WordPress.org

Make WordPress Core

Ticket #5422: 5422.3.patch

File 5422.3.patch, 2.4 KB (added by hakre, 5 years ago)

wp_nonce_url did not need the attr()

  • wp-admin/includes/update.php

     
    151151                return false; 
    152152 
    153153        $r = $current->response[ $file ]; 
    154  
     154         
     155        $plugins_allowedtags = array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()); 
     156        $plugin_name = wp_kses( $plugin_data['Name'], $plugins_allowedtags ); 
     157         
    155158        $details_url = admin_url('plugin-install.php?tab=plugin-information&plugin=' . $r->slug . '&TB_iframe=true&width=600&height=800'); 
    156159 
    157160        echo '<tr><td colspan="5" class="plugin-update">'; 
    158161        if ( ! current_user_can('update_plugins') ) 
    159                 printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%1$s">View version %3$s Details</a>.'), $plugin_data['Name'], $details_url, $r->new_version); 
     162                printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%4$s">View version %3$s Details</a>.'), $plugin_name, attr($details_url), $r->new_version, attr($plugin_name)); 
    160163        else if ( empty($r->package) ) 
    161                 printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%1$s">View version %3$s Details</a> <em>automatic upgrade unavailable for this plugin</em>.'), $plugin_data['Name'], $details_url, $r->new_version); 
     164                printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%4$s">View version %3$s Details</a> <em>automatic upgrade unavailable for this plugin</em>.'), $plugin_name, attr($details_url), $r->new_version, attr($plugin_name)); 
    162165        else 
    163                 printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%1$s">View version %3$s Details</a> or <a href="%4$s">upgrade automatically</a>.'), $plugin_data['Name'], $details_url, $r->new_version, wp_nonce_url('update.php?action=upgrade-plugin&amp;plugin=' . $file, 'upgrade-plugin_' . $file) ); 
     166                printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%4$s">View version %3$s Details</a> or <a href="%5$s">upgrade automatically</a>.'), $plugin_name, attr($details_url), $r->new_version, attr($plugin_name), wp_nonce_url('update.php?action=upgrade-plugin&amp;plugin=' . $file, 'upgrade-plugin_' . $file) ); 
    164167 
    165168        echo '</td></tr>'; 
    166169}