WordPress.org
Get WordPress

Make WordPress Core

Changeset 48453


Ignore:
Timestamp:
07/12/2020 07:59:00 PM (5 years ago)
Author:
azaozz
Message:

Upgrade/Install: Use wp_strip_all_tags() for the fields in the compare table on the "Update theme/plugin from uploaded zip" screen. Some may contain HTML.

See #9757.

Location:
trunk/src/wp-admin/includes
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-admin/includes/class-plugin-installer-skin.php

    r48448 r48453  
    218218
    219219        foreach ( $rows as $field => $label ) {
    220             $old_value = ! empty( $current_plugin_data[ $field ] ) ? $current_plugin_data[ $field ] : '-';
    221             $new_value = ! empty( $this->upgrader->new_plugin_data[ $field ] ) ? $this->upgrader->new_plugin_data[ $field ] : '-';
     220            $old_value = ! empty( $current_plugin_data[ $field ] ) ? (string) $current_plugin_data[ $field ] : '-';
     221            $new_value = ! empty( $this->upgrader->new_plugin_data[ $field ] ) ? (string) $this->upgrader->new_plugin_data[ $field ] : '-';
    222222
    223223            $is_same_plugin = $is_same_plugin && ( $old_value === $new_value );
     
    226226            $diff_version = ( 'Version' === $field && $this->is_downgrading );
    227227
    228             $table .= '<tr><td class="name-label">' . $label . '</td><td>' . esc_html( $old_value ) . '</td>';
     228            $table .= '<tr><td class="name-label">' . $label . '</td><td>' . wp_strip_all_tags( $old_value ) . '</td>';
    229229            $table .= ( $diff_field || $diff_version ) ? '<td class="warning">' : '<td>';
    230             $table .= esc_html( $new_value ) . '</td></tr>';
     230            $table .= wp_strip_all_tags( $new_value ) . '</td></tr>';
    231231        }
    232232

  • trunk/src/wp-admin/includes/class-theme-installer-skin.php

    r48448 r48453  
    242242        foreach ( $rows as $field => $label ) {
    243243            $old_value = $current_theme_data->display( $field, false );
    244             $old_value = $old_value ? $old_value : '-';
    245 
    246             $new_value = ! empty( $this->upgrader->new_theme_data[ $field ] ) ? $this->upgrader->new_theme_data[ $field ] : '-';
     244            $old_value = $old_value ? (string) $old_value : '-';
     245
     246            $new_value = ! empty( $this->upgrader->new_theme_data[ $field ] ) ? (string) $this->upgrader->new_theme_data[ $field ] : '-';
    247247
    248248            if ( $old_value === $new_value && '-' === $new_value && 'Template' === $field ) {
     
    261261            }
    262262
    263             $table .= '<tr><td class="name-label">' . $label . '</td><td>' . esc_html( $old_value ) . '</td>';
     263            $table .= '<tr><td class="name-label">' . $label . '</td><td>' . wp_strip_all_tags( $old_value ) . '</td>';
    264264            $table .= ( $diff_field || $diff_version || $invalid_parent ) ? '<td class="warning">' : '<td>';
    265             $table .= esc_html( $new_value ) . '</td></tr>';
     265            $table .= wp_strip_all_tags( $new_value ) . '</td></tr>';
    266266        }
    267267
Note: See TracChangeset for help on using the changeset viewer.