Changeset 36560 for trunk/src/wp-admin/includes/class-wp-plugins-list-table.php

Timestamp:

02/17/2016 08:14:37 PM (9 years ago)

Author:

ocean90

Message:

Plugins: Remove slashes from search terms and use urldecode() in non-URL contexts.

Fixes #35712.

File:

• trunk/src/wp-admin/includes/class-wp-plugins-list-table.php (modified) (3 diffs)

trunk/src/wp-admin/includes/class-wp-plugins-list-table.php

@@ -269 +269 @@
 
     /**
-     * @global string $s
+     * @global string $s URL encoded search term.
      *
      * @param array $plugin
@@ -278 +278 @@
 
         foreach ( $plugin as $value ) {
-            if ( is_string( $value ) && false !== stripos( strip_tags( $value ), $s ) ) {
+            if ( is_string( $value ) && false !== stripos( strip_tags( $value ), urldecode( $s ) ) ) {
                 return true;
             }
@@ -317 +317 @@
 
         if ( ! empty( $_REQUEST['s'] ) ) {
-            $s = esc_html( $_REQUEST['s'] );
+            $s = esc_html( wp_unslash( $_REQUEST['s'] ) );
 
             printf( __( 'No plugins found for “%s”.' ), $s );