From b2253ef74cc5ab8a813269c21df64a2ca5434487 Mon Sep 17 00:00:00 2001 From: TimothyBlynJacobs Date: Mon, 15 Nov 2021 01:09:59 +0000 Subject: [PATCH] Users: Prevent infinite loop when using capability checks during `determine_current_user` on multisite. On multisite, when checking if a user has a certain capability WordPress makes an additional check to see if the user is a super admin. The `is_super_admin()` function contained a call to `wp_get_current_user()` so as the global current user object could be used if it matched the queried user id. This would cause an infinite loop if a hook attached to the `determine_current_user` filter was itself making a permission check. For example when limiting who can use the Application Passwords feature based on their capabilities. Since [50790] the `WP_User` instance for the current user is shared between `wp_get_current_user()` and `get_userdata()`. This means we can remove the `wp_get_current_user` call from `is_super_admin()` while still retaining the same behavior. Props chrisvanpatten, peterwilsoncc. Fixes #53386. Built from https://develop.svn.wordpress.org/trunk@52157 git-svn-id: http://core.svn.wordpress.org/trunk@51749 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/capabilities.php | 2 +- wp-includes/version.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/wp-includes/capabilities.php b/wp-includes/capabilities.php index 3ff0481fd4..5ee344b390 100644 --- a/wp-includes/capabilities.php +++ b/wp-includes/capabilities.php @@ -888,7 +888,7 @@ function get_super_admins() { * @return bool Whether the user is a site admin. */ function is_super_admin( $user_id = false ) { - if ( ! $user_id || get_current_user_id() == $user_id ) { + if ( ! $user_id ) { $user = wp_get_current_user(); } else { $user = get_userdata( $user_id ); diff --git a/wp-includes/version.php b/wp-includes/version.php index 36502cd5b8..8f527c0b3c 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -16,7 +16,7 @@ * * @global string $wp_version */ -$wp_version = '5.9-alpha-52156'; +$wp_version = '5.9-alpha-52157'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.