Index: include/counterwidget.php
===================================================================
--- include/counterwidget.php	(revision 1228025)
+++ include/counterwidget.php	(working copy)
@@ -3,34 +3,34 @@
 	/**
 	Declares the S2_Counter_widget class.
 	*/
-	function S2_Counter_widget() {
-		$widget_options = array('classname' => 's2_counter', 'description' => __('Subscriber Counter widget for Subscribe2', 'subscribe2') );
-		$control_options = array('width' => 250, 'height' => 500);
-		$this->WP_Widget('s2_counter', __('Subscribe2 Counter', 'subscribe2'), $widget_options, $control_options);
+	function __construct() {
+		$widget_options = array( 'classname' => 's2_counter', 'description' => esc_html__( 'Subscriber Counter widget for Subscribe2', 'subscribe2' ) );
+		$control_options = array( 'width' => 250, 'height' => 500 );
+		parent::__construct( 's2_counter', esc_html__( 'Subscribe2 Counter', 'subscribe2' ), $widget_options, $control_options );
 	}
 
 	/**
 	Displays the Widget
 	*/
-	function widget($args, $instance) {
-		$title = empty($instance['title']) ? 'Subscriber Count' : $instance['title'];
-		$s2w_bg = empty($instance['s2w_bg']) ? '#e3dacf' : $instance['s2w_bg'];
-		$s2w_fg = empty($instance['s2w_fg']) ? '#345797' : $instance['s2w_fg'];
-		$s2w_width = empty($instance['s2w_width']) ? '82' : $instance['s2w_width'];
-		$s2w_height = empty($instance['s2w_height']) ? '16' : $instance['s2w_height'];
-		$s2w_font = empty($instance['s2w_font']) ? '11' : $instance['s2w_font'];
+	function widget( $args, $instance ) {
+		$title = empty( $instance['title'] ) ? 'Subscriber Count' : $instance['title'];
+		$s2w_bg = empty( $instance['s2w_bg'] ) ? '#e3dacf' : $instance['s2w_bg'];
+		$s2w_fg = empty( $instance['s2w_fg'] ) ? '#345797' : $instance['s2w_fg'];
+		$s2w_width = empty( $instance['s2w_width'] ) ? '82' : $instance['s2w_width'];
+		$s2w_height = empty( $instance['s2w_height'] ) ? '16' : $instance['s2w_height'];
+		$s2w_font = empty( $instance['s2w_font'] ) ? '11' : $instance['s2w_font'];
 
 		echo $args['before_widget'];
-		if ( !empty($title) ) {
+		if ( ! empty( $title ) ) {
 			echo $args['before_title'] . $title . $args['after_title'];
 		}
 		global $mysubscribe2;
 		$registered = $mysubscribe2->get_registered();
 		$confirmed = $mysubscribe2->get_public();
-		$count = (count($registered) + count($confirmed));
-		echo "<ul><div style=\"text-align:center; background-color:" . $s2w_bg . "; color:" . $s2w_fg . "; width:" . $s2w_width . "px; height:" . $s2w_height . "px; font:" . $s2w_font . "pt Verdana, Arial, Helvetica, sans-serif; vertical-align:middle; padding:3px; border:1px solid #444;\">";
+		$count = (count( $registered ) + count( $confirmed ));
+		echo '<ul><div style="text-align:center; background-color:' . $s2w_bg . '; color:' . $s2w_fg . '; width:' . $s2w_width . 'px; height:' . $s2w_height . 'px; font:' . $s2w_font . 'pt Verdana, Arial, Helvetica, sans-serif; vertical-align:middle; padding:3px; border:1px solid #444;">';
 		echo $count;
-		echo "</div></ul>";
+		echo '</div></ul>';
 		echo $args['after_widget'];
 	}
 
@@ -37,14 +37,14 @@
 	/**
 	Saves the widgets settings.
 	*/
-	function update($new_instance, $old_instance) {
+	function update( $new_instance, $old_instance ) {
 		$instance = $old_instance;
-		$instance['title'] = strip_tags(stripslashes($new_instance['title']));
-		$instance['s2w_bg'] = strip_tags(stripslashes($new_instance['s2w_bg']));
-		$instance['s2w_fg'] = strip_tags(stripslashes($new_instance['s2w_fg']));
-		$instance['s2w_width'] = strip_tags(stripslashes($new_instance['s2w_width']));
-		$instance['s2w_height'] = strip_tags(stripslashes($new_instance['s2w_height']));
-		$instance['s2w_font'] = strip_tags(stripslashes($new_instance['s2w_font']));
+		$instance['title'] = strip_tags( stripslashes( $new_instance['title'] ) );
+		$instance['s2w_bg'] = strip_tags( stripslashes( $new_instance['s2w_bg'] ) );
+		$instance['s2w_fg'] = strip_tags( stripslashes( $new_instance['s2w_fg'] ) );
+		$instance['s2w_width'] = strip_tags( stripslashes( $new_instance['s2w_width'] ) );
+		$instance['s2w_height'] = strip_tags( stripslashes( $new_instance['s2w_height'] ) );
+		$instance['s2w_font'] = strip_tags( stripslashes( $new_instance['s2w_font'] ) );
 
 		return $instance;
 	}
@@ -52,47 +52,47 @@
 	/**
 	Creates the edit form for the widget.
