WordPress.org

Make WordPress Core

Ticket #28727: 28727.1.diff

File 28727.1.diff, 1.4 KB (added by jipmoors, 6 years ago)

No implicit encoding for htmlentities in plugin source code editor

  • src/wp-admin/plugin-editor.php

    IDEA additional info:
    Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
    <+>UTF-8
     
    164164                }
    165165        }
    166166
    167         $content = esc_textarea( $content );
     167        $content = esc_plugineditor( $content );
    168168        ?>
    169169<?php if (isset($_GET['a'])) : ?>
    170170 <div id="message" class="updated notice is-dismissible"><p><?php _e('File edited successfully.') ?></p></div>
  • src/wp-includes/formatting.php

    IDEA additional info:
    Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
    <+>UTF-8
     
    35893589}
    35903590
    35913591/**
     3592 * Escaping for plugin editor textarea.
     3593 *
     3594 * @since 4.5.0
     3595 *
     3596 * @param string $text
     3597 * @return string
     3598 */
     3599function esc_plugin_source( $text ) {
     3600        $safe_text = htmlspecialchars( $text, ENT_QUOTES );
     3601        /**
     3602         * Filter a string cleaned and escaped for output in a textarea element.
     3603         *
     3604         * @since 3.1.0
     3605         *
     3606         * @param string $safe_text The text after it has been escaped.
     3607         * @param string $text      The text prior to being escaped.
     3608         */
     3609        return apply_filters( 'esc_plugin_source', $safe_text, $text );
     3610}
     3611
     3612/**
    35923613 * Escape an HTML tag name.
    35933614 *
    35943615 * @since 2.5.0