '">' . strtoupper($key_Name) . ' :</td>
-                            <td>' . $value . '</td>
+                            <td data-export-label="' . esc_attr($key) . '">' . esc_html(strtoupper($key_Name)) . ' :</td>
+                            <td>' . esc_html($value) . '</td>
                         </tr>';
                                     }
@@ -906 +1038 @@
 
                                     ?>
-                                <?php } ?>
+            <?php } ?>
                         </div>
                 <?php
-            }
-
-            /*
+    }
+
+    /**
      * Renders our tabs in the plugin options page,
      * walks through the object's tabs array and prints
      * them one by one. Provides the heading for the
      * plugin_options_page method.
-     */
-            function newsplugin_options_tabs($current_tab)
-            {
-                echo '<h2 class="nav-tab-wrapper">';
-                foreach ($this->plugin_settings_tabs as $tab_key => $tab_caption) {
-                    $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
-                    echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->plugin_options_key . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
-                }
-                echo '</h2>';
-            }
-
-            /**
-             * Add link to the options page to the plugin action links.
-             */
-            function add_action_links($default_links)
-            {
-                $links = array(
-                    '<a href="' . admin_url('admin.php?page=news-plugin-settings') . '">Settings</a>',
-                );
-                return array_merge($links, $default_links);
-            }
-
-            /**
-             * Render the API key settings.
-             */
-            function settings_api_key()
-            {
-                $v = get_option('news_plugin_api_key');
-                echo '<input class="regular-text" name="news_plugin_api_key" id="news_plugin_api_key" type="text" size="64" value="' . esc_attr($v) . '" />';
-                echo '<p class="description">';
-                echo 'You can get it at <a href="http://my.newsplugin.com/register" target="_blank">http://my.newsplugin.com/register</a>.';
-                echo '</p>';
-            }
-
-            /**
-             * Validate the API key settings.
-             */
-            function validate_api_key($input)
-            {
-                return sanitize_text_field($input);
-            }
-
-            /**
-             * Render the user mode settings.
-             */
-            function settings_user_mode()
-            {
-                $v = get_option('news_plugin_user_mode');
-                echo '<p>';
-                echo '<input type="radio" name="news_plugin_user_mode" id="news_plugin_user_mode_0" value="0"', ($v == 0 ? ' checked="checked"' : ''), '>';
-                echo '<label for="news_plugin_user_mode_0">Basic - Simple &amp; easy way to start with.</label>';
-                echo '<br>';
-                echo '<input type="radio" name="news_plugin_user_mode" id="news_plugin_user_mode_1" value="1"', ($v == 1 ? ' checked="checked"' : ''), '>';
-                echo '<label for="news_plugin_user_mode_1">Advanced - More features for advanced users.</label>';
-                echo '<br>';
-                echo '<input type="radio" name="news_plugin_user_mode" id="news_plugin_user_mode_2" value="2"', ($v == 2 ? ' checked="checked"' : ''), '>';
-                echo '<label for="news_plugin_user_mode_2">Expert - Manual publishing mode for professionals.</label>';
-                echo '</p>';
-            }
-
-            /**
-             * Validate the user mode settings.
-             */
-            function validate_user_mode($input)
-            {
-                $v = absint($input);
-                return ($v < 3 ? $v : 0);
-            }
-
-            function handle_update_system_info()
-            {
-                update_option('newsPlugin_system_info', News_Plugin_Utils::get_system_info());
-                $redirect = admin_url('admin.php') . '?page=news-plugin-settings&tab=newsplugin_status_settings';
-                wp_redirect($redirect);
-            }
-            function handle_save_style()
-            {
-                include(plugin_dir_path(__FILE__) . 'save_style.php');
-            }
-            function handle_send_feedback()
-            {
-                include(plugin_dir_path(__FILE__) . 'send_feedback.php');
-            }
+     *
+     * @param string $current_tab Current tab ID.
+     * @return void
+     */
+    public function newsplugin_options_tabs($current_tab)
+    {
+        echo '<h2 class="nav-tab-wrapper">';
+        foreach ($this->plugin_settings_tabs as $tab_key => $tab_caption) {
+            $active = $current_tab === $tab_key ? 'nav-tab-active' : '';
+            echo '<a class="nav-tab ' . esc_attr($active) . '" href="?page=' . esc_attr($this->plugin_options_key) . '&tab=' . esc_attr($tab_key) . '">' . esc_html($tab_caption) . '</a>';
         }
-
-        // Hook ourselves into the Wordpress.
+        echo '</h2>';
+    }
+
+    /**
+     * Add link to the options page to the plugin action links.
+     *
+     * @param array $default_links Default links.
+     * @return array
+     */
+    public function add_action_links($default_links)
+    {
+        $links = [
+            '<a href="' . admin_url('admin.php?page=news-plugin-settings') . '">Settings</a>',
+        ];
+        return array_merge($links, $default_links);
+    }
+
+    /**
+     * Render the API key settings.
+     */
+    public function settings_api_key()
+    {
+        $v = get_option('news_plugin_api_key');
+        echo '<input class="regular-text" name="news_plugin_api_key" id="news_plugin_api_key" type="text" size="64" value="' . esc_attr($v) . '" />';
+        echo '<p class="description">';
+        echo 'You can get it at <a href="http://my.newsplugin.com/register" target="_blank">http://my.newsplugin.com/register</a>.';
+        echo '</p>';
+    }
+
+    /**
+     * Validate the API key settings.
+     *
+     * @param string $input API key.
+     * @return string
+     */
+    public function validate_api_key($input)
+    {
+        return sanitize_text_field($input);
+    }
+
+    /**
+     * Render the user mode settings.
+     */
+    public function settings_user_mode()
+    {
+        $v = get_option('news_plugin_user_mode');
+        echo '<p>';
+        echo '<input type="radio" name="news_plugin_user_mode" id="news_plugin_user_mode_0" value="0"', ($v === 0 ? ' checked="checked"' : ''), '>';
+        echo '<label for="news_plugin_user_mode_0">Basic - Simple &amp; easy way to start with.</label>';
+        echo '<br>';
+        echo '<input type="radio" name="news_plugin_user_mode" id="news_plugin_user_mode_1" value="1"', ($v === 1 ? ' checked="checked"' : ''), '>';
+        echo '<label for="news_plugin_user_mode_1">Advanced - More features for advanced users.</label>';
+        echo '<br>';
+        echo '<input type="radio" name="news_plugin_user_mode" id="news_plugin_user_mode_2" value="2"', ($v === 2 ? ' checked="checked"' : ''), '>';
+        echo '<label for="news_plugin_user_mode_2">Expert - Manual publishing mode for professionals.</label>';
+        echo '</p>';
+    }
+
+    /**
+     * Validate the user mode settings.
+     *
+     * @param int $input User mode ID (?).
+     * @return int
+     */
+    public function validate_user_mode($input)
+    {
+        $v = absint($input);
+        return ($v < 3 ? $v : 0);
+    }
+
+    /**
+     * Update stystem info
+     *
+     * @return void
+     */
+    public function handle_update_system_info()
+    {
+        update_option('newsPlugin_system_info', News_Plugin_Utils::get_system_info());
+        $redirect = admin_url('admin.php') . '?page=news-plugin-settings&tab=newsplugin_status_settings';
+        wp_safe_redirect($redirect);
+    }
+
+    /**
+     * Save CSS styles
+     *
+     * @return void
+     */
+    public function handle_save_style()
+    {
+        include(plugin_dir_path(__FILE__) . 'save_style.php');
+    }
+
+    /**
+     * Send feedback
+     *
+     * @return void
+     */
+    public function handle_send_feedback()
+    {
+        include(plugin_dir_path(__FILE__) . 'send_feedback.php');
+    }
+}
+
+        // Hook ourselves into the WordPress.
         new News_Plugin();
 
