[wp-trac] [WordPress Trac] #43936: Settings: Warn when open registration and new user default is privileged
WordPress Trac
noreply at wordpress.org
Mon Nov 25 10:54:30 UTC 2019
#43936: Settings: Warn when open registration and new user default is privileged
--------------------------+------------------------------
Reporter: kraftbj | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses: administration
--------------------------+------------------------------
Comment (by ottok):
I think that both this and #46744 would best be solved by completely
preventing the default_role from having the values for 'administrator' and
'editor'. If the database has either of these values, it should just be
ignored.
This would categorically fix a whole category of SQL injections that use
this trick get admin access to the site. See for example
https://www.slideshare.net/ottokekalainen/how-to-investigate-and-recover-
from-a-security-breach-in-wordpress#29
I am willing to write the patch + unit tests to make sure that if the
database has either of these values, it would be ignored, and that in the
UI admins can't set the setting to the forbidden values.
I don't see any valid use cases to allow all users to have admin or editor
role by default. It is very easy to make a new user with specifically this
user role, there is no need to have extra automation to facilitate this
and at the same time open a gaping security hole. The trade-off to me is
clear: block these dangerous values and let users set user roles in other
ways.
Do you agree? Do you want me to write the patch? Would somebody sponsor
putting it in then?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43936#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list