WordPress.org
Get WordPress

Make WordPress Core

Opened 4 months ago

Last modified 7 weeks ago

#63068 assigned defect (bug)

Administrator Role Changed to "No Roles" Causes Internal Server Error

Reported by: jomonthomaslobo1's profile jomonthomaslobo1 Owned by: audrasjb's profile audrasjb
Milestone: 6.9 Priority: normal
Severity: normal Version:
Component: General Keywords: has-patch dev-feedback has-test-info
Focuses: administration Cc:

Description

Environment Details:
WordPress Version: 6.8 Beta 1
PHP Version: 8.1
Database: MySQL 8.0 / MariaDB 10.5
Web Server: Apache/Nginx
Theme: Twenty Twenty-Four
Plugins Installed: WP Beta Tester

Bug Description:
After upgrading to WordPress 6.8 Beta 1, if the only Administrator user is changed to “No Roles Assigned”, the site crashes with an Internal Server Error (500). This should be handled gracefully and don't allow role change if tehre is only one user.

Expected Behavior

  1. WordPress should prevent removing the last Administrator role.
  2. An error message should be displayed instead of allowing the change.
  3. The system should gracefully handle such role changes instead of causing a site crash.

Actual Behavior
The site crashes immediately after saving the role change.

Steps to Reproduce

  1. Upgrade to WordPress 6.8 Beta 1.
  2. Ensure there is only one administrator account.
  3. Go to Users > All Users, select the administrator account.
  4. Change the role to “No Role for This Site” and save.

Result: The site shows a 500 Internal Server Error,
https://i.ibb.co/ZzjHC12C/Screenshot-From-2025-03-07-00-07-36.png

Attachments (3)

Screenshot From 2025-03-07 00-05-58.png (100.3 KB) - added by jomonthomaslobo1 4 months ago.
Screenshot of error page
before-patch.png (31.4 KB) - added by shailu25 4 months ago.
Before Patch.
after-patch.png (10.8 KB) - added by shailu25 4 months ago.
After Patch.

Download all attachments as: .zip

Change History (22)

@jomonthomaslobo1
4 months ago

Screenshot of error page

#1 @audrasjb
4 months ago

  • Milestone changed from Awaiting Review to 6.8
  • Version set to trunk

#2 @audrasjb
4 months ago

Hmm it appears that the issue was already here in 6.7.2. Therefore, I'm removing trunk version.

#3 @audrasjb
4 months ago

  • Version trunk deleted

This ticket was mentioned in PR #8469 on WordPress/wordpress-develop by @audrasjb.
4 months ago #4

  • Keywords has-patch added

https://core.trac.wordpress.org/ticket/63068

#5 @audrasjb
4 months ago

  • Keywords dev-feedback needs-testing added

Workaround patch to fix this issue: https://github.com/WordPress/wordpress-develop/pull/8469

@johnbillion commented on PR #8469:
4 months ago #6

I don't believe the number of users is the issue. The same thing occurs if you try to change the role of your own admin account on a site where there are other users.

@audrasjb commented on PR #8469:
4 months ago #7

I don't believe the number of users is the issue. The same thing occurs if you try to remove the role of your own admin account on a site where there are other users.

I suspected this but I wanted to propose a first workaround and then investigate a bit more.

@audrasjb commented on PR #8469:
4 months ago #8

I edited the PR to change the conditional: it now checks whether the current user is trying to remove their own role.

#9 @jomonthomaslobo1
4 months ago

@johnbillion Yes. So removing active user role by themselves need to te be tested I think

#10 @shailu25
4 months ago

Test Report

Patch Tested: https://github.com/WordPress/wordpress-develop/pull/8469

Environment:
WordPress - 6.8-beta1
OS - Windows
Browser - Firefox
Theme: Twenty Twenty
PHP - 8.2.12
Active Plugin: None

Actual Results:

  • Issue Resolved With Patch.✅

Screenshots:

  • Added Attachment

@shailu25
4 months ago

Before Patch.

@shailu25
4 months ago

After Patch.

#11 @audrasjb
4 months ago

  • Owner set to audrasjb
  • Status changed from new to assigned

#12 @rishavdutta
4 months ago

Test Report

PR Tested: https://github.com/WordPress/wordpress-develop/pull/8469

Test Environment [Playground]

  • WordPress Version: 6.8beta1
  • OS: macOS
  • Browser Google Chrome
  • WordPress Active Theme: Twenty Twenty-Five
  • Active Plugin: None
  • PHP version: 7.4.31-dev
  • Database Client Version: 3.40.1
  • Database Server Version: 5.5

Test Results

  • Actual Result: Upon updating the role of the only admin account in the site to "No Role for This Site", it leads to a screen similar to white screen of death with an error message "Sorry, you cannot remove your own role.".
  • Expected Result: Upon updating, it should show an error message in the dashboard itself instead of showing error on white screen.

Reference Screenshots: https://drive.google.com/file/d/1NWh3DZ2YPwuEsT4HCKAARinUD7siY7YN/view?usp=drive_link

Last edited 4 months ago by rishavdutta (previous) (diff)

#13 @rishavdutta
4 months ago

  • Keywords has-testing-info added; needs-testing removed

@johnbillion commented on PR #8469:
4 months ago #14

The underlying problem is that there is logic for this already, in https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-admin/users.php#L146-L153, but it only accounts for a user attempting to change their own role to one that doesn't have the promote_users capability. It doesn't account for a user attempting to remove their role.

I think the existing condition should be updated or extended to account for an attempt to remove the role, rather than introducing separate logic prior to iterating the list of users.

#15 @jorbin
4 months ago

#63129 was marked as a duplicate.

This ticket was mentioned in Slack in #core by audrasjb. View the logs.
4 months ago

#17 @audrasjb
4 months ago

  • Milestone changed from 6.8 to 6.9

As per today's bugscrub: The patch still needs some work, let's move it to 6.9.

#18 @wordpressdotorg
2 months ago

  • Keywords has-test-info added; has-testing-info removed
Note: See TracTickets for help on using tickets.