WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Menu hardening for the 2.8 branch see #11922 

git-svn-id: http://svn.automattic.com/wordpress/branches/2.8@12893 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
westi 2010-01-28 22:07:51 +00:00
parent 212729d4e0
commit 135927695a
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wp-admin/includes/plugin.php
View File

@ -592,7 +592,7 @@ function add_menu_page( $page_title, $menu_title, $access_level, $file, $functio
$admin_page_hooks[$file] = sanitize_title( $menu_title ); $admin_page_hooks[$file] = sanitize_title( $menu_title );
$hookname = get_plugin_page_hookname( $file, '' ); $hookname = get_plugin_page_hookname( $file, '' );
if (!empty ( $function ) && !empty ( $hookname )) if (!empty ( $function ) && !empty ( $hookname ) && current_user_can( $access_level ) )
add_action( $hookname, $function ); add_action( $hookname, $function );
if ( empty($icon_url) ) if ( empty($icon_url) )

6
wp-admin/menu.php
View File

@ -198,11 +198,13 @@ do_action('admin_menu', '');
// Remove menus that have no accessible submenus and require privs that the user does not have. // Remove menus that have no accessible submenus and require privs that the user does not have.
// Run re-parent loop again. // Run re-parent loop again.
foreach ( $menu as $id => $data ) { foreach ( $menu as $id => $data ) {
if ( ! current_user_can($data[1]) )
$_wp_menu_nopriv[$data[2]] = true;
// If submenu is empty... // If submenu is empty...
if ( empty($submenu[$data[2]]) ) { if ( empty($submenu[$data[2]]) ) {
// And user doesn't have privs, remove menu. // And user doesn't have privs, remove menu.
if ( ! current_user_can($data[1]) ) { if ( isset( $_wp_menu_nopriv[$data[2]] ) ) {
$_wp_menu_nopriv[$data[2]] = true;
unset($menu[$id]); unset($menu[$id]);
} }
} }