From a1604f39c783efd5fac9ce00a3f756fd52595fcc Mon Sep 17 00:00:00 2001
From: Nikunj Hatkar <nikunj8866@gmail.com>
Date: Tue, 27 Jan 2026 16:46:03 +0530
Subject: [PATCH 1/2] refreshing 28821.diff

---
 src/wp-admin/includes/plugin.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/wp-admin/includes/plugin.php b/src/wp-admin/includes/plugin.php
index 460874ca52181..72484599d0000 100644
--- a/src/wp-admin/includes/plugin.php
+++ b/src/wp-admin/includes/plugin.php
@@ -2169,12 +2169,13 @@ function get_plugin_page_hookname( $plugin_page, $parent_page ) {
  * @global array  $_wp_submenu_nopriv
  * @global string $plugin_page
  * @global array  $_registered_pages
+ * @global array  $admin_page_hooks
  *
  * @return bool True if the current user can access the admin page, false otherwise.
  */
 function user_can_access_admin_page() {
 	global $pagenow, $menu, $submenu, $_wp_menu_nopriv, $_wp_submenu_nopriv,
-		$plugin_page, $_registered_pages;
+		$plugin_page, $_registered_pages, $admin_page_hooks;
 
 	$parent = get_admin_page_parent();
 
@@ -2192,6 +2193,11 @@ function user_can_access_admin_page() {
 		if ( ! isset( $_registered_pages[ $hookname ] ) ) {
 			return false;
 		}
+
+		// It's a toplevel page, but accessed with the wrong parent.
+		if ( isset( $admin_page_hooks[$plugin_page] ) && $parent !== $plugin_page ) {
+			return false;
+		}
 	}
 
 	if ( empty( $parent ) ) {

From 17528981344daab72f7e9e82ff65520a42ec0d5c Mon Sep 17 00:00:00 2001
From: Nikunj Hatkar <nikunj8866@gmail.com>
Date: Tue, 27 Jan 2026 16:50:00 +0530
Subject: [PATCH 2/2] fix phpcs error

---
 src/wp-admin/includes/plugin.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/wp-admin/includes/plugin.php b/src/wp-admin/includes/plugin.php
index 72484599d0000..8961eb9abc781 100644
--- a/src/wp-admin/includes/plugin.php
+++ b/src/wp-admin/includes/plugin.php
@@ -2195,7 +2195,7 @@ function user_can_access_admin_page() {
 		}
 
 		// It's a toplevel page, but accessed with the wrong parent.
-		if ( isset( $admin_page_hooks[$plugin_page] ) && $parent !== $plugin_page ) {
+		if ( isset( $admin_page_hooks[ $plugin_page ] ) && $parent !== $plugin_page ) {
 			return false;
 		}
 	}