Make WordPress Core

Opened 6 years ago

Last modified 6 years ago

#43390 new defect (bug)

get_super_admins() should not return "admin" by default

Reported by: thomaswm's profile thomaswm Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 3.0
Component: Networks and Sites Keywords: has-patch
Focuses: multisite Cc:


The function get_super_admins(), introduced in [14206], returns an array of users with network admin capabilities. Those are stored in the site_admins network option.

If, for any reason, that network option does not exist, get_super_admins() will return a one-element array containing "admin" instead.

See line 761 in wp-includes/capabilities.php.

return get_site_option( 'site_admins', array('admin') );

This goes back to a time when admin was the default username for the first WordPress user. Since administrators are now discouraged from using admin as a username, get_super_admins() should return an empty array by default:

return get_site_option( 'site_admins', array() );

Attachments (1)

43390.diff (1.2 KB) - added by thomaswm 6 years ago.

Download all attachments as: .zip

Change History (5)

#1 @thomaswm
6 years ago

Just realized that grant_super_admin() and revoke_super_admin() are also affected.

Lines 820 and 867 in wp-includes/capabilities.php both read:

$super_admins = get_site_option( 'site_admins', array( 'admin' ) );

#3 @thomaswm
6 years ago

  • Version set to 3.0

6 years ago


#4 @thomaswm
6 years ago

  • Keywords has-patch added
Note: See TracTickets for help on using tickets.