Changeset 4540

Timestamp:

11/29/2006 09:22:49 AM (17 years ago)

Author:

markjaquith

Message:

Sanitize all plugin metadata, for consistency. Props Viper007Bond. fixes #3396

File:

• trunk/wp-admin/plugins.php (modified) (1 diff)

trunk/wp-admin/plugins.php

@@ -106 +106 @@
             $toggle = "<a href='" . wp_nonce_url("plugins.php?action=activate&amp;plugin=$plugin_file", 'activate-plugin_' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
         }
-        $plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ;
+
+        $plugins_allowedtags = array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array());
+
+        // Sanitize all displayed data
+        $plugin_data['Title']       = wp_kses($plugin_data['Title'], $plugins_allowedtags);
+        $plugin_data['Version']     = wp_kses($plugin_data['Version'], $plugins_allowedtags);
+        $plugin_data['Description'] = wp_kses($plugin_data['Description'], $plugins_allowedtags);
+        $plugin_data['Author']      = wp_kses($plugin_data['Author'], $plugins_allowedtags);
+
         if ( $style != '' )
             $style = 'class="' . $style . '"';