Opened 17 months ago
Last modified 17 months ago
#58860 new defect (bug)
Potential security issue in is_super_admin
Reported by: | Stachethemes | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Users | Keywords: | has-patch |
Focuses: | Cc: |
Description (last modified by )
function is_super_admin( $user_id = false ) { if ( ! $user_id ) { $user = wp_get_current_user(); } else { $user = get_userdata( $user_id ); } ... }
If user is logged in as super admin and do is_super_admin(0);
it will return true;
It would be best to use strict comparison:
function is_super_admin( $user_id = false ) { if ( false === $user_id ) { $user = wp_get_current_user(); } else { $user = get_userdata( $user_id ); } ... }
Attachments (1)
Change History (3)
Note: See
TracTickets for help on using
tickets.
Adding strict comparison for checking the user_id
Trac ticket: https://core.trac.wordpress.org/ticket/58860