WordPress.org

Make WordPress Core

Opened 2 years ago

Last modified 2 months ago

#20459 new enhancement

Super admin should be able to bypass banned/limited domains when creating users

Reported by: boonebgorges Owned by:
Milestone: Awaiting Review Priority: normal
Severity: minor Version:
Component: Users Keywords: has-patch
Focuses: administration, multisite Cc:

Description

The function wpmu_validate_user_signup() is run whenever a new user is created, either through self-registration (wp-signup.php) or through manual user creation by an admin. wpmu_validate_user_signup() does two different kinds of validation:
(1) validation that is more or less technically required by WP, like spaces in usernames, email/login uniqueness, etc.
(2) checks against some admin-set membership restrictions, namely, email domain whitelist (limited_email_domains) and blacklist (is_email_address_unsafe() and banned_email_domains).

The second kind of validation is problematic in the following use case: An MS install might restrict open membership based on email domains, but the admin might occasionally want to make exceptions to the rule and manually create an account. Currently, there are two ways to bypass the built-in checks: to temporarily remove the domain restrictions at Network Admin > Settings, or to filter 'wpmu_validate_user_signup' and remove the error messages.

Having to manually change settings for this purpose is pretty hackish. The filter method works, but my experience (from consulting with a fairly large number of MS network admins) is that this is a pretty common use case, so it seems like it should be supported by default.

So I'm proposing that the domain checks be skipped when is_super_admin(). Patch attached.

Attachments (2)

20459.patch (1.2 KB) - added by boonebgorges 2 years ago.
20459.2.patch (1.3 KB) - added by mordauk 2 months ago.
Check manage_network_users capability instead of is_super_admin()

Download all attachments as: .zip

Change History (4)

boonebgorges2 years ago

comment:1 jeremyfelt3 months ago

  • Component changed from Network Admin to Users
  • Focuses administration added

mordauk2 months ago

Check manage_network_users capability instead of is_super_admin()

comment:2 mordauk2 months ago

I've run into this before as well.

20459.2.patch is a refreshed patch, it also uses ! current_user_can( 'manage_network_users' ) instead of ! is_super_admin().

Note: See TracTickets for help on using tickets.