Changeset 41412 for branches/4.8/src/wp-admin/plugin-editor.php
- Timestamp:
- 09/19/2017 10:15:56 AM (7 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/4.8/src/wp-admin/plugin-editor.php
r38745 r41412 38 38 $plugin = ''; 39 39 if ( isset( $_REQUEST['file'] ) ) { 40 $file = sanitize_text_field( $_REQUEST['file'] );40 $file = wp_unslash( $_REQUEST['file'] ); 41 41 } 42 42 43 43 if ( isset( $_REQUEST['plugin'] ) ) { 44 $plugin = sanitize_text_field( $_REQUEST['plugin'] );44 $plugin = wp_unslash( $_REQUEST['plugin'] ); 45 45 } 46 46 … … 108 108 109 109 if ( ( ! empty( $_GET['networkwide'] ) && ! is_plugin_active_for_network( $file ) ) || ! is_plugin_active( $file ) ) { 110 activate_plugin( $plugin, "plugin-editor.php?file= $file&phperror=1", ! empty( $_GET['networkwide'] ) );110 activate_plugin( $plugin, "plugin-editor.php?file=" . urlencode( $file ) . "&phperror=1", ! empty( $_GET['networkwide'] ) ); 111 111 } // we'll override this later if the plugin can be included without fatal error 112 112 113 wp_redirect( self_admin_url( "plugin-editor.php?file=$file&plugin=$plugin&a=te&scrollto=$scrollto") );113 wp_redirect( self_admin_url( 'plugin-editor.php?file=' . urlencode( $file ) . '&plugin=' . urlencode( $plugin ) . "&a=te&scrollto=$scrollto" ) ); 114 114 exit; 115 115 } … … 204 204 if ( is_writeable( $real_file ) ) { 205 205 /* translators: %s: plugin file name */ 206 echo sprintf( __( 'Editing %s (active)' ), '<strong>' . $file. '</strong>' );206 echo sprintf( __( 'Editing %s (active)' ), '<strong>' . esc_html( $file ) . '</strong>' ); 207 207 } else { 208 208 /* translators: %s: plugin file name */ 209 echo sprintf( __( 'Browsing %s (active)' ), '<strong>' . $file. '</strong>' );209 echo sprintf( __( 'Browsing %s (active)' ), '<strong>' . esc_html( $file ) . '</strong>' ); 210 210 } 211 211 } else { 212 212 if ( is_writeable( $real_file ) ) { 213 213 /* translators: %s: plugin file name */ 214 echo sprintf( __( 'Editing %s (inactive)' ), '<strong>' . $file. '</strong>' );214 echo sprintf( __( 'Editing %s (inactive)' ), '<strong>' . esc_html( $file ) . '</strong>' ); 215 215 } else { 216 216 /* translators: %s: plugin file name */ 217 echo sprintf( __( 'Browsing %s (inactive)' ), '<strong>' . $file. '</strong>' );217 echo sprintf( __( 'Browsing %s (inactive)' ), '<strong>' . esc_html( $file ) . '</strong>' ); 218 218 } 219 219 } … … 260 260 } 261 261 ?> 262 <li<?php echo $file == $plugin_file ? ' class="highlight"' : ''; ?>><a href="plugin-editor.php?file=<?php echo urlencode( $plugin_file ) ?>&plugin=<?php echo urlencode( $plugin ) ?>"><?php echo $plugin_file?></a></li>262 <li<?php echo $file == $plugin_file ? ' class="highlight"' : ''; ?>><a href="plugin-editor.php?file=<?php echo urlencode( $plugin_file ) ?>&plugin=<?php echo urlencode( $plugin ) ?>"><?php echo esc_html( $plugin_file ); ?></a></li> 263 263 <?php endforeach; ?> 264 264 </ul>
Note: See TracChangeset
for help on using the changeset viewer.