Update/Install: Replace "error" and "-1" failure messages with a more meaningful one.

* "-1" is an invalid nonce error, show 'An error has occurred. Please reload the page and try again.'.
* "error" means that the connection to the server was lost, show 'Connection lost or the server is busy. Please try again later.'.
* Escape the message in `wp-updates-admin-notice` because the response may include HTML.
* Remove HTML tags in `wp.updates.isValidResponse()` to make PHP's error messages more readable.

Props azaozz for review.
Fixes #37583.
Built from https://develop.svn.wordpress.org/trunk@38205


git-svn-id: http://core.svn.wordpress.org/trunk@38146 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/includes/update.php

@@ -631,7 +631,7 @@ function maintenance_nag() {
 function wp_print_admin_notice_templates() {
 	?>
 	<script id="tmpl-wp-updates-admin-notice" type="text/html">
-		<div <# if ( data.id ) { #>id="{{ data.id }}"<# } #> class="notice {{ data.className }}"><p>{{{ data.message }}}</p></div>
+		<div <# if ( data.id ) { #>id="{{ data.id }}"<# } #> class="notice {{ data.className }}"><p>{{ data.message }}</p></div>
 	</script>
 	<script id="tmpl-wp-bulk-updates-admin-notice" type="text/html">
 		<div id="{{ data.id }}" class="{{ data.className }} notice <# if ( data.errors ) { #>notice-error<# } else { #>notice-success<# } #>">

wp-admin/js/updates.js

@@ -1562,8 +1562,12 @@
 			return true;
 		}
 
-		if ( _.isString( response ) ) {
+		if ( _.isString( response ) && '-1' === response ) {
+			error = wp.updates.l10n.nonceError;
+		} else if ( _.isString( response ) ) {
 			error = response;
+		} else if ( 'undefined' !== typeof response.readyState && 0 === response.readyState ) {
+			error = wp.updates.l10n.connectionError;
 		} else if ( _.isString( response.responseText ) && '' !== response.responseText ) {
 			error = response.responseText;
 		} else if ( _.isString( response.statusText ) ) {
@@ -1584,6 +1588,8 @@
 				break;
 		}
 
+		// Messages are escaped, remove HTML tags to make them more readable.
+		error = error.replace( /<[\/a-z][^<>]*>/gi, '' );
 		errorMessage = errorMessage.replace( '%s', error );
 
 		// Add admin notice.

wp-includes/script-loader.php

@@ -677,6 +677,8 @@ function wp_default_scripts( &$scripts ) {
 				/* translators: %s: Importer name */
 				'activateImporterLabel'      => __( 'Run %s' ),
 				'unknownError'               => __( 'An unknown error occurred' ),
+				'connectionError'            => __( 'Connection lost or the server is busy. Please try again later.' ),
+				'nonceError'                 => __( 'An error has occurred. Please reload the page and try again.' ),
 				'pluginsFound'               => __( 'Number of plugins found: %d' ),
 				'noPluginsFound'             => __( 'No plugins found. Try a different search.' ),
 			),

wp-includes/version.php

@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.7-alpha-38203';
+$wp_version = '4.7-alpha-38205';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.