[wp-hackers] Working with $_registered_pages for plugins
Peter Westwood
peter.westwood at ftwr.co.uk
Fri Jul 3 21:15:33 GMT 2009
On 3 Jul 2009, at 20:01, Ryan Boren wrote:
> On Fri, Jul 3, 2009 at 10:24 AM, Alex Dunae<alex at dunae.ca> wrote:
>> Ryan recently updated /wp-admin/includes/plugins.php so that it
>> checks
>> plugin pages (?page=...) against $_registered_pages before executing
>> (http://core.trac.wordpress.org/changeset/11595 and
>> http://core.trac.wordpress.org/changeset/11596).
>>
>> I have a plugin that needs to run a specific file (smush.php?
>> attachment_ID=n) but it doesn't make sense for it to appear in any of
>> the admin menus.
>>
>> So far, the best workaround is to add the following to `admin_menu`:
>>
>> $hookname = get_plugin_page_hookname( $plugin_file . '/
>> smush.php',
>> '' );
>> $_registered_pages[$hookname] = true;
>>
>> Doesn't seem very proper, though.
>>
>> Is there a proper way to add a page to the $_registered_pages array
>> without having it appear as a menu item?
>
> Just add a current_user_can() check to it. That's what all plugins
> should be doing anyway. Don't rely on the menu cap check for
> security.
I wouldn't recommend messing with the $_registered_pages array it's
better to work with the API rather than hacking around it - your
plugin is more likely to be past and future proof.
I assume you have a plugin page registered as a menu item.
You could add an extra query var which triggered the special action
and pass it to that page.
And don't forget that page should always have a current_user_can() cap
check for whatever capabilities are required to use it.
westi
--
Peter Westwood
http://blog.ftwr.co.uk | http://westi.wordpress.com
C53C F8FC 8796 8508 88D6 C950 54F4 5DCD A834 01C5
More information about the wp-hackers
mailing list