Changeset 41456
- Timestamp:
- 09/19/2017 01:50:05 PM (8 years ago)
- Location:
- branches/3.7
- Files:
-
- 7 edited
-
. (modified) (1 prop)
-
src (modified) (1 prop)
-
src/wp-admin/includes/class-wp-plugins-list-table.php (modified) (1 diff)
-
src/wp-admin/includes/template.php (modified) (1 diff)
-
src/wp-admin/plugin-editor.php (modified) (3 diffs)
-
src/wp-admin/plugins.php (modified) (6 diffs)
-
src/wp-admin/theme-editor.php (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/3.7
- Property svn:mergeinfo changed
/branches/3.8 merged: 41452 /branches/3.9 merged: 41449 /branches/4.0 (added) merged: 41447 /branches/4.1 (added) merged: 41446 /branches/4.2 merged: 41445 /branches/4.3 merged: 41444 /branches/4.4 (added) merged: 41434 /branches/4.5 (added) merged: 41415-41416 /branches/4.6 merged: 41414
- Property svn:mergeinfo changed
-
branches/3.7/src
- Property svn:mergeinfo changed
/branches/3.8/src (added) merged: 41452
- Property svn:mergeinfo changed
-
branches/3.7/src/wp-admin/includes/class-wp-plugins-list-table.php
r25425 r41456 340 340 if ( $is_active ) { 341 341 if ( current_user_can( 'manage_network_plugins' ) ) 342 $actions['deactivate'] = '<a href="' . wp_nonce_url('plugins.php?action=deactivate&plugin=' . $plugin_file. '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'deactivate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Deactivate this plugin') . '">' . __('Network Deactivate') . '</a>';342 $actions['deactivate'] = '<a href="' . wp_nonce_url('plugins.php?action=deactivate&plugin=' . urlencode( $plugin_file ) . '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'deactivate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Deactivate this plugin') . '">' . __('Network Deactivate') . '</a>'; 343 343 } else { 344 344 if ( current_user_can( 'manage_network_plugins' ) ) 345 $actions['activate'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&plugin=' . $plugin_file. '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin for all sites in this network') . '" class="edit">' . __('Network Activate') . '</a>';345 $actions['activate'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&plugin=' . urlencode( $plugin_file ) . '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin for all sites in this network') . '" class="edit">' . __('Network Activate') . '</a>'; 346 346 if ( current_user_can( 'delete_plugins' ) && ! is_plugin_active( $plugin_file ) ) 347 $actions['delete'] = '<a href="' . wp_nonce_url('plugins.php?action=delete-selected&checked[]=' . $plugin_file. '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'bulk-plugins') . '" title="' . esc_attr__('Delete this plugin') . '" class="delete">' . __('Delete') . '</a>';347 $actions['delete'] = '<a href="' . wp_nonce_url('plugins.php?action=delete-selected&checked[]=' . urlencode( $plugin_file ) . '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'bulk-plugins') . '" title="' . esc_attr__('Delete this plugin') . '" class="delete">' . __('Delete') . '</a>'; 348 348 } 349 349 } else { 350 350 if ( $is_active ) { 351 $actions['deactivate'] = '<a href="' . wp_nonce_url('plugins.php?action=deactivate&plugin=' . $plugin_file. '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'deactivate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Deactivate this plugin') . '">' . __('Deactivate') . '</a>';351 $actions['deactivate'] = '<a href="' . wp_nonce_url('plugins.php?action=deactivate&plugin=' . urlencode( $plugin_file ) . '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'deactivate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Deactivate this plugin') . '">' . __('Deactivate') . '</a>'; 352 352 } else { 353 $actions['activate'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&plugin=' . $plugin_file. '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin') . '" class="edit">' . __('Activate') . '</a>';353 $actions['activate'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&plugin=' . urlencode( $plugin_file ) . '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin') . '" class="edit">' . __('Activate') . '</a>'; 354 354 355 355 if ( ! is_multisite() && current_user_can('delete_plugins') ) 356 $actions['delete'] = '<a href="' . wp_nonce_url('plugins.php?action=delete-selected&checked[]=' . $plugin_file. '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'bulk-plugins') . '" title="' . esc_attr__('Delete this plugin') . '" class="delete">' . __('Delete') . '</a>';356 $actions['delete'] = '<a href="' . wp_nonce_url('plugins.php?action=delete-selected&checked[]=' . urlencode( $plugin_file ) . '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'bulk-plugins') . '" title="' . esc_attr__('Delete this plugin') . '" class="delete">' . __('Delete') . '</a>'; 357 357 } // end if $is_active 358 358 } // end if $screen->in_admin( 'network' ) 359 359 360 360 if ( ( ! is_multisite() || $screen->in_admin( 'network' ) ) && current_user_can('edit_plugins') && is_writable(WP_PLUGIN_DIR . '/' . $plugin_file) ) 361 $actions['edit'] = '<a href="plugin-editor.php?file=' . $plugin_file. '" title="' . esc_attr__('Open this file in the Plugin Editor') . '" class="edit">' . __('Edit') . '</a>';361 $actions['edit'] = '<a href="plugin-editor.php?file=' . urlencode( $plugin_file ) . '" title="' . esc_attr__('Open this file in the Plugin Editor') . '" class="edit">' . __('Edit') . '</a>'; 362 362 } // end if $context 363 363 -
branches/3.7/src/wp-admin/includes/template.php
r32206 r41456 707 707 else 708 708 $selected = ''; 709 echo "\n\t<option value='" .$templates[$template]."' $selected>$template</option>";709 echo "\n\t<option value='" . esc_attr( $templates[$template] ) ."' $selected>" . esc_html( $template ) . "</option>"; 710 710 endforeach; 711 711 } -
branches/3.7/src/wp-admin/plugin-editor.php
r25616 r41456 87 87 88 88 if ( ( ! empty( $_GET['networkwide'] ) && ! is_plugin_active_for_network($file) ) || ! is_plugin_active($file) ) 89 activate_plugin($file, "plugin-editor.php?file= $file&phperror=1", ! empty( $_GET['networkwide'] ) ); // we'll override this later if the plugin can be included without fatal error90 91 wp_redirect( self_admin_url("plugin-editor.php?file= $file&a=te&scrollto=$scrollto") );89 activate_plugin($file, "plugin-editor.php?file=" . urlencode( $file ) . "&phperror=1", ! empty( $_GET['networkwide'] ) ); // we'll override this later if the plugin can be included without fatal error 90 91 wp_redirect( self_admin_url("plugin-editor.php?file=" . urlencode( $file ) . "&a=te&scrollto=$scrollto") ); 92 92 exit; 93 93 } … … 176 176 if ( is_plugin_active($plugin) ) { 177 177 if ( is_writeable($real_file) ) 178 echo sprintf(__('Editing <strong>%s</strong> (active)'), $file);178 echo sprintf(__('Editing <strong>%s</strong> (active)'), esc_html( $file ) ); 179 179 else 180 echo sprintf(__('Browsing <strong>%s</strong> (active)'), $file);180 echo sprintf(__('Browsing <strong>%s</strong> (active)'), esc_html( $file ) ); 181 181 } else { 182 182 if ( is_writeable($real_file) ) 183 echo sprintf(__('Editing <strong>%s</strong> (inactive)'), $file);183 echo sprintf(__('Editing <strong>%s</strong> (inactive)'), esc_html( $file ) ); 184 184 else 185 echo sprintf(__('Browsing <strong>%s</strong> (inactive)'), $file);185 echo sprintf(__('Browsing <strong>%s</strong> (inactive)'), esc_html( $file ) ); 186 186 } 187 187 ?></big> … … 227 227 } 228 228 ?> 229 <li<?php echo $file == $plugin_file ? ' class="highlight"' : ''; ?>><a href="plugin-editor.php?file=<?php echo urlencode( $plugin_file ) ?>&plugin=<?php echo urlencode( $plugin ) ?>"><?php echo $plugin_file?></a></li>229 <li<?php echo $file == $plugin_file ? ' class="highlight"' : ''; ?>><a href="plugin-editor.php?file=<?php echo urlencode( $plugin_file ) ?>&plugin=<?php echo urlencode( $plugin ) ?>"><?php echo esc_html( $plugin_file ); ?></a></li> 230 230 <?php endforeach; ?> 231 231 </ul> -
branches/3.7/src/wp-admin/plugins.php
