From 0bc0b0c917c436b7e48c1f39bee8ced64f69621e Mon Sep 17 00:00:00 2001 From: Jeremy Felt Date: Thu, 9 Jul 2015 16:16:25 +0000 Subject: [PATCH] Do not allow deletion of a super admin user through `wpmu_delete_user()`. In step with the UI provided by `wp-admin/network/users.php`, super admin privileges must be removed before a user can be deleted through the API. Props @johnjamesjacoby, @jeremyfelt. Fixes #32935. Built from https://develop.svn.wordpress.org/trunk@33143 git-svn-id: http://core.svn.wordpress.org/trunk@33114 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/ms.php | 7 +++++++ wp-includes/version.php | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/wp-admin/includes/ms.php b/wp-admin/includes/ms.php index 66fa2a060e..8c6aa48bba 100644 --- a/wp-admin/includes/ms.php +++ b/wp-admin/includes/ms.php @@ -190,6 +190,13 @@ function wpmu_delete_user( $id ) { if ( !$user->exists() ) return false; + + // Global super-administrators are protected, and cannot be deleted. + $_super_admins = get_super_admins(); + if ( in_array( $user->user_login, $_super_admins, true ) ) { + return false; + } + /** * Fires before a user is deleted from the network. * diff --git a/wp-includes/version.php b/wp-includes/version.php index e8bdbe662f..c44230600a 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.3-beta2-33142'; +$wp_version = '4.3-beta2-33143'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.