 	*/
-	function form($instance) {
+	function form( $instance ) {
 		// set some defaults
-		$options = get_option('widget_s2counter');
-		if ( $options === false ) {
-			$defaults = array('title'=>'Subscriber Count', 's2w_bg'=>'#e3dacf', 's2w_fg'=>'#345797', 's2w_width'=>'82', 's2w_height'=>'16', 's2w_font'=>'11');
+		$options = get_option( 'widget_s2counter' );
+		if ( false === $options ) {
+			$defaults = array( 'title' => 'Subscriber Count', 's2w_bg' => '#e3dacf', 's2w_fg' => '#345797', 's2w_width' => '82', 's2w_height' => '16', 's2w_font' => '11' );
 		} else {
-			$defaults = array('title'=>$options['title'], 's2w_bg'=>$options['s2w_bg'], 's2w_fg'=>$options['s2w_fg'], 's2w_width'=>$options['s2w_width'], 's2w_height'=>$options['s2w_height'], 's2w_font'=>$options['s2w_font']);
-			delete_option('widget_s2counter');
+			$defaults = array( 'title' => $options['title'], 's2w_bg' => $options['s2w_bg'], 's2w_fg' => $options['s2w_fg'], 's2w_width' => $options['s2w_width'], 's2w_height' => $options['s2w_height'], 's2w_font' => $options['s2w_font'] );
+			delete_option( 'widget_s2counter' );
 		}
-		$instance = wp_parse_args( (array) $instance, $defaults);
+		$instance = wp_parse_args( (array) $instance, $defaults );
 		// Be sure you format your options to be valid HTML attributes.
-		$s2w_title = htmlspecialchars($instance['title'], ENT_QUOTES);
-		$s2w_bg = htmlspecialchars($instance['s2w_bg'], ENT_QUOTES);
-		$s2w_fg = htmlspecialchars($instance['s2w_fg'], ENT_QUOTES);
-		$s2w_width = htmlspecialchars($instance['s2w_width'], ENT_QUOTES);
-		$s2w_height = htmlspecialchars($instance['s2w_height'], ENT_QUOTES);
-		$s2w_font = htmlspecialchars($instance['s2w_font'], ENT_QUOTES);
-		echo "<div>\r\n";
-		echo "<fieldset><legend><label for=\"" . $this->get_field_id('title') . "\">" . __('Widget Title', 'subscribe2') . "</label></legend>\r\n";
-		echo "<input type=\"text\" name=\"" . $this->get_field_name('title') . "\" id=\"" . $this->get_field_id('title') . "\" value=\"" . $s2w_title . "\" />\r\n";
-		echo "</fieldset>\r\n";
+		$s2w_title = htmlspecialchars( $instance['title'], ENT_QUOTES );
+		$s2w_bg = htmlspecialchars( $instance['s2w_bg'], ENT_QUOTES );
+		$s2w_fg = htmlspecialchars( $instance['s2w_fg'], ENT_QUOTES );
+		$s2w_width = htmlspecialchars( $instance['s2w_width'], ENT_QUOTES );
+		$s2w_height = htmlspecialchars( $instance['s2w_height'], ENT_QUOTES );
+		$s2w_font = htmlspecialchars( $instance['s2w_font'], ENT_QUOTES );
+		echo '<div>' . "\r\n";
+		echo '<fieldset><legend><label for="' . esc_attr( $this->get_field_id( 'title' ) ) . '">' . esc_html__( 'Widget Title', 'subscribe2' ) . '</label></legend>' . "\r\n";
+		echo '<input type="text" name="' . esc_attr( $this->get_field_name( 'title' ) ) . '" id="' . esc_attr( $this->get_field_id( 'title' ) ) . '" value="' . esc_html__( $s2w_title ) . '" />' . "\r\n";
+		echo '</fieldset>' . "\r\n";
 
-		echo "<fieldset>\r\n";
-		echo "<legend>" . __('Color Scheme', 'subscribe2') . "</legend>\r\n";
-		echo "<label>\r\n";
-		echo "<input type=\"text\" name=\"" . $this->get_field_name('s2w_bg') . "\" id=\"" . $this->get_field_id('s2w_bg') . "\" maxlength=\"6\" value=\"" . $s2w_bg . "\" class=\"colorpickerField\" style=\"width:60px;\" /> " . __('Body', 'subscribe2') . "</label><br />\r\n";
-		echo "<label>\r\n";
-		echo "<input type=\"text\" name=\"" . $this->get_field_name('s2w_fg') . "\" id=\"" . $this->get_field_id('s2w_fg') . "\" maxlength=\"6\" value=\"" . $s2w_fg . "\" class=\"colorpickerField\" style=\"width:60px;\" /> " . __('Text', 'subscribe2') . "</label><br />\r\n";
-		echo "<div class=\"s2_colorpicker\" id =\"" . $this->get_field_id('s2_colorpicker') . "\"></div>";
-		echo "</fieldset>";
+		echo '<fieldset>' . "\r\n";
