Make WordPress Core


Ignore:
Timestamp:
12/27/2021 04:04:57 PM (3 years ago)
Author:
SergeyBiryukov
Message:

Plugins: Escape the WordPress.org plugin page URL in the Plugin Installation modal.

Follow-up to [8540], [38953].

Props chintan1896, Presskopp, dimadin, henry.wright, aezazshekh, SergeyBiryukov.
Fixes #54362.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/plugin-install.php

    r50825 r52419  
    698698                </li>
    699699            <?php } if ( ! empty( $api->slug ) && empty( $api->external ) ) { ?>
    700                 <li><a target="_blank" href="<?php echo __( 'https://wordpress.org/plugins/' ) . $api->slug; ?>/"><?php _e( 'WordPress.org Plugin Page &#187;' ); ?></a></li>
     700                <li><a target="_blank" href="<?php echo esc_url( __( 'https://wordpress.org/plugins/' ) . $api->slug ); ?>/"><?php _e( 'WordPress.org Plugin Page &#187;' ); ?></a></li>
    701701            <?php } if ( ! empty( $api->homepage ) ) { ?>
    702702                <li><a target="_blank" href="<?php echo esc_url( $api->homepage ); ?>"><?php _e( 'Plugin Homepage &#187;' ); ?></a></li>
Note: See TracChangeset for help on using the changeset viewer.