WordPress.org

Make WordPress Core

Opened 11 years ago

Closed 11 years ago

Last modified 10 years ago

#12815 closed defect (bug) (fixed)

Allow defining $site_admins global array

Reported by: ryan Owned by:
Milestone: 3.0 Priority: normal
Severity: normal Version:
Component: Role/Capability Keywords:
Focuses: Cc:

Description

For a little extra security and to avoid a DB lookup, some sites define the site admins as an array of user names in wp-config.php.

Attachments (3)

12815.diff (1009 bytes) - added by ryan 11 years ago.
12815.2.diff (4.5 KB) - added by ryan 11 years ago.
12815.3.diff (5.1 KB) - added by ryan 11 years ago.

Download all attachments as: .zip

Change History (10)

@ryan
11 years ago

#1 @ryan
11 years ago

  • Summary changed from Allow defining $site_admins global array to allow bypassing option lookup to Allow defining $site_admins global array

#2 @nacin
11 years ago

Seems fine to me. We should probably go with $super_admins since the only thing we'd be breaking compatibility with is wp.com.

We could introduce a get_super_admins() to handle this, that way we can replace more get_site_option( 'site_admins', array( 'admin' ) ); calls, and for example allow ms-users.php to show the right super admins.

If $super_admins is set, the new checkbox on user-edit.php should be disabled, or hidden entirely (it can be hidden as I added a div.updated 'Important' box for super admin profiles).

#3 @ryan
11 years ago

Sounds good.

#4 @dd32
11 years ago

that way we can replace more get_site_option( 'site_admins', array( 'admin' ) ); calls

Do we have 'admin' hardcoded anywhere? Keep in mind that with the change to allow a different username to be created during install, that its entirely possible for someone to come along later and register 'admin' if the installer doesnt use it.

#5 @nacin
11 years ago

Do we have 'admin' hardcoded anywhere? Keep in mind that with the change to allow a different username to be created during install, that its entirely possible for someone to come along later and register 'admin' if the installer doesnt use it.

Don't I know it. Yes, we use it everywhere. The sitemeta value would need to be missing and the 'admin' user would need to be gone. Additionally, 'admin' would need to be omitted from the illegal_names sitemeta value, and it is included there by default.

(Not supporting it, just saying how it is used.)

@ryan
11 years ago

@ryan
11 years ago

#6 @automattor
11 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [14206]) Introduce get_super_admins(). Allow hard-coding a global super_admins array and bypassing site options. fixes #12815

#7 @hakre
10 years ago

Related: #14854

Note: See TracTickets for help on using tickets.