WordPress.org

Make WordPress Core

Ticket #5422: 5422.patch

File 5422.patch, 1.9 KB (added by Viper007Bond, 10 years ago)
  • wp-admin/includes/update.php

     
    1414        break;
    1515
    1616        case 'upgrade' :
    17                 return sprintf( '| <strong>'.__( 'Your WordPress %s is out of date. <a href="%s">Please update</a>.' ).'</strong>', $GLOBALS['wp_version'], $cur->url );
     17                return sprintf( '| <strong>'.__( 'Your WordPress %s is out of date. <a href="%s">Please update</a>.' ).'</strong>', $GLOBALS['wp_version'], htmlspecialchars( $cur->url, ENT_QUOTES ) );
    1818        break;
    1919
    2020        case 'latest' :
     
    3232                return false;
    3333
    3434        if ( current_user_can('manage_options') )
    35                 $msg = sprintf( __('A new version of WordPress is available! <a href="%s">Please update now</a>.'), $cur->url );
     35                $msg = sprintf( __('A new version of WordPress is available! <a href="%s">Please update now</a>.'), htmlspecialchars( $cur->url, ENT_QUOTES ) );
    3636        else
    3737                $msg = __('A new version of WordPress is available! Please notify the site administrator.');
    3838
     
    113113
    114114        $r = $current->response[ $file ];
    115115
     116        $plugins_allowedtags = array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array());
     117
    116118        echo "<tr><td colspan='5' class='plugin-update'>";
    117         printf( __('There is a new version of %s available. <a href="%s">Download version %s here</a>.'), $plugin_data['Name'], $r->url, $r->new_version );
     119
     120        printf(
     121                __('There is a new version of %s available. <a href="%s">Download version %s here</a>.'),
     122                wp_kses( $plugin_data['Name'], $plugins_allowedtags ),
     123                htmlspecialchars( $r->url, ENT_QUOTES ),
     124                htmlspecialchars( wp_kses( $r->new_version, $plugins_allowedtags ) )
     125        );
     126
    118127        echo "</td></tr>";
    119128}
    120129add_action( 'after_plugin_row', 'wp_plugin_update_row' );