WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

#12387 closed defect (bug) (fixed)

has_cap issue with Super Admins editing profile

Reported by: miklb Owned by: nacin
Milestone: 3.0 Priority: normal
Severity: normal Version: 3.0
Component: Administration Keywords: needs-patch
Focuses: multisite Cc:

Description

If a Super Admin is in the backend of a site they are not a user on, and tries to edit their own profile via Network->Users, you receive a Call to a member function has_cap() on a non-object wp-admin/includes/user.php on line 80

This bug seems to date back in WPMU to at least 2.8.6 in my testing.

I would expect a Super Admin to be able to edit their profile from anywhere, but if that's not the case, and they need to be a user of of the site they are in, then some more graceful error message I think would be appropriate.

Attachments (1)

12387.diff (862 bytes) - added by dd32 4 years ago.

Download all attachments as: .zip

Change History (10)

comment:1 miklb4 years ago

  • Cc miklb@… added

comment:2 dd324 years ago

  • Keywords has-patch needs-testing added
  • Milestone changed from Unassigned to 3.0

L80: $wp_roles->role_objects[$new_role]->has_cap() would also fail on PHP4 as object chaining is not supported.

My MS environment is down right now, But i've attached a (untested) patch, If someone could test this under PHP4 and the affected environment mentioned, that'd be appreciated

dd324 years ago

comment:3 automattor4 years ago

(In [13463]) warnings cleanup edit user, props dd32, see #12387

comment:4 wpmuguru4 years ago

I didn't test in a PHP4 environment.

comment:5 nacin4 years ago

We're no longer chaining, so we should be ok.

comment:6 miklb4 years ago

So to confirm, that is the desired behavior? A Super Admin can't edit their own profile while in the backend of a site they aren't a member of? This fix shows a "You can’t give users that role." error, which still seems odd. If they are a Super Admin, editing their own profile, or any user for that matter why would they get that error?

comment:7 nacin4 years ago

  • Keywords multisite needs-patch added; has-patch needs-testing removed
  • Owner set to nacin
  • Status changed from new to assigned

comment:8 nacin4 years ago

(In [13934]) Allow MS cape-wearers to demote their blog roles to something without the edit_users cap. see #12387

comment:9 nacin4 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

The rest can be handled in #10833.

Note: See TracTickets for help on using tickets.