WordPress.org

Make WordPress Core

Changeset 8499


Ignore:
Timestamp:
07/30/08 06:38:40 (7 years ago)
Author:
westi
Message:

Avoid possible XSS when displaying the list of invalid plugins fixes #6871 for trunk props xknown.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/plugins.php

    r8496 r8499  
    169169if( !empty($invalid) ) 
    170170    foreach($invalid as $plugin_file => $error) 
    171         echo '<div id="message" class="error"><p>' . sprintf(__('The plugin <code>%s</code> has been <strong>deactivated</strong> due to an error: %s'), $plugin_file, $error->get_error_message()) . '</p></div>'; 
     171        echo '<div id="message" class="error"><p>' . sprintf(__('The plugin <code>%s</code> has been <strong>deactivated</strong> due to an error: %s'), wp_specialchars($plugin_file), $error->get_error_message()) . '</p></div>'; 
    172172?> 
    173173 
Note: See TracChangeset for help on using the changeset viewer.