[wp-hackers] Cleaning up small validation errors in the admin interface

Otto otto at ottodestruct.com
Mon Apr 12 15:42:24 UTC 2010 

Yeah, definitely the wrong way to do it.

Trace it back higher up in the chain. For your specific example, you
have something like this:

function _media_button($title, $icon, $type) {
	return "<a href='" . get_upload_iframe_src($type) . "' id='add_$type'
class='thickbox' title='$title'><img src='" . esc_url( admin_url(
$icon ) ) . "' alt='$title' /></a>";
}

That get_upload_iframe_src call should be wrapped in an esc_url.

-Otto



On Sun, Apr 11, 2010 at 6:12 AM, Harish Narayanan
<harish.mlists at gmail.com> wrote:
> Hello all,
>
> I receive a few validation errors due to small things like using &
> instead of &amp; in the WordPress admin interface. In order to work
> around this, I've been tracking down individual offending files and
> doing silly things like the following:
>
> Index: wp-admin/includes/media.php
> ===================================================================
> --- wp-admin/includes/media.php (revision 14070)
> +++ wp-admin/includes/media.php (working copy)
> @@ -388,10 +388,10 @@
>        $upload_iframe_src = add_query_arg('post_id', $uploading_iframe_ID,
> 'media-upload.php');
>
>        if ( 'media' != $type )
> -               $upload_iframe_src = add_query_arg('type', $type, $upload_iframe_src);
> +               $upload_iframe_src = add_query_arg('amp;type', $type,
> $upload_iframe_src);
>        $upload_iframe_src = apply_filters($type . '_upload_iframe_src',
> $upload_iframe_src);
>
> -       return add_query_arg('TB_iframe', true, $upload_iframe_src);
> +       return add_query_arg('amp;TB_iframe', true, $upload_iframe_src);
>  }
>
>  /**
>
> While this sort of thing works, it is not very elegant. Could someone
> tell me what I should be touching (even lower than add_query_arg(), if
> possible) to perform such transformations uniformly across the admin
> (not frontend theme) interface?
>
> Thanks,
> Harish
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>

More information about the wp-hackers mailing list