WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#10246 closed defect (bug) (fixed)

New Security check for plugins pages breaks backwards-compatible redirects

Reported by: filosofo Owned by: ryan
Milestone: 2.8.1 Priority: high
Severity: major Version: 2.8
Component: Menus Keywords: has-patch user_can_access_admin_page
Focuses: Cc:

Description

[11595] and [11596] introduced checks to make sure that one can load only plugin pages that have been registered.

The problem is that it fails before the backwards-compatible redirect has a chance to do its thing. That backwards-compat redirect, in wp-admin/admin.php, makes sure that plugins pointing at edit.php?* get redirected to the 2.7+ tools.php pages.

Patch adds an entry in $_registered_pages for 'edit.php'-based hooknames for each 'tools.php'-based hookname.

Attachments (1)

tools_and_edit_as_synonyms.diff (569 bytes) - added by filosofo 6 years ago.

Download all attachments as: .zip

Change History (4)

comment:1 @ryan6 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [11628]) Fix back-compat plugins page redirects. Props filosofo. fixes #10246 for trunk

comment:2 @ryan6 years ago

(In [11629]) Fix back-compat plugins page redirects. Props filosofo. fixes #10246 for 2.8.1

comment:3 @ryan6 years ago

Nice catch.

Note: See TracTickets for help on using tickets.