diff --git a/public_html/admin/plugins.php b/public_html/admin/plugins.php
index 716905c63..594a5cc2a 100644
--- a/public_html/admin/plugins.php
+++ b/public_html/admin/plugins.php
@@ -943,7 +943,6 @@ function continue_upgrade($plugin, $pi_version, $code_version)
* @param string $message (optional) message to display
* @param string $token an optional csrf token
* @return string HTML for the plugin screen
- * @throws Exception
*/
function plugin_main($message = '', $token = '')
{
diff --git a/public_html/lib-common.php b/public_html/lib-common.php
index e692ac0d4..98304e027 100644
--- a/public_html/lib-common.php
+++ b/public_html/lib-common.php
@@ -7202,7 +7202,11 @@ function COM_createLink($content, $url, $attr = array())
$attributes = '';
foreach ($attr as $key => $value) {
- $attributes .= sprintf(' %s="%s"', $key, $value, ENT_QUOTES, $charset);
+ $attributes .= sprintf(
+ ' %s="%s"',
+ htmlspecialchars($key, ENT_QUOTES, $charset),
+ htmlspecialchars($value, ENT_QUOTES, $charset)
+ );
}
$retval = sprintf('%s', $url, $attributes, $content);