[wp-hackers] Cleaning up small validation errors in the admin interface

Mon Apr 12 16:32:16 UTC 2010

On 4/12/10 5:42 PM, Otto wrote:
> Yeah, definitely the wrong way to do it.
> 
> Trace it back higher up in the chain. For your specific example, you
> have something like this:
> 
> function _media_button($title, $icon, $type) {
> 	return "<a href='" . get_upload_iframe_src($type) . "' id='add_$type'
> class='thickbox' title='$title'><img src='" . esc_url( admin_url(
> $icon ) ) . "' alt='$title' /></a>";
> }
> 
> That get_upload_iframe_src call should be wrapped in an esc_url.

Thanks dd32 and Otto, this is what I was looking for. I will go about
cleaning similar occurrences to this.

Harish