From 98da14ab75a9b433e867be54c6a2b62a8ac4f6d4 Mon Sep 17 00:00:00 2001
From: Gary Pendergast <pento@git.wordpress.org>
Date: Mon, 20 Apr 2015 06:26:35 +0000
Subject: [PATCH] Correctly escape theme version numbers when displaying them.

Props collinsinternet.



git-svn-id: https://develop.svn.wordpress.org/trunk@32170 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-admin/themes.php            | 2 +-
 src/wp-includes/class-wp-theme.php | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/wp-admin/themes.php b/src/wp-admin/themes.php
index 3f59f2ab03..45776cc967 100644
--- a/src/wp-admin/themes.php
+++ b/src/wp-admin/themes.php
@@ -378,7 +378,7 @@ $can_delete = current_user_can( 'delete_themes' );
 				<# if ( data.active ) { #>
 					<span class="current-label"><?php _e( 'Current Theme' ); ?></span>
 				<# } #>
-				<h3 class="theme-name">{{{ data.name }}}<span class="theme-version"><?php printf( __( 'Version: %s' ), '{{{ data.version }}}' ); ?></span></h3>
+				<h3 class="theme-name">{{{ data.name }}}<span class="theme-version"><?php printf( __( 'Version: %s' ), '{{ data.version }}' ); ?></span></h3>
 				<h4 class="theme-author"><?php printf( __( 'By %s' ), '{{{ data.authorAndUri }}}' ); ?></h4>
 
 				<# if ( data.hasUpdate ) { #>
diff --git a/src/wp-includes/class-wp-theme.php b/src/wp-includes/class-wp-theme.php
index 523c7339c4..b0115aef60 100644
--- a/src/wp-includes/class-wp-theme.php
+++ b/src/wp-includes/class-wp-theme.php
@@ -636,6 +636,9 @@ final class WP_Theme implements ArrayAccess {
 			case 'Tags' :
 				$value = array_filter( array_map( 'trim', explode( ',', strip_tags( $value ) ) ) );
 				break;
+			case 'Version' :
+				$value = strip_tags( $value );
+				break;
 		}
 
 		return $value;