[wp-trac] [WordPress Trac] #6566: custom-built roles can create administrator users
WordPress Trac
wp-trac at lists.automattic.com
Thu Jan 7 09:39:29 UTC 2010
#6566: custom-built roles can create administrator users
--------------------------------+-------------------------------------------
Reporter: Denis-de-Bernardy | Owner: anonymous
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 3.0
Component: Security | Version: 2.5
Severity: minor | Resolution:
Keywords: capabilities close |
--------------------------------+-------------------------------------------
Changes (by dd32):
* keywords: capabilities => capabilities close
Comment:
This is IMO, a wontfix.
If you wish to have a demo site, with people being able to edit options,
Then you need to lock certain options down. Its nothing new, You have a
user that can change security-related then they must be trusted.
Add a filter to the sanitization hook for that function, and always return
the old setting. Job done.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/6566#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list