diff options
author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2006-11-30 18:54:22 +0000 |
---|---|---|
committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2006-11-30 18:54:22 +0000 |
commit | 9415bbca12c01c39da58e0ed2c4e6b44ff833e5d (patch) | |
tree | 72e6c3da0cf5b18f808b7b5002ffd41f3edc0904 /wp-admin/plugins.php | |
parent | 475ef251608d4d8a4d44a86d99693c416a1159fd (diff) | |
download | wordpress-mu-9415bbca12c01c39da58e0ed2c4e6b44ff833e5d.tar.gz wordpress-mu-9415bbca12c01c39da58e0ed2c4e6b44ff833e5d.tar.xz wordpress-mu-9415bbca12c01c39da58e0ed2c4e6b44ff833e5d.zip |
WP Merge to 4559
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@816 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-admin/plugins.php')
-rw-r--r-- | wp-admin/plugins.php | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php index f224937..d8fce65 100644 --- a/wp-admin/plugins.php +++ b/wp-admin/plugins.php @@ -112,7 +112,15 @@ if (empty($plugins)) { } else { $toggle = "<a href='" . wp_nonce_url("plugins.php?action=activate&plugin=$plugin_file", 'activate-plugin_' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>"; } - $plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ; + + $plugins_allowedtags = array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()); + + // Sanitize all displayed data + $plugin_data['Title'] = wp_kses($plugin_data['Title'], $plugins_allowedtags); + $plugin_data['Version'] = wp_kses($plugin_data['Version'], $plugins_allowedtags); + $plugin_data['Description'] = wp_kses($plugin_data['Description'], $plugins_allowedtags); + $plugin_data['Author'] = wp_kses($plugin_data['Author'], $plugins_allowedtags); + if ( $style != '' ) $style = 'class="' . $style . '"'; if ( is_writable(ABSPATH . 'wp-content/plugins/' . $plugin_file) ) |