From 5b6ab5a596e2dc2e3471ffb5cbf261705a43b9d2 Mon Sep 17 00:00:00 2001
From: Dominik Schilling <ocean90@git.wordpress.org>
Date: Mon, 18 Jul 2016 13:59:17 +0000
Subject: [PATCH] Plugins: Use the correct admin screen when searching for
 plugins via Ajax.

Both list tables provide different actions based on where they are loaded, regular admin or network admin. Since there is only one Ajax handler for both screens we have to set the current screen before using the list tables.

Props swissspidy, ocean90.
Fixes #37373.

git-svn-id: https://develop.svn.wordpress.org/trunk@38091 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-admin/includes/ajax-actions.php | 35 +++++++++++++++-----------
 src/wp-admin/js/updates.js             | 12 +++++----
 2 files changed, 27 insertions(+), 20 deletions(-)

diff --git a/src/wp-admin/includes/ajax-actions.php b/src/wp-admin/includes/ajax-actions.php
index 9751bc5bef..5991d6cc72 100644
--- a/src/wp-admin/includes/ajax-actions.php
+++ b/src/wp-admin/includes/ajax-actions.php
@@ -3781,19 +3781,22 @@ function wp_ajax_delete_plugin() {
  *
  * @since 4.6.0
  *
- * @global WP_List_Table $wp_list_table Current list table instance.
- * @global string        $hook_suffix   Current admin page.
- * @global string        $s             Search term.
+ * @global string $s Search term.
  */
 function wp_ajax_search_plugins() {
 	check_ajax_referer( 'updates' );
 
-	global $wp_list_table, $hook_suffix, $s;
-	$hook_suffix = 'plugins.php';
+	$pagenow = isset( $_POST['pagenow'] ) ? sanitize_key( $_POST['pagenow'] ) : '';
+	if ( 'plugins-network' === $pagenow || 'plugins' === $pagenow ) {
+		set_current_screen( $pagenow );
+	}
 
 	/** @var WP_Plugins_List_Table $wp_list_table */
-	$wp_list_table = _get_list_table( 'WP_Plugins_List_Table' );
-	$status        = array();
+	$wp_list_table = _get_list_table( 'WP_Plugins_List_Table', array(
+		'screen' => get_current_screen(),
+	) );
+
+	$status = array();
 
 	if ( ! $wp_list_table->ajax_user_can() ) {
 		$status['errorMessage'] = __( 'Sorry, you are not allowed to manage plugins for this site.' );
@@ -3806,7 +3809,7 @@ function wp_ajax_search_plugins() {
 		'action'      => null,
 	) ), network_admin_url( 'plugins.php', 'relative' ) );
 
-	$s = sanitize_text_field( $_POST['s'] );
+	$GLOBALS['s'] = wp_unslash( $_POST['s'] );
 
 	$wp_list_table->prepare_items();
 
@@ -3822,19 +3825,21 @@ function wp_ajax_search_plugins() {
  * Ajax handler for searching plugins to install.
  *
  * @since 4.6.0
- *
- * @global WP_List_Table $wp_list_table Current list table instance.
- * @global string        $hook_suffix   Current admin page.
  */
 function wp_ajax_search_install_plugins() {
 	check_ajax_referer( 'updates' );
 
-	global $wp_list_table, $hook_suffix;
-	$hook_suffix = 'plugin-install.php';
+	$pagenow = isset( $_POST['pagenow'] ) ? sanitize_key( $_POST['pagenow'] ) : '';
+	if ( 'plugin-install-network' === $pagenow || 'plugin-install' === $pagenow ) {
+		set_current_screen( $pagenow );
+	}
 
 	/** @var WP_Plugin_Install_List_Table $wp_list_table */
-	$wp_list_table = _get_list_table( 'WP_Plugin_Install_List_Table' );
-	$status        = array();
+	$wp_list_table = _get_list_table( 'WP_Plugin_Install_List_Table', array(
+		'screen' => get_current_screen(),
+	) );
+
+	$status = array();
 
 	if ( ! $wp_list_table->ajax_user_can() ) {
 		$status['errorMessage'] = __( 'Sorry, you are not allowed to manage plugins for this site.' );
diff --git a/src/wp-admin/js/updates.js b/src/wp-admin/js/updates.js
index 8107426a50..74b40fb197 100644
--- a/src/wp-admin/js/updates.js
+++ b/src/wp-admin/js/updates.js
@@ -2031,9 +2031,10 @@
 			var $form = $( '#plugin-filter' ).empty(),
 				data  = _.extend( {
 					_ajax_nonce: wp.updates.ajaxNonce,
-					s:           $( '<p />' ).html( $( this ).val() ).text(),
+					s:           $( this ).val(),
 					tab:         'search',
-					type:        $( '#typeselector' ).val()
+					type:        $( '#typeselector' ).val(),
+					pagenow:     pagenow
 				}, { type: 'term' } );
 
 			if ( wp.updates.searchTerm === data.s ) {
@@ -2043,7 +2044,7 @@
 			}
 
 			if ( history.pushState ) {
-				history.pushState( null, '', location.href.split( '?' )[ 0 ] + '?' + $.param( _.omit( data, '_ajax_nonce' ) ) );
+				history.pushState( null, '', location.href.split( '?' )[ 0 ] + '?' + $.param( _.omit( data, [ '_ajax_nonce', 'pagenow' ] ) ) );
 			}
 
 			if ( 'undefined' !== typeof wp.updates.searchRequest ) {
@@ -2071,7 +2072,8 @@
 		$pluginSearch.on( 'keyup input', _.debounce( function( event ) {
 			var data = {
 				_ajax_nonce: wp.updates.ajaxNonce,
-				s:           event.target.value
+				s:           event.target.value,
+				pagenow:     pagenow
 			};
 
 			// Clear on escape.
@@ -2099,7 +2101,7 @@
 			wp.updates.searchRequest = wp.ajax.post( 'search-plugins', data ).done( function( response ) {
 
 				// Can we just ditch this whole subtitle business?
-				var $subTitle    = $( '<span />' ).addClass( 'subtitle' ).html( wp.updates.l10n.searchResults.replace( '%s', data.s ) ),
+				var $subTitle    = $( '<span />' ).addClass( 'subtitle' ).html( wp.updates.l10n.searchResults.replace( '%s', _.escape( data.s ) ) ),
 					$oldSubTitle = $( '.wrap .subtitle' );
 
 				if ( ! data.s.length ) {