Opened 4 years ago
Last modified 2 weeks ago
#40927 reviewing defect (bug)
Passing a float as the position in add_menu_page can override other menu items
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | 4.8 |
Component: | Administration | Keywords: | has-patch needs-unit-tests |
Focuses: | administration | Cc: |
Description
If you pass a float value for the $position
argument of add_menu_page
, PHP will convert it to an integer which overrides any other menu items with that position.
Per the PHP docs...
Floats are also cast to integers, which means that the fractional part will be truncated. E.g. the key 8.7 will actually be stored under 8.
You can see this happening with the following snippet. The Test 2 menu item will show but Test 1 will not.
<?php add_action( 'admin_menu', function() { add_menu_page( 'Test 1', 'Test 1', 'manage_options', 'test-1', '', '', 64 ); add_menu_page( 'Test 2', 'Test 2', 'manage_options', 'test-2', '', '', 64.99 ); } );
However, if you pass 64.99
in as a string instead of a float, Test 1 will show.
Patch attached, thanks!
Attachments (4)
Change History (18)
#4
@
4 years ago
@dd32 I agree as $position
should always be either an int or a string. New patch attached.
#5
@
4 years ago
Actually, I think that's going to break the if ( null === $position )
statement below it. New patch attached.
#6
follow-up:
↓ 7
@
4 years ago
Thanks for catching that! 40927.3.diff looks good to me.
I'll loop back onto this later to test it properly, and see if there's any unit testing opportunity here (not an easy one I don't think).
Previously: #23316
40927.diff is a bit more WordPress-like version of plugin.diff.
I do wonder if we should just do something like this: