WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Sanitize all plugin metadata, for consistency. Props Viper007Bond. fixes #3396 

git-svn-id: http://svn.automattic.com/wordpress/trunk@4540 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith 2006-11-29 09:22:49 +00:00
parent 90220dbeca
commit cb172fbe2f
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
wp-admin/plugins.php
View File

@ -105,7 +105,15 @@ if (empty($plugins)) {
} else { } else {
$toggle = "<a href='" . wp_nonce_url("plugins.php?action=activate&amp;plugin=$plugin_file", 'activate-plugin_' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>"; $toggle = "<a href='" . wp_nonce_url("plugins.php?action=activate&amp;plugin=$plugin_file", 'activate-plugin_' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
} }
$plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ;
$plugins_allowedtags = array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array());
// Sanitize all displayed data
$plugin_data['Title'] = wp_kses($plugin_data['Title'], $plugins_allowedtags);
$plugin_data['Version'] = wp_kses($plugin_data['Version'], $plugins_allowedtags);
$plugin_data['Description'] = wp_kses($plugin_data['Description'], $plugins_allowedtags);
$plugin_data['Author'] = wp_kses($plugin_data['Author'], $plugins_allowedtags);
if ( $style != '' ) if ( $style != '' )
$style = 'class="' . $style . '"'; $style = 'class="' . $style . '"';
if ( is_writable(ABSPATH . 'wp-content/plugins/' . $plugin_file) ) if ( is_writable(ABSPATH . 'wp-content/plugins/' . $plugin_file) )