-                ?>
+?>

newsplugin/trunk/readme.txt

@@ -3 +3 @@
 Tags: news, news plugin, news feed, news feeds, newsfeed, newsfeeds, news syndication
 Requires at least: 3.9
-Tested up to: 5.7
-Stable tag: 1.0.18
+Tested up to: 5.8
+Stable tag: 1.1.0
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -73 +73 @@
 == Changelog ==
 
-= 1.0.18 (September 18, 2020 )=
+= 1.1.0 =
+
+* Vulnerability fixes:
+    * All output should be run through an escaping function
+    * Sanitize content
+    * Strictly check types
+    * Process forms with nonces
+* Improvement: Enable plugin localization & make at least some strings localizable
+
+= 1.0.18 (September 18, 2020) =
 
 * Improvement: Format date & time according to WP settings

newsplugin/trunk/save_style.php

@@ -1 +1 @@
 <?php
-if (function_exists('wp_get_current_user')) {
-    $current_user = wp_get_current_user();
-} else {
-    global $current_user;
-    wp_get_current_user();
+
+/**
+ * Save CSS styles
+ *
+ * @package    WordPress
+ * @subpackage News Plugin
+ * @since 1.0.0
+ */
+
+// Verify nonce.
+$nonce = isset($_POST['news_plugin_save_style_field']) ? sanitize_key($_POST['news_plugin_save_style_field']) : null;
+if (! $nonce || ! wp_verify_nonce($nonce, 'news_plugin_save_style')) {
+    die(esc_html__('4 - Security check failed. Try to submit the form once again.', 'news_plugin'));
 }
-$userID = $current_user->ID;
 
