[wp-trac] [WordPress Trac] #58860: Potential security issue in is_super_admin
WordPress Trac
noreply at wordpress.org
Thu Jul 20 09:51:03 UTC 2023
#58860: Potential security issue in is_super_admin
--------------------------+------------------------------
Reporter: Stachethemes | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Changes (by mukesh27):
* version: 6.2.2 =>
* component: Security => Users
Old description:
> function is_super_admin( $user_id = false ) {
>
> if ( ! $user_id ) {
> $user = wp_get_current_user();
> } else {
> $user = get_userdata( $user_id );
> }
>
> ...
>
> }
>
> If user is logged in as super admin and do
>
> is_super_admin(0);
>
> it will return true;
>
> It would be best to use strict comparison:
>
> function is_super_admin( $user_id = false ) {
>
> if ( false === $user_id ) {
> $user = wp_get_current_user();
> } else {
> $user = get_userdata( $user_id );
> }
>
> ...
>
> }
New description:
{{{
function is_super_admin( $user_id = false ) {
if ( ! $user_id ) {
$user = wp_get_current_user();
} else {
$user = get_userdata( $user_id );
}
...
}
}}}
If user is logged in as super admin and do `is_super_admin(0);` it will
return true;
It would be best to use strict comparison:
{{{
function is_super_admin( $user_id = false ) {
if ( false === $user_id ) {
$user = wp_get_current_user();
} else {
$user = get_userdata( $user_id );
}
...
}
}}}
--
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58860#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list