[wp-hackers] Re: Working with $_registered_pages for plugins

Ryan Boren ryan at boren.nu
Fri Jul 3 23:50:19 UTC 2009

On Fri, Jul 3, 2009 at 3:49 PM, Alex<alex at dunae.ca> wrote:
> On 3 Jul 2009, at 20:01, Ryan Boren wrote:
>> > Just add a current_user_can() check to it. That's what all plugins
>> > should be doing anyway.  Don't rely on the menu cap check for
>> > security.
> I was actually having the opposite problem -- I was actually getting
> permission denied errors from wp_die().

Ah, okay.

> On Jul 3, 2:15 pm, Peter Westwood <peter.westw... at ftwr.co.uk> wrote:
>> I assume you have a plugin page registered as a menu item.
>> You could add an extra query var which triggered the special action
>> and pass it to that page.
> That did it, thanks westi.  Much appreciated.

You can also do this:


And then hook to 'admin_action_my_action'.

Or, admin-post.php?action=my_action and hook onto 'admin_post_my_action'.

Or, admin-ajax.php?action=my_action and hook onto 'wp_ajax_my_action'.

You have to do your own permission checks inside any handlers you attach.

More information about the wp-hackers mailing list