WordPress.org

Make WordPress Core

Opened 2 years ago

Last modified 8 weeks ago

#16293 reopened defect (bug)

In multisite installs, users with id 1 or 2 can't be deleted

Reported by: PeteMall Owned by:
Priority: normal Milestone: Future Release
Component: Multisite Version: 3.1
Severity: normal Keywords: has-patch dev-feedback 3.7-early
Cc: jason.lemahieu@…

Description (last modified by PeteMall)

You can't delete a user with user id of 1 or 2.
See: source:trunk/wp-admin/network/edit.php@17326#L359

Attachments (4)

edit.patch (577 bytes) - added by Moskjis 2 years ago.
Test, please: don't have Wordpress Multisite. But, should fix the problem.
16293.diff (3.9 KB) - added by garyc40 2 years ago.
allow deleting super admins
16293.2.diff (631 bytes) - added by Ipstenu 8 months ago.
Editing users.php to check for SuperAdmin in a non-hardcodey way.
16293.3.diff (596 bytes) - added by JustinSainton 8 months ago.

Download all attachments as: .zip

Change History (16)

comment:1 PeteMall2 years ago

  • Description modified (diff)

comment:2 SergeyBiryukov2 years ago

  • Keywords needs-patch added

hughestm in #16300:

The problem is that it's looking for hard coded values to not delete. It should check to see if you have another user set as super_admin, and if so, then allow you to delete this account.

Moskjis2 years ago

Test, please: don't have Wordpress Multisite. But, should fix the problem.

garyc402 years ago

allow deleting super admins

comment:3 garyc402 years ago

  • Keywords has-patch added; needs-patch removed

hughestm's approach won't work, because deleting super admins is currently not allowed.

What we need to do is change:

if ( $id != '0' && $id != '1' ) {

to

if ( ! is_super_admin( $id ) ) {

Then hughestm can change site option admin_email to something else, demote user with id 0 or 1 to a normal user, and delete him as usual.

This is not very straight forward process, so maybe it's better to allow deletion of super admins. The patch I attached does this. It really needs a sanity check.

comment:4 georgestephanis12 months ago

  • Keywords needs-refresh added; has-patch removed

comment:5 wonderboymusic8 months ago

  • Keywords 3.2-early dev-feedback needs-refresh removed
  • Milestone Future Release deleted
  • Resolution set to wontfix
  • Status changed from new to closed
  • Type changed from defect (bug) to enhancement

Can't delete right away, but you can after pressing edit and revoking super admin privileges, which I think is fine.

comment:6 SergeyBiryukov8 months ago

  • Keywords needs-refresh added
  • Milestone set to Future Release
  • Resolution wontfix deleted
  • Status changed from closed to reopened
  • Type changed from enhancement to defect (bug)

Replying to wonderboymusic:

Can't delete right away, but you can after pressing edit and revoking super admin privileges, which I think is fine.

The Delete link appears after revoking super admin privileges, but it does nothing.

The hard coded user IDs that cannot be deleted are still there:
http://core.trac.wordpress.org/browser/tags/3.4.2/wp-admin/network/users.php#L99

Ipstenu8 months ago

Editing users.php to check for SuperAdmin in a non-hardcodey way.

comment:7 Ipstenu8 months ago

Took garyc40's patch and applied it to network/users.php (didn't blow up my localhost)

comment:8 wpmuguru8 months ago

The issue with 16293.2.diff is that some networks will only have one super admin. The last condition should be removed

&& count( get_super_admins() ) > 1

JustinSainton8 months ago

comment:9 JustinSainton8 months ago

  • Keywords has-patch dev-feedback added; needs-refresh removed

Should be good now?

comment:10 MadtownLems2 months ago

  • Cc jason.lemahieu@… added

I've also confirmed that this neither blows up my 3.5.1 install (or anything else), and that it allows me to successfully delete a de-super-admin'd user with ID of 1, prompting to reassign posts as expected.

comment:11 SergeyBiryukov8 weeks ago

  • Keywords 3.7-early added
Note: See TracTickets for help on using tickets.