From 0337f74a345aef4419f3af7690fbfab884bb5d9a Mon Sep 17 00:00:00 2001
From: Sergey Biryukov <sergeybiryukov.ru@gmail.com>
Date: Tue, 30 Aug 2022 15:18:17 +0000
Subject: [PATCH] Plugins: Escape output in error messages.

Props tykoted, paulkevan, peterwilsoncc.
Built from https://develop.svn.wordpress.org/trunk@53960


git-svn-id: http://core.svn.wordpress.org/trunk@53519 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/plugins.php    | 4 ++--
 wp-includes/version.php | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php
index 9a1945f6be..dd8f8679d8 100644
--- a/wp-admin/plugins.php
+++ b/wp-admin/plugins.php
@@ -612,7 +612,7 @@ if ( ! empty( $invalid ) ) {
 			/* translators: 1: Plugin file, 2: Error message. */
 			__( 'The plugin %1$s has been deactivated due to an error: %2$s' ),
 			'<code>' . esc_html( $plugin_file ) . '</code>',
-			$error->get_error_message()
+			esc_html( $error->get_error_message() )
 		);
 		echo '</p></div>';
 	}
@@ -676,7 +676,7 @@ elseif ( isset( $_GET['deleted'] ) ) :
 				printf(
 					/* translators: %s: Error message. */
 					__( 'Plugin could not be deleted due to an error: %s' ),
-					$delete_result->get_error_message()
+					esc_html( $delete_result->get_error_message() )
 				);
 				?>
 			</p>
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 047301bac0..f98a4634b5 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '6.1-alpha-53959';
+$wp_version = '6.1-alpha-53960';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.