X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/41578db67d72562346e4dbb2a14889b23d522813..9e77185fafaf4e60e2b73821e0e4b9b1a11fb85f:/wp-admin/menu-header.php diff --git a/wp-admin/menu-header.php b/wp-admin/menu-header.php index 1771fb0f..275cc145 100644 --- a/wp-admin/menu-header.php +++ b/wp-admin/menu-header.php @@ -73,16 +73,19 @@ function _wp_menu_output( $menu, $submenu, $submenu_as_parent = true ) { } if ( ! empty( $item[4] ) ) - $class[] = $item[4]; + $class[] = esc_attr( $item[4] ); $class = $class ? ' class="' . join( ' ', $class ) . '"' : ''; $id = ! empty( $item[5] ) ? ' id="' . preg_replace( '|[^a-zA-Z0-9_:.]|', '-', $item[5] ) . '"' : ''; $img = $img_style = ''; $img_class = ' dashicons-before'; - // if the string 'none' (previously 'div') is passed instead of an URL, don't output the default menu image - // so an icon can be added to div.wp-menu-image as background with CSS. - // Dashicons and base64-encoded data:image/svg_xml URIs are also handled as special cases. + /* + * If the string 'none' (previously 'div') is passed instead of an URL, don't output + * the default menu image so an icon can be added to div.wp-menu-image as background + * with CSS. Dashicons and base64-encoded data:image/svg_xml URIs are also handled + * as special cases. + */ if ( ! empty( $item[6] ) ) { $img = ''; @@ -135,6 +138,8 @@ function _wp_menu_output( $menu, $submenu, $submenu_as_parent = true ) { echo "
  • {$item[0]}
    • "; $first = true; + + // 0 = menu_title, 1 = capability, 2 = menu_slug, 3 = page_title, 4 = classes foreach ( $submenu_items as $sub_key => $sub_item ) { if ( ! current_user_can( $sub_item[1] ) ) continue; @@ -165,6 +170,10 @@ function _wp_menu_output( $menu, $submenu, $submenu_as_parent = true ) { $class[] = 'current'; } + if ( ! empty( $sub_item[4] ) ) { + $class[] = esc_attr( $sub_item[4] ); + } + $class = $class ? ' class="' . join( ' ', $class ) . '"' : ''; $menu_hook = get_plugin_page_hook($sub_item[2], $item[2]);