Changeset 41449
- Timestamp:
- 09/19/2017 01:43:28 PM (6 years ago)
- Location:
- branches/3.9
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/3.9
- Property svn:mergeinfo changed
/branches/4.0 (added) merged: 41447 /branches/4.1 (added) merged: 41446 /branches/4.2 merged: 41445 /branches/4.3 merged: 41444 /branches/4.4 (added) merged: 41434 /branches/4.5 (added) merged: 41415-41416 /branches/4.6 merged: 41414 /trunk reverse-merged: 18512
- Property svn:mergeinfo changed
-
branches/3.9/src/wp-admin/includes/class-wp-plugins-list-table.php
r27507 r41449 377 377 if ( $is_active ) { 378 378 if ( current_user_can( 'manage_network_plugins' ) ) 379 $actions['deactivate'] = '<a href="' . wp_nonce_url('plugins.php?action=deactivate&plugin=' . $plugin_file. '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'deactivate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Deactivate this plugin') . '">' . __('Network Deactivate') . '</a>';379 $actions['deactivate'] = '<a href="' . wp_nonce_url('plugins.php?action=deactivate&plugin=' . urlencode( $plugin_file ) . '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'deactivate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Deactivate this plugin') . '">' . __('Network Deactivate') . '</a>'; 380 380 } else { 381 381 if ( current_user_can( 'manage_network_plugins' ) ) 382 $actions['activate'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&plugin=' . $plugin_file. '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin for all sites in this network') . '" class="edit">' . __('Network Activate') . '</a>';382 $actions['activate'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&plugin=' . urlencode( $plugin_file ) . '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin for all sites in this network') . '" class="edit">' . __('Network Activate') . '</a>'; 383 383 if ( current_user_can( 'delete_plugins' ) && ! is_plugin_active( $plugin_file ) ) 384 $actions['delete'] = '<a href="' . wp_nonce_url('plugins.php?action=delete-selected&checked[]=' . $plugin_file. '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'bulk-plugins') . '" title="' . esc_attr__('Delete this plugin') . '" class="delete">' . __('Delete') . '</a>';384 $actions['delete'] = '<a href="' . wp_nonce_url('plugins.php?action=delete-selected&checked[]=' . urlencode( $plugin_file ) . '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'bulk-plugins') . '" title="' . esc_attr__('Delete this plugin') . '" class="delete">' . __('Delete') . '</a>'; 385 385 } 386 386 } else { 387 387 if ( $is_active ) { 388 $actions['deactivate'] = '<a href="' . wp_nonce_url('plugins.php?action=deactivate&plugin=' . $plugin_file. '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'deactivate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Deactivate this plugin') . '">' . __('Deactivate') . '</a>';388 $actions['deactivate'] = '<a href="' . wp_nonce_url('plugins.php?action=deactivate&plugin=' . urlencode( $plugin_file ) . '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'deactivate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Deactivate this plugin') . '">' . __('Deactivate') . '</a>'; 389 389 } else { 390 $actions['activate'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&plugin=' . $plugin_file. '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin') . '" class="edit">' . __('Activate') . '</a>';390 $actions['activate'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&plugin=' . urlencode( $plugin_file ) . '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin') . '" class="edit">' . __('Activate') . '</a>'; 391 391 392 392 if ( ! is_multisite() && current_user_can('delete_plugins') ) 393 $actions['delete'] = '<a href="' . wp_nonce_url('plugins.php?action=delete-selected&checked[]=' . $plugin_file. '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'bulk-plugins') . '" title="' . esc_attr__('Delete