WordPress.org

Make WordPress Core

Ticket #28821: 28821.diff

File 28821.diff, 1003 bytes (added by swissspidy, 5 years ago)
  • src/wp-admin/includes/plugin.php

    diff --git src/wp-admin/includes/plugin.php src/wp-admin/includes/plugin.php
    index 0b504b5..c000a97 100644
    function get_plugin_page_hookname( $plugin_page, $parent_page ) { 
    16761676 * @global array $_wp_submenu_nopriv
    16771677 * @global string $plugin_page
    16781678 * @global array $_registered_pages
     1679 * @global array $admin_page_hooks
    16791680 */
    16801681function user_can_access_admin_page() {
    16811682        global $pagenow, $menu, $submenu, $_wp_menu_nopriv, $_wp_submenu_nopriv,
    1682                 $plugin_page, $_registered_pages;
     1683                $plugin_page, $_registered_pages, $admin_page_hooks;
    16831684
    16841685        $parent = get_admin_page_parent();
    16851686
    function user_can_access_admin_page() { 
    16941695
    16951696                if ( !isset($_registered_pages[$hookname]) )
    16961697                        return false;
     1698
     1699                // It's a toplevel page, but accessed with the wrong parent.
     1700                if ( isset( $admin_page_hooks[$plugin_page] ) && $parent !== $plugin_page ) {
     1701                        return false;
     1702                }
    16971703        }
    16981704
    16991705        if ( empty( $parent) ) {