[wp-trac] [WordPress Trac] #14578: Security issue after plugin deactivation (by accidentally creating administrators)
WordPress Trac
wp-trac at lists.automattic.com
Sun Dec 26 22:28:01 UTC 2010
#14578: Security issue after plugin deactivation (by accidentally creating
administrators)
-----------------------------+------------------------------
Reporter: Ivolution | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Role/Capability | Version: 3.0.1
Severity: major | Resolution:
Keywords: needs-patch |
-----------------------------+------------------------------
Comment (by nacin):
We should probably reverse the results from get_editable_roles() there, so
they are listed in ascending order (for the default roles).
Dion's take definitely makes sense. We could also drop a filter in the
options API to verify the role's existence that way (as roles aren't
always stored in the DB), or just stick an update_option call in options-
general right before the role dropdown. Cheap, but effective here and
elsewhere.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/14578#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list