[wp-trac] [WordPress Trac] #46744: Prevent default_role being set to dangerous values

Mon Apr 1 02:30:46 UTC 2019

#46744: Prevent default_role being set to dangerous values
--------------------------------+-----------------------------
 Reporter:  dd32                |      Owner:  (none)
     Type:  enhancement         |     Status:  new
 Priority:  normal              |  Milestone:  Awaiting Review
Component:  Options, Meta APIs  |    Version:
 Severity:  normal              |   Keywords:
  Focuses:                      |
--------------------------------+-----------------------------
 A number of vulnerabilities have occurred in plugins which allow setting
 arbitrary options, similar to #46705 I think it's worth preventing
 `default_role` being set to `administrator` while `users_can_register` is
 enabled.

 I'd suggest it being implemented as a run-time filter on the
 `default_role` value so that plugins can disable the functionality (plus
 some UI magic), but basically:
 {{{
 function filter_default_role( $default_role ) {
   // $users_can_register = ....
   if ( $users_can_register && get_role( $default_role )->has_cap(
 'manage_options' /* or other cap deemed useful, `publish_posts` could also
 be used */ ) ) {
     $default_role = 'subscriber';
   }
   return $default_role;
 }
 }}}

 #46705 may render this invalid, but this would protect against an options-
 overwrite bug having much more impact (where a bot overwrites the above
 values, gets an administrator account, adds PHP to theme files or installs
 malicious plugins, etc).

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/46744>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform