[wp-trac] [WordPress Trac] #18857: get_plugin_page_hookname uses menu_title to construct subpage load-hooks

WordPress Trac noreply at wordpress.org
Mon May 18 10:23:02 UTC 2015 

#18857: get_plugin_page_hookname uses menu_title to construct subpage load-hooks
--------------------------+-----------------------------
 Reporter:  apocalip      |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Future Release
Component:  Plugins       |     Version:  3.1.4
 Severity:  normal        |  Resolution:
 Keywords:  has-patch     |     Focuses:  administration
--------------------------+-----------------------------

Comment (by bobbingwide):

 +1 for scribu's fix.

 add_menu_page() returns the hook_suffix to use if you want to respond to
 "load-$hook_suffix", "admin_head-$hook_suffix", etc.

 But you can't trust it since the value of $hook_suffix is partially
 localized, if the $menu_title parameter has been localized.

 It is therefore conceivable that the $hook_suffix returned would be
 identical to one that has already been returned, leading to unexpected
 processing.

 The translator would be totally unaware of the problems they could cause.

 Unlikely example.


 {{{
   $hook = add_submenu_page( 'menu_18857', __( "Pound euro", 'domain' ),
 __( "Pound euro", 'domain' ), 'manage_options', 'menu_18857_poundeuro',
 "menu_18857_pound_euro" );
   add_action( "load-$hook", "menu_18857_poundeuro_load" );

   $hook2 = add_submenu_page( 'menu_18857', __( "lower case e", 'domain' ),
 __( "lower case e", 'domain' ), 'manage_options', 'menu_18857_lowercasee',
 "menu_18857_lower_case_e" );
   add_action( "load-$hook2", "menu_18857_lowercasee_load" );
 }}}



 If the translator decides "Pound euro" should be "£€", and "lower case e"
 should be "e" then
 `sanitize_title( $menu_title )` will return "e" for both menu items.

 So $hook and $hook2 will have the same value, leading to unexpected
 processing;
 both action hooks menu_18857_pound_euro and menu_18857_lowercasee_load
 being executed when either menu item is selected.

 In short, $menu_title should not be used to determine the $hook_suffix.

 Alternative to scribu's fix.

 {{{
  $admin_page_hooks[$menu_slug] = sanitize_title( $menu_slug );
 }}}

--
Ticket URL: <https://core.trac.wordpress.org/ticket/18857#comment:19>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list