Changeset 41414
- Timestamp:
- 09/19/2017 10:21:45 AM (7 years ago)
- Location:
- branches/4.6/src/wp-admin
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/4.6/src/wp-admin/includes/class-wp-plugins-list-table.php
r38149 r41414 601 601 if ( current_user_can( 'manage_network_plugins' ) ) { 602 602 /* translators: %s: plugin name */ 603 $actions['deactivate'] = '<a href="' . wp_nonce_url( 'plugins.php?action=deactivate&plugin=' . $plugin_file. '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'deactivate-plugin_' . $plugin_file ) . '" aria-label="' . esc_attr( sprintf( _x( 'Network Deactivate %s', 'plugin' ), $plugin_data['Name'] ) ) . '">' . __( 'Network Deactivate' ) . '</a>';603 $actions['deactivate'] = '<a href="' . wp_nonce_url( 'plugins.php?action=deactivate&plugin=' . urlencode( $plugin_file ) . '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'deactivate-plugin_' . $plugin_file ) . '" aria-label="' . esc_attr( sprintf( _x( 'Network Deactivate %s', 'plugin' ), $plugin_data['Name'] ) ) . '">' . __( 'Network Deactivate' ) . '</a>'; 604 604 } 605 605 } else { 606 606 if ( current_user_can( 'manage_network_plugins' ) ) { 607 607 /* translators: %s: plugin name */ 608 $actions['activate'] = '<a href="' . wp_nonce_url( 'plugins.php?action=activate&plugin=' . $plugin_file. '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'activate-plugin_' . $plugin_file ) . '" class="edit" aria-label="' . esc_attr( sprintf( _x( 'Network Activate %s', 'plugin' ), $plugin_data['Name'] ) ) . '">' . __( 'Network Activate' ) . '</a>';608 $actions['activate'] = '<a href="' . wp_nonce_url( 'plugins.php?action=activate&plugin=' . urlencode( $plugin_file ) . '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'activate-plugin_' . $plugin_file ) . '" class="edit" aria-label="' . esc_attr( sprintf( _x( 'Network Activate %s', 'plugin' ), $plugin_data['Name'] ) ) . '">' . __( 'Network Activate' ) . '</a>'; 609 609 } 610 610 if ( current_user_can( 'delete_plugins' ) && ! is_plugin_active( $plugin_file ) ) { 611 611 /* translators: %s: plugin name */ 612 $actions['delete'] = '<a href="' . wp_nonce_url( 'plugins.php?action=delete-selected&checked[]=' . $plugin_file. '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'bulk-plugins' ) . '" class="delete" aria-label="' . esc_attr( sprintf( _x( 'Delete %s', 'plugin' ), $plugin_data['Name'] ) ) . '">' . __( 'Delete' ) . '</a>';612 $actions['delete'] = '<a href="' . wp_nonce_url( 'plugins.php?action=delete-selected&checked[]=' . urlencode( $plugin_file ) . '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'bulk-plugins' ) . '" class="delete" aria-label="' . esc_attr( sprintf( _x( 'Delete %s', 'plugin' ), $plugin_data['Name'] ) ) . '">' . __( 'Delete' ) . '</a>'; 613 613 } 614 614 } … … 624 624 } elseif ( $is_active ) { 625 625 /* translators: %s: plugin name */ 626 $actions['deactivate'] = '<a href="' . wp_nonce_url( 'plugins.php?action=deactivate&plugin=' . $plugin_file. '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'deactivate-plugin_' . $plugin_file ) . '" aria-label="' . esc_attr( sprintf( _x( 'Deactivate %s', 'plugin' ), $plugin_data['Name'] ) ) . '">' . __( 'Deactivate' ) . '</a>';626 $actions['deactivate'] = '<a href="' . wp_nonce_url( 'plugins.php?action=deactivate&plugin=' . urlencode( $plugin_file ) . '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'deactivate-plugin_' . $plugin_file ) . '" aria-label="' . esc_attr( sprintf( _x( 'Deactivate %s', 'plugin' ), $plugin_data['Name'] ) ) . '">' . __( 'Deactivate' ) . '</a>'; 627 627 } else { 628 628 /* translators: %s: plugin name */ 629 $actions['activate'] = '<a href="' . wp_nonce_url( 'plugins.php?action=activate&plugin=' . $plugin_file. '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'activate-plugin_' . $plugin_file ) . '" class="edit" aria-label="' . esc_attr( sprintf( _x( 'Activate %s', 'plugin' ), $plugin_data['Name'] ) ) . '">' . __( 'Activate' ) . '</a>';629 $actions['activate'] = '<a href="' . wp_nonce_url( 'plugins.php?action=activate&plugin=' . urlencode( $plugin_file ) . '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'activate-plugin_' . $plugin_file ) . '" class="edit" aria-label="' . esc_attr( sprintf( _x( 