WordPress.org

Make WordPress Core

Opened 9 years ago

Closed 9 years ago

#11781 closed defect (bug) (fixed)

there is potential for odd behavior in two queries in ms-edit.php

Reported by: Denis-de-Bernardy Owned by:
Milestone: 3.0 Priority: normal
Severity: normal Version: 3.0
Component: Multisite Keywords: has-patch
Focuses: Cc:

Description

there are two queries in the file that manually insert serialized data in the database:

'a:1:{s:" . strlen( $role ) . ":\"" . $role . "\";b:1;}')"

considering #9663 and the fact that the part of php isn't always mb_string safe, we ought to use the serialize() function instead (or better yet, the API).

Attachments (1)

11781.diff (1.4 KB) - added by Denis-de-Bernardy 9 years ago.

Download all attachments as: .zip

Change History (7)

#1 @Denis-de-Bernardy
9 years ago

  • Keywords has-patch added

#2 @hakre
9 years ago

Reviewed, patch OK imho, please commit, this should be handeled properly, the earlier, the better.

#3 @wpmuguru
9 years ago

There will be another one of these in user-edit.php when I merge in the MU code.

#4 @ryan
9 years ago

(In [12770]) Use API to set the user's role. see #11781

#5 @ryan
9 years ago

Hacked in a means of using the WP_User::set_role() API. We need a means of setting the blog we want to get the caps for so we can lose the _init_caps() hack. WP_User::for_blog() or the like.

#6 @ryan
9 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [12796]) Introduce WP_User::for_blog() and current_user_can_for_blog() to avoid calls to WP_User::_init_caps(). fixes #11781

Note: See TracTickets for help on using tickets.