Make WordPress Core

Opened 12 years ago

Closed 11 years ago

#22079 closed defect (bug) (fixed)

Plugin filenames can break links in the admin menu

Reported by: simonwheatley's profile simonwheatley Owned by: sergeybiryukov's profile SergeyBiryukov
Milestone: 3.6 Priority: normal
Severity: normal Version: 2.7
Component: Administration Keywords: has-patch commit
Focuses: Cc:

Description

For example:

Creating a plugin at wp-content/plugins/import.php will break the Tools > Import link, changing the (correct) link from /wp-admin/import.php to /wp-admin/tools.php?page=import.php. This also works/breaks with plugins.php, export.php, etc.

The issue seems to be some code in [http://core.trac.wordpress.org/browser/tags/3.4.2/wp-admin/menu-header.php#L153 _wp_menu_output], which checks for the existence of files in the plugins directory and changes the link if they are found. I'm guessing this code relates to the ability to link to plugin files from the admin menu?

Attachments (2)

22079.patch (936 bytes) - added by lightningspirit 12 years ago.
Checks for the filename in the wp-admin directory. Doesn't allow overriding of default files in the admin.
22079.2.patch (2.7 KB) - added by SergeyBiryukov 11 years ago.

Download all attachments as: .zip

Change History (15)

@lightningspirit
12 years ago

Checks for the filename in the wp-admin directory. Doesn't allow overriding of default files in the admin.

#1 @lightningspirit
12 years ago

  • Cc lightningspirit@… added
  • Keywords has-patch needs-testing added

#2 @scribu
12 years ago

  • Keywords 2nd-opinion removed

Related: #12718

#3 @MikeHansenMe
12 years ago

I was able to reproduce and verify that the patch corrects the problem.

#4 @MikeHansenMe
12 years ago

  • Cc mdhansen@… added

#5 @SergeyBiryukov
12 years ago

  • Keywords 3.6-early added
  • Milestone changed from Awaiting Review to Future Release

#6 @SergeyBiryukov
11 years ago

  • Milestone changed from Future Release to 3.6

#7 @simonwheatley
11 years ago

This appears to have been fixed elsewhere. Creating a wp-content/plugins/import.php file no longer breaks the Import link.

#8 @MikeHansenMe
11 years ago

I am still able to reproduce the problem using the following.

Create import.php in the plugins dir and add the following

<?php
/*
Plugin Name: Test Import
*/

Then activate the plugin and check the tools import link.
It changes the link from import.php to tools.php?page=import.php and shows permissions error.

#9 @MikeHansenMe
11 years ago

Also, the patch still applies cleanly and fixes the problem.

#10 @SergeyBiryukov
11 years ago

  • Keywords dev-feedback removed
  • Version changed from 3.4.2 to 2.7

It's not just wp-content/plugins/import.php.

Filenames like these break the corresponding admin menu links too:

  • wp-content/plugins/edit.php
  • wp-content/plugins/edit-comments.php
  • wp-content/plugins/plugin-install.php (#20710)

We need the ! file_exists( ABSPATH . "/wp-admin/$menu_file" ) check in all the three places where we have the file_exists( WP_PLUGIN_DIR . "/$menu_file" ) check. See 22079.2.patch.

#11 @SergeyBiryukov
11 years ago

#20710 was marked as a duplicate.

#12 @SergeyBiryukov
11 years ago

  • Keywords commit added; 3.6-early needs-testing removed

#13 @SergeyBiryukov
11 years ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 23656:

Prevent plugins with certain filenames from breaking links in the admin menu. props lightningspirit. fixes #22079.

Note: See TracTickets for help on using tickets.