Make WordPress Core

Opened 10 years ago

Closed 3 years ago

#32088 closed defect (bug) (duplicate)

Bug in get_admin_page_parent( $parent = '' ) when only having 1 Sub-Menu-Item

Reported by: iamwordimpressed's profile iamwordimpressed Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.1.2
Component: Posts, Post Types Keywords:
Focuses: administration Cc:

Description (last modified by ocean90)

Hello,

function get_admin_page_parent( $parent = '' ) seems buggy.

My Goal:

  • Remove all Submenu items of a CPT in Wordpress Admin and keep only the Main-Menu Item for showing the Table/List Custom Posts ("Listing All").

What I do:

  • I have a custom post type (CPT) with 2 Default builtin Taxonomies (category/post_tags). But The user has no Capability to access them. So effectively this CPT has 2 Sub-Menu-Items by default: "Listing All" and "Add New" (Note: I have no English installation, so the namings might slightly be different in original English).
  • I remove the "Add New" Menu item in the "_admin_menu" Hook by unsetting the respective $submenu item array entry: unset($GLOBALS['submenu']['edit.php?post_type=mycpt'][10]);
  • I have debugged it: As there is only one Sub-Menu-Item left ("Listing All"), Wordpress now tests if the single left Sub-Menu Item is identical to the Main-Menu Item. If yes, it will remove the Sub-Menu-Item. This works ok. Now the global $submenu array does no longer contain any Submenu Items. And the global $menu item still contains the Main-Menu Item for the CPT with the "Listing All" link (wp-admin/edit.php?post_type=mycpt).

Bug:

  • But when I acces the http://localhost/super/wp-admin/edit.php?post_type=mycpt page by clicking on the Main-Menu Item, I get an "no appropriate rights" error
  • It turns out that the get_admin_page_parent( $parent = '' ) function does return an empty (!) result instead of edit.php?post_type=mycpt. (I tested this by enabling the second submenu item and in this case the function returns "edit.php?post_type=mycpt".
  • When the function returns empty, than it will trigger (in user_can_access_admin_page())
    if ( empty( $parent) ) {
    if ( isset( $_wp_menu_nopriv[$pagenow] ) )
    
  • And this will deny access! The reason this is triggered is $pagenow is "edit.php". And I do NOT allow users access to the build in Default WP Post type! So $_wp_menu_nopriv contains "edit.php".

As I can judge this, this is bug in get_admin_page_parent( $parent = '' ) that will be triggered for all(!) Custom Post types with only one Submenuitem. But will only be visible, in practice if you additionally disable the build in standard "post" type.

Thanks!

Change History (6)

#1 @iamwordimpressed
10 years ago

  • Component changed from General to Menus
  • Type changed from enhancement to defect (bug)

#2 @iamwordimpressed
10 years ago

Important Note: Maybe the get_admin_page_parent( $parent = '' ) logic is correct, yet. But the code using the result is incorrect. As there is no documentation how this method, and the method that uses the result should behave if there is only one Main Menu item (without any sub menu items) I can not really tell.

#3 @welcher
8 years ago

  • Component changed from Menus to General
  • Focuses administration added
  • Keywords needs-patch added

Thanks for the ticket!

Given your understanding of the issue, you're probably the best person to take a shot at a patch. Give it a shot!

#4 @welcher
8 years ago

  • Component changed from General to Menus

#5 @ocean90
8 years ago

  • Description modified (diff)

#6 @SergeyBiryukov
3 years ago

  • Component changed from Menus to Posts, Post Types
  • Keywords needs-patch removed
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hi there, welcome to WordPress Trac!

Thanks for the report, sorry it took so long for someone to get back to you.

We had a similar report in #29714 and are now tracking this issue in #22895.

Note: See TracTickets for help on using tickets.