[wp-trac] [WordPress Trac] #43936: Settings: Warn when open registration and new user default is privileged
WordPress Trac
noreply at wordpress.org
Tue Dec 10 18:54:09 UTC 2019
#43936: Settings: Warn when open registration and new user default is privileged
-------------------------------------+-----------------------------
Reporter: kraftbj | Owner: SergeyBiryukov
Type: defect (bug) | Status: reviewing
Priority: normal | Milestone: 5.4
Component: Users | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-refresh | Focuses: administration
-------------------------------------+-----------------------------
Comment (by ottok):
> 2. The `update_option()` call to update the value for `default_role`
(saving).
This would not protect against the SQL injections I referred to. I was
thinking of making a patch that affects fetching the option from the
database, and if the database value is 'administrator', the code would
ignore that value and return 'subscriber' instead.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43936#comment:16>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list