Changeset 36560 for trunk/src/wp-admin/plugins.php

Timestamp:

02/17/2016 08:14:37 PM (9 years ago)

Author:

ocean90

Message:

Plugins: Remove slashes from search terms and use urldecode() in non-URL contexts.

Fixes #35712.

File:

• trunk/src/wp-admin/plugins.php (modified) (2 diffs)

trunk/src/wp-admin/plugins.php

@@ -19 +19 @@
 
 $plugin = isset($_REQUEST['plugin']) ? $_REQUEST['plugin'] : '';
-$s = isset($_REQUEST['s']) ? urlencode($_REQUEST['s']) : '';
+$s = isset($_REQUEST['s']) ? urlencode( wp_unslash( $_REQUEST['s'] ) ) : '';
 
 // Clean up request URI from temporary args for screen options/paging uri's to work as expected.
@@ -487 +487 @@
 if ( strlen( $s ) ) {
     /* translators: %s: search keywords */
-    printf( '<span class="subtitle">' . __( 'Search results for &#8220;%s&#8221;' ) . '</span>', esc_html( $s ) );
+    printf( '<span class="subtitle">' . __( 'Search results for &#8220;%s&#8221;' ) . '</span>', esc_html( urldecode( $s ) ) );
 }
 ?>