[wp-trac] [WordPress Trac] #16418: get_plugin_data() doesn't apply kses when $markup and $translate are false
WordPress Trac
wp-trac at lists.automattic.com
Wed Mar 21 14:53:46 UTC 2012
#16418: get_plugin_data() doesn't apply kses when $markup and $translate are false
--------------------------+-----------------------------
Reporter: kawauso | Owner: dd32
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: Future Release
Component: Plugins | Version: 3.0.4
Severity: normal | Resolution:
Keywords: has-patch |
--------------------------+-----------------------------
Changes (by nacin):
* keywords: has-patch 3.2-early => has-patch
Comment:
get_plugins() is $markup = $translate = false, as it then gets cached.
Later, we call _get_plugin_data_markup_translate() directly.
A few points:
1. If we decide to hold off on translation until later, it is most
accurate if it runs on the raw data, rather than the sanitized data.
2. I ignored point 1 in WP_Theme. Sanitized data is a sanity check. If
your data is different after being sanitized (and therefore the
translation won't be found), then you need to fix your data. (See [20233]
for a tweak to ensure URLs with ampersands can be translated.)
3. Doing this will cause multiple kses runs to occur over the same data,
as we then call _get_plugin_data_markup_translate() again in the list
table. And since this is just a sanity check (plugins can do anything;
this isn't a security issue), it'd be nicer to just run it once. wp_kses()
is very expensive.
4. These kinds of issues were what led me to writing WP_Theme.
See also #20266 which led me here.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16418#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list