[wp-trac] [WordPress Trac] #40927: Passing a float as the position in add_menu_page can override other menu items
WordPress Trac
noreply at wordpress.org
Mon Feb 14 14:39:21 UTC 2022
#40927: Passing a float as the position in add_menu_page can override other menu
items
----------------------------+-----------------------------
Reporter: justinbusa | Owner: SergeyBiryukov
Type: defect (bug) | Status: reviewing
Priority: normal | Milestone: Future Release
Component: Administration | Version: 4.8
Severity: normal | Resolution:
Keywords: has-patch | Focuses: administration
----------------------------+-----------------------------
Changes (by Cybr):
* keywords: => has-patch
Comment:
I found I linked to the changeset incorrectly, which should lead here:
https://core.trac.wordpress.org/changeset/52569.
Attached I copied the handling of `$menu` to `$submenu`.
I removed all strict type checks and simplified the code.
The input still allows for float values, for they're widely used to
prevent "first come first serve" issues, where menus go up and down
sporadically. See plugin coverage:
https://wpdirectory.net/search/01FVWACTXKES71SZ65JDBH3GEJ.
Since PHP converts all numerics to weakly typed integers (`$a['1'] ===
$a[1]`), we can safely cast the position to a string value.
No changes should be noticed by the developers. I suggest allowing
`int|float` for `$position` in the PHPDocs; perhaps even the string-
equivalent thereof, although I recognize that is difficult to convey.
''I see I left in some redundant code in the patch -- 40927.1.patch will
resolve that momentarily.''
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40927#comment:18>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list