X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/00dbffaf1593b0ac719d98f00839221a9ca52133..refs/tags/wordpress-3.5.2:/wp-admin/includes/class-wp-upgrader.php
diff --git a/wp-admin/includes/class-wp-upgrader.php b/wp-admin/includes/class-wp-upgrader.php
index ef8fb5f8..63155927 100644
--- a/wp-admin/includes/class-wp-upgrader.php
+++ b/wp-admin/includes/class-wp-upgrader.php
@@ -98,7 +98,7 @@ class WP_Upgrader {
break;
default:
if ( ! $wp_filesystem->find_folder($dir) )
- return new WP_Error('fs_no_folder', sprintf($this->strings['fs_no_folder'], $dir));
+ return new WP_Error( 'fs_no_folder', sprintf( $this->strings['fs_no_folder'], esc_html( basename( $dir ) ) ) );
break;
}
}
@@ -1133,7 +1133,7 @@ class WP_Upgrader_Skin {
} elseif ( is_wp_error($errors) && $errors->get_error_code() ) {
foreach ( $errors->get_error_messages() as $message ) {
if ( $errors->get_error_data() )
- $this->feedback($message . ' ' . $errors->get_error_data() );
+ $this->feedback($message . ' ' . esc_html( $errors->get_error_data() ) );
else
$this->feedback($message);
}
@@ -1147,8 +1147,11 @@ class WP_Upgrader_Skin {
if ( strpos($string, '%') !== false ) {
$args = func_get_args();
$args = array_splice($args, 1);
- if ( !empty($args) )
+ if ( $args ) {
+ $args = array_map( 'strip_tags', $args );
+ $args = array_map( 'esc_html', $args );
$string = vsprintf($string, $args);
+ }
}
if ( empty($string) )
return;
@@ -1188,11 +1191,11 @@ class Plugin_Upgrader_Skin extends WP_Upgrader_Skin {
function after() {
$this->plugin = $this->upgrader->plugin_info();
if ( !empty($this->plugin) && !is_wp_error($this->result) && $this->plugin_active ){
- echo '';
+ echo '';
}
$update_actions = array(
- 'activate_plugin' => '' . __('Activate Plugin') . '',
+ 'activate_plugin' => '' . __('Activate Plugin') . '',
'plugins_page' => '' . __('Return to Plugins page') . ''
);
if ( $this->plugin_active || ! $this->result || is_wp_error( $this->result ) || ! current_user_can( 'activate_plugins' ) )
@@ -1244,8 +1247,11 @@ class Bulk_Upgrader_Skin extends WP_Upgrader_Skin {
if ( strpos($string, '%') !== false ) {
$args = func_get_args();
$args = array_splice($args, 1);
- if ( !empty($args) )
+ if ( $args ) {
+ $args = array_map( 'strip_tags', $args );
+ $args = array_map( 'esc_html', $args );
$string = vsprintf($string, $args);
+ }
}
if ( empty($string) )
return;
@@ -1269,7 +1275,7 @@ class Bulk_Upgrader_Skin extends WP_Upgrader_Skin {
if ( is_wp_error($error) ) {
foreach ( $error->get_error_messages() as $emessage ) {
if ( $error->get_error_data() )
- $messages[] = $emessage . ' ' . $error->get_error_data();
+ $messages[] = $emessage . ' ' . esc_html( $error->get_error_data() );
else
$messages[] = $emessage;
}
@@ -1430,12 +1436,12 @@ class Plugin_Installer_Skin extends WP_Upgrader_Skin {
$from = isset($_GET['from']) ? stripslashes($_GET['from']) : 'plugins';
if ( 'import' == $from )
- $install_actions['activate_plugin'] = '' . __('Activate Plugin & Run Importer') . '';
+ $install_actions['activate_plugin'] = '' . __('Activate Plugin & Run Importer') . '';
else
- $install_actions['activate_plugin'] = '' . __('Activate Plugin') . '';
+ $install_actions['activate_plugin'] = '' . __('Activate Plugin') . '';
if ( is_multisite() && current_user_can( 'manage_network_plugins' ) ) {
- $install_actions['network_activate'] = '' . __('Network Activate') . '';
+ $install_actions['network_activate'] = '' . __('Network Activate') . '';
unset( $install_actions['activate_plugin'] );
}
@@ -1670,4 +1676,4 @@ class File_Upload_Upgrader {
return true;
}
-}
\ No newline at end of file
+}