From 61ed60c619f5fcb51486478e80645b86c795b14e Mon Sep 17 00:00:00 2001
From: Dion Hulse <wordpress@dd32.id.au>
Date: Fri, 22 Nov 2013 02:34:10 +0000
Subject: [PATCH] Themes: Move the escaping of content from JS back to PHP.
 This allows us to take advantage of the display() WP_Theme method to
 translate the text properly, and to strip out any HTML tags we don't wish to
 display. Fixes #26100. See #25948

Built from https://develop.svn.wordpress.org/trunk@26316


git-svn-id: http://core.svn.wordpress.org/trunk@26220 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/includes/theme.php |  7 +++----
 wp-admin/themes.php         | 16 ++++++----------
 2 files changed, 9 insertions(+), 14 deletions(-)

diff --git a/wp-admin/includes/theme.php b/wp-admin/includes/theme.php
index fa0707db7b..ad3781a9dc 100644
--- a/wp-admin/includes/theme.php
+++ b/wp-admin/includes/theme.php
@@ -405,10 +405,9 @@ function wp_prepare_themes_for_js( $themes = null ) {
 			'name'         => $theme->display( 'Name' ),
 			'screenshot'   => array( $theme->get_screenshot() ), // @todo multiple
 			'description'  => $theme->display( 'Description' ),
-			'author'       => $theme->get( 'Author' ),
-			'authorURI'    => $theme->get( 'AuthorURI' ),
-			'version'      => $theme->get( 'Version' ),
-			'tags'         => $theme->get( 'Tags' ),
+			'author'       => $theme->display( 'Author' ),
+			'version'      => $theme->display( 'Version' ),
+			'tags'         => $theme->display( 'Tags' ),
 			'parent'       => $parent,
 			'active'       => $slug === $current_theme,
 			'hasUpdate'    => isset( $updates[ $slug ] ),
diff --git a/wp-admin/themes.php b/wp-admin/themes.php
index 0341f9d72d..da790e4268 100644
--- a/wp-admin/themes.php
+++ b/wp-admin/themes.php
@@ -215,7 +215,7 @@ if ( ! is_multisite() && current_user_can('edit_themes') && $broken_themes = wp_
 	<div class="theme-screenshot">
 		<img src="{{ data.screenshot[0] }}" alt="" />
 	</div>
-	<div class="theme-author"><?php printf( __( 'By %s' ), '{{ data.author }}' ); ?></div>
+	<div class="theme-author"><?php printf( __( 'By %s' ), '{{{ data.author }}}' ); ?></div>
 	<h3 class="theme-name">{{ data.name }}</h3>
 	<div class="theme-actions">
 
@@ -266,12 +266,8 @@ if ( ! is_multisite() && current_user_can('edit_themes') && $broken_themes = wp_
 			<# if ( data.active ) { #>
 				<span class="current-label"><?php _e( 'Current Theme' ); ?></span>
 			<# } #>
-			<h3 class="theme-name">{{ data.name }}<span class="theme-version"><?php _e('Version: '); ?> {{ data.version }}</span></h3>
-			<# if ( data.authorURI ) { #>
-				<h4 class="theme-author"><?php printf( __( 'By %s' ), '<a href="{{ data.authorURI }}">{{ data.author }}</a>' ); ?></h4>
-			<# } else { #>
-				<h4 class="theme-author"><?php printf( __( 'By %s' ), '{{ data.author }}' ); ?></h4>
-			<# } #>
+			<h3 class="theme-name">{{{ data.name }}}<span class="theme-version"><?php printf( __( 'Version: %s' ), '{{{ data.version }}}' ); ?></span></h3>
+			<h4 class="theme-author"><?php printf( __( 'By %s' ), '{{{ data.author }}}' ); ?></h4>
 
 			<# if ( data.hasUpdate ) { #>
 			<div class="theme-update-message">
@@ -282,13 +278,13 @@ if ( ! is_multisite() && current_user_can('edit_themes') && $broken_themes = wp_
 			<p class="theme-description">{{{ data.description }}}</p>
 
 			<# if ( data.parent ) { #>
-				<p class="parent-theme"><?php printf( __( 'This is a child theme of <strong>%s</strong>.' ), '{{ data.parent }}' ); ?></p>
+				<p class="parent-theme"><?php printf( __( 'This is a child theme of <strong>%s</strong>.' ), '{{{ data.parent }}}' ); ?></p>
 			<# } #>
 
-			<# if ( data.tags.length !== 0 ) { #>
+			<# if ( data.tags ) { #>
 				<p class="theme-tags">
 					<span><?php _e( 'Tags:' ); ?></span>
-					{{{ data.tags.join( ', ' ).replace( /-/g, ' ' ) }}}
+					{{{ data.tags.replace( /-/g, ' ' ) }}}
 				</p>
 			<# } #>
 		</div>