Context Navigation

Back to Ticket #6015

Ticket #6015: 6015.6.diff

File 6015.6.diff, 5.2 KB (added by DD32, 5 years ago)
Sanitize HTML & Error handling

Line
1	Index: wp-admin/includes/plugin-install.php
2	===================================================================
3	--- wp-admin/includes/plugin-install.php (revision 9160)
4	+++ wp-admin/includes/plugin-install.php (working copy)
5	@@ -37,9 +37,13 @@
6
7	if ( ! $res ) {
8	$request = wp_remote_post('http://api.wordpress.org/plugins/info/1.0/', array( 'body' => array('action' => $action, 'request' => serialize($args))) );
9	- $res = unserialize($request['body']);
10	- if ( ! $res )
11	- $res = new WP_Error('plugins_api_failed', __('An unknown error occured'), $request['body']);
12	+ if ( is_wp_error($request) ) {
13	+ $res = new WP_Error('plugins_api_failed', __('An Unexpected HTTP Error occured during the API request.</p> <p><a href="?" onclick="document.location.reload(); return false;">Try again</a>'), $request->get_error_message() );
14	+ } else {
15	+ $res = unserialize($request['body']);
16	+ if ( ! $res )
17	+ $res = new WP_Error('plugins_api_failed', __('An unknown error occured'), $request['body']);
18	+ }
19	}
20
21	return apply_filters('plugins_api_result', $res, $action, $args);
22	@@ -62,6 +66,9 @@
23
24	$tags = plugins_api('hot_tags', $args);
25
26	+ if ( is_wp_error($tags) )
27	+ return $tags;
28	+
29	$cache = (object) array('timeout' => time(), 'cached' => $tags);
30
31	update_option('wporg_popular_tags', $cache);
32	@@ -100,6 +107,9 @@
33
34	$api = plugins_api('query_plugins', $args);
35
36	+ if ( is_wp_error($api) )
37	+ wp_die($api);
38	+
39	add_action('install_plugins_table_header', 'install_search_form');
40
41	display_plugins_table($api->plugins, $api->info['page'], $api->info['pages']);
42	@@ -173,6 +183,8 @@
43	function install_featured($page = 1) {
44	$args = array('browse' => 'featured', 'page' => $page);
45	$api = plugins_api('query_plugins', $args);
46	+ if ( is_wp_error($api) )
47	+ wp_die($api);
48	display_plugins_table($api->plugins, $api->info['page'], $api->info['pages']);
49	}
50
51	@@ -201,6 +213,8 @@
52	function install_new($page = 1) {
53	$args = array('browse' => 'new', 'page' => $page);
54	$api = plugins_api('query_plugins', $args);
55	+ if ( is_wp_error($api) )
56	+ wp_die($api);
57	display_plugins_table($api->plugins, $api->info['page'], $api->info['pages']);
58	}
59	add_action('install_plugins_updated', 'install_updated', 10, 1);
60	@@ -234,7 +248,9 @@
61	$type = isset($_REQUEST['type']) ? $_REQUEST['type'] : '';
62	$term = isset($_REQUEST['s']) ? $_REQUEST['s'] : '';
63
64	- $plugins_allowedtags = array('a' => array('href' => array(),'title' => array(), 'target' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array());
65	+ $plugins_allowedtags = array('a' => array('href' => array(),'title' => array(), 'target' => array()),
66	+ 'abbr' => array('title' => array()),'acronym' => array('title' => array()),
67	+ 'code' => array(),'em' => array(),'strong' => array());
68
69	?>
70	<div class="tablenav">
71	@@ -316,7 +332,7 @@
72	<td class="name"><?php echo $title; ?></td>
73	<td class="vers"><?php echo $version; ?></td>
74	<td class="vers">
75	- <div class="star-holder" title="<?php printf( __('based on %d ratings'), $plugin['num_ratings'] ); ?>">
76	+ <div class="star-holder" title="<?php printf(__ngettext(__('based on %d rating'), __('based on %d ratings'), $plugin['num_ratings']), $plugin['num_ratings']) ?>">
77	<div class="star star-rating" style="width: <?php echo attribute_escape($plugin['rating']) ?>px"></div>
78	<div class="star star5"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('5 stars') ?>" /></div>
79	<div class="star star4"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('4 stars') ?>" /></div>
80	@@ -355,6 +371,19 @@
81
82	$api = plugins_api('plugin_information', array('slug' => $_REQUEST['plugin']));
83
84	+ if ( is_wp_error($api) )
85	+ wp_die($api);
86	+
87	+ $plugins_allowedtags = array('a' => array('href' => array(), 'title' => array(), 'target' => array()),
88	+ 'abbr' => array('title' => array()), 'acronym' => array('title' => array()),
89	+ 'code' => array(), 'em' => array(), 'strong' => array(), 'div' => array(),
90	+ 'p' => array(), 'ul' => array(), 'ol' => array(), 'li' => array());
91	+ //Sanitize HTML
92	+ foreach ( (array)$api->sections as $section_name => $content )
93	+ $api->sections[$section_name] = wp_kses($content, $plugins_allowedtags);
94	+ foreach ( array('version', 'author', 'requires', 'tested', 'homepage', 'downloaded', 'slug') as $key )
95	+ $api->$key = wp_kses($api->$key, $plugins_allowedtags);
96	+
97	$section = isset($_REQUEST['section']) ? $_REQUEST['section'] : 'description'; //Default to the Description tab, Do not translate, API returns English.
98	if( empty($section) \|\| ! isset($api->sections[ $section ]) )
99	$section = array_shift( $section_titles = array_keys((array)$api->sections) );
100	@@ -521,6 +549,9 @@
101
102	check_admin_referer('install-plugin_' . $plugin);
103	$api = plugins_api('plugin_information', array('slug' => $plugin, 'fields' => array('sections' => false) ) ); //Save on a bit of bandwidth.
104	+
105	+ if ( is_wp_error($api) )
106	+ wp_die($api);
107
108	echo '<div class="wrap">';
109	echo '<h2>', sprintf( __('Installing Plugin: %s'), $api->name . ' ' . $api->version ), '</h2>';
110	@@ -834,6 +865,4 @@
111	return $folder . '/' . $pluginfiles[0];
112	}
113
114	-
115	-
116	?>

Download in other formats:

Original Format