- $plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ;
- if ($style != '') $style = 'class="' . $style . '"';
+
+ $plugins_allowedtags = array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array());
+
+ // Sanitize all displayed data
+ $plugin_data['Title'] = wp_kses($plugin_data['Title'], $plugins_allowedtags);
+ $plugin_data['Version'] = wp_kses($plugin_data['Version'], $plugins_allowedtags);
+ $plugin_data['Description'] = wp_kses($plugin_data['Description'], $plugins_allowedtags);
+ $plugin_data['Author'] = wp_kses($plugin_data['Author'], $plugins_allowedtags);
+
+ if ( $style != '' )
+ $style = 'class="' . $style . '"';
+ if ( is_writable(ABSPATH . PLUGINDIR . '/' . $plugin_file) )
+ $edit = "<a href='plugin-editor.php?file=$plugin_file' title='".__('Open this file in the Plugin Editor')."' class='edit'>".__('Edit')."</a>";
+ else
+ $edit = '';
+
+ $author = ( empty($plugin_data['Author']) ) ? '' : ' <cite>' . sprintf( __('By %s'), $plugin_data['Author'] ) . '.</cite>';
+