WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Clean up get_plugin_data() and _get_plugin_data_markup_translate(), and standardize sanitization. fixes #20266. 

git-svn-id: http://svn.automattic.com/wordpress/trunk@20229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
nacin 2012-03-20 23:04:59 +00:00
parent fab76c6333
commit 3184f9891a
1 changed files with 44 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
wp-admin/includes/plugin.php
View File

@ -65,8 +65,8 @@
* @since 1.5.0
*
* @param string $plugin_file Path to the plugin file
* @param bool $markup If the returned data should have HTML markup applied
* @param bool $translate If the returned data should be translated
* @param bool $markup Optional. If the returned data should have HTML markup applied. Defaults to true.
* @param bool $translate Optional. If the returned data should be translated. Defaults to true.
* @return array See above for description.
*/
function get_plugin_data( $plugin_file, $markup = true, $translate = true ) {
@ -88,30 +88,36 @@ function get_plugin_data( $plugin_file, $markup = true, $translate = true ) {
$plugin_data = get_file_data( $plugin_file, $default_headers, 'plugin' );
// Site Wide Only is the old header for Network
if ( empty( $plugin_data['Network'] ) && ! empty( $plugin_data['_sitewide'] ) ) {
if ( ! $plugin_data['Network'] && $plugin_data['_sitewide'] ) {
_deprecated_argument( __FUNCTION__, '3.0', sprintf( __( 'The <code>%1$s</code> plugin header is deprecated. Use <code>%2$s</code> instead.' ), 'Site Wide Only: true', 'Network: true' ) );
$plugin_data['Network'] = $plugin_data['_sitewide'];
}
$plugin_data['Network'] = ( 'true' == strtolower( $plugin_data['Network'] ) );
unset( $plugin_data['_sitewide'] );
//For backward compatibility by default Title is the same as Name.
$plugin_data['Title'] = $plugin_data['Name'];
if ( $markup || $translate )
if ( $markup || $translate ) {
$plugin_data = _get_plugin_data_markup_translate( $plugin_file, $plugin_data, $markup, $translate );
else
} else {
$plugin_data['Title'] = $plugin_data['Name'];
$plugin_data['AuthorName'] = $plugin_data['Author'];
}
return $plugin_data;
}
function _get_plugin_data_markup_translate($plugin_file, $plugin_data, $markup = true, $translate = true) {
/**
* Sanitizes plugin data, optionally adds markup, optionally translates.
*
* @since 2.7.0
* @access private
* @see get_plugin_data()
*/
function _get_plugin_data_markup_translate( $plugin_file, $plugin_data, $markup = true, $translate = true ) {
//Translate fields
// Translate fields
if ( $translate ) {
if ( $textdomain = $plugin_data['TextDomain'] ) {
if ( ! empty( $plugin_data['DomainPath'] ) )
if ( $plugin_data['DomainPath'] )
load_plugin_textdomain( $textdomain, false, dirname( $plugin_file ) . $plugin_data['DomainPath'] );
else
load_plugin_textdomain( $textdomain, false, dirname( $plugin_file ) );
@ -124,37 +130,43 @@ function _get_plugin_data_markup_translate($plugin_file, $plugin_data, $markup =
}
}
$plugins_allowedtags = array(
'a' => array( 'href' => array(), 'title' => array() ),
'abbr' => array( 'title' => array() ),
'acronym' => array( 'title' => array() ),
'code' => array(),
'em' => array(),
'strong' => array(),
// Sanitize fields
$allowed_tags = $allowed_tags_in_links = array(
'abbr' => array( 'title' => true ),
'acronym' => array( 'title' => true ),
'code' => true,
'em' => true,
'strong' => true,
);
$allowed_tags['a'] = array( 'href' => true, 'title' => true );
$plugin_data['AuthorName'] = $plugin_data['Author'] = wp_kses( $plugin_data['Author'], $plugins_allowedtags );
// Name is marked up inside <a> tags. Don't allow these.
// Author is too, but some plugins have used <a> here (omitting Author URI).
$plugin_data['Name'] = wp_kses( $plugin_data['Name'], $allowed_tags_in_links );
$plugin_data['Author'] = wp_kses( $plugin_data['Author'], $allowed_tags );
//Apply Markup
$plugin_data['Description'] = wp_kses( $plugin_data['Description'], $allowed_tags );
$plugin_data['Version'] = wp_kses( $plugin_data['Version'], $allowed_tags );
$plugin_data['PluginURI'] = esc_url( $plugin_data['PluginURI'] );
$plugin_data['AuthorURI'] = esc_url( $plugin_data['AuthorURI'] );
$plugin_data['Title'] = $plugin_data['Name'];
$plugin_data['AuthorName'] = $plugin_data['Author'];
// Apply markup
if ( $markup ) {
if ( ! empty($plugin_data['PluginURI']) && ! empty($plugin_data['Name']) )
if ( $plugin_data['PluginURI'] && $plugin_data['Name'] )
$plugin_data['Title'] = '<a href="' . $plugin_data['PluginURI'] . '" title="' . esc_attr__( 'Visit plugin homepage' ) . '">' . $plugin_data['Name'] . '</a>';
else
$plugin_data['Title'] = $plugin_data['Name'];
if ( ! empty($plugin_data['AuthorURI']) && ! empty($plugin_data['Author']) )
if ( $plugin_data['AuthorURI'] && $plugin_data['Author'] )
$plugin_data['Author'] = '<a href="' . $plugin_data['AuthorURI'] . '" title="' . esc_attr__( 'Visit author homepage' ) . '">' . $plugin_data['Author'] . '</a>';
$plugin_data['Description'] = wptexturize( $plugin_data['Description'] );
if ( ! empty($plugin_data['Author']) )
$plugin_data['Description'] .= ' <cite>' . sprintf( __('By %s'), $plugin_data['Author'] ) . '.</cite>';
}
// Sanitize all displayed data. Author and AuthorName sanitized above.
$plugin_data['Title'] = wp_kses( $plugin_data['Title'], $plugins_allowedtags );
$plugin_data['Version'] = wp_kses( $plugin_data['Version'], $plugins_allowedtags );
$plugin_data['Description'] = wp_kses( $plugin_data['Description'], $plugins_allowedtags );
$plugin_data['Name'] = wp_kses( $plugin_data['Name'], $plugins_allowedtags );
if ( $plugin_data['Author'] )
$plugin_data['Description'] .= ' <cite>' . sprintf( __('By %s.'), $plugin_data['Author'] ) . '</cite>';
}
return $plugin_data;
}