fix: Prevent bad string injection in plugin update message (#3318) #3419
+1
−3
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
Author
|
Could you please check this commit ? |
jasonbahl
approved these changes
Sep 25, 2025
jasonbahl
changed the title
jasonbahl
pushed a commit
to jasonbahl/wp-graphql
that referenced
this pull request
Sep 26, 2025
PatelUtkarsh
pushed a commit
to PatelUtkarsh/wp-graphql
that referenced
this pull request
Oct 1, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR fixes issue #3318: Bad string injection of plugin update message.
The update message for WPGraphQL in the WordPress admin was previously injected in a way that could cause duplicate or broken messages (e.g., the word "Updated" appearing multiple times).
The fix removes forced paragraph wrapping and ensures the update message is injected cleanly, without duplication or broken HTML.
Does this close any currently open issues?
Closes #3318
Any other comments?
I tested by lowering the plugin version in [wp-graphql.php] to simulate an update, copying the plugin to the WordPress plugins directory, and viewing the update message in the WordPress admin Plugins list.
The update message now displays correctly, with no duplication or broken formatting.
Please see the attached screenshot for proof of the fix