WordPress.org

Make WordPress Core

Ticket #5422: 5422.patch

File 5422.patch, 1.9 KB (added by Viper007Bond, 6 years ago)
  • wp-admin/includes/update.php

     
    1414        break; 
    1515 
    1616        case 'upgrade' : 
    17                 return sprintf( '| <strong>'.__( 'Your WordPress %s is out of date. <a href="%s">Please update</a>.' ).'</strong>', $GLOBALS['wp_version'], $cur->url ); 
     17                return sprintf( '| <strong>'.__( 'Your WordPress %s is out of date. <a href="%s">Please update</a>.' ).'</strong>', $GLOBALS['wp_version'], htmlspecialchars( $cur->url, ENT_QUOTES ) ); 
    1818        break; 
    1919 
    2020        case 'latest' : 
     
    3232                return false; 
    3333 
    3434        if ( current_user_can('manage_options') ) 
    35                 $msg = sprintf( __('A new version of WordPress is available! <a href="%s">Please update now</a>.'), $cur->url ); 
     35                $msg = sprintf( __('A new version of WordPress is available! <a href="%s">Please update now</a>.'), htmlspecialchars( $cur->url, ENT_QUOTES ) ); 
    3636        else 
    3737                $msg = __('A new version of WordPress is available! Please notify the site administrator.'); 
    3838 
     
    113113 
    114114        $r = $current->response[ $file ]; 
    115115 
     116        $plugins_allowedtags = array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()); 
     117 
    116118        echo "<tr><td colspan='5' class='plugin-update'>"; 
    117         printf( __('There is a new version of %s available. <a href="%s">Download version %s here</a>.'), $plugin_data['Name'], $r->url, $r->new_version ); 
     119 
     120        printf( 
     121                __('There is a new version of %s available. <a href="%s">Download version %s here</a>.'), 
     122                wp_kses( $plugin_data['Name'], $plugins_allowedtags ), 
     123                htmlspecialchars( $r->url, ENT_QUOTES ), 
     124                htmlspecialchars( wp_kses( $r->new_version, $plugins_allowedtags ) ) 
     125        ); 
     126 
    118127        echo "</td></tr>"; 
    119128} 
    120129add_action( 'after_plugin_row', 'wp_plugin_update_row' );