r40180 r41456 18 18 $action = $wp_list_table->current_action(); 19 19 20 $plugin = isset($_REQUEST['plugin']) ? $_REQUEST['plugin']: '';20 $plugin = isset($_REQUEST['plugin']) ? wp_unslash( $_REQUEST['plugin'] ) : ''; 21 21 $s = isset($_REQUEST['s']) ? urlencode($_REQUEST['s']) : ''; 22 22 … … 38 38 check_admin_referer('activate-plugin_' . $plugin); 39 39 40 $result = activate_plugin($plugin, self_admin_url('plugins.php?error=true&plugin=' . $plugin), is_network_admin() );40 $result = activate_plugin($plugin, self_admin_url('plugins.php?error=true&plugin=' . urlencode( $plugin ) ), is_network_admin() ); 41 41 if ( is_wp_error( $result ) ) { 42 42 if ( 'unexpected_output' == $result->get_error_code() ) { 43 $redirect = self_admin_url('plugins.php?error=true&charsout=' . strlen($result->get_error_data()) . '&plugin=' . $plugin. "&plugin_status=$status&paged=$page&s=$s");43 $redirect = self_admin_url('plugins.php?error=true&charsout=' . strlen($result->get_error_data()) . '&plugin=' . urlencode( $plugin ) . "&plugin_status=$status&paged=$page&s=$s"); 44 44 wp_redirect(add_query_arg('_error_nonce', wp_create_nonce('plugin-activation-error_' . $plugin), $redirect)); 45 45 exit; … … 68 68 check_admin_referer('bulk-plugins'); 69 69 70 $plugins = isset( $_POST['checked'] ) ? (array) $_POST['checked']: array();70 $plugins = isset( $_POST['checked'] ) ? (array) wp_unslash( $_POST['checked'] ) : array(); 71 71 72 72 // Only activate plugins which are not already active. … … 105 105 106 106 if ( isset( $_GET['plugins'] ) ) 107 $plugins = explode( ',', $_GET['plugins']);107 $plugins = explode( ',', wp_unslash( $_GET['plugins'] ) ); 108 108 elseif ( isset( $_POST['checked'] ) ) 109 $plugins = (array) $_POST['checked'];109 $plugins = (array) wp_unslash( $_POST['checked'] ); 110 110 else 111 111 $plugins = array(); … … 177 177 check_admin_referer('bulk-plugins'); 178 178 179 $plugins = isset( $_POST['checked'] ) ? (array) $_POST['checked']: array();179 $plugins = isset( $_POST['checked'] ) ? (array) wp_unslash( $_POST['checked'] ) : array(); 180 180 // Do not deactivate plugins which are already deactivated. 181 181 if ( is_network_admin() ) { … … 209 209 210 210 //$_POST = from the plugin form; $_GET = from the FTP details screen. 211 $plugins = isset( $_REQUEST['checked'] ) ? (array) $_REQUEST['checked']: array();211 $plugins = isset( $_REQUEST['checked'] ) ? (array) wp_unslash( $_REQUEST['checked'] ) : array(); 212 212 if ( empty( $plugins ) ) { 213 213 wp_redirect( self_admin_url("plugins.php?plugin_status=$status&paged=$page&s=$s") ); -
branches/3.7/src/wp-admin/theme-editor.php
r25616 r41456 69 69 $file = $allowed_files['style.css']; 70 70 } else { 71 $relative_file = $file;71 $relative_file = wp_unslash( $file ); 72 72 $file = $theme->get_stylesheet_directory() . '/' . $relative_file; 73 73 } … … 128 128 <?php endif; 129 129 130 $ description = get_file_description( $file );130 $file_description = get_file_description( $relative_file ); 131 131 $file_show = array_search( $file, array_filter( $allowed_files ) ); 132 if ( $description != $file_show ) 133 $description .= ' <span>(' . $file_show . ')</span>'; 132 $description = esc_html( $file_description ); 133 if ( $file_description != $file_show ) { 134 $description .= ' <span>(' . esc_html( $file_show ) . ')</span>'; 135 } 134 136 ?> 135 137 <div class="wrap"> … … 181 183 echo "\t</ul>\n\t<h3>" . _x( 'Styles', 'Theme stylesheets in theme editor' ) . "</h3>\n\t<ul>\n"; 182 184 183 $file_description = get_file_description( $absolute_filename);185 $file_description = esc_html( get_file_description( $filename ) ); 184 186 if ( $file_description != basename( $filename ) ) 185 $file_description .= '<br /><span class="nonessential">(' . $filename. ')</span>';187 $file_description .= '<br /><span class="nonessential">(' . esc_html( $filename ) . ')</span>'; 186 188 187 189 if ( $absolute_filename == $file )
Note: See TracChangeset
for help on using the changeset viewer.