Permalink
Browse files

Merge pull request #290 from richardtape/escape-urls

CHANGE escape urls for add_query_arg calls
  • Loading branch information...
thomasgriffin committed Apr 21, 2015
2 parents e61b32f + fd8e094 commit 5420ef032cf6eae3dd73be0575bfa978837e047e
Showing with 77 additions and 63 deletions.
  1. +77 −63 class-tgm-plugin-activation.php
@@ -429,15 +429,17 @@ protected function do_plugin_install() {
// Pass all necessary information via URL if WP_Filesystem is needed.
$url = wp_nonce_url(
add_query_arg(
array(
'page' => $this->menu,
'plugin' => $plugin['slug'],
'plugin_name' => $plugin['name'],
'plugin_source' => $plugin['source'],
'tgmpa-install' => 'install-plugin',
),
network_admin_url( 'themes.php' )
esc_url(
add_query_arg(
array(
'page' => $this->menu,
'plugin' => $plugin['slug'],
'plugin_name' => $plugin['name'],
'plugin_source' => $plugin['source'],
'tgmpa-install' => 'install-plugin',
),
network_admin_url( 'themes.php' )
)
),
'tgmpa-install'
);
@@ -479,6 +481,8 @@ protected function do_plugin_install() {
$url .= add_query_arg( 'from', urlencode( stripslashes( $_GET['from'] ) ), $url );
}
$url = esc_url( $url );
$nonce = 'install-plugin_' . $plugin['slug'];
// Prefix a default path to pre-packaged plugins.
@@ -501,7 +505,7 @@ protected function do_plugin_install() {
if ( is_wp_error( $activate ) ) {
echo '<div id="message" class="error"><p>' . $activate->get_error_message() . '</p></div>';
echo '<p><a href="' . add_query_arg( 'page', $this->menu, network_admin_url( 'themes.php' ) ) . '" title="' . esc_attr( $this->strings['return'] ) . '" target="_parent">' . $this->strings['return'] . '</a></p>';
echo '<p><a href="' . esc_url( add_query_arg( 'page', $this->menu, network_admin_url( 'themes.php' ) ) ) . '" title="' . esc_attr( $this->strings['return'] ) . '" target="_parent">' . $this->strings['return'] . '</a></p>';
return true; // End it here if there is an error with automatic activation
}
else {
@@ -513,7 +517,7 @@ protected function do_plugin_install() {
$complete = array();
foreach ( $this->plugins as $plugin ) {
if ( ! is_plugin_active( $plugin['file_path'] ) ) {
echo '<p><a href="' . add_query_arg( 'page', $this->menu, network_admin_url( 'themes.php' ) ) . '" title="' . esc_attr( $this->strings['return'] ) . '" target="_parent">' . $this->strings['return'] . '</a></p>';
echo '<p><a href="' . esc_url( add_query_arg( 'page', $this->menu, network_admin_url( 'themes.php' ) ) ) . '" title="' . esc_attr( $this->strings['return'] ) . '" target="_parent">' . $this->strings['return'] . '</a></p>';
$complete[] = $plugin;
break;
}
@@ -550,7 +554,7 @@ protected function do_plugin_install() {
if ( is_wp_error( $activate ) ) {
echo '<div id="message" class="error"><p>' . $activate->get_error_message() . '</p></div>';
echo '<p><a href="' . add_query_arg( 'page', $this->menu, network_admin_url( 'themes.php' ) ) . '" title="' . esc_attr( $this->strings['return'] ) . '" target="_parent">' . $this->strings['return'] . '</a></p>';
echo '<p><a href="' . esc_url( add_query_arg( 'page', $this->menu, network_admin_url( 'themes.php' ) ) ) . '" title="' . esc_attr( $this->strings['return'] ) . '" target="_parent">' . $this->strings['return'] . '</a></p>';
return true; // End it here if there is an error with activation.
