[wp-trac] [WordPress Trac] #25422: Don't escape plugin author field when deleting plugin

WordPress Trac noreply at wordpress.org
Thu Oct 8 23:13:02 UTC 2015


#25422: Don't escape plugin author field when deleting plugin
--------------------------+-----------------------------
 Reporter:  johnbillion   |       Owner:  johnbillion
     Type:  defect (bug)  |      Status:  closed
 Priority:  normal        |   Milestone:  4.4
Component:  Plugins       |     Version:
 Severity:  normal        |  Resolution:  fixed
 Keywords:  has-patch     |     Focuses:  administration
--------------------------+-----------------------------
Changes (by johnbillion):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 In [changeset:"34973"]:
 {{{
 #!CommitTicketReference repository="" revision="34973"
 Remove HTML escaping for the plugin name and author fields that are
 displayed when deleting a plugin.

 While it might seem counter-intuitive to remove HTML escaping, these
 fields are already safe (they originate in
 `_get_plugin_data_markup_translate()` which handles sanitization and
 escaping), and the AuthorName field actually allows some HTML. This change
 prevents escaped HTML from appearing here.

 Fixes #25422
 }}}

--
Ticket URL: <https://core.trac.wordpress.org/ticket/25422#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list