id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
14578,"Default User Role isn't checked against defined roles, causing unexpected resets to Administrator",Ivolution,garyc40,"Take these steps:

1. Activate a plugin that creates role on activation. For example, it calls ""add_role( 'photo_uploader', 'Photo Uploader', array( 'read') );""[[BR]]
2. In General Settings, set the Default User Role to this new role, 'Photo Uploader'.[[BR]]
3. Deactivate the plugin, removing the roles: ""remove_role( 'photo_uploader');""[[BR]]
4. In General Settings, the Default User Role now displays 'Administrator'. (In the database, it still says 'photo_uploader'.)[[BR]]
5. When creating a new user (as admin), the role dropdown-box now displays 'Administrator' as role for this new user. This new user _will_ have role 'Administrator' if an unsuspecting admin does not explicitly alter the role in the dropdown-box.[[BR]]

This way, an unsuspecting adminstrator might accidentally create new admins for his blog.

I have also tested this for new users registering themselves. Fortunately, they are assigned the role 'None', not 'Administrator'.

Greetings,

Ivo van der Linden[[BR]]
(employee of LaQuSo @ Eindhoven University of Technology)",defect (bug),assigned,normal,Future Release,Role/Capability,3.0.1,major,,has-patch 3.2-early,Ivolution Denis-de-Bernardy