}
else {
@@ -691,15 +695,17 @@ public function notices() {
$linked_plugin_groups[] = '<a href="' . esc_url( $external_url ) . '" title="' . $plugin_group_single_name . '" target="_blank">' . $plugin_group_single_name . '</a>';
}
elseif ( ! $source || preg_match( '|^http://wordpress.org/extend/plugins/|', $source ) ) {
$url = add_query_arg(
array(
'tab' => 'plugin-information',
'plugin' => $this->_get_plugin_data_from_name( $plugin_group_single_name ),
'TB_iframe' => 'true',
'width' => '640',
'height' => '500',
),
network_admin_url( 'plugin-install.php' )
$url = esc_url(
add_query_arg(
array(
'tab' => 'plugin-information',
'plugin' => $this->_get_plugin_data_from_name( $plugin_group_single_name ),
'TB_iframe' => 'true',
'width' => '640',
'height' => '500',
),
network_admin_url( 'plugin-install.php' )
)
);
$linked_plugin_groups[] = '<a href="' . esc_url( $url ) . '" class="thickbox" title="' . $plugin_group_single_name . '">' . $plugin_group_single_name . '</a>';
@@ -720,16 +726,16 @@ public function notices() {
}
// Setup variables to determine if action links are needed.
$show_install_link = $install_link ? '<a href="' . add_query_arg( 'page', $this->menu, network_admin_url( 'themes.php' ) ) . '">' . translate_nooped_plural( $this->strings['install_link'], $install_link_count, 'tgmpa' ) . '</a>' : '';
$show_activate_link = $activate_link ? '<a href="' . add_query_arg( 'page', $this->menu, network_admin_url( 'themes.php' ) ) . '">' . translate_nooped_plural( $this->strings['activate_link'], $activate_link_count, 'tgmpa' ) . '</a>' : '';
$show_install_link = $install_link ? '<a href="' . esc_url( add_query_arg( 'page', $this->menu, network_admin_url( 'themes.php' ) ) ) . '">' . translate_nooped_plural( $this->strings['install_link'], $install_link_count, 'tgmpa' ) . '</a>' : '';
$show_activate_link = $activate_link ? '<a href="' . esc_url( add_query_arg( 'page', $this->menu, network_admin_url( 'themes.php' ) ) ) . '">' . translate_nooped_plural( $this->strings['activate_link'], $activate_link_count, 'tgmpa' ) . '</a>' : '';
// Define all of the action links.
$action_links = apply_filters(
'tgmpa_notice_action_links',
array(
'install' => ( current_user_can( 'install_plugins' ) ) ? $show_install_link : '',
'activate' => ( current_user_can( 'activate_plugins' ) ) ? $show_activate_link : '',
'dismiss' => $this->dismissable ? '<a class="dismiss-notice" href="' . add_query_arg( 'tgmpa-dismiss', 'dismiss_admin_notices' ) . '" target="_parent">' . $this->strings['dismiss'] . '</a>' : '',
'dismiss' => $this->dismissable ? '<a class="dismiss-notice" href="' . esc_url( add_query_arg( 'tgmpa-dismiss', 'dismiss_admin_notices' ) ) . '" target="_parent">' . $this->strings['dismiss'] . '</a>' : '',
)
);
@@ -1139,15 +1145,17 @@ protected function _gather_plugin_data() {
$table_data[$i]['plugin'] = '<strong><a href="' . esc_url( $external_url ) . '" title="' . $plugin['name'] . '" target="_blank">' . $plugin['name'] . '</a></strong>';
}
elseif ( ! $source || preg_match( '|^http://wordpress.org/extend/plugins/|', $source ) ) {
$url = add_query_arg(
array(
'tab' => 'plugin-information',
'plugin' => $this->_get_plugin_data_from_name( $plugin['name'] ),
'TB_iframe' => 'true',
'width' => '640',
'height' => '500',
),
network_admin_url( 'plugin-install.php' )
$url = esc_url(
add_query_arg(
array(
'tab' => 'plugin-information',
'plugin' => $this->_get_plugin_data_from_name( $plugin['name'] ),
'TB_iframe' => 'true',
'width' => '640',
'height' => '500',
),
network_admin_url( 'plugin-install.php' )
)
);
$table_data[$i]['plugin'] = '<strong><a href="' . esc_url( $url ) . '" class="thickbox" title="' . $plugin['name'] . '">' . $plugin['name'] . '</a></strong>';
