Opened 14 years ago
Closed 14 years ago
#15662 closed defect (bug) (fixed)
Too much escaping when Deleting a plugin
Reported by: | TobiasBg | Owned by: | |
---|---|---|---|
Milestone: | 3.1 | Priority: | normal |
Severity: | normal | Version: | 3.1 |
Component: | General | Keywords: | |
Focuses: | Cc: |
Description
There's a little bit too much HTML escaping when deleting a plugin.
To reproduce, on a clean SVN of trunk, click "Delete" on the "Plugins" page, e.g. for "Helly Dolly".
Instead of a link, you will see the plain HTML for the link, here
Hello Dolly by <a href="http://ma.tt/" title="Visit author homepage">Matt Mullenweg</a>
This seems to come from this line, where escaping was added to $plugin['Author']
(which contains HTML for the link) in [15521].
Change History (11)
#2
@
14 years ago
- Milestone changed from Awaiting Review to 3.1
Two options:
- Strip tags.
- Add AuthorName to get_plugins(), which is Author without AuthorURI. This would be consistent with themes.
Let's do the latter.
#4
@
14 years ago
Closed #15678 as duplicate, has a patch for strip tags instead of adding AuthorName to get_plugins.
#6
@
14 years ago
- Resolution fixed deleted
- Status changed from closed to reopened
While this is fixed for Hello Dolly now (the link (i.e. its HTML) is now only the name), it does not for Akismet: There is no author name there at all, so it only reads
Akismet by
In all other locations, as well as in its readme.txt, the author is provided as "Automattic".
#8
@
14 years ago
- Resolution set to fixed
- Status changed from reopened to closed
I keep saying get_plugins(), but I mean get_plugin_data().
#9
@
14 years ago
Thanks, nacin!
Just for clarity: Am I correct that plugins in a sub-folder (like Akismet) do not get their plugin data processed for markup/translation, while plugins in the main plugins folder (like Dolly) do? For the first ones, the plugin data comes from get_plugin_data( $file, $markup = false, $translate = false ) in get_plugins(), while for the latter ones, it comes from a get_plugin_data( $file, true, true ).
Due to that, the data for plugins like Akismet (in sub folder) also does not seem to run through kses.
#10
@
14 years ago
- Resolution fixed deleted
- Status changed from closed to reopened
get_plugins() gets cached, thus without markup or translations. Those are then run later on via direct calls to get_plugin_data().
You're right in that's how the code works re: directories, but I don't think that's by design. We should place a call to _get_plugin_data_markup_translate() somewhere.
This is indeed inconsistent, since we don't escape it when displaying it in the list table.