[wp-hackers] "commenter" user role
john.wp at onolan.org
Mon Mar 8 02:05:58 UTC 2010
I'm afraid I don't agree with that at all - a user is not a type of
content... that's taking the content type abstraction to a whole new
However you did make one excellent point that a lot of people have
been confusing over the last few days:
"You are unnecessarily conflating "has a record in wp_users" with
"having registered as a user." Commenters would not be registered
users, they would have a record in the wp_users table, nothing more."
On 8 Mar 2010, at 00:17, Mike Schinkel wrote:
> On Mar 7, 2010, at 2:34 PM, Stephen Rider wrote:
>> The more security conscious admin right now (generally speaking)
>> does *not* let outsiders register at all -- unless they have
>> specific reason to allow it.
> You are unnecessarily conflating "has a record in wp_users" with
> "having registered as a user." Commenters would not be registered
> users, they would have a record in the wp_users table, nothing more.
>> The main security concern regarding making all commenters into
>> users is that being a user -- of any type -- is a point of access
>> to the system and a significant step toward hacking the site.
>> Several times in the past a vulnerability in WP has come up related
>> to Subscribers being able to elevate their own privileges.
> So, as I've said, but additional checks in that disallow commenters
> from logging in. The problem with elevation of privilege is that you
> let them login at all; put multiple checks in place to ensure they
> can't login then this becomes a non-issue.
>> It's not superstition and it's not some emotional flight of fancy.
>> When the user elevation bugs cropped up in the past, I'm pretty
>> sure they only applied to sites that actually *allowed* users to
>> That's not superstition, that's historical fact. Had all
>> commenters been Users at the time, those vulnerabilities would have
>> applied to any blog with comments. It's a legitimate concern.
> Please address how incorporating multiple checks doesn't resolve the
> Anyway, it's becoming clear to me that this issue is becoming much
> like a conservative debating a liberal or vice versa; both sides
> have their perspective and both sides are intractable.
> So as I was replying a solution occurred to me that I think will
> solve almost everyone's issues, especially those that are concerned
> with security.
> -- Add a "person" post type into WordPress core.
> -- Create a taxonomy called "person-role"
> -- Add commenters as posts of post type "person" with a "person-
> type" of "commenter"
> -- Create and maintain a parallel record of post type "person" for
> each user in the wp_users database.
> -- Set with a "person-type" to "user" for records of post type
> "person" that are associated with a wp_user.
> -- Use wp_users and wp_usermeta only for things related to login and
> user capabilities.
> -- Use wp_post_meta for things like Twitter Screen name, Bio, Photo,
> This would solve a myriad of problems. First, it would "harden" the
> security by making wp_users/wp_usermeta totally focused on security
> and role management; essentially wp_users conceptually becomes
> "wp_logins." It would make wp_posts and wp_post_meta focused on
> personal, demographic and activity information. This make it easy
> to have pages for every person on the site and a whole bunch of
> other things I can envision but I hope you won't need me to explain
> (I've already typed too much this weekend.)
>>> I was proposing to consider using wp_posts with a post_type of
>>> 'user' instead of wp_users. In the case where we keep wp_users and
>>> also created a record of wp_posts with a post_type of 'user', they
>>> are parallel. It seems a binary option; how is it not?
>> I hope I'm misunderstanding you, because this makes absolutely no
>> sense. Whether a commenter is a User is one discussion, but are
>> you really suggesting that we define people as a type of POST???
> Absolutely, 100% YES.
>> That sounds like a very bad, not to mention arbitrary and
>> confusing, idea. As somebody else commented, this sounds a lot
>> like the Drupal "everything is a node" paradigm. Can't say I'm a
> It's not arbitrary of confusing to me at all. I'm working on a site
> for a conference right now (a WordPress conference, actually) and it
> would be a lot easier if users were a post type.
>> Think of the web site rule of separation: "HTML for structure, CSS
>> different purposes. The Posts table is for site content. Users
>> table for users. Options table for Options, and so on.
> People *are* content. Think of a Facebook page as an example:
> Photos, URLs (Twitter, Facebook, LinkedIn, etc.), Bios, etc. etc.
> Hopefully but proposing what I did above you can see it differently
>> Philosophically speaking, I actually like the idea of commenters
>> being "Users". My opposition to it is pragmatic. People -- actual
>> people -- are a unique element in a site, because they have minds
>> and motives. The text of a post is never going to spontaneously
>> decide it want to hack my site. A person might, and thus people
>> have to be treated a bit differently.
> My latest proposal rectifies that.
>> Personally I prefer my commenters to be "non-entities" as far as
>> the code is concerned. I value their input, but they don't exist
>> in terms of code, or what Users can and can't do in the system.
> If you value their input then I assume you'd want a page where you
> can see all their comments vs. only seeing their comments littered
> around the posts. This latest proposal addresses that.
> On Mar 7, 2010, at 2:55 PM, Stephen Rider wrote:
>>> BTW, since you're adamant against storing structure in wp_posts,
>>> what are
>>> your thoughts on how the new menu system stores its data?
>> I guest the question to me becomes: Why are we so afraid to add to
>> the database when appropriate?
> For me it's not fear to add to the database, it's a desire to use
> what gives more appropriate functionality.
