Coding standards erorrs fixed, sanitization and escaping strings.

includes/class-genesis-simple-sidebars-admin.php

@@ -3,6 +3,7 @@
  * Controls the creation, deletion, and editing of Simple Sidebar.
  *
  * @author StudioPress
+ * @package genesis-simple-sidebars
  */
 
 /**
@@ -16,6 +17,8 @@ class Genesis_Simple_Sidebars_Admin extends Genesis_Admin_Basic {
 	/**
 	 * Settings field.
 	 *
+	 * @var string
+	 *
 	 * @since 2.1.0
 	 */
 	public $settings_field;
@@ -27,7 +30,7 @@ class Genesis_Simple_Sidebars_Admin extends Genesis_Admin_Basic {
 
 		$this->settings_field = Genesis_Simple_Sidebars()->settings_field;
 
-		// For backward compatibility
+		// For backward compatibility.
 		define( 'SS_SETTINGS_FIELD', $this->settings_field );
 
 	}
@@ -53,12 +56,12 @@ class Genesis_Simple_Sidebars_Admin extends Genesis_Admin_Basic {
 			),
 		);
 
-		// Empty, as we'll be building the page manually
+		// Empty, as we'll be building the page manually.
 		$page_ops = array();
 
 		$this->create( $page_id, $menu_ops, $page_ops, $this->settings_field );
 
-		// Simpe Sidebar actions (create, edit, or delete)
+		// Simpe Sidebar actions (create, edit, or delete).
 		add_action( 'admin_init', array( $this, 'actions' ) );
 
 	}
@@ -74,6 +77,7 @@ class Genesis_Simple_Sidebars_Admin extends Genesis_Admin_Basic {
 
 		echo '<div class="wrap">';
 
+		// phpcs:ignore WordPress.Security.NonceVerification.NoNonceVerification
 		if ( isset( $_REQUEST['action'] ) && 'edit' === $_REQUEST['action'] ) {
 			require_once GENESIS_SIMPLE_SIDEBARS_PLUGIN_DIR . '/includes/views/admin-edit.php';
 		} else {
@@ -117,7 +121,7 @@ class Genesis_Simple_Sidebars_Admin extends Genesis_Admin_Basic {
 				<td class="name column-name">
 					<?php
 					if ( $is_editable ) {
-						printf( '<a class="row-title" href="%s" title="Edit %s">%s</a>', admin_url( 'admin.php?page=simple-sidebars&amp;action=edit&amp;id=' . esc_html( $id ) ), esc_html( $info['name'] ), esc_html( $info['name'] ) );
+						printf( '<a class="row-title" href="%s" title="Edit %s">%s</a>', esc_url( admin_url( 'admin.php?page=simple-sidebars&amp;action=edit&amp;id=' . esc_html( $id ) ) ), esc_html( $info['name'] ), esc_html( $info['name'] ) );
 					} else {
 						printf( '<strong class="row-title">%s</strong>', esc_html( $info['name'] ) );
 					}
@@ -126,8 +130,8 @@ class Genesis_Simple_Sidebars_Admin extends Genesis_Admin_Basic {
 					<?php if ( $is_editable ) : ?>
 					<br />
 					<div class="row-actions">
-						<span class="edit"><a href="<?php echo admin_url( 'admin.php?page=simple-sidebars&amp;action=edit&amp;id=' . esc_html( $id ) ); ?>"><?php _e( 'Edit', 'genesis-simple-sidebars' ); ?></a> | </span>
+						<span class="edit"><a href="<?php echo esc_attr( admin_url( 'admin.php?page=simple-sidebars&amp;action=edit&amp;id=' . esc_html( $id ) ) ); ?>"><?php esc_html_e( 'Edit', 'genesis-simple-sidebars' ); ?></a> | </span>
-						<span class="delete"><a class="delete-tag" href="<?php echo wp_nonce_url( admin_url( 'admin.php?page=simple-sidebars&amp;action=delete&amp;id=' . esc_html( $id ) ), 'simple-sidebars-action_delete-sidebar' ); ?>"><?php _e( 'Delete', 'genesis-simple-sidebars' ); ?></a></span>
+						<span class="delete"><a class="delete-tag" href="<?php echo esc_attr( wp_nonce_url( admin_url( 'admin.php?page=simple-sidebars&amp;action=delete&amp;id=' . esc_html( $id ) ), 'simple-sidebars-action_delete-sidebar' ) ); ?>"><?php esc_html_e( 'Delete', 'genesis-simple-sidebars' ); ?></a></span>
 					</div>
 					<?php endif; ?>
 
