Changeset 13851 for trunk/wp-admin/menu-header.php

Timestamp:

03/28/10 01:32:35 (4 years ago)

Author:

dd32

Message:

Properly escape plugin admin menu URL's for display. Crops up with custom post_type's with a custom submenu item with & instead of &

File:

• trunk/wp-admin/menu-header.php (modified) (1 diff)

trunk/wp-admin/menu-header.php

@@ -145 +145 @@
                     else
                         $sub_item_url = add_query_arg( array('page' => $sub_item[2]), 'admin.php' );
+                    $sub_item_url = esc_url($sub_item_url);
                     echo "<li$class><a href='$sub_item_url'$class$tabindex>{$sub_item[0]}</a></li>";
                 } else {