Make WordPress Core


Ignore:
Timestamp:
10/08/2015 11:13:00 PM (9 years ago)
Author:
johnbillion
Message:

Remove HTML escaping for the plugin name and author fields that are displayed when deleting a plugin.

While it might seem counter-intuitive to remove HTML escaping, these fields are already safe (they originate in _get_plugin_data_markup_translate() which handles sanitization and escaping), and the AuthorName field actually allows some HTML. This change prevents escaped HTML from appearing here.

Fixes #25422

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/plugins.php

    r34912 r34973  
    322322                            if ( $plugin['is_uninstallable'] ) {
    323323                                /* translators: 1: plugin name, 2: plugin author */
    324                                 echo '<li>', sprintf( __( '<strong>%1$s</strong> by <em>%2$s</em> (will also <strong>delete its data</strong>)' ), esc_html($plugin['Name']), esc_html($plugin['AuthorName']) ), '</li>';
     324                                echo '<li>', sprintf( __( '<strong>%1$s</strong> by <em>%2$s</em> (will also <strong>delete its data</strong>)' ), $plugin['Name'], $plugin['AuthorName'] ), '</li>';
    325325                                $data_to_delete = true;
    326326                            } else {
    327327                                /* translators: 1: plugin name, 2: plugin author */
    328                                 echo '<li>', sprintf( __('<strong>%1$s</strong> by <em>%2$s</em>' ), esc_html($plugin['Name']), esc_html($plugin['AuthorName']) ), '</li>';
     328                                echo '<li>', sprintf( __('<strong>%1$s</strong> by <em>%2$s</em>' ), $plugin['Name'], $plugin['AuthorName'] ), '</li>';
    329329                            }
    330330                        }
Note: See TracChangeset for help on using the changeset viewer.