WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
10/19/2025 05:40:13 PM (3 months ago)
Author:
johnjamesjacoby
Message:

Networks and Sites: remove email address check when attempting to demote a Super Admin.

This change ensures that a capable Super Admin is allowed to manage global Users as intended, and removes an invisible & undocumented restriction (that was easily bypassed anyways).

It also adds 1 multisite unit test to confirm the intended behavior

Props flixos90, johnjamesjacoby, Mista-Flo.

Fixes #39170.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/tests/phpunit/tests/user/multisite.php

    r60915 r60977  
    449449        $wp_roles->remove_role( $role );
    450450    }
     451
     452    /**
     453     * @ticket 39170
     454     */
     455    public function test_revoke_super_admin_with_network_email() {
     456        if ( isset( $GLOBALS['super_admins'] ) ) {
     457            $old_global = $GLOBALS['super_admins'];
     458            unset( $GLOBALS['super_admins'] );
     459        }
     460
     461        $old_network_email = get_site_option( 'admin_email' );
     462        $email_address     = 'superadmin333@example.org';
     463
     464        $user_id = self::factory()->user->create(
     465            array(
     466                'user_email' => $email_address,
     467            )
     468        );
     469
     470        grant_super_admin( $user_id );
     471        update_site_option( 'admin_email', $email_address );
     472
     473        $result = revoke_super_admin( $user_id );
     474
     475        update_site_option( 'admin_email', $old_network_email );
     476
     477        if ( isset( $old_global ) ) {
     478            $GLOBALS['super_admins'] = $old_global;
     479        }
     480
     481        $this->assertTrue( $result );
     482    }
    451483}
Note: See TracChangeset for help on using the changeset viewer.