[wp-trac] [WordPress Trac] #16418: get_plugin_data() doesn't apply kses when $markup and $translate are false

WordPress Trac wp-trac at lists.automattic.com
Wed Mar 21 14:53:46 UTC 2012


#16418: get_plugin_data() doesn't apply kses when $markup and $translate are false
--------------------------+-----------------------------
 Reporter:  kawauso       |       Owner:  dd32
     Type:  defect (bug)  |      Status:  accepted
 Priority:  normal        |   Milestone:  Future Release
Component:  Plugins       |     Version:  3.0.4
 Severity:  normal        |  Resolution:
 Keywords:  has-patch     |
--------------------------+-----------------------------
Changes (by nacin):

 * keywords:  has-patch 3.2-early => has-patch


Comment:

 get_plugins() is $markup = $translate = false, as it then gets cached.
 Later, we call _get_plugin_data_markup_translate() directly.

 A few points:
  1. If we decide to hold off on translation until later, it is most
 accurate if it runs on the raw data, rather than the sanitized data.
  2. I ignored point 1 in WP_Theme. Sanitized data is a sanity check. If
 your data is different after being sanitized (and therefore the
 translation won't be found), then you need to fix your data. (See [20233]
 for a tweak to ensure URLs with ampersands can be translated.)
  3. Doing this will cause multiple kses runs to occur over the same data,
 as we then call _get_plugin_data_markup_translate() again in the list
 table. And since this is just a sanity check (plugins can do anything;
 this isn't a security issue), it'd be nicer to just run it once. wp_kses()
 is very expensive.
  4. These kinds of issues were what led me to writing WP_Theme.

 See also #20266 which led me here.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/16418#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list