Escape/texturize Admin menu titles. Fixes page titles such as "Foo & Bar" not being entity encoded. Also includes some basic whitespace/standards cleanup to a related function. Fixes #12039
git-svn-id: https://develop.svn.wordpress.org/trunk@14127 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
2d50f72462
commit
70af67f01c
@ -818,22 +818,20 @@ function add_menu_page( $page_title, $menu_title, $capability, $menu_slug, $func
|
||||
|
||||
$hookname = get_plugin_page_hookname( $menu_slug, '' );
|
||||
|
||||
if (!empty ( $function ) && !empty ( $hookname ) && current_user_can( $capability ) )
|
||||
if ( !empty( $function ) && !empty( $hookname ) && current_user_can( $capability ) )
|
||||
add_action( $hookname, $function );
|
||||
|
||||
if ( empty($icon_url) ) {
|
||||
if ( empty($icon_url) )
|
||||
$icon_url = esc_url( admin_url( 'images/generic.png' ) );
|
||||
} elseif ( is_ssl() && 0 === strpos($icon_url, 'http://') ) {
|
||||
elseif ( is_ssl() && 0 === strpos($icon_url, 'http://') )
|
||||
$icon_url = 'https://' . substr($icon_url, 7);
|
||||
}
|
||||
|
||||
$new_menu = array ( $menu_title, $capability, $menu_slug, $page_title, 'menu-top ' . $hookname, $hookname, $icon_url );
|
||||
$new_menu = array( $menu_title, $capability, $menu_slug, $page_title, 'menu-top ' . $hookname, $hookname, $icon_url );
|
||||
|
||||
if ( NULL === $position ) {
|
||||
if ( null === $position )
|
||||
$menu[] = $new_menu;
|
||||
} else {
|
||||
else
|
||||
$menu[$position] = $new_menu;
|
||||
}
|
||||
|
||||
$_registered_pages[$hookname] = true;
|
||||
|
||||
|
@ -69,6 +69,8 @@ function _wp_menu_output( $menu, $submenu, $submenu_as_parent = true ) {
|
||||
}
|
||||
$toggle = '<div class="wp-menu-toggle"><br /></div>';
|
||||
|
||||
$title = wptexturize($item[0]);
|
||||
|
||||
echo "\n\t<li$class$id>";
|
||||
|
||||
if ( false !== strpos($class, 'wp-menu-separator') ) {
|
||||
@ -81,9 +83,9 @@ function _wp_menu_output( $menu, $submenu, $submenu_as_parent = true ) {
|
||||
$menu_file = substr($menu_file, 0, $pos);
|
||||
if ( ( ('index.php' != $submenu[$item[2]][0][2]) && file_exists(WP_PLUGIN_DIR . "/$menu_file") ) || !empty($menu_hook)) {
|
||||
$admin_is_parent = true;
|
||||
echo "<div class='wp-menu-image'><a href='admin.php?page={$submenu[$item[2]][0][2]}'>$img</a></div>$toggle<a href='admin.php?page={$submenu[$item[2]][0][2]}'$class$tabindex>{$item[0]}</a>";
|
||||
echo "<div class='wp-menu-image'><a href='admin.php?page={$submenu[$item[2]][0][2]}'>$img</a></div>$toggle<a href='admin.php?page={$submenu[$item[2]][0][2]}'$class$tabindex>$title</a>";
|
||||
} else {
|
||||
echo "\n\t<div class='wp-menu-image'><a href='{$submenu[$item[2]][0][2]}'>$img</a></div>$toggle<a href='{$submenu[$item[2]][0][2]}'$class$tabindex>{$item[0]}</a>";
|
||||
echo "\n\t<div class='wp-menu-image'><a href='{$submenu[$item[2]][0][2]}'>$img</a></div>$toggle<a href='{$submenu[$item[2]][0][2]}'$class$tabindex>$title</a>";
|
||||
}
|
||||
} else if ( current_user_can($item[1]) ) {
|
||||
$menu_hook = get_plugin_page_hook($item[2], 'admin.php');
|
||||
@ -138,6 +140,8 @@ function _wp_menu_output( $menu, $submenu, $submenu_as_parent = true ) {
|
||||
if ( false !== $pos = strpos($sub_file, '?') )
|
||||
$sub_file = substr($sub_file, 0, $pos);
|
||||
|
||||
$title = wptexturize($sub_item[0]);
|
||||
|
||||
if ( ( ('index.php' != $sub_item[2]) && file_exists(WP_PLUGIN_DIR . "/$sub_file") ) || ! empty($menu_hook) ) {
|
||||
// If admin.php is the current page or if the parent exists as a file in the plugins or admin dir
|
||||
if ( (!$admin_is_parent && file_exists(WP_PLUGIN_DIR . "/$menu_file") && !is_dir(WP_PLUGIN_DIR . "/{$item[2]}")) || file_exists($menu_file) )
|
||||
@ -145,9 +149,9 @@ function _wp_menu_output( $menu, $submenu, $submenu_as_parent = true ) {
|
||||
else
|
||||
$sub_item_url = add_query_arg( array('page' => $sub_item[2]), 'admin.php' );
|
||||
$sub_item_url = esc_url($sub_item_url);
|
||||
echo "<li$class><a href='$sub_item_url'$class$tabindex>{$sub_item[0]}</a></li>";
|
||||
echo "<li$class><a href='$sub_item_url'$class$tabindex>$title</a></li>";
|
||||
} else {
|
||||
echo "<li$class><a href='{$sub_item[2]}'$class$tabindex>{$sub_item[0]}</a></li>";
|
||||
echo "<li$class><a href='{$sub_item[2]}'$class$tabindex>$title</a></li>";
|
||||
}
|
||||
}
|
||||
echo "</ul></div>";
|
||||
|
@ -179,7 +179,7 @@ else
|
||||
|
||||
if ( current_user_can('edit_users') ) {
|
||||
$_wp_real_parent_file['profile.php'] = 'users.php'; // Back-compat for plugins adding submenus to profile.php.
|
||||
$submenu['users.php'][5] = array(__('Authors & Users'), 'edit_users', 'users.php');
|
||||
$submenu['users.php'][5] = array(__('Authors & Users'), 'edit_users', 'users.php');
|
||||
$submenu['users.php'][10] = array(_x('Add New', 'user'), 'create_users', 'user-new.php');
|
||||
|
||||
$submenu['users.php'][15] = array(__('Your Profile'), 'read', 'profile.php');
|
||||
|
Loading…
Reference in New Issue
Block a user