admin bar hidden for super admin

BrightLeaf Digital
(@eitanatbrightleaf)

4 weeks, 1 day ago
Hi, love your plugin. But it hides the admin bar for super admins even though it’s set to show for admins (and correctly does that).-

I asked Claude why (I didn’t have time to confirm or not if this is accurate) and this is what I got.

File: public/class-hide-admin-bar-based-on-user-roles-public.php:188-200

The should_hide_for_user_capability() method has a PHP gotcha with explode():
```
// When hab_capabilities is "" (empty — no caps entered in the Capabilities Blacklist)...
$hab_capabilities = explode(",", "");
// Returns: [""]  ← array with ONE empty-string element, NOT an empty array
```
PHP’s explode(",", "") always returns [""] rather than []. The code then loops over that array and calls:
```
current_user_can("")  // called with an empty string
```
For super admins, WordPress intercepts user_has_cap and grants every capability check — including an empty-string cap — returning true. For regular users, this call returns false because "" isn’t in their allcaps array. That’s why only the super admin is affected.

In the meantime I didn’t touch the plugin code and fixed it with a snippet

<?php
/**
- Fix: “Hide Admin Bar Based On User Roles” incorrectly hides the bar
- for super admins when the Capabilities Blacklist field is empty.
  *
- Root cause: explode(“,”,””) returns [“”], and current_user_can(“”)
- returns true for super admins due to WordPress’s super admin bypass.
  *
- This filter runs after the plugin makes its show_admin_bar(false) call
- and restores visibility for super admins.
  */
  add_filter( ‘show_admin_bar’, function ( $show ) {
  if ( is_super_admin() ) {
  return true;
  }
  return $show;
  }, 20 );

You must be logged in to reply to this topic.