Don't stripslashes() in plugin_basename() since this breaks established expectation of being able to pass a non-escaped FILE. Instead, stripslashes further up the stack. fixes #1866
git-svn-id: http://svn.automattic.com/wordpress/trunk@3139 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
f237c0bf41
commit
90004a8ae6
|
@ -41,6 +41,7 @@ require(ABSPATH . '/wp-admin/menu.php');
|
||||||
|
|
||||||
// Handle plugin admin pages.
|
// Handle plugin admin pages.
|
||||||
if (isset($_GET['page'])) {
|
if (isset($_GET['page'])) {
|
||||||
|
$plugin_page = stripslashes($_GET['page']);
|
||||||
$plugin_page = plugin_basename($_GET['page']);
|
$plugin_page = plugin_basename($_GET['page']);
|
||||||
$page_hook = get_plugin_page_hook($plugin_page, $pagenow);
|
$page_hook = get_plugin_page_hook($plugin_page, $pagenow);
|
||||||
|
|
||||||
|
|
|
@ -2142,7 +2142,6 @@ function register_deactivation_hook($file, $function) {
|
||||||
|
|
||||||
function plugin_basename($file) {
|
function plugin_basename($file) {
|
||||||
$file = preg_replace('/^.*wp-content[\\\\\/]plugins[\\\\\/]/', '', $file);
|
$file = preg_replace('/^.*wp-content[\\\\\/]plugins[\\\\\/]/', '', $file);
|
||||||
$file = stripslashes($file);
|
|
||||||
return $file;
|
return $file;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue