[wp-trac] [WordPress Trac] #6566: custom-built roles can create administrator users

WordPress Trac wp-trac at lists.automattic.com
Thu Jan 7 09:39:29 UTC 2010


#6566: custom-built roles can create administrator users
--------------------------------+-------------------------------------------
 Reporter:  Denis-de-Bernardy   |        Owner:  anonymous
     Type:  defect (bug)        |       Status:  reopened 
 Priority:  normal              |    Milestone:  3.0      
Component:  Security            |      Version:  2.5      
 Severity:  minor               |   Resolution:           
 Keywords:  capabilities close  |  
--------------------------------+-------------------------------------------
Changes (by dd32):

  * keywords:  capabilities => capabilities close


Comment:

 This is IMO, a wontfix.

 If you wish to have a demo site, with people being able to edit options,
 Then you need to lock certain options down. Its nothing new, You have a
 user that can change security-related then they must be trusted.

 Add a filter to the sanitization hook for that function, and always return
 the old setting. Job done.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/6566#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list