Escape/texturize Admin menu titles. Fixes page titles such as "Foo & Bar" not being entity encoded. Also includes some basic whitespace/standards cleanup to a related function. Fixes #12039

git-svn-id: https://develop.svn.wordpress.org/trunk@14127 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Dion Hulse 2010-04-18 03:38:47 +00:00
parent 2d50f72462
commit 70af67f01c
3 changed files with 15 additions and 13 deletions

View File

@ -818,22 +818,20 @@ function add_menu_page( $page_title, $menu_title, $capability, $menu_slug, $func
$hookname = get_plugin_page_hookname( $menu_slug, '' );
if (!empty ( $function ) && !empty ( $hookname ) && current_user_can( $capability ) )
if ( !empty( $function ) && !empty( $hookname ) && current_user_can( $capability ) )
add_action( $hookname, $function );
if ( empty($icon_url) ) {
if ( empty($icon_url) )
$icon_url = esc_url( admin_url( 'images/generic.png' ) );
} elseif ( is_ssl() && 0 === strpos($icon_url, 'http://') ) {
elseif ( is_ssl() && 0 === strpos($icon_url, 'http://') )
$icon_url = 'https://' . substr($icon_url, 7);
}
$new_menu = array ( $menu_title, $capability, $menu_slug, $page_title, 'menu-top ' . $hookname, $hookname, $icon_url );
$new_menu = array( $menu_title, $capability, $menu_slug, $page_title, 'menu-top ' . $hookname, $hookname, $icon_url );
if ( NULL === $position ) {
if ( null === $position )
$menu[] = $new_menu;
} else {
else
$menu[$position] = $new_menu;
}
$_registered_pages[$hookname] = true;

View File

@ -69,6 +69,8 @@ function _wp_menu_output( $menu, $submenu, $submenu_as_parent = true ) {
}
$toggle = '<div class="wp-menu-toggle"><br /></div>';
$title = wptexturize($item[0]);
echo "\n\t<li$class$id>";
if ( false !== strpos($class, 'wp-menu-separator') ) {
@ -81,9 +83,9 @@ function _wp_menu_output( $menu, $submenu, $submenu_as_parent = true ) {
$menu_file = substr($menu_file, 0, $pos);
if ( ( ('index.php' != $submenu[$item[2]][0][2]) && file_exists(WP_PLUGIN_DIR . "/$menu_file") ) || !empty($menu_hook)) {
$admin_is_parent = true;
echo "<div class='wp-menu-image'><a href='admin.php?page={$submenu[$item[2]][0][2]}'>$img</a></div>$toggle<a href='admin.php?page={$submenu[$item[2]][0][2]}'$class$tabindex>{$item[0]}</a>";
echo "<div class='wp-menu-image'><a href='admin.php?page={$submenu[$item[2]][0][2]}'>$img</a></div>$toggle<a href='admin.php?page={$submenu[$item[2]][0][2]}'$class$tabindex>$title</a>";
} else {
echo "\n\t<div class='wp-menu-image'><a href='{$submenu[$item[2]][0][2]}'>$img</a></div>$toggle<a href='{$submenu[$item[2]][0][2]}'$class$tabindex>{$item[0]}</a>";
echo "\n\t<div class='wp-menu-image'><a href='{$submenu[$item[2]][0][2]}'>$img</a></div>$toggle<a href='{$submenu[$item[2]][0][2]}'$class$tabindex>$title</a>";
}
} else if ( current_user_can($item[1]) ) {
$menu_hook = get_plugin_page_hook($item[2], 'admin.php');
@ -138,6 +140,8 @@ function _wp_menu_output( $menu, $submenu, $submenu_as_parent = true ) {
if ( false !== $pos = strpos($sub_file, '?') )
$sub_file = substr($sub_file, 0, $pos);
$title = wptexturize($sub_item[0]);
if ( ( ('index.php' != $sub_item[2]) && file_exists(WP_PLUGIN_DIR . "/$sub_file") ) || ! empty($menu_hook) ) {
// If admin.php is the current page or if the parent exists as a file in the plugins or admin dir
if ( (!$admin_is_parent && file_exists(WP_PLUGIN_DIR . "/$menu_file") && !is_dir(WP_PLUGIN_DIR . "/{$item[2]}")) || file_exists($menu_file) )
@ -145,9 +149,9 @@ function _wp_menu_output( $menu, $submenu, $submenu_as_parent = true ) {
else
$sub_item_url = add_query_arg( array('page' => $sub_item[2]), 'admin.php' );
$sub_item_url = esc_url($sub_item_url);
echo "<li$class><a href='$sub_item_url'$class$tabindex>{$sub_item[0]}</a></li>";
echo "<li$class><a href='$sub_item_url'$class$tabindex>$title</a></li>";
} else {
echo "<li$class><a href='{$sub_item[2]}'$class$tabindex>{$sub_item[0]}</a></li>";
echo "<li$class><a href='{$sub_item[2]}'$class$tabindex>$title</a></li>";
}
}
echo "</ul></div>";

View File

@ -179,7 +179,7 @@ else
if ( current_user_can('edit_users') ) {
$_wp_real_parent_file['profile.php'] = 'users.php'; // Back-compat for plugins adding submenus to profile.php.
$submenu['users.php'][5] = array(__('Authors &amp; Users'), 'edit_users', 'users.php');
$submenu['users.php'][5] = array(__('Authors & Users'), 'edit_users', 'users.php');
$submenu['users.php'][10] = array(_x('Add New', 'user'), 'create_users', 'user-new.php');
$submenu['users.php'][15] = array(__('Your Profile'), 'read', 'profile.php');