add permission checks to grant/revoke_super_admin(), see #12109, related #12460

git-svn-id: https://develop.svn.wordpress.org/trunk@14011 602fd350-edb4-49c9-b593-d223f7449a82
2010-04-05 22:28:21 +00:00 · 2010-04-05 22:28:21 +00:00 · 4b543dbc76
parent 72e9f66ed4
commit 4b543dbc76
1 changed files with 13 additions and 0 deletions
--- a/wp-admin/includes/ms.php
+++ b/wp-admin/includes/ms.php
@ -807,6 +807,11 @@ function _admin_notice_multisite_activate_plugins_page() {
 * @param $user_id
 */
 function grant_super_admin( $user_id ) {
+	global $current_user;
+
+	if ( $current_user->ID == $user_id || !current_user_can( 'manage_network_options' ) )
+		return;
+
 	$super_admins = get_site_option( 'site_admins', array( 'admin' ) );

 	$user = new WP_User( $user_id );
@ -823,7 +828,15 @@ function grant_super_admin( $user_id ) {
 * @param $user_id
 */
 function revoke_super_admin( $user_id ) {
+	global $current_user;
+
+	if ( $current_user->ID == $user_id || !current_user_can( 'manage_network_options' ) )
+		return;
+
 	$super_admins = get_site_option( 'site_admins', array( 'admin' ) );
+	if ( count( $super_admins ) < 2 )
+		return;
+
 	$admin_email = get_site_option( 'admin_email' );
 	
 	$user = new WP_User( $user_id );