[wp-trac] [WordPress Trac] #28821: Admin page registered with add_menu_page() allows access through wrong URls and hightlights wrong top level menu item

WordPress Trac noreply at wordpress.org
Sun Jan 17 11:18:50 UTC 2016


#28821: Admin page registered with add_menu_page() allows access through wrong URls
and hightlights wrong top level menu item
-------------------------------------------------+-------------------------
 Reporter:  F J Kaiser                           |       Owner:
     Type:  defect (bug)                         |      Status:  new
 Priority:  normal                               |   Milestone:  Future
Component:  Administration                       |  Release
 Severity:  normal                               |     Version:  3.9.1
 Keywords:  dev-feedback has-patch needs-        |  Resolution:
  testing                                        |     Focuses:
                                                 |  administration
-------------------------------------------------+-------------------------
Changes (by swissspidy):

 * keywords:  dev-feedback => dev-feedback has-patch needs-testing
 * milestone:  Awaiting Review => Future Release


Comment:

 It really feels wrong.

 `options-general.php?page=123` results in `wp_die()`, while using
 `page=trac` results in the page being displayed.

 The attached fixes that by returning early in
 `user_can_access_admin_page()` if a top-level page is accessed with the
 wrong parent.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/28821#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list