> Personally, the menu items are the things I'd least like to see in
> wp_posts. I'd far prefer to see people and comments in wp_posts.
>> That being said, others on this list are probably more experienced
>> coders than I am. But perhaps that in itself speaks to the danger
>> of getting **too close** to the code so that it becomes difficult
>> to step back and see it from the perspective of someone approaching
>> it as new. The more it's all abstracted, the harder it is to learn
>> and work with. Just because we're all so close to it, we may make
>> it easier for us but make it a lot harder for new people to
>> approach it.
> True, but I don't think this would take us there.
>> I found WP *extremely* approachable when I was new to it, whereas
>> having to work with Drupal ("everything's a Node!") is frustrating
>> and confusing.
> Drupal is frustrating because of its lack of focus on admin
> usability and because it maintains control of HTML assembly;
> WordPress has neither of those problems. (I worked with Drupal for
> 2 years before moving to WordPress and leaving Drupal behind.)
> Drupal has focused on genericity in the admin UI; WordPress doesn't
> fall into that trap. Take the menu designer in WP 3.0 for example.
> Nowhere does the admin ever see that menu items are stored in the
> wp_posts table. If it were Drupal, it'd be listed in the node types.
> Don't assume improving the architecture forces us to bring along the
> same problems that other platforms have; the two can be separated.
>> I'd rather separate the tables and abstract the functions a bit
>> more (with wrapper functions as needed for both clarity and ease of
>> use). For a prime example of that I can point to the
>> get_file_data() function that I submitted to WP 2.9 -- now used by
>> both get_plugin_data and get_theme_data. We could abstract the
>> functions to deal with different tables if necessary, and wrap them
>> in seemingly table-specific functions
> I agree that we should separate things when separation makes sense.
> However, we *should* consider putting in wp_posts table if *even a
> few* of the following add value for the use case:
> -- Having a title/body editor for the item has value
> -- Having status workflow for the item has value
> -- Having visibility control for the item has value
> -- Having visibility control for the item has value
> -- Having revisions for the item would be valuable
> -- Having trash/delete management for the item would be valuable
> -- Having ability to schedule publish date/time would be valuable
> -- Having a web page of content about the item would be valuable
> -- Having ability to define a template for the content page would be
> -- Having ability to set another content type as a parent of the
> item would be valuable
> -- Having ability to reference the item in a menu with a menu
> orderwould be valuable
> -- Having category-like terms associated with the item would be
> -- Having tag-like terms associated with the item would be valuable
> -- Having comments associated with the item would be valuable
> -- Having custom fields (meta) associated with the item would be
> -- Having images associated with the item would be valuable
> -- Having easy URL routing for the item in the form /item-type/%item-
> name%/ would have value
> -- Having an admin menu section for adding and editing would have
> -- Having plugins that support custom content types would add
> valuable additional functionality "for free."
> FWIW, that's a pretty long list. I can see many of those things
> being valuable related to people and hence why a person post type in
> parallel with wp_users and to include commenters makes tons of sense.
> OTOH, I'm not certain that menu items really benefit from being
> there (though maybe they do.)
> On Mar 6, 2010, at 11:17 PM, Ptah Dunbar wrote:
>> I raised that issue about core post types not using the show_ui
>> argument so if one decides to remove them, Posts, Pages, and Media
>> would disappear from the UI.
>> Outside of that, I disagree that the core post types are really
>> that hardcoded into WP; and if so, then that's probably a bug which
>> you should file a new ticket for.
> You are missing the point. It's not weather or not they are too
> hardcoded, it's the fact that without being able to remove them few
> people are ever going to test the edge cases. If they are removable
> then its much more likely the edge cases will get tested.
> Its a concern over resultant process and not of the specifics of
> post being hardcoded.
>>> By having (previously) "core" functionality like "Posts" and
>>> "Comments" in canonical plugins those broken edge cases are much
>>> more likely to be worked out by the core dev team instead of
>>> individually by everyone who needs it and has the resources to
>>> work on it.
>> I'm -1 on canonicalizing "Posts" and "Comments" but I am +1 on
>> removing any hardcoded references to them in core.
> Without the former you'll never be able to ensure the latter.
> Why would you have an issue with them being default canonical
> plugins? I can't see any downside to that.
>> Again, version 3.0 decouples a lot of the default posts types
>> (posts and pages) as well as taxonomies (cats and tags) so if you
>> find anything that current still is hardcoded, get it reported so
>> it can be patched.
> Many bugs won't be found until decoupling it's easy for anyone to do.
> On Mar 6, 2010, at 11:52 PM, Ptah Dunbar wrote:
>> The posts table is more like a content types table. But yeah that
>> goes back to the teenager reference. WP needs better semantics :)
> Nah, we just need to get comfortable with the semantics we have.
> On Mar 7, 2010, at 12:18 AM, Scott Kingsley Clark wrote:
>> We definitely agree there! I just think it's funny is all.. Oh,
>> wouldn't it be great if "post" (blog reference ftw) wasn't the term
>> for content in WP? LOL.
> My experience with Drupal, which refers to nodes as "content" in the
> admin is just as confusing a "post." At least we don't have two
> terms (Drupal = node & content, WP = just post)
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers