Changeset 26316

Timestamp:

11/22/2013 02:33:19 AM (12 years ago)

Author:

dd32

Message:

Themes: Move the escaping of content from JS back to PHP. This allows us to take advantage of the display() WP_Theme method to translate the text properly, and to strip out any HTML tags we don't wish to display. Fixes #26100. See #25948

Location:

trunk/src/wp-admin

Files:

• includes/theme.php (modified) (1 diff)
• themes.php (modified) (3 diffs)

trunk/src/wp-admin/includes/theme.php

@@ -406 +406 @@
             'screenshot'   => array( $theme->get_screenshot() ), // @todo multiple
             'description'  => $theme->display( 'Description' ),
-            'author'       => $theme->get( 'Author' ),
-            'authorURI'    => $theme->get( 'AuthorURI' ),
-            'version'      => $theme->get( 'Version' ),
-            'tags'         => $theme->get( 'Tags' ),
+            'author'       => $theme->display( 'Author' ),
+            'version'      => $theme->display( 'Version' ),
+            'tags'         => $theme->display( 'Tags' ),
             'parent'       => $parent,
             'active'       => $slug === $current_theme,

trunk/src/wp-admin/themes.php

@@ -216 +216 @@
         <img src="{{ data.screenshot[0] }}" alt="" />
     </div>
-    <div class="theme-author"><?php printf( __( 'By %s' ), '{{ data.author }}' ); ?></div>
+    <div class="theme-author"><?php printf( __( 'By %s' ), '{{{ data.author }}}' ); ?></div>
     <h3 class="theme-name">{{ data.name }}</h3>
     <div class="theme-actions">
@@ -267 +267 @@
                 <span class="current-label"><?php _e( 'Current Theme' ); ?></span>
             <# } #>
-            <h3 class="theme-name">{{ data.name }}<span class="theme-version"><?php _e('Version: '); ?> {{ data.version }}</span></h3>
-            <# if ( data.authorURI ) { #>
-                <h4 class="theme-author"><?php printf( __( 'By %s' ), '<a href="{{ data.authorURI }}">{{ data.author }}</a>' ); ?></h4>
-            <# } else { #>
-                <h4 class="theme-author"><?php printf( __( 'By %s' ), '{{ data.author }}' ); ?></h4>
-            <# } #>
+            <h3 class="theme-name">{{{ data.name }}}<span class="theme-version"><?php printf( __( 'Version: %s' ), '{{{ data.version }}}' ); ?></span></h3>
+            <h4 class="theme-author"><?php printf( __( 'By %s' ), '{{{ data.author }}}' ); ?></h4>
 
             <# if ( data.hasUpdate ) { #>
@@ -283 +279 @@
 
             <# if ( data.parent ) { #>
-                <p class="parent-theme"><?php printf( __( 'This is a child theme of <strong>%s</strong>.' ), '{{ data.parent }}' ); ?></p>
+                <p class="parent-theme"><?php printf( __( 'This is a child theme of <strong>%s</strong>.' ), '{{{ data.parent }}}' ); ?></p>
             <# } #>
 
-            <# if ( data.tags.length !== 0 ) { #>
+            <# if ( data.tags ) { #>
                 <p class="theme-tags">
                     <span><?php _e( 'Tags:' ); ?></span>
-                    {{{ data.tags.join( ', ' ).replace( /-/g, ' ' ) }}}
+                    {{{ data.tags.replace( /-/g, ' ' ) }}}
                 </p>
             <# } #>