Inconsistent escaping in admin_color_scheme_picker()
|Reported by:||johnjamesjacoby||Owned by:||ryan|
The output from admin_color_scheme_picker() inconsistently escapes variables created while looping through the $_wp_admin_css_colors global.
- $color (in some places)
- $color (in one place)
- Escape everything. This makes the most sense to me; we shouldn't expect anyone that's using wp_admin_css_color() to pass already escaped output. Note that core does not escape it's own usage here.
- Escape nothing, and expect escaped input. This is consistent with the rest of the function, but lame and complicated.
Attached patch escapes all variable screen output.