From 4134153d8936145948004f934c905c148ee75e98 Mon Sep 17 00:00:00 2001
From: westi <westi@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Wed, 30 Jul 2008 06:38:40 +0000
Subject: [PATCH] Avoid possible XSS when displaying the list of invalid
 plugins fixes #6871 for trunk props xknown.

git-svn-id: http://svn.automattic.com/wordpress/trunk@8499 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/plugins.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php
index e8133271e..039f88cd3 100644
--- a/wp-admin/plugins.php
+++ b/wp-admin/plugins.php
@@ -168,7 +168,7 @@ require_once('admin-header.php');
 $invalid = validate_active_plugins();
 if( !empty($invalid) )
 	foreach($invalid as $plugin_file => $error)
-		echo '<div id="message" class="error"><p>' . sprintf(__('The plugin <code>%s</code> has been <strong>deactivated</strong> due to an error: %s'), $plugin_file, $error->get_error_message()) . '</p></div>';
+		echo '<div id="message" class="error"><p>' . sprintf(__('The plugin <code>%s</code> has been <strong>deactivated</strong> due to an error: %s'), wp_specialchars($plugin_file), $error->get_error_message()) . '</p></div>';
 ?>
 
 <?php if ( isset($_GET['error']) ) : ?>