Opened 7 years ago
Last modified 7 years ago
#43390 new defect (bug)
get_super_admins() should not return "admin" by default
Reported by: | thomaswm | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 3.0 |
Component: | Networks and Sites | Keywords: | has-patch |
Focuses: | multisite | Cc: |
Description
The function get_super_admins()
, introduced in [14206], returns an array of users with network admin capabilities. Those are stored in the site_admins
network option.
If, for any reason, that network option does not exist, get_super_admins()
will return a one-element array containing "admin" instead.
See line 761 in wp-includes/capabilities.php
.
return get_site_option( 'site_admins', array('admin') );
This goes back to a time when admin
was the default username for the first WordPress user. Since administrators are now discouraged from using admin as a username, get_super_admins()
should return an empty array by default:
return get_site_option( 'site_admins', array() );
Attachments (1)
Change History (5)
Note: See
TracTickets for help on using
tickets.
Just realized that
grant_super_admin()
andrevoke_super_admin()
are also affected.Lines 820 and 867 in
wp-includes/capabilities.php
both read:$super_admins = get_site_option( 'site_admins', array( 'admin' ) );