WordPress.org

Make WordPress Core


Ignore:
Timestamp:
06/30/2017 04:17:56 AM (3 years ago)
Author:
DrewAPicture
Message:

Docs: Provide best practice guidance for achieving parity between $menu_slug values supplied when adding menu and submenu pages, and later trying to compare those initial values against sanitized screen IDs derived from $menu_slug.

At the heart of the matter, the $menu_slug parameter in add_menu_page() and add_submenu_page() is not sanitized with sanitize_key(). When the screen object is later built for the admin page, the screen ID is derived from that $menu_slug value, though passed through sanitize_key(), which can produce unexpected results in comparison check.

Changing the sanitization code to provide actual parity is out of the question at this juncture, so updating the docs to describe how to avoid this edge case is the next best option.

Props GregRoss.
Fixes #35305.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/template.php

    r40823 r40967  
    893893 *                                              (such as a post type, 'link', or 'comment'). Accepts a single
    894894 *                                              screen ID, WP_Screen object, or array of screen IDs. Default
    895  *                                              is the current screen.
     895 *                                              is the current screen.  If you have used add_menu_page() or
     896 *                                              add_submenu_page() to create a new screen (and hence screen_id),
     897 *                                              make sure your menu slug conforms to the limits of sanitize_key()
     898 *                                              otherwise the 'screen' menu may not correctly render on your page.
    896899 * @param string                 $context       Optional. The context within the screen where the boxes
    897900 *                                              should display. Available contexts vary from screen to
     
    988991 *
    989992 * @staticvar bool $already_sorted
    990  * @param string|WP_Screen $screen  Screen identifier
     993 *
     994 * @param string|WP_Screen $screen  Screen identifier. If you have used add_menu_page() or
     995 *                                  add_submenu_page() to create a new screen (and hence screen_id)
     996 *                                  make sure your menu slug conforms to the limits of sanitize_key()
     997 *                                  otherwise the 'screen' menu may not correctly render on your page.
    991998 * @param string           $context box context
    992999 * @param mixed            $object  gets passed to the box callback function as first parameter
Note: See TracChangeset for help on using the changeset viewer.