Emailed Author: There are issues with your plugin code. Please read this ENTIRE email, address all listed issues, and reply to this email with your corrected code attached. It is required for you to read and reply to these emails, and failure to do so will result in your plugin being rejected.
## Please sanitize your POST calls
You are not properly sanitizing your POST/GET/REQUEST calls.
All instances where $_POST data is inserted into the database, or into a file, MUST be properly sanitized for security. This also holds true for $_REQUEST calls that are processed. In addition, by sanitizing your POST data, you will lessen the possibility of XSS vulnerabilities.
Using stripslashes is not enough, you need to use the Input Validation methods, or things similar, to protect your plugin. The ultimate goal is that you should ensure that invalid data is NEVER processed.
Please review this document and update your code accordingly: http://codex.wordpress.org/Validating_Sanitizing_and_Escaping_User_Data
## Please use wp_enqueue commands
Your plugin is using <style> and/or <link> tags to insert CSS/JS
You should be using the built in functions for this:
https://codex.wordpress.org/Function_Reference/wp_enqueue_script
https://codex.wordpress.org/Function_Reference/wp_enqueue_style
If you're trying to enqueue on the admin pages you'll want to use the admin enqueues
https://codex.wordpress.org/Plugin_API/Action_Reference/admin_enqueue_scripts
https://codex.wordpress.org/Plugin_API/Action_Reference/admin_print_scripts
https://codex.wordpress.org/Plugin_API/Action_Reference/admin_print_styles
## Incomplete Readme
You're calling ftp://ftp.arin.net/pub/stats/arin/delegated-arin-extended-latest but you don't explain why.
Plugins that send data to other servers, call js from other servers, and/or require passwords and APIs to function are required to have a full and complete Readme so we can make sure you're providing the users with all the information they need before they install your plugin. Our goal with this is to make sure everyone knows what they're installing and what they need to do before they install it. No surprises.
This is especially important if your plugin is making calls back to your own servers. For the most part, we do not permit offloading of images or code, however in the case where you are providing a service (like Disqus or Akismet or Twitter), we permit it. The catch is you have to actually explain this to the layman in your read me, so they know where data is going.
Your read me MUST validate per http://wordpress.org/plugins/about/validator/ or we will reject it. Keep in mind, we don't want to see a readme.MD. Among other things, the formatting for markup is different, and the filetype isn't read by our system. (And if you're thinking "Hey, I did submit a read me!" then it's likely we felt it wasn't informative enough.)
Please create your read me one based on this: http://wordpress.org/plugins/about/readme.txt
Alternately, you can use this tool to generate one: http://tools.trepmal.com/wp-readme-generator/
Please send a link so the completed plugin can be downloaded. Alternately you can reply to this and send a .zip file. Note: We would like you to send the whole plugin, not just the read me, as we will re-review your entire code as a whole.