Skip to content

Commit 7d29486

Browse files
dd32dd32
committed
Properly escape plugin admin menu URL's for display. Crops up with custom post_type's with a custom submenu item with & instead of &
git-svn-id: https://develop.svn.wordpress.org/trunk@13851 602fd350-edb4-49c9-b593-d223f7449a82
1 parent 244addf commit 7d29486

1 file changed

Lines changed: 1 addition & 0 deletions

File tree

wp-admin/menu-header.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -144,6 +144,7 @@ function _wp_menu_output( $menu, $submenu, $submenu_as_parent = true ) {
144144
$sub_item_url = add_query_arg( array('page' => $sub_item[2]), $item[2] );
145145
else
146146
$sub_item_url = add_query_arg( array('page' => $sub_item[2]), 'admin.php' );
147+
$sub_item_url = esc_url($sub_item_url);
147148
echo "<li$class><a href='$sub_item_url'$class$tabindex>{$sub_item[0]}</a></li>";
148149
} else {
149150
echo "<li$class><a href='{$sub_item[2]}'$class$tabindex>{$sub_item[0]}</a></li>";

0 commit comments

Comments
 (0)