-$default_Value = $_POST['default_values_style'];
-$styleDash = array(
-    'newsfeed_title' => array(
-        'color'         =>  $_POST['title_color'],
-        'size'          =>  $_POST['title_size'],
-        'font_family'   =>  $_POST['title_font']
-    ),
-    'article_headline' => array(
-        'color'         =>  $_POST['news_title_color'],
-        'size'          =>  $_POST['news_title_size'],
-        'font_family'   =>  $_POST['news_title_family']
-    ),
-    'article_abstract' => array(
-        'color'         =>  $_POST['abstract_font_color'],
-        'size'          =>  $_POST['abstract_font_size'],
-        'font_family'   =>  $_POST['abstract_font_family']
-    ),
-    'article_date' => array(
-        'color'         =>  $_POST['news_date_color'],
-        'size'          =>  $_POST['news_date_size'],
-        'font_family'   =>  $_POST['date_font']
-    ),
-    'article_sources' => array(
-        'color'         =>  $_POST['source_color'],
-        'size'          =>  $_POST['source_size'],
-        'font_family'   =>  $_POST['source_font']
-    )
-);
+$user = wp_get_current_user();
+$userID = $user->ID;
+$default_Value = isset($_POST['default_values_style']) ? sanitize_key(wp_unslash($_POST['default_values_style'])) : null;
+$styleDash = [
+ 'newsfeed_title' => [
+      'color'         =>  isset($_POST['title_color']) ? sanitize_key(wp_unslash($_POST['title_color'])) : null,
+     'size'          =>  isset($_POST['title_size']) ? sanitize_key(wp_unslash($_POST['title_size'])) : null,
+      'font_family'   =>  isset($_POST['title_font']) ? sanitize_key(wp_unslash($_POST['title_font'])) : null
+  ],
+ 'article_headline' => [
+        'color'         =>  isset($_POST['news_title_color']) ? sanitize_key(wp_unslash($_POST['news_title_color'])) : null,
+        'size'          =>  isset($_POST['news_title_size']) ? sanitize_key(wp_unslash($_POST['news_title_size'])) : null,
+     'font_family'   =>  isset($_POST['news_title_family']) ? sanitize_key(wp_unslash($_POST['news_title_family'])) : null
+ ],
+ 'article_abstract' => [
+        'color'         =>  isset($_POST['abstract_font_color']) ? sanitize_key(wp_unslash($_POST['abstract_font_color'])) : null,
+     'size'          =>  isset($_POST['abstract_font_size']) ? sanitize_key(wp_unslash($_POST['abstract_font_size'])) : null,
+      'font_family'   =>  isset($_POST['abstract_font_family']) ? sanitize_key(wp_unslash($_POST['abstract_font_family'])) : null,
+ ],
+ 'article_date' => [
+        'color'         =>  isset($_POST['news_date_color']) ? sanitize_key(wp_unslash($_POST['news_date_color'])) : null,
+     'size'          =>  isset($_POST['news_date_size']) ? sanitize_key(wp_unslash($_POST['news_date_size'])) : null,
+      'font_family'   =>  isset($_POST['date_font']) ? sanitize_key(wp_unslash($_POST['date_font'])) : null,
+ ],
+ 'article_sources' => [
+     'color'         =>  isset($_POST['source_color']) ? sanitize_key(wp_unslash($_POST['source_color'])) : null,
+        'size'          =>  isset($_POST['source_size']) ? sanitize_key(wp_unslash($_POST['source_size'])) : null,
+     'font_family'   =>  isset($_POST['source_font']) ? sanitize_key(wp_unslash($_POST['source_font'])) : null,
+ ]
+];
+
 if (isset($default_Value)) {
-    $default_values = array(
-        'newsfeed_title' => array(
-            'color'         =>  '000000',
-            'size'          =>  22,
-            'font_family'   =>  'Times New Roman'
-        ),
-        'article_headline' => array(
-            'color'         =>  '000000',
-            'size'          =>  18,
-            'font_family'   =>  'Times New Roman'
-        ),
-        'article_abstract' => array(
-            'color'         =>  '000000',
-            'size'          =>  14,
-            'font_family'   =>  'Times New Roman'
-        ),
-        'article_date' => array(
-            'color'         =>  '000000',
-            'size'          =>  12,
-            'font_family'   =>  'Times New Roman'
-        ),
-        'article_sources' => array(
-            'color'         =>  '000000',
-            'size'          =>  12,
-            'font_family'   =>  'Times New Roman'
-        )
-    );
+    $default_values = [
+        'newsfeed_title' => [
+            'color'         =>  '000000',
+            'size'          =>  22,
+    'font_family'   =>  'Times New Roman'
+        ],
+        'article_headline' => [
+            'color'         =>  '000000',
+            'size'          =>  18,
+            'font_family'   =>  'Times New Roman'
+        ],
+        'article_abstract' => [
+            'color'         =>  '000000',
+            'size'          =>  14,
+            'font_family'   =>  'Times New Roman'
+        ],
+        'article_date' => [
+            'color'         =>  '000000',
+            'size'          =>  12,
+            'font_family'   =>  'Times New Roman'
+        ],
+        'article_sources' => [
+            'color'         =>  '000000',
+            'size'          =>  12,
+            'font_family'   =>  'Times New Roman'
+        ]
+    ];
     update_user_meta($userID, 'news_style_dashbord_style', $default_values);
 } else {
@@ -70 +80 @@
 
 $redirect = admin_url('admin.php') . '?page=news-plugin-settings&tab=newsplugin_style_settings';
-wp_redirect($redirect);
+wp_safe_redirect($redirect);
+exit();

