[wp-trac] [WordPress Trac] #53386: Multisite is_super_admin call during app password validation can lead to infinite loop
WordPress Trac
noreply at wordpress.org
Fri Jun 18 00:09:47 UTC 2021
#53386: Multisite is_super_admin call during app password validation can lead to
infinite loop
------------------------------------------+-----------------------
Reporter: chrisvanpatten | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.9
Component: Users | Version: 5.6
Severity: normal | Resolution:
Keywords: needs-patch needs-unit-tests | Focuses: rest-api
------------------------------------------+-----------------------
Changes (by peterwilsoncc):
* keywords: => needs-patch needs-unit-tests
* version: => 5.6
Comment:
Changing the start if `is_super_admin()` to the following appears to
remove the infinite loop:
{{{#!php
<?php
function is_super_admin( $user_id = false ) {
if ( ! $user_id ) {
$user = wp_get_current_user();
} else {
$user = get_userdata( $user_id );
}
// etc
}
}}}
In #28020 `get_userdata( /* current user ID */ )` started returning the
same user object as `wp_get_current_user()` so there is no need for
`is_super_admin()` to do the same check.
I think it would be good to change `is_super_admin()` to accept a
`WP_User` object non-the-less but given it's possible to fix this without
changing the signature of the function I'd rather take the above approach
on this ticket.
I'll put together a pull request once I've done a little more manual
testing.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/53386#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list