[wp-trac] [WordPress Trac] #16297: User admin shouldn't kick in if not multisite
WordPress Trac
wp-trac at lists.automattic.com
Wed Jan 19 07:56:19 UTC 2011
#16297: User admin shouldn't kick in if not multisite
---------------------------+------------------------------------
Reporter: nacin | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.1
Component: Network Admin | Version: 3.1
Severity: normal | Keywords: has-patch dev-feedback
---------------------------+------------------------------------
If a user has no role on a single-site installation (no role for the blog,
shared user tables, etc.), they're redirected to the global dashboard,
which then breaks as it assumes multisite.
It looks like a logic issue in [15746/trunk/wp-login.php], an
`!is_multisite()` that instead should be `is_multisite()`. Changing that
restores 3.0/2.9 behavior, which would be to redirect to profile.php and
then show an error due to insufficient permissions.
It should also be noted that there is no way for such a user to log out,
unless the theme contains a link. This will be solved in part with the
admin bar, but I think these logins should instead be rejected. "No role
for this site" indicates, to me, that the account should be invalid on
that site. This part is future release.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16297>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list