Making WordPress.org


Ignore:
Timestamp:
03/31/2017 10:05:39 AM (8 years ago)
Author:
dd32
Message:

Plugin Directory: Strip tags from author headers prior to escaping.
This fixes cases where <a href="..">Author</a> was shown.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-plugins/template-parts/plugin.php

    r4472 r5224  
    3131    <footer>
    3232        <span class="plugin-author">
    33             <i class="dashicons dashicons-admin-users"></i> <?php echo esc_html( get_post_meta( get_the_ID(), 'header_author', true ) ?: get_the_author() ); ?>
     33            <i class="dashicons dashicons-admin-users"></i> <?php echo esc_html( strip_tags( get_post_meta( get_the_ID(), 'header_author', true ) ) ?: get_the_author() ); ?>
    3434        </span>
    3535        <span class="active-installs">
Note: See TracChangeset for help on using the changeset viewer.