Menu hardening for the 2.8 branch see #11922

git-svn-id: http://svn.automattic.com/wordpress/branches/2.8@12893 1a063a9b-81f0-0310-95a4-ce76da25c4cd
justintadlock · Jan 28, 2010 · 1359276 · 1359276
1 parent 212729d
commit 1359276
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/wp-admin/includes/plugin.php b/wp-admin/includes/plugin.php
@@ -592,7 +592,7 @@ function add_menu_page( $page_title, $menu_title, $access_level, $file, $functio
 	$admin_page_hooks[$file] = sanitize_title( $menu_title );
 
 	$hookname = get_plugin_page_hookname( $file, '' );
-	if (!empty ( $function ) && !empty ( $hookname ))
+	if (!empty ( $function ) && !empty ( $hookname ) && current_user_can( $access_level ) )
 		add_action( $hookname, $function );
 
 	if ( empty($icon_url) )

diff --git a/wp-admin/menu.php b/wp-admin/menu.php
@@ -198,11 +198,13 @@
 // Remove menus that have no accessible submenus and require privs that the user does not have.
 // Run re-parent loop again.
 foreach ( $menu as $id => $data ) {
+	if ( ! current_user_can($data[1]) )
+		$_wp_menu_nopriv[$data[2]] = true;
+
 	// If submenu is empty...
 	if ( empty($submenu[$data[2]]) ) {
 		// And user doesn't have privs, remove menu.
-		if ( ! current_user_can($data[1]) ) {
-			$_wp_menu_nopriv[$data[2]] = true;
+		if ( isset( $_wp_menu_nopriv[$data[2]] ) ) {
 			unset($menu[$id]);
 		}
 	}