newsplugin/trunk/send_feedback.php

@@ -1 +1 @@
 <?php
-$to         = '[email protected]';
-$from           = $_POST['feed_from'];
-$subject        = $_POST['feed_subject'];
-$description        = $_POST['feed_desc'];
-$errors_logs        = isset($_POST['errors_logs']) ? $_POST['errors_logs'] : false;
-$insert_sys_info    = isset($_POST['insert_sys_info']) ? $_POST['insert_sys_info'] : false;
+
+/**
+ * Send Feedback
+ *
+ * @package    WordPress
+ * @subpackage News Plugin
+ * @since 1.0.0
+ */
+
+// Verify nonce.
+$nonce = isset($_POST['news_plugin_send_feedback_field']) ? sanitize_key($_POST['news_plugin_send_feedback_field']) : null;
+if (!$nonce || !wp_verify_nonce($nonce, 'news_plugin_send_feedback')) {
+    die(esc_html__('5 - Security check failed. Try to submit the form once again.', 'news_plugin'));
+}
+
+$to         = '[email protected]';
+$from           = isset($_POST['feed_from']) ? sanitize_text_field(wp_unslash($_POST['feed_from'])) : '';
+$subject        = isset($_POST['feed_subject']) ? sanitize_text_field(wp_unslash($_POST['feed_subject'])) : '';
+$description        = isset($_POST['feed_desc']) ? sanitize_text_field(wp_unslash($_POST['feed_desc'])) : '';
+$errors_logs        = isset($_POST['errors_logs']) ? sanitize_text_field(wp_unslash($_POST['errors_logs'])) : false;
+$insert_sys_info    = isset($_POST['insert_sys_info']) ? sanitize_text_field(wp_unslash($_POST['insert_sys_info'])) : false;
 
 if (!$from) {
-    if ($user_info = News_Plugin_Utils::get_user_info()) {
+    $user_info = News_Plugin_Utils::get_user_info();
+    if ($user_info) {
         $from = $user_info->email;
     }
@@ -23 +39 @@
 
 if (isset($errors_logs)) {
-
     $message .= "<tr style='background: #eee;'><strong>Errors on plugin :</strong></tr>\n";
     $message .= '<tr><p>' . $errors_logs . '</p></tr>' . "\n";
 }
 
-// if(isset($insert_sys_info)) {
-
-// $results = get_option( 'newsPlugin_system_info' );
-$results = News_Plugin_Utils::get_system_info(); // Always get fresh
-$message .= "<tr style='background: #eee;'><td cellspan='2'><strong>WORDPRESS ENVIRONMENT :</strong></td></tr>\n";
+$results = News_Plugin_Utils::get_system_info(); // Always get fresh.
+$message .= "<tr style='background: #eee;'><td cellspan='2'><strong>WordPress ENVIRONMENT :</strong></td></tr>\n";
 foreach ($results['wordpress_env'] as $key => $value) {
-
     $key_Name = str_replace('_', ' ', $key);
     $message .= '<tr><td><strong>' . strtoupper($key_Name) . '</strong> </td><td>' . $value . '</td></tr>' . "\n";
@@ -40 +51 @@
 $message .= "<tr style='background: #eee;'><td cellspan='2'><strong>SYSTEM ENVIRONMENT :</strong></td></tr>\n";
 foreach ($results['system_env'] as $key => $value) {
-
     $key_Name = str_replace('_', ' ', $key);
     $message .= '<tr><td><strong>' . strtoupper($key_Name) . '</strong> </td><td>' . $value . '</td></tr>' . "\n";
@@ -46 +56 @@
 $message .= "<tr style='background: #eee;'><td cellspan='2'><strong>NEWSPLUGIN ENVIRONMENT :</strong></td></tr>\n";
 foreach ($results['newsplugin_env'] as $key => $value) {
-
     $key_Name = str_replace('_', ' ', $key);
     $message .= '<tr><td><strong>' . strtoupper($key_Name) . '</strong> </td><td>' . $value . '</td></tr>' . "\n";
 }
-// }
 
 $message .= '</tbody>';
@@ -56 +64 @@
 $message .= "</body></html>";
 
+/**
+ * Set content type helper
+ *
+ * @return string
+ */
 function news_plugin_wp_set_content_type()
 {
@@ -61 +74 @@
 }
 add_filter('wp_mail_content_type', 'news_plugin_wp_set_content_type');
+
 $headers .= news_plugin_wp_set_content_type();
 
@@ -71 +85 @@
 
 remove_filter('wp_mail_content_type', 'news_plugin_wp_set_content_type');
-wp_redirect($redirect);
+wp_safe_redirect($redirect);
+exit();