+		echo '<legend>' . esc_html__( 'Color Scheme', 'subscribe2' ) . '</legend>' . "\r\n";
+		echo '<label>' . "\r\n";
+		echo '<input type="text" name="' . esc_attr( $this->get_field_name( 's2w_bg' ) ) . '" id="' . esc_attr( $this->get_field_id( 's2w_bg' ) ) . '" maxlength="6" value="' . esc_attr( $s2w_bg ) . '" class="colorpickerField" style="width:60px;" /> ' . esc_html__( 'Body', 'subscribe2' ) . '</label><br />' . "\r\n";
+		echo '<label>' . "\r\n";
+		echo '<input type="text" name="' . esc_attr( $this->get_field_name( 's2w_fg' ) ) . '" id="' . esc_attr( $this->get_field_id( 's2w_fg' ) ) . '" maxlength="6" value="' . esc_attr( $s2w_fg ) . '" class="colorpickerField" style="width:60px;" /> ' . esc_html__( 'Text', 'subscribe2' ) . '</label><br />' . "\r\n";
+		echo '<div class="s2_colorpicker" id ="' . esc_attr( $this->get_field_id( 's2_colorpicker' ) ) . '"></div>';
+		echo '</fieldset>';
 
-		echo "<fieldset>\r\n";
-		echo "<legend>" . __('Width, Height and Font Size', 'subscribe2') . "</legend>\r\n";
-		echo "<table style=\"border:0; padding:0; margin:0 0 12px 0; border-collapse:collapse;\" align=\"center\">\r\n";
-		echo "<tr><td><label for=\"" . $this->get_field_id('s2w_width') . "\">" . __('Width', 'subscribe2') . "</label></td>\r\n";
-		echo "<td><input type=\"text\" name=\"" . $this->get_field_name('s2w_width') . "\" id=\"" . $this->get_field_id('s2w_width') . "\" value=\"" . $s2w_width . "\" /></td></tr>\r\n";
-		echo "<tr><td><label for=\"" . $this->get_field_id('s2w_height') . "\">" . __('Height', 'subscribe2') . "</label></td>\r\n";
-		echo "<td><input type=\"text\" name=\"" . $this->get_field_name('s2w_height') . "\" id=\"" . $this->get_field_id('s2w_height') . "\" value=\"" . $s2w_height . "\" /></td></tr>\r\n";
-		echo "<tr><td><label for=\"" . $this->get_field_id('s2w_font') . "\">" . __('Font', 'subscribe2') . "</label></td>\r\n";
-		echo "<td><input type=\"text\" name=\"" . $this->get_field_name('s2w_font') . "\" id=\"" . $this->get_field_id('s2w_font') . "\" value=\"" . $s2w_font . "\" /></td></tr>\r\n";
-		echo "</table></fieldset></div>\r\n";
+		echo '<fieldset>' . "\r\n";
+		echo '<legend>' . esc_html__( 'Width, Height and Font Size', 'subscribe2' ) . '</legend>' . "\r\n";
+		echo '<table style="border:0; padding:0; margin:0 0 12px 0; border-collapse:collapse;" align="center">' . "\r\n";
+		echo '<tr><td><label for="' . esc_attr( $this->get_field_id( 's2w_width' ) ) . '">' . esc_html__( 'Width', 'subscribe2' ) . '</label></td>' . "\r\n";
+		echo '<td><input type="text" name="' . esc_attr( $this->get_field_name( 's2w_width' ) ) . '" id="' . esc_attr( $this->get_field_id( 's2w_width' ) ) . '" value="' . esc_attr( $s2w_width ) . '" /></td></tr>' . "\r\n";
+		echo '<tr><td><label for="' . esc_attr( $this->get_field_id( 's2w_height' ) ) . '">' . esc_html__( 'Height', 'subscribe2' ) . '</label></td>' . "\r\n";
+		echo '<td><input type="text" name="' . esc_attr( $this->get_field_name( 's2w_height' ) ) . '" id="' . esc_attr( $this->get_field_id( 's2w_height' ) ) . '" value="' . esc_attr( $s2w_height ) . '" /></td></tr>' . "\r\n";
+		echo '<tr><td><label for="' . esc_attr( $this->get_field_id( 's2w_font' ) ) . '">' . esc_html__( 'Font', 'subscribe2' ) . '</label></td>' . "\r\n";
+		echo '<td><input type="text" name="' . esc_attr( $this->get_field_name( 's2w_font' ) ) . '" id="' . esc_attr( $this->get_field_id( 's2w_font' ) ) . '" value="' . esc_attr( $s2w_font ) . '" /></td></tr>' . "\r\n";
+		echo '</table></fieldset></div>' . "\r\n";
 	}
 }// end S2_Counter_widget class
 ?>
\ No newline at end of file
Index: include/widget.php
===================================================================
--- include/widget.php	(revision 1228025)
+++ include/widget.php	(working copy)
@@ -3,62 +3,62 @@
 	/**
 	Declares the Subscribe2 widget class.
