WordPress.org

Make WordPress Core

Opened 5 days ago

#47690 new defect (bug)

remove_submenu_page() doesn't remove corresponding entry from $_wp_submenu_nopriv

Reported by: johnbillion Owned by:
Milestone: 5.3 Priority: normal
Severity: normal Version:
Component: Administration Keywords: needs-patch
Focuses: administration Cc:

Description

It can sometimes be desirable to give access to a submenu to a user that wouldn't normally have access to it.

Calling remove_submenu_page() and then calling add_submenu_page() to re-register the screen with a different user capability doesn't work completely because the entry that gets added to the $_wp_submenu_nopriv global by add_submenu_page() doesn't get removed by remove_submenu_page().

This means the menu item appears but access to the screen is denied when user_can_access_admin_page() is called, resulting in a Sorry, you are not allowed to access this page error.

Change History (0)

Note: See TracTickets for help on using tickets.