Changeset 59901 for trunk/src/wp-admin/includes/ms.php

Timestamp:

03/02/2025 11:33:56 PM (13 months ago)

Author:

peterwilsoncc

Message:

Users: Use editable_roles filter for multisite sub-sites.

Adds a check of the editable_roles filter when adding users to a multisite sub-site to ensure the role is permitted to be used on the network. If the role is blocked by the filter, attempting to add the role will trigger a wp_die() similar to attempting to add a user with the role on a single site install.

Props eartboard, hareesh-pillai, ideag, sukhendu2002, spacedmonkey, thomaswm.
Fixes #43251.

File:

• trunk/src/wp-admin/includes/ms.php (modified) (1 diff)

trunk/src/wp-admin/includes/ms.php

@@ -1173 +1173 @@
         '<p>' . __( '<a href="https://wordpress.org/support/forum/multisite/">Support forums</a>' ) . '</p>';
 }
+
+/**
+ * Stop execution if the role can not be assigned by the current user.
+ *
+ * @since 6.8.0
+ *
+ * @param string $role Role the user is attempting to assign.
+ */
+function wp_ensure_editable_role( $role ) {
+    $roles = get_editable_roles();
+    if ( ! isset( $roles[ $role ] ) ) {
+        wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 );
+    }
+}