From 8c3925760f4309974cb66f8a0635feefd0eb069f Mon Sep 17 00:00:00 2001
From: Andrew Nacin <wp@andrewnacin.com>
Date: Wed, 26 Mar 2014 14:39:16 +0000
Subject: [PATCH] Upgrader skins: Strip tags before displaying error data.

fixes #25394.

Built from https://develop.svn.wordpress.org/trunk@27737


git-svn-id: http://core.svn.wordpress.org/trunk@27574 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/includes/class-wp-upgrader-skins.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/wp-admin/includes/class-wp-upgrader-skins.php b/wp-admin/includes/class-wp-upgrader-skins.php
index ed6c5e6447..def73abbe6 100644
--- a/wp-admin/includes/class-wp-upgrader-skins.php
+++ b/wp-admin/includes/class-wp-upgrader-skins.php
@@ -65,7 +65,7 @@ class WP_Upgrader_Skin {
 		} elseif ( is_wp_error($errors) && $errors->get_error_code() ) {
 			foreach ( $errors->get_error_messages() as $message ) {
 				if ( $errors->get_error_data() && is_string( $errors->get_error_data() ) )
-					$this->feedback($message . ' ' . esc_html( $errors->get_error_data() ) );
+					$this->feedback($message . ' ' . esc_html( strip_tags( $errors->get_error_data() ) ) );
 				else
 					$this->feedback($message);
 			}
@@ -217,7 +217,7 @@ class Bulk_Upgrader_Skin extends WP_Upgrader_Skin {
 		if ( is_wp_error($error) ) {
 			foreach ( $error->get_error_messages() as $emessage ) {
 				if ( $error->get_error_data() && is_string( $error->get_error_data() ) )
-					$messages[] = $emessage . ' ' . esc_html( $error->get_error_data() );
+					$messages[] = $emessage . ' ' . esc_html( strip_tags( $error->get_error_data() ) );
 				else
 					$messages[] = $emessage;
 			}