From 4e86f315b8522b003234cebc49ad27f766f88e7d Mon Sep 17 00:00:00 2001
From: Peter Westwood <westi@git.wordpress.org>
Date: Wed, 30 Jul 2008 06:38:40 +0000
Subject: [PATCH] Avoid possible XSS when displaying the list of invalid
 plugins fixes #6871 for trunk props xknown.

git-svn-id: https://develop.svn.wordpress.org/trunk@8499 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-admin/plugins.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php
index e8133271e1..039f88cd3b 100644
--- a/wp-admin/plugins.php
+++ b/wp-admin/plugins.php
@@ -168,7 +168,7 @@ require_once('admin-header.php');
 $invalid = validate_active_plugins();
 if( !empty($invalid) )
 	foreach($invalid as $plugin_file => $error)
-		echo '<div id="message" class="error"><p>' . sprintf(__('The plugin <code>%s</code> has been <strong>deactivated</strong> due to an error: %s'), $plugin_file, $error->get_error_message()) . '</p></div>';
+		echo '<div id="message" class="error"><p>' . sprintf(__('The plugin <code>%s</code> has been <strong>deactivated</strong> due to an error: %s'), wp_specialchars($plugin_file), $error->get_error_message()) . '</p></div>';
 ?>
 
 <?php if ( isset($_GET['error']) ) : ?>