User admin shouldn't kick in if not multisite
|Reported by:||nacin||Owned by:||ryan|
If a user has no role on a single-site installation (no role for the blog, shared user tables, etc.), they're redirected to the global dashboard, which then breaks as it assumes multisite.
It looks like a logic issue in [15746/trunk/wp-login.php], an !is_multisite() that instead should be is_multisite(). Changing that restores 3.0/2.9 behavior, which would be to redirect to profile.php and then show an error due to insufficient permissions.
It should also be noted that there is no way for such a user to log out, unless the theme contains a link. This will be solved in part with the admin bar, but I think these logins should instead be rejected. "No role for this site" indicates, to me, that the account should be invalid on that site. This part is future release.
Change History (25)
- Keywords has-patch removed
- Resolution fixed deleted
- Status changed from closed to reopened