Prep Plugin for release on WordPress.org

Escape everything that should be escaped.
Add nonce checks where needed.
Sanitize all inputs.
Apply Code style changes across the codebase.
Correct many deprecation notices.
Optimize load order of many filters.

views/base/checkout-forms/js-templates.php

@@ -23,7 +23,7 @@
 		<tr class="no-items">
 			<td :colspan="Object.keys(headers).length" class="colspanchange">
 				<div class="wu-p-6 wu-text-gray-600 wu-text-base wu-text-center">
-					<span><?php _e('Add the first field!', 'wp-multisite-waas'); ?></span>
+					<span><?php esc_html_e('Add the first field!', 'wp-multisite-waas'); ?></span>
 				</div>
 			</td>
 		</tr>
@@ -40,7 +40,7 @@
 
 		<tr v-for="(field, idx) in list" :key="field.id" :id="'wp-ultimo-field-' + field.id">
 
-			<td class="order column-order has-row-actions column-primary" data-colname="<?php _e('Order', 'wp-multisite-waas'); ?>">
+			<td class="order column-order has-row-actions column-primary" data-colname="<?php esc_html_e('Order', 'wp-multisite-waas'); ?>">
 
 				<span
 					class="wu-inline-block wu-bg-gray-100 wu-text-center wu-align-middle wu-p-1 wu-font-mono wu-px-3 wu-border wu-border-gray-300 wu-border-solid wu-rounded">
@@ -48,16 +48,16 @@
 				</span>
 
 				<button type="button" class="toggle-row">
-					<span class="screen-reader-text"><?php _e('Show more details', 'wp-multisite-waas'); ?></span>
+					<span class="screen-reader-text"><?php esc_html_e('Show more details', 'wp-multisite-waas'); ?></span>
 				</button>
 
 			</td>
 
-			<td class="name column-name" data-colname="<?php _e('Name', 'wp-multisite-waas'); ?>">
+			<td class="name column-name" data-colname="<?php esc_html_e('Name', 'wp-multisite-waas'); ?>">
 
 				<span class="wu-inline-block wu-font-medium">
 
-					{{ field.name ? field.name : "<?php echo __('(no label)', 'wp-multisite-waas'); ?>" }}
+					{{ field.name ? field.name : "<?php echo esc_html__('(no label)', 'wp-multisite-waas'); ?>" }}
 
 					<!-- Visibility -->
 			<span 
@@ -103,38 +103,38 @@
 						<a
 							v-show="delete_field_id !== field.id"
 							v-on:click.prevent="delete_field_id = field.id"
-							title="<?php _e('Delete'); ?>"
+							title="<?php esc_html_e('Delete', 'wp-multisite-waas'); ?>"
 							href="#"
-						><?php _e('Delete'); ?></a>
+						><?php esc_html_e('Delete', 'wp-multisite-waas'); ?></a>
 
 						<a
 							v-show="delete_field_id === field.id"
 							v-on:click.prevent="remove_field(field.id)"
-							title="<?php _e('Delete'); ?>"
+							title="<?php esc_html_e('Delete', 'wp-multisite-waas'); ?>"
 							href="#"
 							class="wu-font-bold"
-						><?php _e('Confirm?', 'wp-multisite-waas'); ?></a>
+						><?php esc_html_e('Confirm?', 'wp-multisite-waas'); ?></a>
 
 					</span>
 				</div>
 
 				<button type="button" class="toggle-row">
 					<span class="screen-reader-text">
-						<?php _e('Show more details', 'wp-multisite-waas'); ?>
+						<?php esc_html_e('Show more details', 'wp-multisite-waas'); ?>
 					</span>
 				</button>
 
 			</td>
 
-			<td class="type column-type" data-colname="<?php _e('Type', 'wp-multisite-waas'); ?>">
+			<td class="type column-type" data-colname="<?php esc_html_e('Type', 'wp-multisite-waas'); ?>">
 				<span class="wu-bg-gray-200 wu-text-gray-700 wu-py-1 wu-px-2 wu-rounded-sm wu-text-xs wu-font-mono">{{ field.type }}</span>
 			</td>
 
-			<td class="type column-slug" data-colname="<?php _e('Slug', 'wp-multisite-waas'); ?>">
+			<td class="type column-slug" data-colname="<?php esc_html_e('Slug', 'wp-multisite-waas'); ?>">
 				<span class="wu-bg-gray-200 wu-text-gray-700 wu-py-1 wu-px-2 wu-rounded-sm wu-text-xs wu-font-mono">{{ field.id }}</span>
 			</td>
 
-			<td class="move column-move wu-text-right" data-colname="<?php _e('Move', 'wp-multisite-waas'); ?>">
+			<td class="move column-move wu-text-right" data-colname="<?php esc_html_e('Move', 'wp-multisite-waas'); ?>">
 
 				<span class="wu-placeholder-sortable dashicons-wu-menu"></span>