this plugin') . '" class="delete">' . __('Delete') . '</a>';393 $actions['delete'] = '<a href="' . wp_nonce_url('plugins.php?action=delete-selected&checked[]=' . urlencode( $plugin_file ) . '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'bulk-plugins') . '" title="' . esc_attr__('Delete this plugin') . '" class="delete">' . __('Delete') . '</a>'; 394 394 } // end if $is_active 395 395 } // end if $screen->in_admin( 'network' ) 396 396 397 397 if ( ( ! is_multisite() || $screen->in_admin( 'network' ) ) && current_user_can('edit_plugins') && is_writable(WP_PLUGIN_DIR . '/' . $plugin_file) ) 398 $actions['edit'] = '<a href="plugin-editor.php?file=' . $plugin_file. '" title="' . esc_attr__('Open this file in the Plugin Editor') . '" class="edit">' . __('Edit') . '</a>';398 $actions['edit'] = '<a href="plugin-editor.php?file=' . urlencode( $plugin_file ) . '" title="' . esc_attr__('Open this file in the Plugin Editor') . '" class="edit">' . __('Edit') . '</a>'; 399 399 } // end if $context 400 400 -
branches/3.9/src/wp-admin/includes/template.php
r32204 r41449 750 750 foreach ( array_keys( $templates ) as $template ) { 751 751 $selected = selected( $default, $templates[ $template ], false ); 752 echo "\n\t<option value='" . $templates[ $template ] . "' $selected>$template</option>";752 echo "\n\t<option value='" . esc_attr( $templates[ $template ] ) . "' $selected>" . esc_html( $template ) . "</option>"; 753 753 } 754 754 } -
branches/3.9/src/wp-admin/plugin-editor.php
r27506 r41449 96 96 97 97 if ( ( ! empty( $_GET['networkwide'] ) && ! is_plugin_active_for_network($file) ) || ! is_plugin_active($file) ) 98 activate_plugin($file, "plugin-editor.php?file= $file&phperror=1", ! empty( $_GET['networkwide'] ) ); // we'll override this later if the plugin can be included without fatal error99 100 wp_redirect( self_admin_url("plugin-editor.php?file= $file&a=te&scrollto=$scrollto") );98 activate_plugin($file, "plugin-editor.php?file=" . urlencode( $file ) . "&phperror=1", ! empty( $_GET['networkwide'] ) ); // we'll override this later if the plugin can be included without fatal error 99 100 wp_redirect( self_admin_url("plugin-editor.php?file=" . urlencode( $file ) . "&a=te&scrollto=$scrollto") ); 101 101 exit; 102 102 } … … 184 184 if ( is_plugin_active($plugin) ) { 185 185 if ( is_writeable($real_file) ) 186 echo sprintf(__('Editing <strong>%s</strong> (active)'), $file);186 echo sprintf(__('Editing <strong>%s</strong> (active)'), esc_html( $file ) ); 187 187 else 188 echo sprintf(__('Browsing <strong>%s</strong> (active)'), $file);188 echo sprintf(__('Browsing <strong>%s</strong> (active)'), esc_html( $file ) ); 189 189 } else { 190 190 if ( is_writeable($real_file) ) 191 echo sprintf(__('Editing <strong>%s</strong> (inactive)'), $file);191 echo sprintf(__('Editing <strong>%s</strong> (inactive)'), esc_html( $file ) ); 192 192 else 193 echo sprintf(__('Browsing <strong>%s</strong> (inactive)'), $file);193 echo sprintf(__('Browsing <strong>%s</strong> (inactive)'), esc_html( $file ) ); 194 194 } 195 195 ?></big> … … 235 235 } 236 236 ?> 237 <li<?php echo $file == $plugin_file ? ' class="highlight"' : ''; ?>><a href="plugin-editor.php?file=<?php echo urlencode( $plugin_file ) ?>&plugin=<?php echo urlencode( $plugin ) ?>"><?php echo $plugin_file?></a></li>237 <li<?php echo $file == $plugin_file ? ' class="highlight"' : ''; ?>><a href="plugin-editor.php?file=<?php echo urlencode( $plugin_file ) ?>&plugin=<?php echo urlencode( $plugin ) ?>"><?php echo esc_html( $plugin_file ); ?></a></li> 238 238 <?php endforeach; ?> 239 239 </ul> -
branches/3.9/src/wp-admin/plugins.php
r40178 r41449 18 18 $action = $wp_list_table->current_action(); 19 19 20 $plugin = isset($_REQUEST['plugin']) ? $_REQUEST['plugin']: '';20 $plugin = isset($_REQUEST['plugin']) ? wp_unslash( $_REQUEST['plugin'] ) : ''; 21 21 $s = isset($_REQUEST['s']) ? urlencode($_REQUEST['s']) : ''; 22 22 … … 38 38 check_admin_referer('activate-plugin_' . $plugin); 39 39 40 $result = activate_plugin($plugin, self_admin_url('plugins.php?error=true&plugin=' . $plugin), is_network_admin() );40 $result = activate_plugin($plugin, self_admin_url('plugins.php?error=true&plugin=' . urlencode( $plugin ) ), is_network_admin() ); 41 41 if ( is_wp_error( $result ) ) { 42 42 if ( 'unexpected_output' == $result->get_error_code() ) { 43 $redirect = self_admin_url('plugins.php?error=true&charsout=' . strlen($result->get_error_data()) . '&plugin=' . $plugin. "&plugin_status=$status&paged=$page&s=$s");43 $redirect = self_admin_url('plugins.php?error=true&charsout=' . strlen($result->get_error_data()) . '&plugin=' . urlencode( $plugin ) . "&plugin_status=$status&paged=$page&s=$s"); 44 44 wp_redirect(add_query_arg('_error_nonce', wp_create_nonce('plugin-activation-error_' . $plugin), $redirect)); 45 45 exit; … … 68 68 check_admin_referer('bulk-plugins'); 69 69 70 $plugins = isset( $_POST['checked'] ) ? (array) $_POST['checked']: array();70 $plugins = isset( $_POST['checked'] ) ? (array) wp_unslash( $_POST['checked'] ) : array(); 71 71 72 72 if ( is_network_admin() ) { … … 108 108 109 109 if ( isset( $_GET['plugins'] ) ) 110 $plugins = explode( ',', $_GET['plugins']);110 $plugins = explode( ',', wp_unslash( $_GET['plugins'] ) ); 111 111 elseif ( isset( $_POST['checked'] ) ) 112 $plugins = (array) $_POST['checked'];112 $plugins = (array) wp_unslash( $_POST['checked'] ); 113 113 else 114 114 $plugins = array(); … … 182 182 check_admin_referer('bulk-plugins'); 183 183 184 $plugins = isset( $_POST['checked'] ) ? (array) $_POST['checked']: array();184 $plugins = isset( $_POST['checked'] ) ? (array) wp_unslash( $_POST['checked'] ) : array(); 185 185 // Do not deactivate plugins which are already deactivated. 186 186 if ( is_network_admin() ) { … … 214 214 215 215 //$_POST = from the plugin form; $_GET = from the FTP details screen. 216 $plugins = isset( $_REQUEST['checked'] ) ? (array) $_REQUEST['checked']: array();216 $plugins = isset( $_REQUEST['checked'] ) ? (array) wp_unslash( $_REQUEST['checked'] ) : array(); 217 217 if ( empty( $plugins ) ) { 218 218 wp_redirect( self_admin_url("plugins.php?plugin_status=$status&paged=$page&s=$s") ); -
branches/3.9/src/wp-admin/theme-editor.php
r27369 r41449 69 69 $file = $allowed_files['style.css']; 70 70 } else { 71 $relative_file = $file;71 $relative_file = wp_unslash( $file ); 72 72 $file = $theme->get_stylesheet_directory() . '/' . $relative_file; 73 73 } … … 128 128 <?php endif; 129 129 130 $ description = get_file_description( $file );130 $file_description = get_file_description( $relative_file ); 131 131 $file_show = array_search( $file, array_filter( $allowed_files ) ); 132 if ( $description != $file_show ) 133 $description .= ' <span>(' . $file_show . ')</span>'; 132 $description = esc_html( $file_description ); 133 if ( $file_description != $file_show ) { 134 $description .= ' <span>(' . esc_html( $file_show ) . ')</span>'; 135 } 134 136 ?> 135 137 <div class="wrap"> … … 180 182 echo "\t</ul>\n\t<h3>" . _x( 'Styles', 'Theme stylesheets in theme editor' ) . "</h3>\n\t<ul>\n"; 181 183 182 $file_description = get_file_description( $absolute_filename);184 $file_description = esc_html( get_file_description( $filename ) ); 183 185 if ( $file_description != basename( $filename ) ) 184 $file_description .= '<br /><span class="nonessential">(' . $filename. ')</span>';186 $file_description .= '<br /><span class="nonessential">(' . esc_html( $filename ) . ')</span>'; 185 187 186 188 if ( $absolute_filename == $file )
Note: See TracChangeset
for help on using the changeset viewer.