Opened 2 years ago
Closed 4 months ago
#15627 closed defect (bug) (fixed)
wp_insert_user should not assume a default role
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Priority: | low | Milestone: | 3.6 |
| Component: | Users | Version: | 3.1 |
| Severity: | minor | Keywords: | westi-likes has-patch |
| Cc: | daryl@… |
Description
In a MS install, creating new users can add them to the main blog with the default role, resulting in hundreds, thousands, millions of users on that blog. Instead of assuming the default role, a role should be supplied by the calling function if one should be set.
Attachments (1)
Change History (8)
- Keywords 3.2-early added
- Milestone changed from Awaiting Review to Future Release
- Owner set to westi
- Status changed from new to accepted
- Keywords needs-patch westi-likes added; 3.2-early removed
- Priority changed from normal to low
- Severity changed from normal to minor
If this had a patch on it I would consider it for 3.2
Without a patch I am not going to prioritise working on it for now.
I think we need to review all calls to wp_insert_user in core and set the role arg to the value of get_option('default_role')) when appropriate.
Then we can remove:
elseif ( !$update )
$user->set_role(get_option('default_role'));
From the function itself.
- Cc daryl@… added
I'm not clear on the repro for this. When I add a user at the top level of network admin (ie, not from within the user area for a particular blog), the user is associated with no sites. This is evident in both the user list and in wp_usermeta, for which there is no wp_capabilities entry for the user I added. When I add a user to a particular site, he's added to that site only (and not the main blog, unless the site I'm adding him to is the main blog).
I would like to work on this but am not sure how to provoke the bug. I've tried adding users in various ways and so far have not managed to add a user to the default blog without explicitly trying to.
wonderboymusic — 8 months ago
comment:5
wonderboymusic — 8 months ago
- Keywords has-patch added; needs-patch removed
wpmu_create_user() was deleting a user_meta key with no $wpdb->prefix, which is dynamic to boot. My patch deletes the user_meta for capabilities with WP_User::cap_key as the key.
Before:
// Newly created users have no roles or caps until they are added to a blog. delete_user_option( $user_id, 'capabilities' ); delete_user_option( $user_id, 'user_level' );
After:
$user = new WP_User( $user_id ); // Newly created users have no roles or caps until they are added to a blog. delete_user_option( $user_id, $user->cap_key ); delete_user_option( $user_id, 'user_level' );
comment:6
wonderboymusic — 5 months ago
- Milestone changed from Future Release to 3.6
comment:7
markjaquith — 4 months ago
- Resolution set to fixed
- Status changed from accepted to closed
In 23307:
This sounds like a partial vestige of the dashboard blog. 3.1 material?