[wp-trac] Re: [WordPress Trac] #10209: user - additional fields /
removing unnecessary fields
WordPress Trac
wp-trac at lists.automattic.com
Sat Jun 20 20:33:08 GMT 2009
#10209: user - additional fields / removing unnecessary fields
---------------------------------------------------------------+------------
Reporter: F J Kaiser | Owner:
Type: feature request | Status: closed
Priority: low | Milestone: Future Release
Component: Users | Version: 2.7.1
Severity: normal | Resolution: wontfix
Keywords: user, additional, field, extra, data, unnecessary |
---------------------------------------------------------------+------------
Changes (by thee17):
* status: reopened => closed
* resolution: => wontfix
Comment:
The reason behind what Denis-de-Bernardy said is basically you would want
to set the fields by Plugin or admin settings and not a generic field as
you suggest. This is the security problem behind this feature. A
subscriber has access to this page for their entry, if wp_ is your
database prefix as is 99% of WordPress installs and user sets the label as
wp_capabilities and place a:1:{s:13:"administrator";b:1;} in the field
they just made themselves an administrator.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10209#comment:8>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list