From 84906436739cfdb9c53d70da0a95935171036bbd Mon Sep 17 00:00:00 2001
From: Remco Tolsma <869674+remcotolsma@users.noreply.github.com>
Date: Wed, 11 Oct 2023 14:22:25 +0200
Subject: [PATCH] Fix coding standards.

---
 src/Client.php      |  7 +++++--
 src/Gateway.php     |  2 +-
 src/Integration.php | 24 +++++++++++++++++++++---
 3 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/src/Client.php b/src/Client.php
index 6f11744..f59f5fa 100644
--- a/src/Client.php
+++ b/src/Client.php
@@ -182,8 +182,11 @@ private function parse_document( SimpleXMLElement $document ) {
 				return AcquirerStatusResMessage::parse( $document );
 			default:
 				throw new \Exception(
-					/* translators: %s: XML document element name */
-					sprintf( __( 'Unknown iDEAL message (%s)', 'pronamic_ideal' ), $name )
+					\sprintf(
+						/* translators: %s: XML document element name */
+						\esc_html__( 'Unknown iDEAL message (%s)', 'pronamic_ideal' ),
+						\esc_html( $name )
+					)
 				);
 		}
 	}
diff --git a/src/Gateway.php b/src/Gateway.php
index 382e8bb..b5643f6 100644
--- a/src/Gateway.php
+++ b/src/Gateway.php
@@ -166,7 +166,7 @@ public function start( Payment $payment ) {
 			throw new \Exception(
 				\sprintf(
 					'The iDEAL Advanced gateway cannot process `%s` payments, only iDEAL payments.',
-					$payment_method
+					\esc_html( $payment_method )
 				)
 			);
 		}
diff --git a/src/Integration.php b/src/Integration.php
index 6ead276..1f85fc9 100644
--- a/src/Integration.php
+++ b/src/Integration.php
@@ -168,10 +168,12 @@ public function get_settings_fields() {
 			'default'  => 1825,
 			'tooltip'  => __( 'Number of days the generated certificate will be valid for, e.g. 1825 days for the maximum duration of 5 years.', 'pronamic_ideal' ),
 			'input'    => function ( $name ) {
+				// phpcs:disable WordPress.Security.NonceVerification.Missing
 				if ( ! \array_key_exists( $name, $_POST ) ) {
 					return '';
 				}
 
+				// phpcs:ignore WordPress.Security.NonceVerification.Missing
 				return \filter_var( \sanitize_text_field( \wp_unslash( $_POST[ $name ] ) ), \FILTER_SANITIZE_NUMBER_INT );
 			},
 		];
@@ -187,12 +189,16 @@ public function get_settings_fields() {
 			'default'  => wp_generate_password(),
 			'tooltip'  => __( 'A random password which will be used for the generation of the secret key and certificate.', 'pronamic-ideal' ),
 			'input'    => function ( $name ) {
+				// phpcs:disable WordPress.Security.NonceVerification.Missing
+
 				if ( ! \array_key_exists( $name, $_POST ) ) {
 					return '';
 				}
 
-				// phpcs:ignore Detected usage of a non-sanitized input variable -- Password can contain whitespace, HTML tags and percent-encoded characters.
+				// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Password can contain whitespace, HTML tags and percent-encoded characters.
 				return $_POST[ $name ];
+
+				// phpcs:enable WordPress.Security.NonceVerification.Missing
 			},
 		];
 
@@ -207,12 +213,16 @@ public function get_settings_fields() {
 			'classes'  => [ 'code' ],
 			'tooltip'  => __( 'The secret key is used for secure communication with the payment provider. If left empty, the secret key will be generated using the given secret key password.', 'pronamic-ideal' ),
 			'input'    => function ( $name ) {
+				// phpcs:disable WordPress.Security.NonceVerification.Missing
+
 				if ( ! \array_key_exists( $name, $_POST ) ) {
 					return '';
 				}
 
-				// phpcs:ignore Detected usage of a non-sanitized input variable -- Private key can contain whitespace, HTML tags and percent-encoded characters.
+				// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Private key can contain whitespace, HTML tags and percent-encoded characters.
 				return $_POST[ $name ];
+
+				// phpcs:enable WordPress.Security.NonceVerification.Missing
 			},
 		];
 
@@ -227,12 +237,16 @@ public function get_settings_fields() {
 			'classes'  => [ 'code' ],
 			'tooltip'  => __( 'The certificate is used for secure communication with the payment provider. If left empty, the certificate will be generated using the secret key and given organization details.', 'pronamic-ideal' ),
 			'input'    => function ( $name ) {
+				// phpcs:disable WordPress.Security.NonceVerification.Missing
+
 				if ( ! \array_key_exists( $name, $_POST ) ) {
 					return '';
 				}
 
-				// phpcs:ignore Detected usage of a non-sanitized input variable -- Certificate can contain whitespace, HTML tags and percent-encoded characters.
+				// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Certificate can contain whitespace, HTML tags and percent-encoded characters.
 				return $_POST[ $name ];
+
+				// phpcs:enable WordPress.Security.NonceVerification.Missing
 			},
 		];
 
@@ -557,6 +571,8 @@ public function maybe_download_secret_key() {
 	 * @return void
 	 */
 	public function save_post( $post_id ) {
+		// phpcs:disable WordPress.Security.NonceVerification.Missing
+
 		// Files.
 		$files = [
 			'_pronamic_gateway_ideal_private_key_file' => '_pronamic_gateway_ideal_private_key',
@@ -573,6 +589,8 @@ public function save_post( $post_id ) {
 			}
 		}
 
+		// phpcs:enable WordPress.Security.NonceVerification.Missing
+
 		// Generate private key and certificate.
 		$private_key          = get_post_meta( $post_id, '_pronamic_gateway_ideal_private_key', true );
 		$private_key_password = get_post_meta( $post_id, '_pronamic_gateway_ideal_private_key_password', true );