From 725e1d02af7037e441e5ee5466a63701ecb056e8 Mon Sep 17 00:00:00 2001 From: audrasjb Date: Wed, 12 Jan 2022 23:25:08 +0000 Subject: [PATCH] Administration: Ensure an integer is used for menu priority in `add_menu_page()`. This change adds a verification of the `$position` parameter in `add_menu_page()` to ensure an integer is used. If not, the function informs developers of the wrong parameter type via a `_doing_it_wrong` message. This brings consistency with a similar check used in `add_submenu_page()`. This change also typecasts any floating number to string to ensure that in case a float value was passed, at least it doesn't override existing menus. Follow-up to [46570]. Props kirtan95. Fixes #54798. See #48249. Built from https://develop.svn.wordpress.org/trunk@52569 git-svn-id: http://core.svn.wordpress.org/trunk@52159 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/plugin.php | 15 +++++++++++++++ wp-includes/version.php | 2 +- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/wp-admin/includes/plugin.php b/wp-admin/includes/plugin.php index c0ac17a881..bf2bc8a5ec 100644 --- a/wp-admin/includes/plugin.php +++ b/wp-admin/includes/plugin.php @@ -1329,6 +1329,21 @@ function add_menu_page( $page_title, $menu_title, $capability, $menu_slug, $func $position = $position + substr( base_convert( md5( $menu_slug . $menu_title ), 16, 10 ), -5 ) * 0.00001; $menu[ "$position" ] = $new_menu; } else { + if ( ! is_int( $position ) ) { + _doing_it_wrong( + __FUNCTION__, + sprintf( + /* translators: %s: add_submenu_page() */ + __( 'The seventh parameter passed to %s should be an integer representing menu position.' ), + 'add_menu_page()' + ), + '6.0.0' + ); + // If the position is not a string (i.e. float), convert it to string. + if ( ! is_string( $position ) ) { + $position = (string) $position; + } + } $menu[ $position ] = $new_menu; } diff --git a/wp-includes/version.php b/wp-includes/version.php index 95876493b7..9202871b8c 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -16,7 +16,7 @@ * * @global string $wp_version */ -$wp_version = '6.0-alpha-52568'; +$wp_version = '6.0-alpha-52569'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.