sergiotarxz/Wordpress
sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove HTML escaping for the plugin name and author fields that are displayed when deleting a plugin.

Browse Source 
While it might seem counter-intuitive to remove HTML escaping, these fields are already safe (they originate in `_get_plugin_data_markup_translate()` which handles sanitization and escaping), and the AuthorName field actually allows some HTML. This change prevents escaped HTML from appearing here.

Fixes #25422


git-svn-id: https://develop.svn.wordpress.org/trunk@34973 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
John Blackbourn 2015-10-08 23:13:00 +00:00
parent f2444857eb
commit 8a7f8602b3
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/wp-admin/plugins.php
View File

@ -321,11 +321,11 @@ if ( $action ) {
foreach ( $plugin_info as $plugin ) {
if ( $plugin['is_uninstallable'] ) {
/* translators: 1: plugin name, 2: plugin author */
echo '<li>', sprintf( __( '<strong>%1$s</strong> by <em>%2$s</em> (will also <strong>delete its data</strong>)' ), esc_html($plugin['Name']), esc_html($plugin['AuthorName']) ), '</li>';
echo '<li>', sprintf( __( '<strong>%1$s</strong> by <em>%2$s</em> (will also <strong>delete its data</strong>)' ), $plugin['Name'], $plugin['AuthorName'] ), '</li>';
$data_to_delete = true;
} else {
/* translators: 1: plugin name, 2: plugin author */
echo '<li>', sprintf( __('<strong>%1$s</strong> by <em>%2$s</em>' ), esc_html($plugin['Name']), esc_html($plugin['AuthorName']) ), '</li>';
echo '<li>', sprintf( __('<strong>%1$s</strong> by <em>%2$s</em>' ), $plugin['Name'], $plugin['AuthorName'] ), '</li>';
}
}
?>