Changeset 60977 for trunk/src/wp-includes/capabilities.php

Timestamp:

10/19/2025 05:40:13 PM (3 months ago)

Author:

johnjamesjacoby

Message:

Networks and Sites: remove email address check when attempting to demote a Super Admin.

This change ensures that a capable Super Admin is allowed to manage global Users as intended, and removes an invisible & undocumented restriction (that was easily bypassed anyways).

It also adds 1 multisite unit test to confirm the intended behavior

Props flixos90, johnjamesjacoby, Mista-Flo.

Fixes #39170.

File:

• trunk/src/wp-includes/capabilities.php (modified) (2 diffs)

trunk/src/wp-includes/capabilities.php

@@ -1253 +1253 @@
  *
  * @since 3.0.0
+ * @since 6.9.0 Super admin privileges can be revoked regardless of email address.
  *
  * @global array $super_admins
@@ -1279 +1280 @@
 
     $user = get_userdata( $user_id );
-    if ( $user && 0 !== strcasecmp( $user->user_email, get_site_option( 'admin_email' ) ) ) {
+    if ( $user ) {
         $key = array_search( $user->user_login, $super_admins, true );
         if ( false !== $key ) {