[wp-trac] [WordPress Trac] #37616: Replace `is_super_admin()` calls with real capability checks

WordPress Trac noreply at wordpress.org
Wed Nov 23 19:11:25 UTC 2016 

#37616: Replace `is_super_admin()` calls with real capability checks
-----------------------------+------------------------
 Reporter:  flixos90         |       Owner:
     Type:  task (blessed)   |      Status:  reviewing
 Priority:  normal           |   Milestone:  4.8
Component:  Role/Capability  |     Version:
 Severity:  normal           |  Resolution:
 Keywords:  needs-patch      |     Focuses:  multisite
-----------------------------+------------------------

Comment (by flixos90):

 Results from today's meeting (continues the above comment):

 * Ticket 6: replace 2 checks with `current_user_can( 'manage_network' )`
 in `wp-includes/option.php`
 * Ticket 7: replace 1 check with `current_user_can( 'manage_network' )` in
 `wp-signup.php`; in addition, change the message string to `Greetings
 Network Administrator! The network currently allows “%s”
 registrations. To change or disable registration go to your <a
 href="%s">Options page</a>.` and the `$i18n['blog']` string to `site` to
 match current naming conventions
 * Ticket 8: replace 2 checks with `current_user_can(
 'manage_network_options' )` in `wp-admin/options.php` (lines 77 and 163)
 * Ticket 9: replace 2 checks with `current_user_can(
 'manage_network_users' )` in `wp-admin/includes/ajax-actions.php` and `wp-
 admin/user-new.php` (line 228)
 * Ticket 10: replace 2 checks with `current_user_can(
 'manage_network_users' )` in `wp-admin/user-new.php` (lines 40 and 316)
 * Ticket 11: remove 1 check in `wp-admin/user-new.php` (line 66): it's not
 necessary and might even be considered a bug (right now, when adding a
 network administrator who's already on the site, that user is still
 invited again which makes no sense); the `$username != null` check might
 be removed as well, but that should be discussed on another ticket

 The review will continue (starting with the occurrence in `wp-
 admin/users.php`) during the next multisite office hours (Tuesday 17:00
 UTC).

--
Ticket URL: <https://core.trac.wordpress.org/ticket/37616#comment:26>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list