Support » Plugin: User Switching » [Plugin: User Switching] Security

Viewing 3 replies - 1 through 3 (of 3 total)
  • Hi again,

    I have done a fix for the issue, in function map_meta_cap(..)


    if ( ( 'switch_to_user' == $cap ) and ( $args[0] == $user_id ) )


    if ( ( 'switch_to_user' == $cap ) and ( ( $args[0] == $user_id ) or ( is_super_admin( $args[0] ) ) ) )


    Plugin Author John Blackbourn


    Hi Gabriel,

    Thanks for the feedback. I cannot reproduce this problem.

    The ‘do_not_allow’ capability in map_meta_cap() only affects super-admins and simply prevents them from switching to themselves. Your fix will prevent super admins switching to other super admins.

    The user_cap_filter() function grants the ‘switch_to_user’ capability to users only if they can edit the user they’re trying to switch to (and if it’s not themselves). Site admins cannot edit super admins, so therefore they’re not granted the ‘switch_to_user’ capability for super admins.

    Are you running a plugin which might be affecting user roles or capabilities?

    Hi John,

    As a matter of fact, I am running some code that is causing the issue.

    I’ll have a look at it to make a fix at the correct place.

    Thanks for your support.


Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘[Plugin: User Switching] Security’ is closed to new replies.