[wp-trac] [WordPress Trac] #45879: WP_User::set_role() does not remove previous roles

WordPress Trac noreply at wordpress.org
Wed Jan 9 14:28:45 UTC 2019


#45879: WP_User::set_role() does not remove previous roles
--------------------------+-----------------------------
 Reporter:  fried_eggz    |      Owner:  (none)
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  General       |    Version:
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 If a user has a role that has been removed from WordPress by using
 remove_role() this role is not removed when using WP_User::set_role() on
 the user.

 Example:

 remove_role('subscriber') has been used on the install removing the
 subscriber role from available roles.

 A new user is created with wp_create_user()

 The new user is automatically assigned the role subscriber (which does not
 exist)

 The new users role is set using WP_User::set_role()

 In the database, the usermeta row with capabilities for the new user still
 contains the subscriber role and the new role is given an index of 1
 instead of 0 in the $user->roles array.

 Expected result:

 WP_User::set_role() should effectively remove all previous roles from the
 user even if they have been removed from WordPress with remove_role().

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/45879>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list