[wp-trac] [WordPress Trac] #44350: Block plugin updates if required PHP version is not supported - Updates screen
WordPress Trac
noreply at wordpress.org
Mon Mar 18 02:11:36 UTC 2019
#44350: Block plugin updates if required PHP version is not supported - Updates
screen
-------------------------------------------------+-------------------------
Reporter: flixos90 | Owner: afragen
Type: task (blessed) | Status: assigned
Priority: normal | Milestone: 5.2
Component: Plugins | Version:
Severity: normal | Resolution:
Keywords: needs-unit-tests servehappy dev- | Focuses:
feedback has-patch |
-------------------------------------------------+-------------------------
Comment (by afragen):
I was planning on a new ticket/patch for utilizing the new
`is_wp_compatible()` and `is_php_compatible()` later. I didn't want to
include them here as I was concerned someone testing the patch would
encounter an error that they couldn't easily explain.
As for escaping, I was simply trying to escape before output. If these
don't need escaping; I agree that's something for a core-committer to
decide.
Replying to [comment:27 TimothyBlynJacobs]:
> Should this use the compatibility functions from `#43992`?
>
> I don't see why escaping the plugin name is required here. It isn't done
elsewhere in core. The `Version` also isn't escaped, see
https://github.com/WordPress/wordpress-
develop/blob/6d2f78d9bacf931fb9d4ba031e135c4eb5b17713/src/wp-
admin/includes/class-wp-plugins-list-table.php#L802. And the `new_version`
isn't either, see in that same file when building the view details link.
>
> I think a committer needs to look at that.
>
> If we do want escaping, then I believe, those should be `esc_html`.
`esc_attr` is used elsewhere in that file because the final destination is
in `href` tags.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44350#comment:28>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list