From 8f30ffcb9eeca7d7f5af280b0a35eb073ffbab5d Mon Sep 17 00:00:00 2001
From: dd32 <dd32@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Sun, 28 Mar 2010 01:32:35 +0000
Subject: [PATCH] Properly escape plugin admin menu URL's for display. Crops up
 with custom post_type's with a custom submenu item with & instead of &amp;

git-svn-id: http://svn.automattic.com/wordpress/trunk@13851 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/menu-header.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/wp-admin/menu-header.php b/wp-admin/menu-header.php
index 4ded52b32..b79b2ebea 100644
--- a/wp-admin/menu-header.php
+++ b/wp-admin/menu-header.php
@@ -144,6 +144,7 @@ function _wp_menu_output( $menu, $submenu, $submenu_as_parent = true ) {
 						$sub_item_url = add_query_arg( array('page' => $sub_item[2]), $item[2] );
 					else
 						$sub_item_url = add_query_arg( array('page' => $sub_item[2]), 'admin.php' );
+					$sub_item_url = esc_url($sub_item_url);
 					echo "<li$class><a href='$sub_item_url'$class$tabindex>{$sub_item[0]}</a></li>";
 				} else {
 					echo "<li$class><a href='{$sub_item[2]}'$class$tabindex>{$sub_item[0]}</a></li>";