diff --git a/src/wp-admin/includes/ajax-actions.php b/src/wp-admin/includes/ajax-actions.php
index 680a09ff32..0bebccbae7 100644
a
|
b
|
function wp_ajax_query_themes() { |
3561 | 3561 | ); |
3562 | 3562 | } |
3563 | 3563 | |
3564 | | $theme->name = wp_kses( $theme->name, $themes_allowedtags ); |
| 3564 | $theme->name = wp_specialchars_decode( wp_kses( $theme->name, $themes_allowedtags ) ); |
3565 | 3565 | $theme->author = wp_kses( $theme->author['display_name'], $themes_allowedtags ); |
3566 | 3566 | $theme->version = wp_kses( $theme->version, $themes_allowedtags ); |
3567 | 3567 | $theme->description = wp_kses( $theme->description, $themes_allowedtags ); |
diff --git a/src/wp-includes/class-wp-customize-manager.php b/src/wp-includes/class-wp-customize-manager.php
index 9832099f91..6878dc05c3 100644
a
|
b
|
final class WP_Customize_Manager { |
5851 | 5851 | $update_php |
5852 | 5852 | ); |
5853 | 5853 | |
5854 | | $theme->name = wp_kses( $theme->name, $themes_allowedtags ); |
| 5854 | $theme->name = wp_specialchars_decode( wp_kses( $theme->name, $themes_allowedtags ) ); |
5855 | 5855 | $theme->version = wp_kses( $theme->version, $themes_allowedtags ); |
5856 | 5856 | $theme->description = wp_kses( $theme->description, $themes_allowedtags ); |
5857 | 5857 | $theme->stars = wp_star_rating( |