Ticket #13902: 13902.patch
| File 13902.patch, 1.9 KB (added by , 15 years ago) |
|---|
-
wp-admin/import.php
103 103 if ( !empty($plugins) ) { 104 104 $keys = array_keys($plugins); 105 105 $plugin_file = $plugin_slug . '/' . $keys[0]; 106 $action = '<a href="' . wp_nonce_url(admin_url('plugins.php?action=activate&plugin=' . $plugin_file . '&from=import'), 'activate-plugin_' . $plugin_file) .106 $action = '<a href="' . esc_url(wp_nonce_url(admin_url('plugins.php?action=activate&plugin=' . $plugin_file . '&from=import'), 'activate-plugin_' . $plugin_file)) . 107 107 '"title="' . esc_attr__('Activate importer') . '"">' . $data[0] . '</a>'; 108 108 } 109 109 } 110 110 if ( empty($action) ) 111 $action = '<a href="' . admin_url('plugin-install.php?tab=plugin-information&plugin=' . $plugin_slug .112 '& amp;from=import&TB_iframe=true&width=600&height=550') . '" class="thickbox" title="' .111 $action = '<a href="' . esc_url(admin_url('plugin-install.php?tab=plugin-information&plugin=' . $plugin_slug . 112 '&from=import&TB_iframe=true&width=600&height=550')) . '" class="thickbox" title="' . 113 113 esc_attr__('Install importer') . '">' . $data[0] . '</a>'; 114 114 } else { 115 115 $action = "<a href='" . esc_url("admin.php?import=$id") . "' title='" . esc_attr( wptexturize(strip_tags($data[1])) ) ."'>{$data[0]}</a>"; … … 130 130 } 131 131 132 132 if ( current_user_can('install_plugins') ) 133 echo '<p>' . sprintf('If the importer you need is not listed, <a href="%s">search the plugins directory</a> to see if an importer is available.', admin_url('plugin-install.php?tab=search&type=tag&s=importer') ) . '</p>';133 echo '<p>' . sprintf('If the importer you need is not listed, <a href="%s">search the plugins directory</a> to see if an importer is available.', esc_url(admin_url('plugin-install.php?tab=search&type=tag&s=importer')) ) . '</p>'; 134 134 ?> 135 135 136 136 </div>