[wp-trac] [WordPress Trac] #10310: add_menu_page Security Bug

WordPress Trac wp-trac at lists.automattic.com
Sat Jan 16 07:51:54 UTC 2010


#10310: add_menu_page Security Bug
----------------------------------+-----------------------------------------
 Reporter:  shazahm1@…            |        Owner:  ryan  
     Type:  defect (bug)          |       Status:  closed
 Priority:  normal                |    Milestone:  2.8.1 
Component:  Menus                 |      Version:  2.8   
 Severity:  major                 |   Resolution:  fixed 
 Keywords:                        |  
----------------------------------+-----------------------------------------

Comment(by miqrogroove):

 > They are roles. That could be the problem.

 Nah, the $access_level parameter has never been implemented for
 add_menu_page.  wp-admin/menu.php displays all top level menus unless all
 children are forbidden.  The hooks for those top level pages are totally
 unchecked.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/10310#comment:11>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list