Changeset 59901 for trunk/src/wp-admin/user-new.php

Timestamp:

03/02/2025 11:33:56 PM (13 months ago)

Author:

peterwilsoncc

Message:

Users: Use editable_roles filter for multisite sub-sites.

Adds a check of the editable_roles filter when adding users to a multisite sub-site to ensure the role is permitted to be used on the network. If the role is blocked by the filter, attempting to add the role will trigger a wp_die() similar to attempting to add a user with the role on a single site install.

Props eartboard, hareesh-pillai, ideag, sukhendu2002, spacedmonkey, thomaswm.
Fixes #43251.

File:

• trunk/src/wp-admin/user-new.php (modified) (2 diffs)

trunk/src/wp-admin/user-new.php

@@ -70 +70 @@
     } else {
         if ( isset( $_POST['noconfirmation'] ) && current_user_can( 'manage_network_users' ) ) {
+
+            wp_ensure_editable_role( $_REQUEST['role'] );
+
             $result = add_existing_user_to_blog(
                 array(
@@ -225 +228 @@
                 add_filter( 'wpmu_welcome_user_notification', '__return_false' ); // Disable welcome email.
             }
+
+            wp_ensure_editable_role( $_REQUEST['role'] );
 
             wpmu_signup_user(