[wp-trac] Re: [WordPress Trac] #10209: user - additional fields / removing unnecessary fields

WordPress Trac wp-trac at lists.automattic.com
Sat Jun 20 20:33:08 GMT 2009

#10209: user - additional fields / removing unnecessary fields
 Reporter:  F J Kaiser                                         |        Owner:                
     Type:  feature request                                    |       Status:  closed        
 Priority:  low                                                |    Milestone:  Future Release
Component:  Users                                              |      Version:  2.7.1         
 Severity:  normal                                             |   Resolution:  wontfix       
 Keywords:  user, additional, field, extra, data, unnecessary  |  
Changes (by thee17):

  * status:  reopened => closed
  * resolution:  => wontfix


 The reason behind what Denis-de-Bernardy said is basically you would want
 to set the fields by Plugin or admin settings and not a generic field as
 you suggest. This is the security problem behind this feature. A
 subscriber has access to this page for their entry, if wp_ is your
 database prefix as is 99% of WordPress installs and user sets the label as
 wp_capabilities and place a:1:{s:13:"administrator";b:1;} in the field
 they just made themselves an administrator.

Ticket URL: <http://core.trac.wordpress.org/ticket/10209#comment:8>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list