id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
22326	Inconsistent escaping in admin_color_scheme_picker()	johnjamesjacoby	ryan	"'''Problem'''

The output from admin_color_scheme_picker() inconsistently escapes variables created while looping through the $_wp_admin_css_colors global.

----

'''More Info'''

Unescaped variables:

* $color (in some places)
* $color_info->name
* $html_color

Escaped variable:
* $color (in one place)

----

'''Solutions'''

* Escape everything. This makes the most sense to me; we shouldn't expect anyone that's using wp_admin_css_color() to pass already escaped output. Note that core does not escape it's own usage here.
* Escape nothing, and expect escaped input. This is consistent with the rest of the function, but lame and complicated.

----

'''Patch Attached'''

Attached patch escapes all variable screen output."	defect (bug)	closed	normal	3.5	Administration		normal	fixed	has-patch commit