Skip to content

Commit d2a246e

Browse files
SergeyBiryukovSergeyBiryukov
committed
Avoid inadvertently adding admin page titles as classes for admin menu submenu items.
fixes #28817. git-svn-id: https://develop.svn.wordpress.org/trunk@29083 602fd350-edb4-49c9-b593-d223f7449a82
1 parent ba7b26d commit d2a246e

2 files changed

Lines changed: 5 additions & 5 deletions

File tree

src/wp-admin/menu-header.php

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -73,7 +73,7 @@ function _wp_menu_output( $menu, $submenu, $submenu_as_parent = true ) {
7373
}
7474

7575
if ( ! empty( $item[4] ) )
76-
$class[] = $item[4];
76+
$class[] = esc_attr( $item[4] );
7777

7878
$class = $class ? ' class="' . join( ' ', $class ) . '"' : '';
7979
$id = ! empty( $item[5] ) ? ' id="' . preg_replace( '|[^a-zA-Z0-9_:.]|', '-', $item[5] ) . '"' : '';
@@ -136,7 +136,7 @@ function _wp_menu_output( $menu, $submenu, $submenu_as_parent = true ) {
136136

137137
$first = true;
138138

139-
// 0 = menu_title, 1 = capability, 2 = menu_slug, 3 = classes
139+
// 0 = menu_title, 1 = capability, 2 = menu_slug, 3 = page_title, 4 = classes
140140
foreach ( $submenu_items as $sub_key => $sub_item ) {
141141
if ( ! current_user_can( $sub_item[1] ) )
142142
continue;
@@ -167,8 +167,8 @@ function _wp_menu_output( $menu, $submenu, $submenu_as_parent = true ) {
167167
$class[] = 'current';
168168
}
169169

170-
if ( ! empty( $sub_item[3] ) ) {
171-
$class[] = $sub_item[3];
170+
if ( ! empty( $sub_item[4] ) ) {
171+
$class[] = esc_attr( $sub_item[4] );
172172
}
173173

174174
$class = $class ? ' class="' . join( ' ', $class ) . '"' : '';

src/wp-admin/menu.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -148,7 +148,7 @@
148148
$submenu['themes.php'][5] = array( __( 'Themes' ), $appearance_cap, 'themes.php' );
149149

150150
$customize_url = add_query_arg( 'return', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), 'customize.php' );
151-
$submenu['themes.php'][6] = array( __( 'Customize' ), 'edit_theme_options', $customize_url, 'hide-if-no-customize' );
151+
$submenu['themes.php'][6] = array( __( 'Customize' ), 'edit_theme_options', $customize_url, '', 'hide-if-no-customize' );
152152
unset( $customize_url );
153153
if ( current_theme_supports( 'menus' ) || current_theme_supports( 'widgets' ) ) {
154154
$submenu['themes.php'][10] = array(__( 'Menus' ), 'edit_theme_options', 'nav-menus.php');

0 commit comments

Comments
 (0)