@@ -1286,15 +1294,17 @@ public function column_plugin( $item ) {
'install' => sprintf(
'<a href="%1$s" title="' . __( 'Install', 'tgmpa' ) . ' %2$s">' . __( 'Install', 'tgmpa' ) . '</a>',
wp_nonce_url(
add_query_arg(
array(
'page' => TGM_Plugin_Activation::$instance->menu,
'plugin' => $item['slug'],
'plugin_name' => $item['sanitized_plugin'],
'plugin_source' => $item['url'],
'tgmpa-install' => 'install-plugin',
),
network_admin_url( 'themes.php' )
esc_url(
add_query_arg(
array(
'page' => TGM_Plugin_Activation::$instance->menu,
'plugin' => $item['slug'],
'plugin_name' => $item['sanitized_plugin'],
'plugin_source' => $item['url'],
'tgmpa-install' => 'install-plugin',
),
network_admin_url( 'themes.php' )
)
),
'tgmpa-install'
),
@@ -1307,16 +1317,18 @@ public function column_plugin( $item ) {
$actions = array(
'activate' => sprintf(
'<a href="%1$s" title="' . __( 'Activate', 'tgmpa' ) . ' %2$s">' . __( 'Activate', 'tgmpa' ) . '</a>',
add_query_arg(
array(
'page' => TGM_Plugin_Activation::$instance->menu,
'plugin' => $item['slug'],
'plugin_name' => $item['sanitized_plugin'],
'plugin_source' => $item['url'],
'tgmpa-activate' => 'activate-plugin',
'tgmpa-activate-nonce' => wp_create_nonce( 'tgmpa-activate' ),
),
network_admin_url( 'themes.php' )
esc_url(
add_query_arg(
array(
'page' => TGM_Plugin_Activation::$instance->menu,
'plugin' => $item['slug'],
'plugin_name' => $item['sanitized_plugin'],
'plugin_source' => $item['url'],
'tgmpa-activate' => 'activate-plugin',
'tgmpa-activate-nonce' => wp_create_nonce( 'tgmpa-activate' ),
),
network_admin_url( 'themes.php' )
)
),
$item['sanitized_plugin']
),
@@ -1517,15 +1529,17 @@ public function process_bulk_actions() {
// Pass all necessary information via URL if WP_Filesystem is needed.
$url = wp_nonce_url(
add_query_arg(
array(
'page' => TGM_Plugin_Activation::$instance->menu,
'tgmpa-action' => 'install-selected',
'plugins' => urlencode( implode( ',', $plugins ) ),
'plugin_paths' => urlencode( implode( ',', $plugin_paths ) ),
'plugin_names' => urlencode( implode( ',', $plugin_names ) ),
),
network_admin_url( 'themes.php' )
esc_url(
add_query_arg(
array(
'page' => TGM_Plugin_Activation::$instance->menu,
'tgmpa-action' => 'install-selected',
'plugins' => urlencode( implode( ',', $plugins ) ),
'plugin_paths' => urlencode( implode( ',', $plugin_paths ) ),
'plugin_names' => urlencode( implode( ',', $plugin_names ) ),
),
network_admin_url( 'themes.php' )
)
),
'bulk-plugins'
);
@@ -1568,7 +1582,7 @@ public function process_bulk_actions() {
}
// Finally, all the data is prepared to be sent to the installer.
$url = add_query_arg( array( 'page' => TGM_Plugin_Activation::$instance->menu ), network_admin_url( 'themes.php' ) );
$url = esc_url( add_query_arg( array( 'page' => TGM_Plugin_Activation::$instance->menu ), network_admin_url( 'themes.php' ) ) );
$nonce = 'bulk-plugins';
$names = $plugin_names;
@@ -2138,7 +2152,7 @@ public function bulk_footer() {
$complete = array();
foreach ( TGM_Plugin_Activation::$instance->plugins as $plugin ) {
if ( ! is_plugin_active( $plugin['file_path'] ) ) {
echo '<p><a href="' . add_query_arg( 'page', TGM_Plugin_Activation::$instance->menu, network_admin_url( 'themes.php' ) ) . '" title="' . esc_attr( TGM_Plugin_Activation::$instance->strings['return'] ) . '" target="_parent">' . TGM_Plugin_Activation::$instance->strings['return'] . '</a></p>';
echo '<p><a href="' . esc_url( add_query_arg( 'page', TGM_Plugin_Activation::$instance->menu, network_admin_url( 'themes.php' ) ) ) . '" title="' . esc_attr( TGM_Plugin_Activation::$instance->strings['return'] ) . '" target="_parent">' . TGM_Plugin_Activation::$instance->strings['return'] . '</a></p>';
$complete[] = $plugin;
break;
}

0 comments on commit 5420ef0

Please sign in to comment.