Making WordPress.org


Ignore:
Timestamp:
06/19/2016 08:34:06 AM (9 years ago)
Author:
dd32
Message:

Plugin Directory: Proper escaping for the readme validator.

See #1584

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/admin/class-readme-validator.php

    r3414 r3448  
    5757            'label_for' => 'readme_url',
    5858        ) );
    59         add_settings_field( 'readme_text', __( 'Text of readme.txt', 'wporg-plugins' ),    array( $this, 'textarea' ),  'readme_validator', 'default', array(
     59        add_settings_field( 'readme_text', __( 'Text of readme.txt', 'wporg-plugins' ), array( $this, 'textarea' ),  'readme_validator', 'default', array(
    6060            'label_for' => 'readme_contents',
    6161        ) );
     
    7979            $url = esc_url_raw( $_REQUEST['readme_url'] );
    8080
    81             if ( strtolower( substr( $url, - 10, 10 ) ) != 'readme.txt' ) {
     81            if ( strtolower( substr( $url, -10 ) ) != 'readme.txt' ) {
    8282                /* Translators: File name; */
    8383                add_settings_error( 'wporg-plugins', 'readme-validator', sprintf( __( 'URL must end in %s!', 'wporg-plugins' ), '<code>readme.txt</code>' ) );
     
    216216     */
    217217    public function textarea() {
    218         $text = empty( $_REQUEST['readme_contents'] ) ? '' : $_REQUEST['readme_contents'];
     218        $text = empty( $_REQUEST['readme_contents'] ) ? '' : wp_unslash( $_REQUEST['readme_contents'] );
    219219        ?>
    220220        <label>
Note: See TracChangeset for help on using the changeset viewer.