From df3ecac02be4fc6a72fccfdf40cea3a756773994 Mon Sep 17 00:00:00 2001
From: azaozz <azaozz@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Sun, 17 May 2009 20:26:36 +0000
Subject: [PATCH] Sanitize plugin update information, props hakre, fixes #5422

git-svn-id: http://svn.automattic.com/wordpress/trunk@11376 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/includes/update.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/wp-admin/includes/update.php b/wp-admin/includes/update.php
index bf7e7c5e13..7756f861db 100644
--- a/wp-admin/includes/update.php
+++ b/wp-admin/includes/update.php
@@ -159,11 +159,11 @@ function wp_plugin_update_row( $file, $plugin_data ) {
 
 	echo '<tr><td colspan="5" class="plugin-update">';
 	if ( ! current_user_can('update_plugins') )
-		printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a>.'), $plugin_name, $details_url, esc_attr($plugin_name), $r->new_version);
+		printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a>.'), $plugin_name, clean_url($details_url), esc_attr($plugin_name), $r->new_version );
 	else if ( empty($r->package) )
-		printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a> <em>automatic upgrade unavailable for this plugin</em>.'), $plugin_name, $details_url, esc_attr($plugin_name), $r->new_version);
+		printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a> <em>automatic upgrade unavailable for this plugin</em>.'), $plugin_name, clean_url($details_url), esc_attr($plugin_name), $r->new_version );
 	else
-		printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a> or <a href="%5$s">upgrade automatically</a>.'), $plugin_name, $details_url, esc_attr($plugin_name), $r->new_version, wp_nonce_url('update.php?action=upgrade-plugin&amp;plugin=' . $file, 'upgrade-plugin_' . $file) );
+		printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a> or <a href="%5$s">upgrade automatically</a>.'), $plugin_name, clean_url($details_url), esc_attr($plugin_name), $r->new_version, wp_nonce_url('update.php?action=upgrade-plugin&plugin=' . $file, 'upgrade-plugin_' . $file) );
 	
 	do_action( "in_plugin_update_message-$file", $plugin_data, $r );