WordPress.org

Make WordPress Core

Ticket #37623: 37623.2.diff

File 37623.2.diff, 1.2 KB (added by swissspidy, 5 years ago)
  • src/wp-admin/includes/update.php

    diff --git src/wp-admin/includes/update.php src/wp-admin/includes/update.php
    index 3bc11d8..74899e3 100644
    function maintenance_nag() { 
    631631function wp_print_admin_notice_templates() {
    632632        ?>
    633633        <script id="tmpl-wp-updates-admin-notice" type="text/html">
    634                 <div <# if ( data.id ) { #>id="{{ data.id }}"<# } #> class="notice {{ data.className }}"><p>{{ data.message }}</p></div>
     634                <div <# if ( data.id ) { #>id="{{ data.id }}"<# } #> class="notice {{ data.className }}"><p>{{{ data.message }}}</p></div>
    635635        </script>
    636636        <script id="tmpl-wp-bulk-updates-admin-notice" type="text/html">
    637637                <div id="{{ data.id }}" class="{{ data.className }} notice <# if ( data.errors ) { #>notice-error<# } else { #>notice-success<# } #>">
  • src/wp-admin/js/updates.js

    diff --git src/wp-admin/js/updates.js src/wp-admin/js/updates.js
    index ac6e2cf..e64b6e3 100644
     
    16021602
    16031603                // Messages are escaped, remove HTML tags to make them more readable.
    16041604                error = error.replace( /<[\/a-z][^<>]*>/gi, '' );
     1605                error = _.escape( error );
    16051606                errorMessage = errorMessage.replace( '%s', error );
    16061607
    16071608                // Add admin notice.