@@ -157,24 +161,26 @@ class Genesis_Simple_Sidebars_Admin extends Genesis_Admin_Basic {
 		/**
 		 * This section handles the data if a new sidebar is created
 		 */
-		if ( isset( $_REQUEST['action'] ) && 'create' == $_REQUEST['action'] ) {
+		// phpcs:disable WordPress.Security.NonceVerification.NoNonceVerification
-			$this->create_sidebar( $_POST['new_sidebar'] );
+		if ( isset( $_REQUEST['action'] ) && 'create' === $_REQUEST['action'] && isset( $_POST['new_sidebar'] ) ) {
+			$this->create_sidebar( array_map( 'sanitize_text_field', wp_unslash( $_POST['new_sidebar'] ) ) );
 		}
 
 		/**
 		 * This section will handle the data if a sidebar is deleted
 		 */
-		if ( isset( $_REQUEST['action'] ) && 'delete' == $_REQUEST['action'] && isset( $_REQUEST['id'] ) ) {
+		// phpcs:disable WordPress.Security.NonceVerification.NoNonceVerification
-			$this->delete_sidebar( $_REQUEST['id'] );
+		if ( isset( $_REQUEST['action'] ) && 'delete' === $_REQUEST['action'] && isset( $_REQUEST['id'] ) ) {
+			$this->delete_sidebar( sanitize_text_field( wp_unslash( $_REQUEST['id'] ) ) );
 		}
 
 		/**
 		 * This section will handle the data if a sidebar is to be modified
 		 */
-		if ( isset( $_REQUEST['action'] ) && 'edit' == $_REQUEST['action'] && ! isset( $_REQUEST['id'] ) ) {
+		if ( isset( $_REQUEST['action'] ) && 'edit' === $_REQUEST['action'] && ! isset( $_REQUEST['id'] ) && isset( $_POST['edit_sidebar'] ) ) {
-			$this->edit_sidebar( $_POST['edit_sidebar'] );
+			$this->edit_sidebar( array_map( 'sanitize_text_field', wp_unslash( $_POST['edit_sidebar'] ) ) );
 		}
-
+		// phpcs:enable
 	}
 
 	/**
@@ -192,38 +198,38 @@ class Genesis_Simple_Sidebars_Admin extends Genesis_Admin_Basic {
 
 		$pattern = '<div id="message" class="updated"><p><strong>%s</strong></p></div>';
 
+		// phpcs:disable WordPress.Security.NonceVerification.NoNonceVerification
 		if ( isset( $_REQUEST['created'] ) && 'true' === $_REQUEST['created'] ) {
-			printf( $pattern, __( 'New sidebar successfully created!', 'genesis-simple-sidebars' ) );
+			printf( wp_kses_post( $pattern ), esc_html__( 'New sidebar successfully created!', 'genesis-simple-sidebars' ) );
 			return;
 		}
 
 		if ( isset( $_REQUEST['edited'] ) && 'true' === $_REQUEST['edited'] ) {
-			printf( $pattern, __( 'Sidebar successfully edited!', 'genesis-simple-sidebars' ) );
+			printf( wp_kses_post( $pattern ), esc_html__( 'Sidebar successfully edited!', 'genesis-simple-sidebars' ) );
 			return;
 		}
 
 		if ( isset( $_REQUEST['deleted'] ) && 'true' === $_REQUEST['deleted'] ) {
-			printf( $pattern, __( 'Sidebar successfully deleted.', 'genesis-simple-sidebars' ) );
+			printf( wp_kses_post( $pattern ), esc_html__( 'Sidebar successfully deleted.', 'genesis-simple-sidebars' ) );
 			return;
 		}
 
-		return;
-
 	}
 
 	/**
 	 * Create a sidebar.
 	 *
+	 * @param array $args Arguments.
+	 *
 	 * @since 1.0.0
 	 */
 	protected function create_sidebar( $args = array() ) {
-
 		if ( empty( $args['name'] ) ) {
-			wp_die( $this->error( 1 ) );
+			wp_die( esc_html( $this->error( 1 ) ) );
 			exit;
 		}
 
-		// nonce verification
+		// nonce verification.
 		check_admin_referer( 'simple-sidebars-action_create-sidebar' );
 
 		$db = (array) get_option( $this->settings_field );
@@ -243,7 +249,7 @@ class Genesis_Simple_Sidebars_Admin extends Genesis_Admin_Basic {
 		if ( ! $id || is_registered_sidebar( $id ) ) {
 			$n = count( $db ) + 1;
 			do {
-				$id = 'gss-sidebar-' . $n++;
+				$id = 'gss-sidebar-' . [ $n++ ];
 			} while ( is_registered_sidebar( $id ) );
 		}
 
@@ -255,14 +261,14 @@ class Genesis_Simple_Sidebars_Admin extends Genesis_Admin_Basic {
 		);
 
 		if ( array_key_exists( $id, $db ) ) {
-			wp_die( $this->error( 2 ) );
+			wp_die( esc_html( $this->error( 2 ) ) );
 			exit;
 		}
 
 		$_sidebars = wp_parse_args( $new, $db );
 
 		update_option( $this->settings_field, $_sidebars );
-		wp_redirect( admin_url( 'admin.php?page=simple-sidebars&created=true' ) );
+		wp_safe_redirect( admin_url( 'admin.php?page=simple-sidebars&created=true' ) );
 		exit;
 
 	}
@@ -270,16 +276,17 @@ class Genesis_Simple_Sidebars_Admin extends Genesis_Admin_Basic {
 	/**
 	 * Edit a sidebar.
 	 *
+	 * @param array $args Arguments.
 	 * @since 1.0.0
 	 */
 	protected function edit_sidebar( $args = array() ) {
 
 		if ( empty( $args['name'] ) || empty( $args['id'] ) ) {
-			wp_die( $this->error( 3 ) );
+			wp_die( esc_html( $this->error( 3 ) ) );
 			exit;
 		}
 
-		// nonce verification
+		// nonce verification.
 		check_admin_referer( 'simple-sidebars-action_edit-sidebar' );
 
 		$db  = (array) get_option( $this->settings_field );
@@ -291,14 +298,14 @@ class Genesis_Simple_Sidebars_Admin extends Genesis_Admin_Basic {
 		);
 
 		if ( ! array_key_exists( $args['id'], $db ) ) {
-			wp_die( $this->error( 3 ) );
+			wp_die( esc_html( $this->error( 3 ) ) );
 			exit;
 		}
 
 		$_sidebars = wp_parse_args( $new, $db );
 
 		update_option( $this->settings_field, $_sidebars );
-		wp_redirect( admin_url( 'admin.php?page=simple-sidebars&edited=true' ) );
+		wp_safe_redirect( admin_url( 'admin.php?page=simple-sidebars&edited=true' ) );
 		exit;
 
 	}
@@ -306,29 +313,29 @@ class Genesis_Simple_Sidebars_Admin extends Genesis_Admin_Basic {
 	/**
 	 * Delete a sidebar.
 	 *
+	 * @param string $id Id.
 	 * @since 1.0.0
 	 */
 	protected function delete_sidebar( $id = '' ) {
-
 		if ( empty( $id ) ) {
-			wp_die( $this->error( 4 ) );
+			wp_die( esc_html( $this->error( 4 ) ) );
 			exit;
 		}
 
-		// nonce verification
+		// nonce verification.
 		check_admin_referer( 'simple-sidebars-action_delete-sidebar' );
 
 		$_sidebars = (array) get_option( $this->settings_field );
 
 		if ( ! isset( $_sidebars[ $id ] ) ) {
-			wp_die( $this->error( 4 ) );
+			wp_die( esc_html( $this->error( 4 ) ) );
 			exit;
 		}
 
 		unset( $_sidebars[ $id ] );
 
 		update_option( $this->settings_field, $_sidebars );
-		wp_redirect( admin_url( 'admin.php?page=simple-sidebars&deleted=true' ) );
+		wp_safe_redirect( admin_url( 'admin.php?page=simple-sidebars&deleted=true' ) );
 		exit;
 
 	}
@@ -336,6 +343,8 @@ class Genesis_Simple_Sidebars_Admin extends Genesis_Admin_Basic {
 	/**
 	 * Returns an error message by ID.
 	 *
+	 * @param bool $error Error id.
+	 *
 	 * @since 1.0.0
 	 *
 	 * @return string Returns an error string based on an error ID.
@@ -350,16 +359,12 @@ class Genesis_Simple_Sidebars_Admin extends Genesis_Admin_Basic {
 
 			case 1:
 				return __( 'Oops! Please choose a valid Name for this sidebar', 'genesis-simple-sidebars' );
-				break;
 			case 2:
 				return __( 'Oops! That sidebar ID already exists', 'genesis-simple-sidebars' );
-				break;
 			case 3:
 				return __( 'Oops! You are trying to edit a sidebar that does not exist, or is not editable', 'genesis-simple-sidebars' );
-				break;
 			case 4:
 				return __( 'Oops! You are trying to delete a sidebar that does not exist, or cannot be deleted', 'genesis-simple-sidebars' );
-				break;
 			default:
 				return __( 'Oops! Something went wrong. Try again.', 'genesis-simple-sidebars' );
 

includes/class-genesis-simple-sidebars-entry.php

@@ -1,7 +1,18 @@
 <?php
+/**
+ * Genesis Simple Sidebars Entry file.
+ *
+ * @package genesis-simple-sidebars
+ */
 
+/**
+ * Genesis Simple Sidebars Entry class.
+ */
 class Genesis_Simple_Sidebars_Entry {
 
+	/**
+	 * Init function.
+	 */
 	public function init() {
 
 		add_action( 'admin_menu', array( $this, 'add_metaboxes' ) );
@@ -18,7 +29,7 @@ class Genesis_Simple_Sidebars_Entry {
 
 		foreach ( (array) get_post_types( array( 'public' => true ) ) as $type ) {
 
-			if ( post_type_supports( $type, 'genesis-simple-sidebars' ) || $type == 'post' || $type == 'page' ) {
+			if ( post_type_supports( $type, 'genesis-simple-sidebars' ) || 'post' === $type || 'page' === $type ) {
 				add_meta_box( 'ss_inpost_metabox', __( 'Sidebar Selection', 'genesis-simple-sidebars' ), array( $this, 'metabox_content' ), $type, 'side', 'low' );
 			}
 		}
@@ -45,12 +56,15 @@ class Genesis_Simple_Sidebars_Entry {
 	 */
 	public function metabox_save( $post_id, $post ) {
 
-		if ( ! isset( $_POST['genesis_simple_sidebars'] ) ) {
+		// phpcs:ignore WordPress.Security.NonceVerification.NoNonceVerification
+		$genesis_simple_sidebars = isset( $_POST['genesis_simple_sidebars'] ) ? sanitize_text_field( wp_unslash( $_POST['genesis_simple_sidebars'] ) ) : '';
+
+		if ( empty( $genesis_simple_sidebars ) ) {
 			return;
 		}
 
 		$data = wp_parse_args(
-			$_POST['genesis_simple_sidebars'],
+			$genesis_simple_sidebars,
 			array(
 				'_ss_header'      => '',
 				'_ss_sidebar'     => '',

includes/class-genesis-simple-sidebars-term.php

@@ -11,7 +11,7 @@
 class Genesis_Simple_Sidebars_Term {
 
 	/**
-	 * Init functiom.
+	 * Init function.
 	 */
 	public function init() {
 

includes/views/admin-edit.php

@@ -1,40 +1,49 @@
 <?php
+/**
+ * Admin edit.
+ *
+ * @package genesis-simple-sidebars
+ */
+
 $sidebars = Genesis_Simple_Sidebars()->core->get_sidebars();
 
-if ( array_key_exists( $_REQUEST['id'], (array) $sidebars ) ) {
+// phpcs:disable WordPress.Security.NonceVerification.NoNonceVerification
-	$sidebar = stripslashes_deep( $sidebars[ $_REQUEST['id'] ] );
+if ( isset( $_REQUEST['id'] ) && array_key_exists( sanitize_text_field( wp_unslash( $_REQUEST['id'] ) ), (array) $sidebars ) ) {
+	$sidebar = stripslashes_deep( $sidebars[ sanitize_text_field( wp_unslash( $_REQUEST['id'] ) ) ] );
 } else {
-	wp_die( __( 'Nice try, partner. But that sidebar doesn\'t exist. Click back and try again.', 'genesis-simple-sidebars' ) );
+	wp_die( esc_html__( 'Nice try, partner. But that sidebar doesn\'t exist. Click back and try again.', 'genesis-simple-sidebars' ) );
 }
+// phpcs:enable
 ?>
-<h1><?php _e( 'Edit Sidebar', 'genesis-simple-sidebars' ); ?></h1>
+<h1><?php esc_html_e( 'Edit Sidebar', 'genesis-simple-sidebars' ); ?></h1>
 
-<form method="post" action="<?php echo admin_url( 'admin.php?page=simple-sidebars&amp;action=edit' ); ?>">
+<form method="post" action="<?php echo esc_url( admin_url( 'admin.php?page=simple-sidebars&amp;action=edit' ) ); ?>">
 <?php wp_nonce_field( 'simple-sidebars-action_edit-sidebar' ); ?>
 
 <table class="form-table">
 
 	<tr class="form-field">
-		<th scope="row" valign="top"><label for="edit_sidebar[name]"><?php _e( 'Name', 'genesis-simple-sidebars' ); ?></label></th>
+		<th scope="row" valign="top"><label for="edit_sidebar[name]"><?php esc_html_e( 'Name', 'genesis-simple-sidebars' ); ?></label></th>
 		<td><input name="edit_sidebar[name]" id="edit_sidebar[name]" type="text" value="<?php echo esc_html( $sidebar['name'] ); ?>" size="40" />
-		<p class="description"><?php _e( 'A recognizable name for your new sidebar widget area', 'genesis-simple-sidebars' ); ?></p></td>
+		<p class="description"><?php esc_html_e( 'A recognizable name for your new sidebar widget area', 'genesis-simple-sidebars' ); ?></p></td>
 	</tr>
 
 	<tr class="form-field">
-		<th scope="row" valign="top"><label for="edit_sidebar[id]"><?php _e( 'ID', 'genesis-simple-sidebars' ); ?></label></th>
+		<th scope="row" valign="top"><label for="edit_sidebar[id]"><?php esc_html_e( 'ID', 'genesis-simple-sidebars' ); ?></label></th>
 		<td>
-		<input type="text" value="<?php echo esc_html( $_REQUEST['id'] ); ?>" size="40" readonly />
+			<?php // phpcs:disable WordPress.Security.NonceVerification.NoNonceVerification ?>
-		<input name="edit_sidebar[id]" id="edit_sidebar[id]" type="hidden" value="<?php echo esc_html( $_REQUEST['id'] ); ?>" size="40" />
+		<input type="text" value="<?php echo esc_html( sanitize_text_field( wp_unslash( $_REQUEST['id'] ) ) ); ?>" size="40" readonly />
-		<p class="description"><?php _e( 'The unique ID is used to register the sidebar widget area (cannot be changed)', 'genesis-simple-sidebars' ); ?></p></td>
+		<input name="edit_sidebar[id]" id="edit_sidebar[id]" type="hidden" value="<?php echo esc_attr( sanitize_text_field( wp_unslash( $_REQUEST['id'] ) ) ); ?>" size="40" />
+		<p class="description"><?php esc_html_e( 'The unique ID is used to register the sidebar widget area (cannot be changed)', 'genesis-simple-sidebars' ); ?></p></td>
 	</tr>
 
 	<tr class="form-field">
-		<th scope="row" valign="top"><label for="edit_sidebar[description]"><?php _e( 'Description', 'genesis-simple-sidebars' ); ?></label></th>
+		<th scope="row" valign="top"><label for="edit_sidebar[description]"><?php esc_html_e( 'Description', 'genesis-simple-sidebars' ); ?></label></th>
 		<td><textarea name="edit_sidebar[description]" id="edit_sidebar[description]" rows="3" cols="50" style="width: 97%;"><?php echo esc_html( $sidebar['description'] ); ?></textarea></td>
 	</tr>
 
 </table>
 
-<p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php _e( 'Update', 'genesis-simple-sidebars' ); ?>" /></p>
+<p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php esc_attr_e( 'Update', 'genesis-simple-sidebars' ); ?>" /></p>
 
 </form>

includes/views/admin-main.php

@@ -1,25 +1,34 @@
-<h1><?php _e( 'Genesis - Simple Sidebars', 'genesis-simple-sidebars' ); ?></h1>
+<?php
+/**
+ * Main Admin View.
+ *
+ * @package genesis-simple-sidebar
+ */
+
+?>
+
+<h1><?php esc_html_e( 'Genesis - Simple Sidebars', 'genesis-simple-sidebars' ); ?></h1>
 
 <div id="col-container">
 
 <div id="col-right">
 <div class="col-wrap">
 
-<h3><?php _e( 'Current Sidebars', 'genesis-simple-sidebars' ); ?></h3>
+<h3><?php esc_html_e( 'Current Sidebars', 'genesis-simple-sidebars' ); ?></h3>
 <table class="widefat tag fixed" cellspacing="0">
 	<thead>
 	<tr>
-	<th scope="col" id="name" class="manage-column column-name"><?php _e( 'Name', 'genesis-simple-sidebars' ); ?></th>
+	<th scope="col" id="name" class="manage-column column-name"><?php esc_html_e( 'Name', 'genesis-simple-sidebars' ); ?></th>
-	<th scope="col" class="manage-column column-slug"><?php _e( 'ID', 'genesis-simple-sidebars' ); ?></th>
+	<th scope="col" class="manage-column column-slug"><?php esc_html_e( 'ID', 'genesis-simple-sidebars' ); ?></th>
-	<th scope="col" id="description" class="manage-column column-description"><?php _e( 'Description', 'genesis-simple-sidebars' ); ?></th>
+	<th scope="col" id="description" class="manage-column column-description"><?php esc_html_e( 'Description', 'genesis-simple-sidebars' ); ?></th>
 	</tr>
 	</thead>
 
 	<tfoot>
 	<tr>
-	<th scope="col" class="manage-column column-name"><?php _e( 'Name', 'genesis-simple-sidebars' ); ?></th>
+	<th scope="col" class="manage-column column-name"><?php esc_html_e( 'Name', 'genesis-simple-sidebars' ); ?></th>
-	<th scope="col" class="manage-column column-slug"><?php _e( 'ID', 'genesis-simple-sidebars' ); ?></th>
+	<th scope="col" class="manage-column column-slug"><?php esc_html_e( 'ID', 'genesis-simple-sidebars' ); ?></th>
-	<th scope="col" class="manage-column column-description"><?php _e( 'Description', 'genesis-simple-sidebars' ); ?></th>
+	<th scope="col" class="manage-column column-description"><?php esc_html_e( 'Description', 'genesis-simple-sidebars' ); ?></th>
 	</tr>
 	</tfoot>
 
@@ -38,29 +47,29 @@
 
 
 <div class="form-wrap">
-<h3><?php _e( 'Add New Sidebar', 'genesis-simple-sidebars' ); ?></h3>
+<h3><?php esc_html_e( 'Add New Sidebar', 'genesis-simple-sidebars' ); ?></h3>
 
-<form method="post" action="<?php echo admin_url( 'admin.php?page=simple-sidebars&amp;action=create' ); ?>">
+<form method="post" action="<?php echo esc_attr( esc_url( admin_url( 'admin.php?page=simple-sidebars&amp;action=create' ) ) ); ?>">
 <?php wp_nonce_field( 'simple-sidebars-action_create-sidebar' ); ?>
 
 <div class="form-field form-required">
-	<label for="sidebar-name"><?php _e( 'Name', 'genesis-simple-sidebars' ); ?></label>
+	<label for="sidebar-name"><?php esc_html_e( 'Name', 'genesis-simple-sidebars' ); ?></label>
 	<input name="new_sidebar[name]" id="sidebar-name" type="text" value="" size="40" aria-required="true" />
-	<p><?php _e( 'A recognizable name for your new sidebar widget area', 'genesis-simple-sidebars' ); ?></p>
+	<p><?php esc_html_e( 'A recognizable name for your new sidebar widget area', 'genesis-simple-sidebars' ); ?></p>
 </div>
 
 <div class="form-field">
-	<label for="sidebar-id"><?php _e( 'ID', 'genesis-simple-sidebars' ); ?></label>
+	<label for="sidebar-id"><?php esc_html_e( 'ID', 'genesis-simple-sidebars' ); ?></label>
 	<input name="new_sidebar[id]" id="sidebar-id" type="text" value="" size="40" />
-	<p><?php _e( 'The unique ID is used to register the sidebar widget area', 'genesis-simple-sidebars' ); ?></p>
+	<p><?php esc_html_e( 'The unique ID is used to register the sidebar widget area', 'genesis-simple-sidebars' ); ?></p>
 </div>
 
 <div class="form-field">
-	<label for="sidebar-description"><?php _e( 'Description', 'genesis-simple-sidebars' ); ?></label>
+	<label for="sidebar-description"><?php esc_html_e( 'Description', 'genesis-simple-sidebars' ); ?></label>
 	<textarea name="new_sidebar[description]" id="sidebar-description" rows="5" cols="40"></textarea>
 </div>
 
-<p class="submit"><input type="submit" class="button" name="submit" id="submit" value="<?php _e( 'Add New Sidebar', 'genesis-simple-sidebars' ); ?>" /></p>
+<p class="submit"><input type="submit" class="button" name="submit" id="submit" value="<?php esc_attr_e( 'Add New Sidebar', 'genesis-simple-sidebars' ); ?>" /></p>
 </form></div>
 
 </div>

includes/views/term-edit-sidebar-form.php

@@ -1,17 +1,25 @@
-<?php $sidebars = Genesis_Simple_Sidebars()->core->get_sidebars(); ?>
+<?php
+/**
+ * Term Edit Form View.
+ *
+ * @package genesis-simple-sidebars
+ */
 
-<h3><?php _e( 'Sidebar Options', 'genesis-simple-sidebars' ); ?></h3>
+$sidebars = Genesis_Simple_Sidebars()->core->get_sidebars();
+?>
+
+<h3><?php esc_html_e( 'Sidebar Options', 'genesis-simple-sidebars' ); ?></h3>
 <table class="form-table">
 
