Admin Message Re: Fun with Typos (i.e., Improperly Formed HTML)

So, I’ve discovered something that may be worth addressing in a minor update to the Admin Message plugin: If you add a link to the admin message using HTML (i.e., <a href="link">link</a>, but omit that second set of quotation marks, your entire admin area will become a link. This makes it rather hard to administer, well, anything.

For anyone who accidentally does this: just deactivate the plugin (most buttons will still work, deactivate is thankfully in that group).

Just a suggestion, might want to look into sanitizing the code that plugin injects. :slight_smile:

  • Zyniker
    • WordPress Warrior

    A quick fix if you accidentally do this (i.e., put improperly formatted HTML in your admin message and have a bad time):

    Search admin-message.php in /wp-content/plugins/admin-message/ for:


    function admin_message_output() {
    $admin_message = get_site_option('admin_message');
    if ( !empty( $admin_message ) && $admin_message != 'empty' ){
    <div id="message" class="updated"><p><?php echo stripslashes( $admin_message ); ?></p></div>

    Replace admin_message with x (or anything but admin_message, really).

    Upload the altered file.

    Go to your control panel and change the admin message text (the admin message should no longer display and no longer make your entire admin area a link).

    Go back to admin-message.php and undo your alteration (i.e., change the x back to admin_message).

    Upload the restored file.

    Congratulations, your problems are solved (for now).

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.