WordPress.org

Make WordPress Core

Opened 9 years ago

Closed 9 years ago

#19684 closed defect (bug) (fixed)

Users list 'Change role to' allows for changing logged-in Admin role to Subscriber

Reported by: raamdev Owned by: ryan
Milestone: 3.3.1 Priority: normal
Severity: major Version: 3.3
Component: Users Keywords: has-patch commit
Focuses: Cc:

Description

While it's not possible for an Administrator to change his or her own role to Subscriber from the Edit Profile page (the drop-down doesn't exist for logged-in Admins), it is possible to change your own role to Subscriber from within the Users list by using the 'Change role to...' drop-down.

This would allow an Administrator to inadvertently lock themselves out of WordPress if they forget to uncheck their account in the list when making bulk updates.

To recreate this issue, first create an additional Administrator account so you can get back in. Then from the Users list, select your current Administrator account (i.e., the one you're logged in with) and then choose 'Change role to' -> Subscriber.

You'll immediately be kicked out of the Admin panel. (Now you can login with the other Admin account and change your role back to Administrator.)

Attachments (1)

19684.patch (872 bytes) - added by linuxologos 9 years ago.

Download all attachments as: .zip

Change History (12)

#1 @raamdev
9 years ago

  • Cc raam@… added

#2 @knutsp
9 years ago

  • Cc knut@… added

#3 @linuxologos
9 years ago

  • Component changed from General to Users
  • Keywords needs-patch added
  • Severity changed from normal to major

Introduced in [19024] for #18164.

#4 @nacin
9 years ago

  • Milestone changed from Awaiting Review to 3.3.1

I must have thought that was in an is_multisite() block. Logic fix should be simple.

@linuxologos
9 years ago

#5 @linuxologos
9 years ago

  • Keywords has-patch added; needs-patch removed

#6 follow-up: @nacin
9 years ago

In [19640]:

Only allow _multisite_ super admins to demote themselves on a site. props linuxologos, see #19684 for trunk.

#7 @nacin
9 years ago

Marking as commit for the 3.3 branch, after additional review.

#8 @nacin
9 years ago

  • Keywords commit added

#9 in reply to: ↑ 6 ; follow-up: @scribu
9 years ago

Replying to nacin:

In [19640]:

Only allow _multisite_ super admins to demote themselves on a site. props linuxologos, see #19684 for trunk.

I was under the impression that "super admin" is exclusively a multisite feature.

#10 in reply to: ↑ 9 @nacin
9 years ago

Replying to scribu:

Replying to nacin:

In [19640]:

Only allow _multisite_ super admins to demote themselves on a site. props linuxologos, see #19684 for trunk.

I was under the impression that "super admin" is exclusively a multisite feature.

It is, but is_super_admin() returns true in single-site for administrators (it checks delete_users). We found this to be useful during the merge.

#11 @ryan
9 years ago

  • Owner set to ryan
  • Resolution set to fixed
  • Status changed from new to closed

In [19646]:

Only allow _multisite_ super admins to demote themselves on a site. props linuxologos, fixes #19684 for 3.3

Note: See TracTickets for help on using tickets.