Make WordPress Core

Opened 11 years ago

Closed 8 years ago

#22141 closed enhancement (wontfix)

add_submenu_page file callback

Reported by: benracicot's profile BenRacicot Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.4.2
Component: Plugins Keywords: needs-patch
Focuses: administration Cc:


Under the recommendation of the community I have decided to file a track regarding add_submenu_page. It currently allows for a callback function in which a dev could include a file but how about allowing add_submenu_page an argument to include a file in replacement of a callback function? This would remove several lines of code and clean up many developers functions.php files as well as custom admin page files.

Thanks for listening and I hope I can help.

Change History (8)

#1 @scribu
11 years ago

  • Keywords 2nd-opinion added; dev-feedback removed

Hey Ben,

First, some context:

The whole API related to add_submenu_page() needs a lot of work. The logic is spread all over the place and is mixed with the menu generating code. See #12718.

Also, add_submenu_page() already has 6 parameters. If we want to add another parameter, we should think about converting them to an associative array first.

Instead of adding yet another parameter that only works for this function and create an inconsistency with add_menu_page(), we could add a helper callback that just loads a file you specify.

Example usage:

add_submenu_page( 'tools.php', 'My Utility', 'My Utility', 'manage_options', 'my-utility', _delayed_load( 'my-utility-ui.php' ) );

And here's how the implementation of _delayed_load() would look like:

function _delayed_load( $file ) {
	return function() use ( $file ) {
		include $file;

This only works in PHP 5.3, but it can be made to work for PHP 5.2 by using a helper class.

Last edited 11 years ago by scribu (previous) (diff)

#2 follow-up: @nacin
11 years ago

I actually don't really like the idea of using a file here. Unfortunately, it makes it very easy for bad developers to expose a form to the point where direct file POSTs could essentially result in CSRF.

#3 in reply to: ↑ 2 @BenRacicot
11 years ago

Nice Scribu!

Maybe I'm missing something, that seems to simple. Nacin, I can't think how an included file in an admin page could be CSRF'ed. But I'm still in my rookie year haha.

#4 @nacin
10 years ago

  • Component changed from General to Plugins

#5 @nacin
10 years ago

  • Component changed from Plugins to Admin APIs
  • Focuses administration added

#6 @nacin
10 years ago

  • Component changed from Admin APIs to Plugins

Sorry for the noise.

#7 @chriscct7
8 years ago

  • Keywords needs-patch added; 2nd-opinion removed

#8 @DrewAPicture
8 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

I agree with @nacin in comment:2. Closing as wontfix.

Note: See TracTickets for help on using tickets.