'Activate %s', 'plugin' ), $plugin_data['Name'] ) ) . '">' . __( 'Activate' ) . '</a>'; 630 630 631 631 if ( ! is_multisite() && current_user_can( 'delete_plugins' ) ) { 632 632 /* translators: %s: plugin name */ 633 $actions['delete'] = '<a href="' . wp_nonce_url( 'plugins.php?action=delete-selected&checked[]=' . $plugin_file. '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'bulk-plugins' ) . '" class="delete" aria-label="' . esc_attr( sprintf( _x( 'Delete %s', 'plugin' ), $plugin_data['Name'] ) ) . '">' . __( 'Delete' ) . '</a>';633 $actions['delete'] = '<a href="' . wp_nonce_url( 'plugins.php?action=delete-selected&checked[]=' . urlencode( $plugin_file ) . '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'bulk-plugins' ) . '" class="delete" aria-label="' . esc_attr( sprintf( _x( 'Delete %s', 'plugin' ), $plugin_data['Name'] ) ) . '">' . __( 'Delete' ) . '</a>'; 634 634 } 635 635 } // end if $is_active … … 639 639 if ( ( ! is_multisite() || $screen->in_admin( 'network' ) ) && current_user_can( 'edit_plugins' ) && is_writable( WP_PLUGIN_DIR . '/' . $plugin_file ) ) { 640 640 /* translators: %s: plugin name */ 641 $actions['edit'] = '<a href="plugin-editor.php?file=' . $plugin_file. '" class="edit" aria-label="' . esc_attr( sprintf( __( 'Edit %s' ), $plugin_data['Name'] ) ) . '">' . __( 'Edit' ) . '</a>';641 $actions['edit'] = '<a href="plugin-editor.php?file=' . urlencode( $plugin_file ) . '" class="edit" aria-label="' . esc_attr( sprintf( __( 'Edit %s' ), $plugin_data['Name'] ) ) . '">' . __( 'Edit' ) . '</a>'; 642 642 } 643 643 } // end if $context -
branches/4.6/src/wp-admin/includes/template.php
r38226 r41414 770 770 foreach ( array_keys( $templates ) as $template ) { 771 771 $selected = selected( $default, $templates[ $template ], false ); 772 echo "\n\t<option value='" . $templates[ $template ] . "' $selected>$template</option>";772 echo "\n\t<option value='" . esc_attr( $templates[ $template ] ) . "' $selected>" . esc_html( $template ) . "</option>"; 773 773 } 774 774 } -
branches/4.6/src/wp-admin/plugin-editor.php
r37914 r41414 97 97 98 98 if ( ( ! empty( $_GET['networkwide'] ) && ! is_plugin_active_for_network($file) ) || ! is_plugin_active($file) ) 99 activate_plugin($file, "plugin-editor.php?file= $file&phperror=1", ! empty( $_GET['networkwide'] ) ); // we'll override this later if the plugin can be included without fatal error100 101 wp_redirect( self_admin_url("plugin-editor.php?file= $file&a=te&scrollto=$scrollto") );99 activate_plugin($file, "plugin-editor.php?file=" . urlencode( $file ) . "&phperror=1", ! empty( $_GET['networkwide'] ) ); // we'll override this later if the plugin can be included without fatal error 100 101 wp_redirect( self_admin_url("plugin-editor.php?file=" . urlencode( $file ) . "&a=te&scrollto=$scrollto") ); 102 102 exit; 103 103 } … … 192 192 if ( is_writeable( $real_file ) ) { 193 193 /* translators: %s: plugin file name */ 194 echo sprintf( __( 'Editing %s (active)' ), '<strong>' . $file. '</strong>' );194 echo sprintf( __( 'Editing %s (active)' ), '<strong>' . esc_html( $file ) . '</strong>' ); 195 195 } else { 196 196 /* translators: %s: plugin file name */ 197 echo sprintf( __( 'Browsing %s (active)' ), '<strong>' . $file. '</strong>' );197 echo sprintf( __( 'Browsing %s (active)' ), '<strong>' . esc_html( $file ) . '</strong>' ); 198 198 } 199 199 } else { 200 200 if ( is_writeable( $real_file ) ) { 201 201 /* translators: %s: plugin file name */ 202 echo sprintf( __( 'Editing %s (inactive)' ), '<strong>' . $file. '</strong>' );202 echo sprintf( __( 'Editing %s (inactive)' ), '<strong>' . esc_html( $file ) . '</strong>' ); 203 203 } else { 204 204 /* translators: %s: plugin file name */ 205 echo sprintf( __( 'Browsing %s (inactive)' ), '<strong>' . $file. '</strong>' );205 echo sprintf( __( 'Browsing %s (inactive)' ), '<strong>' . esc_html( $file ) . '</strong>' ); 206 206 } 207 207 } … … 248 248 } 249 249 ?> 250 <li<?php echo $file == $plugin_file ? ' class="highlight"' : ''; ?>><a href="plugin-editor.php?file=<?php echo urlencode( $plugin_file ) ?>&plugin=<?php echo urlencode( $plugin ) ?>"><?php echo $plugin_file?></a></li>250 <li<?php echo $file == $plugin_file ? ' class="highlight"' : ''; ?>><a href="plugin-editor.php?file=<?php echo urlencode( $plugin_file ) ?>&plugin=<?php echo urlencode( $plugin ) ?>"><?php echo esc_html( $plugin_file ); ?></a></li> 251 251 <?php endforeach; ?> 252 252 </ul> -
