Clean up get_plugin_data() and _get_plugin_data_markup_translate(), and standardize sanitization. fixes #20266.

git-svn-id: https://develop.svn.wordpress.org/trunk@20229 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin 2012-03-20 23:04:59 +00:00
parent 3fd13e90b5
commit 910804c30e

View File

@ -65,8 +65,8 @@
* @since 1.5.0 * @since 1.5.0
* *
* @param string $plugin_file Path to the plugin file * @param string $plugin_file Path to the plugin file
* @param bool $markup If the returned data should have HTML markup applied * @param bool $markup Optional. If the returned data should have HTML markup applied. Defaults to true.
* @param bool $translate If the returned data should be translated * @param bool $translate Optional. If the returned data should be translated. Defaults to true.
* @return array See above for description. * @return array See above for description.
*/ */
function get_plugin_data( $plugin_file, $markup = true, $translate = true ) { function get_plugin_data( $plugin_file, $markup = true, $translate = true ) {
@ -88,30 +88,36 @@ function get_plugin_data( $plugin_file, $markup = true, $translate = true ) {
$plugin_data = get_file_data( $plugin_file, $default_headers, 'plugin' ); $plugin_data = get_file_data( $plugin_file, $default_headers, 'plugin' );
// Site Wide Only is the old header for Network // Site Wide Only is the old header for Network
if ( empty( $plugin_data['Network'] ) && ! empty( $plugin_data['_sitewide'] ) ) { if ( ! $plugin_data['Network'] && $plugin_data['_sitewide'] ) {
_deprecated_argument( __FUNCTION__, '3.0', sprintf( __( 'The <code>%1$s</code> plugin header is deprecated. Use <code>%2$s</code> instead.' ), 'Site Wide Only: true', 'Network: true' ) ); _deprecated_argument( __FUNCTION__, '3.0', sprintf( __( 'The <code>%1$s</code> plugin header is deprecated. Use <code>%2$s</code> instead.' ), 'Site Wide Only: true', 'Network: true' ) );
$plugin_data['Network'] = $plugin_data['_sitewide']; $plugin_data['Network'] = $plugin_data['_sitewide'];
} }
$plugin_data['Network'] = ( 'true' == strtolower( $plugin_data['Network'] ) ); $plugin_data['Network'] = ( 'true' == strtolower( $plugin_data['Network'] ) );
unset( $plugin_data['_sitewide'] ); unset( $plugin_data['_sitewide'] );
//For backward compatibility by default Title is the same as Name. if ( $markup || $translate ) {
$plugin_data['Title'] = $plugin_data['Name'];
if ( $markup || $translate )
$plugin_data = _get_plugin_data_markup_translate( $plugin_file, $plugin_data, $markup, $translate ); $plugin_data = _get_plugin_data_markup_translate( $plugin_file, $plugin_data, $markup, $translate );
else } else {
$plugin_data['Title'] = $plugin_data['Name'];
$plugin_data['AuthorName'] = $plugin_data['Author']; $plugin_data['AuthorName'] = $plugin_data['Author'];
}
return $plugin_data; return $plugin_data;
} }
function _get_plugin_data_markup_translate($plugin_file, $plugin_data, $markup = true, $translate = true) { /**
* Sanitizes plugin data, optionally adds markup, optionally translates.
*
* @since 2.7.0
* @access private
* @see get_plugin_data()
*/
function _get_plugin_data_markup_translate( $plugin_file, $plugin_data, $markup = true, $translate = true ) {
//Translate fields // Translate fields
if ( $translate ) { if ( $translate ) {
if ( $textdomain = $plugin_data['TextDomain'] ) { if ( $textdomain = $plugin_data['TextDomain'] ) {
if ( ! empty( $plugin_data['DomainPath'] ) ) if ( $plugin_data['DomainPath'] )
load_plugin_textdomain( $textdomain, false, dirname( $plugin_file ) . $plugin_data['DomainPath'] ); load_plugin_textdomain( $textdomain, false, dirname( $plugin_file ) . $plugin_data['DomainPath'] );
else else
load_plugin_textdomain( $textdomain, false, dirname( $plugin_file ) ); load_plugin_textdomain( $textdomain, false, dirname( $plugin_file ) );
@ -124,37 +130,43 @@ function _get_plugin_data_markup_translate($plugin_file, $plugin_data, $markup =
} }
} }
$plugins_allowedtags = array( // Sanitize fields
'a' => array( 'href' => array(), 'title' => array() ), $allowed_tags = $allowed_tags_in_links = array(
'abbr' => array( 'title' => array() ), 'abbr' => array( 'title' => true ),
'acronym' => array( 'title' => array() ), 'acronym' => array( 'title' => true ),
'code' => array(), 'code' => true,
'em' => array(), 'em' => true,
'strong' => array(), 'strong' => true,
); );
$allowed_tags['a'] = array( 'href' => true, 'title' => true );
$plugin_data['AuthorName'] = $plugin_data['Author'] = wp_kses( $plugin_data['Author'], $plugins_allowedtags ); // Name is marked up inside <a> tags. Don't allow these.
// Author is too, but some plugins have used <a> here (omitting Author URI).
$plugin_data['Name'] = wp_kses( $plugin_data['Name'], $allowed_tags_in_links );
$plugin_data['Author'] = wp_kses( $plugin_data['Author'], $allowed_tags );
//Apply Markup $plugin_data['Description'] = wp_kses( $plugin_data['Description'], $allowed_tags );
$plugin_data['Version'] = wp_kses( $plugin_data['Version'], $allowed_tags );
$plugin_data['PluginURI'] = esc_url( $plugin_data['PluginURI'] );
$plugin_data['AuthorURI'] = esc_url( $plugin_data['AuthorURI'] );
$plugin_data['Title'] = $plugin_data['Name'];
$plugin_data['AuthorName'] = $plugin_data['Author'];
// Apply markup
if ( $markup ) { if ( $markup ) {
if ( ! empty($plugin_data['PluginURI']) && ! empty($plugin_data['Name']) ) if ( $plugin_data['PluginURI'] && $plugin_data['Name'] )
$plugin_data['Title'] = '<a href="' . $plugin_data['PluginURI'] . '" title="' . esc_attr__( 'Visit plugin homepage' ) . '">' . $plugin_data['Name'] . '</a>'; $plugin_data['Title'] = '<a href="' . $plugin_data['PluginURI'] . '" title="' . esc_attr__( 'Visit plugin homepage' ) . '">' . $plugin_data['Name'] . '</a>';
else
$plugin_data['Title'] = $plugin_data['Name'];
if ( ! empty($plugin_data['AuthorURI']) && ! empty($plugin_data['Author']) ) if ( $plugin_data['AuthorURI'] && $plugin_data['Author'] )
$plugin_data['Author'] = '<a href="' . $plugin_data['AuthorURI'] . '" title="' . esc_attr__( 'Visit author homepage' ) . '">' . $plugin_data['Author'] . '</a>'; $plugin_data['Author'] = '<a href="' . $plugin_data['AuthorURI'] . '" title="' . esc_attr__( 'Visit author homepage' ) . '">' . $plugin_data['Author'] . '</a>';
$plugin_data['Description'] = wptexturize( $plugin_data['Description'] ); $plugin_data['Description'] = wptexturize( $plugin_data['Description'] );
if ( ! empty($plugin_data['Author']) )
$plugin_data['Description'] .= ' <cite>' . sprintf( __('By %s'), $plugin_data['Author'] ) . '.</cite>';
}
// Sanitize all displayed data. Author and AuthorName sanitized above. if ( $plugin_data['Author'] )
$plugin_data['Title'] = wp_kses( $plugin_data['Title'], $plugins_allowedtags ); $plugin_data['Description'] .= ' <cite>' . sprintf( __('By %s.'), $plugin_data['Author'] ) . '</cite>';
$plugin_data['Version'] = wp_kses( $plugin_data['Version'], $plugins_allowedtags ); }
$plugin_data['Description'] = wp_kses( $plugin_data['Description'], $plugins_allowedtags );
$plugin_data['Name'] = wp_kses( $plugin_data['Name'], $plugins_allowedtags );
return $plugin_data; return $plugin_data;
} }