#44350: Block plugin updates if required PHP version is not supported - Updates
screen
-------------------------------------------------+-------------------------
Reporter: flixos90 | Owner: afragen
Type: task (blessed) | Status: assigned
Priority: normal | Milestone: 5.2
Component: Plugins | Version:
Severity: normal | Resolution:
Keywords: needs-unit-tests servehappy dev- | Focuses:
feedback has-patch |
-------------------------------------------------+-------------------------
Comment (by TimothyBlynJacobs):
Should this use the compatibility functions from `#43992`?
I don't see why escaping the plugin name is required here. It isn't done
elsewhere in core. The `Version` also isn't escaped, see
https://github.com/WordPress/wordpress-
develop/blob/6d2f78d9bacf931fb9d4ba031e135c4eb5b17713/src/wp-
admin/includes/class-wp-plugins-list-table.php#L802. And the `new_version`
isn't either, see in that same file when building the view details link.
I think a committer needs to look at that.
If we do want escaping, then I believe, those should be `esc_html`.
`esc_attr` is used elsewhere in that file because the final destination is
in `href` tags.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44350#comment:27>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform