[wp-hackers] Working with $_registered_pages for plugins

Peter Westwood peter.westwood at ftwr.co.uk
Fri Jul 3 21:15:33 GMT 2009

On 3 Jul 2009, at 20:01, Ryan Boren wrote:

> On Fri, Jul 3, 2009 at 10:24 AM, Alex Dunae<alex at dunae.ca> wrote:
>> Ryan recently updated /wp-admin/includes/plugins.php so that it  
>> checks
>> plugin pages (?page=...) against $_registered_pages before executing
>> (http://core.trac.wordpress.org/changeset/11595 and
>> http://core.trac.wordpress.org/changeset/11596).
>> I have a plugin that needs to run a specific file (smush.php?
>> attachment_ID=n) but it doesn't make sense for it to appear in any of
>> the admin menus.
>> So far, the best workaround is to add the following to `admin_menu`:
>>        $hookname = get_plugin_page_hookname( $plugin_file . '/ 
>> smush.php',
>> '' );
>>        $_registered_pages[$hookname] = true;
>> Doesn't seem very proper, though.
>> Is there a proper way to add a page to the $_registered_pages array
>> without having it appear as a menu item?
> Just add a current_user_can() check to it. That's what all plugins
> should be doing anyway.  Don't rely on the menu cap check for
> security.

I wouldn't recommend messing with the $_registered_pages array it's  
better to work with the API rather than hacking around it - your  
plugin is more likely to be past and future proof.

I assume you have a plugin page registered as a menu item.

You could add an extra query var which triggered the special action  
and pass it to that page.

And don't forget that page should always have a current_user_can() cap  
check for whatever capabilities are required to use it.

Peter Westwood
http://blog.ftwr.co.uk | http://westi.wordpress.com
C53C F8FC 8796 8508 88D6 C950 54F4 5DCD A834 01C5

More information about the wp-hackers mailing list