 	*/
-	function S2_Form_widget() {
-		$widget_ops = array('classname' => 's2_form_widget', 'description' => __('Sidebar Widget for Subscribe2', 'subscribe2') );
-		$control_ops = array('width' => 250, 'height' => 300);
-		$this->WP_Widget('s2_form_widget', __('Subscribe2 Widget', 'subscribe2'), $widget_ops, $control_ops);
+	function __construct() {
+		$widget_ops = array( 'classname' => 's2_form_widget', 'description' => esc_html__( 'Sidebar Widget for Subscribe2', 'subscribe2' ) );
+		$control_ops = array( 'width' => 250, 'height' => 300 );
+		parent::__construct( 's2_form_widget', esc_html__( 'Subscribe2 Widget', 'subscribe2' ), $widget_ops, $control_ops );
 	}
 
 	/**
 	Displays the Widget
 	*/
-	function widget($args, $instance) {
-		$title = empty($instance['title']) ? __('Subscribe2', 'subscribe2') : $instance['title'];
-		$div = empty($instance['div']) ? 'search' : $instance['div'];
-		$widgetprecontent = empty($instance['widgetprecontent']) ? '' : $instance['widgetprecontent'];
-		$widgetpostcontent = empty($instance['widgetpostcontent']) ? '' : $instance['widgetpostcontent'];
-		$textbox_size = empty($instance['size']) ? 20 : $instance['size'];
-		$hidebutton = empty($instance['hidebutton']) ? 'none' : $instance['hidebutton'];
-		$postto = empty($instance['postto']) ? '' : $instance['postto'];
-		$js = empty($instance['js']) ? '' : $instance['js'];
-		$noantispam = empty($instance['noantispam']) ? '' : $instance['noantispam'];
-		$nowrap = empty($instance['nowrap']) ? '' : $instance['nowrap'];
+	function widget( $args, $instance ) {
+		$title = empty( $instance['title'] ) ? __( 'Subscribe2', 'subscribe2' ) : $instance['title'];
+		$div = empty( $instance['div'] ) ? 'search' : $instance['div'];
+		$widgetprecontent = empty( $instance['widgetprecontent'] ) ? '' : $instance['widgetprecontent'];
+		$widgetpostcontent = empty( $instance['widgetpostcontent'] ) ? '' : $instance['widgetpostcontent'];
+		$textbox_size = empty( $instance['size'] ) ? 20 : $instance['size'];
+		$hidebutton = empty( $instance['hidebutton'] ) ? 'none' : $instance['hidebutton'];
+		$postto = empty( $instance['postto'] ) ? '' : $instance['postto'];
+		$js = empty( $instance['js'] ) ? '' : $instance['js'];
+		$noantispam = empty( $instance['noantispam'] ) ? '' : $instance['noantispam'];
+		$nowrap = empty( $instance['nowrap'] ) ? '' : $instance['nowrap'];
 		$hide = '';
-		if ( $hidebutton == 'subscribe' || $hidebutton == 'unsubscribe' ) {
-			$hide = " hide=\"" . $hidebutton . "\"";
-		} elseif ( $hidebutton == 'link' ) {
-			$hide = " link=\"" . __('(Un)Subscribe to Posts', 'subscribe2') . "\"";
+		if ( 'subscribe' === $hidebutton || 'unsubscribe' === $hidebutton ) {
+			$hide = ' hide="' . $hidebutton . '"';
+		} elseif ( 'link' === $hidebutton ) {
+			$hide = ' link="' . __( '(Un)Subscribe to Posts', 'subscribe2' ) . '"';
 		}
 		$postid = '';
-		if ( !empty($postto) ) {
-			$postid = " id=\"" . $postto . "\"";
+		if ( ! empty( $postto ) ) {
+			$postid = ' id="' . $postto . '"';
 		}
-		$size = " size=\"" . $textbox_size . "\"";
+		$size = ' size="' . $textbox_size . '"';
 		$nojs = '';
 		if ( $js ) {
-			$nojs = " nojs=\"true\"";
+			$nojs = ' nojs="true"';
 		}
 		if ( $noantispam ) {
-			$noantispam = " noantispam=\"true\"";
+			$noantispam = ' noantispam="true"';
 		}
 		if ( $nowrap ) {
-			$nowrap = " wrap=\"false\"";
+			$nowrap = ' wrap="false"';
 		}
-		$shortcode = "[subscribe2" . $hide . $postid . $size . $nojs . $noantispam . $nowrap . "]";
+		$shortcode = '[subscribe2' . $hide . $postid . $size . $nojs . $noantispam . $nowrap . ']';
 		echo $args['before_widget'];
-		if ( !empty($title) ) {
-			echo $args['before_title'] . $title . $args['after_title'];
+		if ( ! empty( $title ) ) {
+			echo $args['before_title'] . esc_attr( $title ) . $args['after_title'];
 		}
-		echo "<div class=\"" . $div . "\">";
+		echo '<div class="' . esc_attr( $div ) . '">';
 		$content = do_shortcode( $shortcode );
-		if ( !empty($widgetprecontent) ) {
-			echo $widgetprecontent;
+		if ( ! empty( $widgetprecontent ) ) {
+			echo wp_kses( $widgetprecontent, 'post' );
 		}
 		echo $content;
-		if ( !empty($widgetpostcontent) ) {
-			echo $widgetpostcontent;
+		if ( ! empty( $widgetpostcontent ) ) {
+			echo wp_kses( $widgetpostcontent, 'post' );
 		}
-		echo "</div>";
+		echo '</div>';
 		echo $args['after_widget'];
 	}
 
@@ -65,18 +65,18 @@
 	/**
 	Saves the widgets settings.
