WordPress.org

Make WordPress Core

Opened 4 weeks ago

Last modified 4 weeks ago

#53224 new defect (bug)

Super admin cannot set an application password on a site they're not a member of

Reported by: johnbillion Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 5.6
Component: Application Passwords Keywords: needs-patch good-first-bug
Focuses: multisite Cc:

Description

Steps to reproduce:

  1. Log into a Multisite installation as a Super Admin
  2. Visit the admin area of a site you're not a member of
  3. Visit your profile editing screen on that site (/wp-admin/profile.php)
  4. Try to add an application password
  5. Observe a mystery error message of "Invalid user ID"

This is due to this piece of logic which requires that the user is a member of the current site in order to set an application password.

To fix this, one of the following should be done:

  1. Skip this check for Super Admins and always allow them to add an application password
  2. Improve the error message and direct them to their network admin profile

Change History (1)

#1 @TimothyBlynJacobs
4 weeks ago

  • Keywords good-first-bug added
  • Milestone changed from Awaiting Review to Future Release

Skipping the check for super admins makes sense to me!

Note: See TracTickets for help on using tickets.