diff --git a/wp-admin/includes/update.php b/wp-admin/includes/update.php
index e0ccf1562a..b487f5d284 100644
--- a/wp-admin/includes/update.php
+++ b/wp-admin/includes/update.php
@@ -152,15 +152,18 @@ function wp_plugin_update_row( $file, $plugin_data ) {
$r = $current->response[ $file ];
+ $plugins_allowedtags = array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array());
+ $plugin_name = wp_kses( $plugin_data['Name'], $plugins_allowedtags );
+
$details_url = admin_url('plugin-install.php?tab=plugin-information&plugin=' . $r->slug . '&TB_iframe=true&width=600&height=800');
echo '
';
if ( ! current_user_can('update_plugins') )
- printf( __('There is a new version of %1$s available. View version %3$s Details.'), $plugin_data['Name'], $details_url, $r->new_version);
+ printf( __('There is a new version of %1$s available. View version %4$s Details.'), $plugin_name, $details_url, esc_attr($plugin_name), $r->new_version);
else if ( empty($r->package) )
- printf( __('There is a new version of %1$s available. View version %3$s Details automatic upgrade unavailable for this plugin.'), $plugin_data['Name'], $details_url, $r->new_version);
+ printf( __('There is a new version of %1$s available. View version %4$s Details automatic upgrade unavailable for this plugin.'), $plugin_name, $details_url, esc_attr($plugin_name), $r->new_version);
else
- printf( __('There is a new version of %1$s available. View version %3$s Details or upgrade automatically.'), $plugin_data['Name'], $details_url, $r->new_version, wp_nonce_url('update.php?action=upgrade-plugin&plugin=' . $file, 'upgrade-plugin_' . $file) );
+ printf( __('There is a new version of %1$s available. View version %4$s Details or upgrade automatically.'), $details_url, $r->new_version, $plugin_nameesc_attr($plugin_name), wp_nonce_url('update.php?action=upgrade-plugin&plugin=' . $file, 'upgrade-plugin_' . $file) );
do_action( "in_plugin_update_message-$file", $plugin_data, $r );
|