[wp-trac] [WordPress Trac] #43936: Settings: Warn when open registration and new user default is privileged
WordPress Trac
noreply at wordpress.org
Mon Sep 30 18:06:32 UTC 2024
#43936: Settings: Warn when open registration and new user default is privileged
-------------------------------------------------+-------------------------
Reporter: kraftbj | Owner: audrasjb
Type: feature request | Status: accepted
Priority: normal | Milestone: 6.7
Component: Security | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-user-docs needs- | Focuses:
testing changes-requested | administration
-------------------------------------------------+-------------------------
Comment (by davidbaumwald):
Some comments from a recent scrub during 6.7:
@johnbillion I think this would benefit from some additional hardening to
prevent the default_role option getting updated to contain a privileged
value, and a check for a privileged value at the point of user
registration, but it might be able to go in as a first version. Let me
take a look.
@jorbin The patch seems to make assumptions that the default roles haven't
been modified and that there aren't custom roles.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43936#comment:64>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list