From cb172fbe2f82e9af4ef2318cd2830ef7d6424470 Mon Sep 17 00:00:00 2001
From: markjaquith <markjaquith@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Wed, 29 Nov 2006 09:22:49 +0000
Subject: [PATCH] Sanitize all plugin metadata, for consistency.  Props
 Viper007Bond.  fixes #3396

git-svn-id: http://svn.automattic.com/wordpress/trunk@4540 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/plugins.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php
index e8984d8ce3..a275fa2773 100644
--- a/wp-admin/plugins.php
+++ b/wp-admin/plugins.php
@@ -105,7 +105,15 @@ if (empty($plugins)) {
 		} else {
 			$toggle = "<a href='" . wp_nonce_url("plugins.php?action=activate&amp;plugin=$plugin_file", 'activate-plugin_' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
 		}
-		$plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ;
+
+		$plugins_allowedtags = array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array());
+
+		// Sanitize all displayed data
+		$plugin_data['Title']       = wp_kses($plugin_data['Title'], $plugins_allowedtags);
+		$plugin_data['Version']     = wp_kses($plugin_data['Version'], $plugins_allowedtags);
+		$plugin_data['Description'] = wp_kses($plugin_data['Description'], $plugins_allowedtags);
+		$plugin_data['Author']      = wp_kses($plugin_data['Author'], $plugins_allowedtags);
+
 		if ( $style != '' )
 			$style = 'class="' . $style . '"';
 		if ( is_writable(ABSPATH . 'wp-content/plugins/' . $plugin_file) )