Make WordPress Core

Opened 2 years ago

Last modified 14 months ago

#22141 new enhancement

add_submenu_page file callback

Reported by: BenRacicot Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 3.4.2
Component: Plugins Keywords: 2nd-opinion
Focuses: administration Cc:


Under the recommendation of the community I have decided to file a track regarding add_submenu_page. It currently allows for a callback function in which a dev could include a file but how about allowing add_submenu_page an argument to include a file in replacement of a callback function? This would remove several lines of code and clean up many developers functions.php files as well as custom admin page files.

Thanks for listening and I hope I can help.

Change History (6)

comment:1 @scribu2 years ago

  • Keywords 2nd-opinion added; dev-feedback removed

Hey Ben,

First, some context:

The whole API related to add_submenu_page() needs a lot of work. The logic is spread all over the place and is mixed with the menu generating code. See #12718.

Also, add_submenu_page() already has 6 parameters. If we want to add another parameter, we should think about converting them to an associative array first.

Instead of adding yet another parameter that only works for this function and create an inconsistency with add_menu_page(), we could add a helper callback that just loads a file you specify.

Example usage:

add_submenu_page( 'tools.php', 'My Utility', 'My Utility', 'manage_options', 'my-utility', _delayed_load( 'my-utility-ui.php' ) );

And here's how the implementation of _delayed_load() would look like:

function _delayed_load( $file ) {
	return function() use ( $file ) {
		include $file;

This only works in PHP 5.3, but it can be made to work for PHP 5.2 by using a helper class.

Last edited 2 years ago by scribu (previous) (diff)

comment:2 follow-up: @nacin2 years ago

I actually don't really like the idea of using a file here. Unfortunately, it makes it very easy for bad developers to expose a form to the point where direct file POSTs could essentially result in CSRF.

comment:3 in reply to: ↑ 2 @BenRacicot2 years ago

Nice Scribu!

Maybe I'm missing something, that seems to simple. Nacin, I can't think how an included file in an admin page could be CSRF'ed. But I'm still in my rookie year haha.

comment:4 @nacin15 months ago

  • Component changed from General to Plugins

comment:5 @nacin14 months ago

  • Component changed from Plugins to Admin APIs
  • Focuses administration added

comment:6 @nacin14 months ago

  • Component changed from Admin APIs to Plugins

Sorry for the noise.

Note: See TracTickets for help on using tickets.