Sanitize plugin update information
|Reported by:||Viper007Bond||Owned by:||westi|
The update data retrieved from WP.org is trusted to be safe and HTML encoded. We shouldn't make this assumption, plus we should to kses the plugin's name.
Attached is a proposed patch. Seems to work okay.
Change History (23)
- Owner changed from anonymous to westi
- Status changed from new to assigned
- Component changed from Administration to Security
- Milestone changed from 2.9 to 2.8
- Keywords 2nd-opinion removed
- Severity changed from normal to critical
- Keywords needs-patch added; has-patch tested removed
- Milestone changed from 2.8 to Future Release
- Keywords has-patch added; needs-patch removed
- Milestone changed from Future Release to 2.8
- Keywords needs-patch added; has-patch tested commit removed
Note: See TracTickets for help on using tickets.