Make WordPress Core


Ignore:
Timestamp:
05/17/2009 08:26:36 PM (16 years ago)
Author:
azaozz
Message:

Sanitize plugin update information, props hakre, fixes #5422

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/update.php

    r11298 r11376  
    160160    echo '<tr><td colspan="5" class="plugin-update">';
    161161    if ( ! current_user_can('update_plugins') )
    162         printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a>.'), $plugin_name, $details_url, esc_attr($plugin_name), $r->new_version);
     162        printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a>.'), $plugin_name, clean_url($details_url), esc_attr($plugin_name), $r->new_version );
    163163    else if ( empty($r->package) )
    164         printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a> <em>automatic upgrade unavailable for this plugin</em>.'), $plugin_name, $details_url, esc_attr($plugin_name), $r->new_version);
     164        printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a> <em>automatic upgrade unavailable for this plugin</em>.'), $plugin_name, clean_url($details_url), esc_attr($plugin_name), $r->new_version );
    165165    else
    166         printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a> or <a href="%5$s">upgrade automatically</a>.'), $plugin_name, $details_url, esc_attr($plugin_name), $r->new_version, wp_nonce_url('update.php?action=upgrade-plugin&amp;plugin=' . $file, 'upgrade-plugin_' . $file) );
     166        printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a> or <a href="%5$s">upgrade automatically</a>.'), $plugin_name, clean_url($details_url), esc_attr($plugin_name), $r->new_version, wp_nonce_url('update.php?action=upgrade-plugin&plugin=' . $file, 'upgrade-plugin_' . $file) );
    167167   
    168168    do_action( "in_plugin_update_message-$file", $plugin_data, $r );
Note: See TracChangeset for help on using the changeset viewer.