Skip to content

Commit b015e89

Browse files
afragenafragen
authored
Fix plugin search, broke with escaping (#309)
Signed-off-by: Andy Fragen <[email protected]>
1 parent b6fc7bb commit b015e89

File tree

2 files changed

+32
-18
lines changed

2 files changed

+32
-18
lines changed

inc/packages/admin/class-list-table.php

Lines changed: 19 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -18,22 +18,33 @@ class List_Table extends WP_Plugin_Install_List_Table {
1818
/**
1919
* Replace Add Plugins message with ours.
2020
*
21+
* Skip for WP versions prior to 6.9.0.
22+
*
2123
* @since WordPress 6.9.0
2224
* @return void
2325
*/
2426
public function views() {
27+
if ( ! is_wp_version_compatible( '6.9' ) ) {
28+
parent::views();
29+
return;
30+
}
31+
2532
ob_start();
2633
parent::views();
2734
$views = ob_get_clean();
2835

29-
echo wp_kses_post(
30-
str_replace(
31-
// phpcs:ignore WordPress.WP.I18n.MissingArgDomain -- Intentional use of Core's text domain.
32-
[ __( 'https://wordpress.org/plugins/' ), __( 'WordPress Plugin Directory' ) ],
33-
[ esc_url( 'https://fair.pm/packages/plugins/' ), __( 'FAIR Package Directory', 'fair' ) ],
34-
$views
35-
)
36-
);
36+
preg_match( '|<a href="(?<url>[^"]+)">(?<text>[^>]+)<\/a>|', $views, $matches );
37+
if ( ! empty( $matches['text'] ) ) {
38+
$text_with_fair = str_replace( 'WordPress', 'FAIR', $matches['text'] );
39+
$str = str_replace(
40+
[ $matches['url'], $matches['text'] ],
41+
[ __( 'https://fair.pm/packages/plugins/', 'fair' ), $text_with_fair ],
42+
$matches[0]
43+
);
44+
}
45+
46+
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Replacements are escaped. The previous content is direct from Core.
47+
echo str_replace( $matches[0], $str, $views );
3748
}
3849

3950
/**

inc/packages/admin/namespace.php

Lines changed: 13 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -41,8 +41,7 @@ function bootstrap() {
4141
add_filter( 'wp_list_table_class_name', __NAMESPACE__ . '\\maybe_override_list_table' );
4242

4343
// Needed for pre WordPress 6.9 compatibility.
44-
global $wp_version;
45-
if ( version_compare( $wp_version, '6.9-beta1', '<' ) ) {
44+
if ( ! is_wp_version_compatible( '6.9' ) ) {
4645
add_action( 'install_plugins_featured', __NAMESPACE__ . '\\replace_featured_message' );
4746
add_action( 'admin_init', fn() => remove_action( 'install_plugins_featured', 'install_dashboard' ) );
4847
}
@@ -87,14 +86,18 @@ function replace_featured_message() {
8786
\display_plugins_table();
8887
$views = ob_get_clean();
8988

90-
echo wp_kses_post(
91-
str_replace(
92-
// phpcs:ignore WordPress.WP.I18n.MissingArgDomain -- Intentional use of Core's text domain.
93-
[ __( 'https://wordpress.org/plugins/' ), __( 'WordPress Plugin Directory' ) ],
94-
[ esc_url( 'https://fair.pm/packages/plugins/' ), __( 'FAIR Package Directory', 'fair' ) ],
95-
$views
96-
)
97-
);
89+
preg_match( '|<a href="(?<url>[^"]+)">(?<text>[^>]+)<\/a>|', $views, $matches );
90+
if ( ! empty( $matches['text'] ) ) {
91+
$text_with_fair = str_replace( 'WordPress', 'FAIR', $matches['text'] );
92+
$str = str_replace(
93+
[ $matches['url'], $matches['text'] ],
94+
[ __( 'https://fair.pm/packages/plugins/', 'fair' ), $text_with_fair ],
95+
$matches[0]
96+
);
97+
}
98+
99+
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Replacements are escaped. The previous content is direct from Core.
100+
echo str_replace( $matches[0], $str, $views );
98101
}
99102

100103
/**

0 commit comments

Comments
 (0)