 	*/
-	function update($new_instance, $old_instance) {
+	function update( $new_instance, $old_instance ) {
 		$instance = $old_instance;
-		$instance['title'] = strip_tags(stripslashes($new_instance['title']));
-		$instance['div'] = strip_tags(stripslashes($new_instance['div']));
-		$instance['widgetprecontent'] = stripslashes($new_instance['widgetprecontent']);
-		$instance['widgetpostcontent'] = stripslashes($new_instance['widgetpostcontent']);
-		$instance['size'] = intval(stripslashes($new_instance['size']));
-		$instance['hidebutton'] = strip_tags(stripslashes($new_instance['hidebutton']));
-		$instance['postto'] = stripslashes($new_instance['postto']);
-		$instance['js'] = stripslashes($new_instance['js']);
-		$instance['noantispam'] = stripslashes($new_instance['noantispam']);
-		$instance['nowrap'] = stripslashes($new_instance['nowrap']);
+		$instance['title'] = strip_tags( stripslashes( $new_instance['title'] ) );
+		$instance['div'] = strip_tags( stripslashes( $new_instance['div'] ) );
+		$instance['widgetprecontent'] = stripslashes( $new_instance['widgetprecontent'] );
+		$instance['widgetpostcontent'] = stripslashes( $new_instance['widgetpostcontent'] );
+		$instance['size'] = intval( stripslashes( $new_instance['size'] ) );
+		$instance['hidebutton'] = strip_tags( stripslashes( $new_instance['hidebutton'] ) );
+		$instance['postto'] = stripslashes( $new_instance['postto'] );
+		$instance['js'] = stripslashes( $new_instance['js'] );
+		$instance['noantispam'] = stripslashes( $new_instance['noantispam'] );
+		$instance['nowrap'] = stripslashes( $new_instance['nowrap'] );
 
 		return $instance;
 	}
@@ -84,72 +84,72 @@
 	/**
 	Creates the edit form for the widget.
 	*/
-	function form($instance) {
+	function form( $instance ) {
 		// set some defaults, getting any old options first
-		$options = get_option('widget_subscribe2widget');
-		if ( $options === false ) {
-			$defaults = array('title' => 'Subscribe2', 'div' => 'search', 'widgetprecontent' => '', 'widgetpostcontent' => '', 'size' => 20, 'hidebutton' => 'none', 'postto' => '', 'js' => '', 'noantispam' => '', 'nowrap' => '');
+		$options = get_option( 'widget_subscribe2widget' );
+		if ( false === $options ) {
+			$defaults = array( 'title' => 'Subscribe2', 'div' => 'search', 'widgetprecontent' => '', 'widgetpostcontent' => '', 'size' => 20, 'hidebutton' => 'none', 'postto' => '', 'js' => '', 'noantispam' => '', 'nowrap' => '' );
 		} else {
-			$defaults = array('title' => $options['title'], 'div' => $options['div'], 'widgetprecontent' => $options['widgetprecontent'], 'widgetpostcontent' => $options['widgetpostcontent'], 'size' => $options['size'], 'hidebutton' => $options['hidebutton'], 'postto' => $options['postto'], 'js' => $options['js'], 'noantispam' => $options['noantispam'], 'nowrap' => $options['nowrap']);
-			delete_option('widget_subscribe2widget');
+			$defaults = array( 'title' => $options['title'], 'div' => $options['div'], 'widgetprecontent' => $options['widgetprecontent'], 'widgetpostcontent' => $options['widgetpostcontent'], 'size' => $options['size'], 'hidebutton' => $options['hidebutton'], 'postto' => $options['postto'], 'js' => $options['js'], 'noantispam' => $options['noantispam'], 'nowrap' => $options['nowrap'] );
+			delete_option( 'widget_subscribe2widget' );
 		}
 		// code to obtain old settings too
-		$instance = wp_parse_args( (array) $instance, $defaults);
+		$instance = wp_parse_args( (array) $instance, $defaults );
 
-		$title = htmlspecialchars($instance['title'], ENT_QUOTES);
-		$div = htmlspecialchars($instance['div'], ENT_QUOTES);
-		$widgetprecontent = htmlspecialchars($instance['widgetprecontent'], ENT_QUOTES);
-		$widgetpostcontent = htmlspecialchars($instance['widgetpostcontent'], ENT_QUOTES);
-		$size = htmlspecialchars($instance['size'], ENT_QUOTES);
-		$hidebutton = htmlspecialchars($instance['hidebutton'], ENT_QUOTES);
-		$postto = htmlspecialchars($instance['postto'], ENT_QUOTES);
-		$js = htmlspecialchars($instance['js'], ENT_QUOTES);
-		$noantispam  = htmlspecialchars($instance['noantispam'], ENT_QUOTES);
-		$nowrap = htmlspecialchars($instance['nowrap'], ENT_QUOTES);
+		$title = htmlspecialchars( $instance['title'], ENT_QUOTES );
+		$div = htmlspecialchars( $instance['div'], ENT_QUOTES );
+		$widgetprecontent = htmlspecialchars( $instance['widgetprecontent'], ENT_QUOTES );
+		$widgetpostcontent = htmlspecialchars( $instance['widgetpostcontent'], ENT_QUOTES );
+		$size = htmlspecialchars( $instance['size'], ENT_QUOTES );
+		$hidebutton = htmlspecialchars( $instance['hidebutton'], ENT_QUOTES );
+		$postto = htmlspecialchars( $instance['postto'], ENT_QUOTES );
+		$js = htmlspecialchars( $instance['js'], ENT_QUOTES );
+		$noantispam  = htmlspecialchars( $instance['noantispam'], ENT_QUOTES );
+		$nowrap = htmlspecialchars( $instance['nowrap'], ENT_QUOTES );
 
 		global $wpdb, $mysubscribe2;
 		$sql = "SELECT ID, post_title FROM $wpdb->posts WHERE post_type='page' AND post_status='publish'";
 
-		echo "<div>\r\n";
-		echo "<p><label for=\"" . $this->get_field_id('title') . "\">" . __('Title', 'subscribe2') . ":\r\n";
-		echo "<input class=\"widefat\" id=\"" . $this->get_field_id('title') . "\" name=\"" . $this->get_field_name('title') . "\" type=\"text\" value=\"" . $title . "\" /></label></p>\r\n";
-		echo "<p><label for=\"" . $this->get_field_id('div') . "\">" . __('Div class name', 'subscribe2') . ":\r\n";
-		echo "<input class=\"widefat\" id=\"" . $this->get_field_id('div') . "\" name=\"" . $this->get_field_name('div') . "\" type=\"text\" value=\"" . $div . "\" /></label></p>\r\n";
-		echo "<p><label for=\"" . $this->get_field_id('widgetprecontent') . "\">" . __('Pre-Content', 'subscribe2') . ":\r\n";
-		echo "<textarea class=\"widefat\" id=\"" . $this->get_field_id('widgetprecontent') . "\" name=\"" . $this->get_field_name('widgetprecontent') . "\" rows=\"2\" cols=\"25\">" . $widgetprecontent . "</textarea></label></p>\r\n";
-		echo "<p><label for=\"" . $this->get_field_id('widgetpostcontent') . "\">" . __('Post-Content', 'subscribe2') . ":\r\n";
-		echo "<textarea class=\"widefat\" id=\"" . $this->get_field_id('widgetpostcontent') . "\" name=\"" . $this->get_field_name('widgetpostcontent') . "\" rows=\"2\" cols=\"25\">" . $widgetpostcontent . "</textarea></label></p>\r\n";
-		echo "<p><label for=\"" . $this->get_field_id('size') . "\">" . __('Text Box Size', 'subscribe2') . ":\r\n";
-		echo "<input class=\"widefat\" id=\"" . $this->get_field_id('size') . "\" name=\"" . $this->get_field_name('size') . "\" type=\"text\" value=\"" . $size . "\" /></label></p>\r\n";
-		echo "<p>" . __('Display options', 'subscribe2') . ":<br />\r\n";
-		echo "<label for=\"" . $this->get_field_id('hidebutton') . "complete\"><input id=\"" . $this->get_field_id('hidebutton') . "complete\" name=\"" . $this->get_field_name('hidebutton') . "\" type=\"radio\" value=\"none\"". checked('none', $hidebutton, false) . "/> " . __('Show complete form', 'subscribe2') . "</label>\r\n";
-		echo "<br /><label for=\"" . $this->get_field_id('hidebutton') . "subscribe\"><input id=\"" . $this->get_field_id('hidebutton') . "subscribe\" name=\"" . $this->get_field_name('hidebutton') . "\" type=\"radio\" value=\"subscribe\"". checked('subscribe', $hidebutton, false) . "/> " . __('Hide Subscribe button', 'subscribe2') . "</label>\r\n";
-		echo "<br /><label for=\"" . $this->get_field_id('hidebutton') . "unsubscribe\"><input id=\"" . $this->get_field_id('hidebutton') . "unsubscribe\" name=\"" . $this->get_field_name('hidebutton') . "\" type=\"radio\" value=\"unsubscribe\"". checked('unsubscribe', $hidebutton, false) . "/> " . __('Hide Unsubscribe button', 'subscribe2') . "</label>\r\n";
-		if ( '1' == $mysubscribe2->subscribe2_options['ajax'] ) {
-			echo "<br /><label for=\"" . $this->get_field_id('hidebutton') . "ajax\"><input id=\"" . $this->get_field_id('hidebutton') . "ajax\" name=\"" . $this->get_field_name('hidebutton') . "\" type=\"radio\" value=\"link\"". checked('link', $hidebutton, false) . "/> " . __('Show as link', 'subscribe2') . "</label>\r\n";
+		echo '<div>' . "\r\n";
+		echo '<p><label for="'. esc_attr( $this->get_field_id( 'title' ) ) . '">' . __( 'Title', 'subscribe2' ) . ':' . "\r\n";
