id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
14578	Default User Role isn't checked against defined roles, causing unexpected resets to Administrator	Ivolution	garyc40	"Take these steps:

1. Activate a plugin that creates role on activation. For example, it calls ""add_role( 'photo_uploader', 'Photo Uploader', array( 'read') );""[[BR]]
2. In General Settings, set the Default User Role to this new role, 'Photo Uploader'.[[BR]]
3. Deactivate the plugin, removing the roles: ""remove_role( 'photo_uploader');""[[BR]]
4. In General Settings, the Default User Role now displays 'Administrator'. (In the database, it still says 'photo_uploader'.)[[BR]]
5. When creating a new user (as admin), the role dropdown-box now displays 'Administrator' as role for this new user. This new user _will_ have role 'Administrator' if an unsuspecting admin does not explicitly alter the role in the dropdown-box.[[BR]]

This way, an unsuspecting adminstrator might accidentally create new admins for his blog.

I have also tested this for new users registering themselves. Fortunately, they are assigned the role 'None', not 'Administrator'.

Greetings,

Ivo van der Linden[[BR]]
(employee of LaQuSo @ Eindhoven University of Technology)"	defect (bug)	assigned	normal	3.6	Role/Capability	3.0.1	major		has-patch 3.2-early	Ivolution Denis-de-Bernardy