HostForge-Systems/wordpress
Template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Networks and Sites: remove email address check when attempting to demote a Super Admin.

Browse Source 
This change ensures that a capable Super Admin is allowed to manage global Users as intended, and removes an invisible & undocumented restriction (that was easily bypassed anyways).

It also adds 1 multisite unit test to confirm the intended behavior

Props flixos90, johnjamesjacoby, Mista-Flo.

Fixes #39170.


Built from https://develop.svn.wordpress.org/trunk@60977


git-svn-id: http://core.svn.wordpress.org/trunk@60313 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
johnjamesjacoby
2025-10-19 17:42:27 +00:00
parent b943298bf8
commit 6dd9a58de8
3 changed files with 5 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
wp-admin/user-edit.php
View File

@@ -471,15 +471,11 @@ switch ( $action ) {
</tr>
<?php endif; // End if ! IS_PROFILE_PAGE. ?>
<?php if ( is_multisite() && is_network_admin() && ! IS_PROFILE_PAGE && current_user_can( 'manage_network_options' ) && ! isset( $super_admins ) ) : ?>
<?php if ( is_multisite() && is_network_admin() && ! IS_PROFILE_PAGE && ! isset( $super_admins ) ) : ?>
<tr class="user-super-admin-wrap">
<th><?php _e( 'Super Admin' ); ?></th>
<td>
<?php if ( 0 !== strcasecmp( $profile_user->user_email, get_site_option( 'admin_email' ) ) || ! is_super_admin( $profile_user->ID ) ) : ?>
<p><label><input type="checkbox" id="super_admin" name="super_admin"<?php checked( is_super_admin( $profile_user->ID ) ); ?> /> <?php _e( 'Grant this user super admin privileges for the Network.' ); ?></label></p>
<?php else : ?>
<p><?php _e( 'Super admin privileges cannot be removed because this user has the network admin email.' ); ?></p>
<?php endif; ?>
<p><label><input type="checkbox" id="super_admin" name="super_admin"<?php checked( is_super_admin( $profile_user->ID ) ); ?> /> <?php _e( 'Grant this user super admin privileges for the Network.' ); ?></label></p>
</td>
</tr>
<?php endif; ?>

3
wp-includes/capabilities.php
View File

@@ -1252,6 +1252,7 @@ function grant_super_admin( $user_id ) {
* Revokes Super Admin privileges.
*
* @since 3.0.0
* @since 6.9.0 Super admin privileges can be revoked regardless of email address.
*
* @global array $super_admins
*
@@ -1278,7 +1279,7 @@ function revoke_super_admin( $user_id ) {
$super_admins = get_site_option( 'site_admins', array( 'admin' ) );
$user = get_userdata( $user_id );
if ( $user && 0 !== strcasecmp( $user->user_email, get_site_option( 'admin_email' ) ) ) {
if ( $user ) {
$key = array_search( $user->user_login, $super_admins, true );
if ( false !== $key ) {
unset( $super_admins[ $key ] );

2
wp-includes/version.php
View File

@@ -16,7 +16,7 @@
*
* @global string $wp_version
*/
$wp_version = '6.9-alpha-60976';
$wp_version = '6.9-alpha-60977';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.