[wp-hackers] Plugin version number from WP.org sanitized?
viper at viper007bond.com
Mon Dec 3 10:11:06 GMT 2007
I've been playing around with the plugin update checker (writing a new
plugin that uses the data) and noticed that the data retrieved from
WP.orgis displayed raw:
printf( __('There is a new version of %s available. <a href="%s">Download
version %s here</a>.'), $plugin_data['Name'], $r->url, $r->new_version );
Does this mean WP.org automatically htmlspecialchars() the version number
and such or was this overlooked?
What if I commit a new version of my plugin and put this as the version
The same goes for plugin titles.
Wondering both for my plugin's sake and for security's sake.
Viper007Bond | http://www.viper007bond.com/
More information about the wp-hackers