From 1664811decd79a19ddea766580aaa9f834ccb280 Mon Sep 17 00:00:00 2001
From: Sergey Biryukov <sergeybiryukov.ru@gmail.com>
Date: Tue, 30 Aug 2022 15:51:22 +0000
Subject: [PATCH] Grouped backports to the 4.3 branch.

- Posts, Post Types: Escape output within `the_meta()`.
- General: Ensure bookmark query limits are numeric.
- Plugins: Escape output in error messages.

Merges [53958-53960] to the 4.3 branch.
Props tykoted, martinkrcho, xknown, dd32, peterwilsoncc, paulkevan, timothyblynjacobs.

Built from https://develop.svn.wordpress.org/branches/4.3@53980


git-svn-id: http://core.svn.wordpress.org/branches/4.3@53539 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/plugins.php          | 4 ++--
 wp-includes/bookmark.php      | 2 +-
 wp-includes/post-template.php | 6 ++++--
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php
index 7295d7168f..b1a93cdb0a 100644
--- a/wp-admin/plugins.php
+++ b/wp-admin/plugins.php
@@ -411,7 +411,7 @@ require_once(ABSPATH . 'wp-admin/admin-header.php');
 $invalid = validate_active_plugins();
 if ( !empty($invalid) )
 	foreach ( $invalid as $plugin_file => $error )
-		echo '<div id="message" class="error"><p>' . sprintf(__('The plugin <code>%s</code> has been <strong>deactivated</strong> due to an error: %s'), esc_html($plugin_file), $error->get_error_message()) . '</p></div>';
+		echo '<div id="message" class="error"><p>' . sprintf(__('The plugin <code>%s</code> has been <strong>deactivated</strong> due to an error: %s'), esc_html($plugin_file), esc_html( $error->get_error_message() ) ) . '</p></div>';
 ?>
 
 <?php if ( isset($_GET['error']) ) :
@@ -437,7 +437,7 @@ if ( !empty($invalid) )
 		delete_transient( 'plugins_delete_result_' . $user_ID );
 
 		if ( is_wp_error($delete_result) ) : ?>
-		<div id="message" class="error notice is-dismissible"><p><?php printf( __('Plugin could not be deleted due to an error: %s'), $delete_result->get_error_message() ); ?></p></div>
+		<div id="message" class="error notice is-dismissible"><p><?php printf( __('Plugin could not be deleted due to an error: %s'), esc_html( $delete_result->get_error_message() ) ); ?></p></div>
 		<?php else : ?>
 		<div id="message" class="updated notice is-dismissible"><p><?php _e('The selected plugins have been <strong>deleted</strong>.'); ?></p></div>
 		<?php endif; ?>
diff --git a/wp-includes/bookmark.php b/wp-includes/bookmark.php
index 1e178f436f..18952aca86 100644
--- a/wp-includes/bookmark.php
+++ b/wp-includes/bookmark.php
@@ -280,7 +280,7 @@ function get_bookmarks( $args = '' ) {
 	$query .= " $exclusions $inclusions $search";
 	$query .= " ORDER BY $orderby $order";
 	if ( $r['limit'] != -1 ) {
-		$query .= ' LIMIT ' . $r['limit'];
+		$query .= ' LIMIT ' . absint( $r['limit'] );
 	}
 
 	$results = $wpdb->get_results( $query );
diff --git a/wp-includes/post-template.php b/wp-includes/post-template.php
index ea3769358f..7802487b5c 100644
--- a/wp-includes/post-template.php
+++ b/wp-includes/post-template.php
@@ -938,10 +938,12 @@ function post_custom( $key = '' ) {
 /**
  * Display list of post custom fields.
  *
- * @internal This will probably change at some point...
  * @since 1.2.0
+ *
+ * @deprecated 6.0.2 Use get_post_meta() to retrieve post meta and render manually.
  */
 function the_meta() {
+	_deprecated_function( __FUNCTION__, '6.0.2', 'get_post_meta()' );
 	if ( $keys = get_post_custom_keys() ) {
 		echo "<ul class='post-meta'>\n";
 		foreach ( (array) $keys as $key ) {
@@ -960,7 +962,7 @@ function the_meta() {
 			 * @param string $key   Meta key.
 			 * @param string $value Meta value.
 			 */
-			echo apply_filters( 'the_meta_key', "<li><span class='post-meta-key'>$key:</span> $value</li>\n", $key, $value );
+			echo apply_filters( 'the_meta_key', "<li><span class='post-meta-key'>" . esc_html( $key ) . ":</span>" . esc_html( $value ) . "</li>\n", $key, $value );
 		}
 		echo "</ul>\n";
 	}