Make WordPress Core

Changeset 38241


Ignore:
Timestamp:
08/10/2016 07:05:02 PM (8 years ago)
Author:
azaozz
Message:

Update/Install error messages: do not escape from the template, escape the error message string before inserting it.

Props swissspidy, ocean90.
Fixes #37623 for 4.6.

Location:
branches/4.6/src/wp-admin
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.6/src/wp-admin/includes/update.php

    r38206 r38241  
    632632    ?>
    633633    <script id="tmpl-wp-updates-admin-notice" type="text/html">
    634         <div <# if ( data.id ) { #>id="{{ data.id }}"<# } #> class="notice {{ data.className }}"><p>{{ data.message }}</p></div>
     634        <div <# if ( data.id ) { #>id="{{ data.id }}"<# } #> class="notice {{ data.className }}"><p>{{{ data.message }}}</p></div>
    635635    </script>
    636636    <script id="tmpl-wp-bulk-updates-admin-notice" type="text/html">
  • branches/4.6/src/wp-admin/js/updates.js

    r38228 r38241  
    16091609            id:        'unknown_error',
    16101610            className: 'notice-error is-dismissible',
    1611             message:   errorMessage
     1611            message:   _.escape( errorMessage )
    16121612        } );
    16131613
Note: See TracChangeset for help on using the changeset viewer.