Menu hardening for the 2.8 branch see #11922

git-svn-id: http://svn.automattic.com/wordpress/branches/2.8@12893 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-28 22:07:51 +00:00 · 2010-01-28 22:07:51 +00:00 · 135927695a
parent 212729d4e0
commit 135927695a
2 changed files with 5 additions and 3 deletions
--- a/wp-admin/includes/plugin.php
+++ b/wp-admin/includes/plugin.php
@ -592,7 +592,7 @@ function add_menu_page( $page_title, $menu_title, $access_level, $file, $functio
 	$admin_page_hooks[$file] = sanitize_title( $menu_title );

 	$hookname = get_plugin_page_hookname( $file, '' );
-	if (!empty ( $function ) && !empty ( $hookname ))
+	if (!empty ( $function ) && !empty ( $hookname ) && current_user_can( $access_level ) )
 		add_action( $hookname, $function );

 	if ( empty($icon_url) )
--- a/wp-admin/menu.php
+++ b/wp-admin/menu.php
@ -198,11 +198,13 @@ do_action('admin_menu', '');
 // Remove menus that have no accessible submenus and require privs that the user does not have.
 // Run re-parent loop again.
 foreach ( $menu as $id => $data ) {
+	if ( ! current_user_can($data[1]) )
+		$_wp_menu_nopriv[$data[2]] = true;
+
 	// If submenu is empty...
 	if ( empty($submenu[$data[2]]) ) {
 		// And user doesn't have privs, remove menu.
-		if ( ! current_user_can($data[1]) ) {
-			$_wp_menu_nopriv[$data[2]] = true;
+		if ( isset( $_wp_menu_nopriv[$data[2]] ) ) {
 			unset($menu[$id]);
 		}
 	}