+		echo '<input class="widefat" id="' . esc_attr( $this->get_field_id( 'title' ) ) . '" name="' . esc_attr( $this->get_field_name( 'title' ) ) . '" type="text" value="' . esc_html__( $title ) . '" /></label></p>' . "\r\n";
+		echo '<p><label for="' . esc_attr( $this->get_field_id( 'div' ) ) . '">' . __( 'Div class name', 'subscribe2' ) . ':' . "\r\n";
+		echo '<input class="widefat" id="' . esc_attr( $this->get_field_id( 'div' ) ) . '" name="' . esc_attr( $this->get_field_name( 'div' ) ) . '" type="text" value="' . esc_html__( $div ) . '" /></label></p>' . "\r\n";
+		echo '<p><label for="' . esc_attr( $this->get_field_id( 'widgetprecontent' ) ) . '">' . esc_html__( 'Pre-Content', 'subscribe2' ) . ':' . "\r\n";
+		echo '<textarea class="widefat" id="' . esc_attr( $this->get_field_id( 'widgetprecontent' ) ) . '" name="' . esc_attr( $this->get_field_name( 'widgetprecontent' ) ) . '" rows="2" cols="25">' . esc_html__( $widgetprecontent ) . '</textarea></label></p>' . "\r\n";
+		echo '<p><label for="' . esc_attr( $this->get_field_id( 'widgetpostcontent' ) ) . '">' . __( 'Post-Content', 'subscribe2' ) . ':' . "\r\n";
+		echo '<textarea class="widefat" id="' . esc_attr( $this->get_field_id( 'widgetpostcontent' ) ) . '" name="' . esc_attr( $this->get_field_name( 'widgetpostcontent' ) ) . '" rows="2" cols="25">' . esc_html__( $widgetpostcontent ) . '</textarea></label></p>' . "\r\n";
+		echo '<p><label for="' . esc_attr( $this->get_field_id( 'size' ) ) . '">' . esc_html__( 'Text Box Size', 'subscribe2' ) . ':' . "\r\n";
+		echo '<input class="widefat" id="' . esc_attr( $this->get_field_id( 'size' ) ) . '" name="' . esc_attr( $this->get_field_name( 'size' ) ) . '" type="text" value="' . esc_html__( $size ) . '" /></label></p>' . "\r\n";
+		echo '<p>' . __( 'Display options', 'subscribe2' ) . ':<br />' . "\r\n";
+		echo '<label for="' . esc_attr( $this->get_field_id( 'hidebutton' ) ) . 'complete"><input id="' . esc_attr( $this->get_field_id( 'hidebutton' ) ) . 'complete" name="' . esc_attr( $this->get_field_name( 'hidebutton' ) ) . '" type="radio" value="none"'. checked( 'none', $hidebutton, false ) . '/> ' . esc_html__( 'Show complete form', 'subscribe2' ) . '</label>' . "\r\n";
+		echo '<br /><label for="' . esc_attr( $this->get_field_id( 'hidebutton' ) ) . 'subscribe"><input id="' . esc_attr( $this->get_field_id( 'hidebutton' ) ) . 'subscribe" name="' . esc_attr( $this->get_field_name( 'hidebutton' ) ) . '" type="radio" value="subscribe"' . checked( 'subscribe', $hidebutton, false ) . '/> ' . esc_html__( 'Hide Subscribe button', 'subscribe2' ) . '</label>' . "\r\n";
+		echo '<br /><label for="' . esc_attr( $this->get_field_id( 'hidebutton' ) ) . 'unsubscribe"><input id="' . esc_attr( $this->get_field_id( 'hidebutton' ) ) . 'unsubscribe" name="' . esc_attr( $this->get_field_name( 'hidebutton' ) ) . '" type="radio" value="unsubscribe"'. checked( 'unsubscribe', $hidebutton, false ) . '/> ' . esc_html__( 'Hide Unsubscribe button', 'subscribe2' ) . '</label>' . "\r\n";
+		if ( '1' === $mysubscribe2->subscribe2_options['ajax'] ) {
+			echo '<br /><label for="' . esc_attr( $this->get_field_id( 'hidebutton' ) ) . 'ajax"><input id="' . esc_attr( $this->get_field_id( 'hidebutton' ) ) . 'ajax" name="' . esc_attr( $this->get_field_name( 'hidebutton' ) ) . '" type="radio" value="link"'. checked( 'link', $hidebutton, false ) . '/> ' . esc_html__( 'Show as link', 'subscribe2' ) . '</label>' . "\r\n";
 		}
-		echo "</p>\r\n";
-		echo "<p><label for=\"" . $this->get_field_id('postto') . "\">" . __('Post form content to page', 'subscribe2') . ":\r\n";
-		echo "<select class=\"widefat\" id=\"" . $this->get_field_id('postto') . "\" name=\"" . $this->get_field_name('postto') . "\">\r\n";
-		echo "<option value=\"" . $mysubscribe2->subscribe2_options['s2page'] . "\">" . __('Use Subscribe2 Default', 'subscribe2') . "</option>\r\n";
-		echo "<option value=\"home\"";
-		if ( $postto === 'home' ) { echo " selected=\"selected\""; }
-		echo ">" . __('Use Home Page', 'subscribe2') . "</option>\r\n";
-		echo "<option value=\"self\"";
-		if ( $postto === 'self' ) { echo " selected=\"selected\""; }