branches/4.6/src/wp-admin/plugins.php
r40171 r41414 18 18 $action = $wp_list_table->current_action(); 19 19 20 $plugin = isset($_REQUEST['plugin']) ? $_REQUEST['plugin']: '';20 $plugin = isset($_REQUEST['plugin']) ? wp_unslash( $_REQUEST['plugin'] ) : ''; 21 21 $s = isset($_REQUEST['s']) ? urlencode( wp_unslash( $_REQUEST['s'] ) ) : ''; 22 22 … … 40 40 check_admin_referer('activate-plugin_' . $plugin); 41 41 42 $result = activate_plugin($plugin, self_admin_url('plugins.php?error=true&plugin=' . $plugin), is_network_admin() );42 $result = activate_plugin($plugin, self_admin_url('plugins.php?error=true&plugin=' . urlencode( $plugin ) ), is_network_admin() ); 43 43 if ( is_wp_error( $result ) ) { 44 44 if ( 'unexpected_output' == $result->get_error_code() ) { 45 $redirect = self_admin_url('plugins.php?error=true&charsout=' . strlen($result->get_error_data()) . '&plugin=' . $plugin. "&plugin_status=$status&paged=$page&s=$s");45 $redirect = self_admin_url('plugins.php?error=true&charsout=' . strlen($result->get_error_data()) . '&plugin=' . urlencode( $plugin ) . "&plugin_status=$status&paged=$page&s=$s"); 46 46 wp_redirect(add_query_arg('_error_nonce', wp_create_nonce('plugin-activation-error_' . $plugin), $redirect)); 47 47 exit; … … 74 74 check_admin_referer('bulk-plugins'); 75 75 76 $plugins = isset( $_POST['checked'] ) ? (array) $_POST['checked']: array();76 $plugins = isset( $_POST['checked'] ) ? (array) wp_unslash( $_POST['checked'] ) : array(); 77 77 78 78 if ( is_network_admin() ) { … … 123 123 124 124 if ( isset( $_GET['plugins'] ) ) 125 $plugins = explode( ',', $_GET['plugins']);125 $plugins = explode( ',', wp_unslash( $_GET['plugins'] ) ); 126 126 elseif ( isset( $_POST['checked'] ) ) 127 $plugins = (array) $_POST['checked'];127 $plugins = (array) wp_unslash( $_POST['checked'] ); 128 128 else 129 129 $plugins = array(); … … 198 198 check_admin_referer('bulk-plugins'); 199 199 200 $plugins = isset( $_POST['checked'] ) ? (array) $_POST['checked']: array();200 $plugins = isset( $_POST['checked'] ) ? (array) wp_unslash( $_POST['checked'] ) : array(); 201 201 // Do not deactivate plugins which are already deactivated. 202 202 if ( is_network_admin() ) { … … 235 235 236 236 //$_POST = from the plugin form; $_GET = from the FTP details screen. 237 $plugins = isset( $_REQUEST['checked'] ) ? (array) $_REQUEST['checked']: array();237 $plugins = isset( $_REQUEST['checked'] ) ? (array) wp_unslash( $_REQUEST['checked'] ) : array(); 238 238 if ( empty( $plugins ) ) { 239 239 wp_redirect( self_admin_url("plugins.php?plugin_status=$status&paged=$page&s=$s") ); -
branches/4.6/src/wp-admin/theme-editor.php
r37914 r41414 100 100 $file = $allowed_files['style.css']; 101 101 } else { 102 $relative_file = $file;102 $relative_file = wp_unslash( $file ); 103 103 $file = $theme->get_stylesheet_directory() . '/' . $relative_file; 104 104 } … … 157 157 <?php endif; 158 158 159 $ description = get_file_description( $relative_file );159 $file_description = get_file_description( $relative_file ); 160 160 $file_show = array_search( $file, array_filter( $allowed_files ) ); 161 if ( $description != $file_show ) 162 $description .= ' <span>(' . $file_show . ')</span>'; 161 $description = esc_html( $file_description ); 162 if ( $file_description != $file_show ) { 163 $description .= ' <span>(' . esc_html( $file_show ) . ')</span>'; 164 } 163 165 ?> 164 166 <div class="wrap"> … … 231 233 } 232 234 233 $file_description = get_file_description( $filename);235 $file_description = esc_html( get_file_description( $filename ) ); 234 236 if ( $filename !== basename( $absolute_filename ) || $file_description !== $filename ) { 235 $file_description .= '<br /><span class="nonessential">(' . $filename. ')</span>';237 $file_description .= '<br /><span class="nonessential">(' . esc_html( $filename ) . ')</span>'; 236 238 } 237 239
Note: See TracChangeset
for help on using the changeset viewer.