 <?php if ( is_registered_sidebar( 'header-right' ) ) : ?>
 <tr class="form-field">
-	<th scope="row" valign="top"><label for="genesis-meta[_ss_header]"><?php _e( 'Header Right', 'genesis-simple-sidebars' ); ?></label></th>
+	<th scope="row" valign="top"><label for="genesis-meta[_ss_header]"><?php esc_html_e( 'Header Right', 'genesis-simple-sidebars' ); ?></label></th>
 	<td>
 		<select name="genesis-meta[_ss_header]" id="genesis-meta[_ss_header]" style="padding-right: 10px;">
-			<option value=""><?php _e( 'Default', 'genesis-simple-sidebars' ); ?></option>
+			<option value=""><?php esc_html_e( 'Default', 'genesis-simple-sidebars' ); ?></option>
 			<?php
-			foreach ( (array) $sidebars as $id => $info ) {
+			foreach ( (array) $sidebars as $sidebar_id => $info ) {
-				printf( '<option value="%s" %s>%s</option>', esc_html( $id ), selected( $id, get_term_meta( $tag->term_id, '_ss_header', true ), false ), esc_html( $info['name'] ) );
+				printf( '<option value="%s" %s>%s</option>', esc_html( $sidebar_id ), selected( $sidebar_id, get_term_meta( $tag->term_id, '_ss_header', true ), false ), esc_html( $info['name'] ) );
 			}
 			?>
 		</select>
@@ -20,13 +28,13 @@
 <?php endif; ?>
 
 <tr class="form-field">
-	<th scope="row" valign="top"><label for="genesis-meta[_ss_sidebar]"><?php _e( 'Primary Sidebar', 'genesis-simple-sidebars' ); ?></label></th>
+	<th scope="row" valign="top"><label for="genesis-meta[_ss_sidebar]"><?php esc_html_e( 'Primary Sidebar', 'genesis-simple-sidebars' ); ?></label></th>
 	<td>
 		<select name="genesis-meta[_ss_sidebar]" id="genesis-meta[_ss_sidebar]" style="padding-right: 10px;">
-			<option value=""><?php _e( 'Default', 'genesis-simple-sidebars' ); ?></option>
+			<option value=""><?php esc_html_e( 'Default', 'genesis-simple-sidebars' ); ?></option>
 			<?php
-			foreach ( (array) $sidebars as $id => $info ) {
+			foreach ( (array) $sidebars as $sidebar_id => $info ) {
-				printf( '<option value="%s" %s>%s</option>', esc_html( $id ), selected( $id, get_term_meta( $tag->term_id, '_ss_sidebar', true ), false ), esc_html( $info['name'] ) );
+				printf( '<option value="%s" %s>%s</option>', esc_html( $sidebar_id ), selected( $sidebar_id, get_term_meta( $tag->term_id, '_ss_sidebar', true ), false ), esc_html( $info['name'] ) );
 			}
 			?>
 		</select>
@@ -35,13 +43,13 @@
 
 <?php if ( Genesis_Simple_Sidebars()->core->has_3_column_layout() ) : ?>
 <tr class="form-field">
-	<th scope="row" valign="top"><label for="genesis-meta[_ss_sidebar_alt]"><?php _e( 'Secondary Sidebar', 'genesis-simple-sidebars' ); ?></label></th>
+	<th scope="row" valign="top"><label for="genesis-meta[_ss_sidebar_alt]"><?php esc_html_e( 'Secondary Sidebar', 'genesis-simple-sidebars' ); ?></label></th>
 	<td>
 		<select name="genesis-meta[_ss_sidebar_alt]" id="genesis-meta[_ss_sidebar_alt]" style="padding-right: 10px;">
-			<option value=""><?php _e( 'Default', 'genesis-simple-sidebars' ); ?></option>
+			<option value=""><?php esc_html_e( 'Default', 'genesis-simple-sidebars' ); ?></option>
 			<?php
-			foreach ( (array) $sidebars as $id => $info ) {
+			foreach ( (array) $sidebars as $sidebar_id => $info ) {
-				printf( '<option value="%s" %s>%s</option>', esc_html( $id ), selected( $id, get_term_meta( $tag->term_id, '_ss_sidebar_alt', true ), false ), esc_html( $info['name'] ) );
+				printf( '<option value="%s" %s>%s</option>', esc_html( $sidebar_id ), selected( $sidebar_id, get_term_meta( $tag->term_id, '_ss_sidebar_alt', true ), false ), esc_html( $info['name'] ) );
 			}
 			?>
 		</select>