-		echo ">" . __('Use Referring Page', 'subscribe2') . "</option>\r\n";
-		$mysubscribe2->pages_dropdown($postto);
-		echo "</select></label></p>\r\n";
-		echo "<p><label for=\"" . $this->get_field_id('js') . "\">" . __('Disable JavaScript', 'subscribe2') . ":\r\n";
-		echo "<input id=\"" . $this->get_field_id('js') . "\" name =\"" . $this->get_field_name('js') . "\" value=\"true\" type=\"checkbox\"" . checked('true', $js, false) . "/>";
-		echo "</label></p>\r\n";
-		echo "<p><label for=\"" . $this->get_field_id('noantispam') . "\">" . __('Disable Anti-spam measures', 'subscribe2') . ":\r\n";
-		echo "<input id=\"" . $this->get_field_id('noantispam') . "\" name =\"" . $this->get_field_name('noantispam') . "\" value=\"true\" type=\"checkbox\"" . checked('true', $noantispam, false) . "/>";
-		echo "</label></p>\r\n";
-		echo "<p><label for=\"" . $this->get_field_id('nowrap') . "\">" . __('Disable wrapping of form buttons', 'subscribe2') . ":\r\n";
-		echo "<input id=\"" . $this->get_field_id('nowrap') . "\" name =\"" . $this->get_field_name('nowrap') . "\" value=\"true\" type=\"checkbox\"" . checked('true', $nowrap, false) . "/>";
-		echo "</label></p>\r\n";
-		echo "</div>\r\n";
+		echo '</p>' . "\r\n";
+		echo '<p><label for="' . esc_attr( $this->get_field_id( 'postto' ) ) . '">' . esc_html__( 'Post form content to page', 'subscribe2' ) . ':' . "\r\n";
+		echo '<select class="widefat" id="' . esc_attr( $this->get_field_id( 'postto' ) ) . '" name="' . esc_attr( $this->get_field_name( 'postto' ) ) . '">' . "\r\n";
+		echo '<option value="' . esc_attr( $mysubscribe2->subscribe2_options['s2page'] ) . '">' . esc_html__( 'Use Subscribe2 Default', 'subscribe2' ) . '</option>' . "\r\n";
+		echo '<option value="home"';
+		if ( 'home' === $postto ) { echo ' selected="selected"'; }
+		echo '>' . esc_html__( 'Use Home Page', 'subscribe2' ) . '</option>' . "\r\n";
+		echo '<option value="self"';
+		if ( 'self' === $postto ) { echo ' selected="selected"'; }
+		echo '>' . esc_html__( 'Use Referring Page', 'subscribe2' ) . '</option>' . "\r\n";
+		$mysubscribe2->pages_dropdown( $postto );
+		echo '</select></label></p>' . "\r\n";
+		echo '<p><label for="' . esc_attr( $this->get_field_id( 'js' ) ) . '">' . esc_html__( 'Disable JavaScript', 'subscribe2' ) . ':' . "\r\n";
+		echo '<input id="' . esc_attr( $this->get_field_id( 'js' ) ) . '" name ="' . esc_attr( $this->get_field_name( 'js' ) ) . '" value="true" type="checkbox"' . checked( 'true', $js, false ) . '/>';
+		echo '</label></p>' . "\r\n";
+		echo '<p><label for="' . esc_attr( $this->get_field_id( 'noantispam' ) ) . '">' . esc_html__( 'Disable Anti-spam measures', 'subscribe2' ) . ':' . "\r\n";
+		echo '<input id="' . esc_attr( $this->get_field_id( 'noantispam' ) ) . '" name ="' . esc_attr( $this->get_field_name( 'noantispam' ) ) . '" value="true" type="checkbox"' . checked( 'true', $noantispam, false ) . '/>';
+		echo '</label></p>' . "\r\n";
+		echo '<p><label for="' . esc_attr( $this->get_field_id( 'nowrap' ) ) . '">' . esc_html__( 'Disable wrapping of form buttons', 'subscribe2' ) . ':' . "\r\n";
+		echo '<input id="' . esc_attr( $this->get_field_id( 'nowrap' ) ) . '" name ="' . esc_attr( $this->get_field_name( 'nowrap' ) ) . '" value="true" type="checkbox"' . checked( 'true', $nowrap, false ) . '/>';
+		echo '</label></p>' . "\r\n";
+		echo '</div>' . "\r\n";
 	}
 } // End S2_Form_widget class
 ?>
\ No newline at end of file

get_field_id('s2w_width') . "\">" . __('Width', 'subscribe2') . "	get_field_name('s2w_width') . "\" id=\"" . $this->get_field_id('s2w_width') . "\" value=\"" . $s2w_width . "\" />
get_field_id('s2w_height') . "\">" . __('Height', 'subscribe2') . "	get_field_name('s2w_height') . "\" id=\"" . $this->get_field_id('s2w_height') . "\" value=\"" . $s2w_height . "\" />
get_field_id('s2w_font') . "\">" . __('Font', 'subscribe2') . "	get_field_name('s2w_font') . "\" id=\"" . $this->get_field_id('s2w_font') . "\" value=\"" . $s2w_font . "\" />
' . esc_html__( 'Width', 'subscribe2' ) . '
' . esc_html__( 'Height', 'subscribe2' ) . '
' . esc_html__( 'Font', 'subscribe2' ) . '