WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 3 years ago

#17775 closed defect (bug) (fixed)

Possible invalid user roles count with similarly named roles

Reported by: layotte Owned by:
Milestone: 3.4 Priority: normal
Severity: minor Version: 3.1.3
Component: Users Keywords: has-patch
Focuses: Cc:

Description

How to replicate: Create a user role named "custom_administrator", add users to this role. Role count in /wp-admin/users.php for the "Administrator" role will include the users in the "custom_administrator" role.

Currently line 852 of /wp-includes/users.php counts the roles with this line:

$select_count[] = "COUNT(NULLIF(`meta_value` LIKE '%" . like_escape($this_role) . "%', FALSE))";

Lines in DB look like this:

a:1:{s:13:"administrator";s:1:"1";}
a:1:{s:20:"custom_administrator";s:1:"1";}

Patch for users.php attached, to this:

$select_count[] = "COUNT(NULLIF(`meta_value` LIKE '%\"" . like_escape($this_role) . "\"%', FALSE))";

Attachments (1)

users.php.patch (582 bytes) - added by layotte 4 years ago.

Download all attachments as: .zip

Change History (3)

@layotte4 years ago

comment:2 @coffee2code3 years ago

  • Keywords needs-testing removed
  • Milestone changed from Awaiting Review to 3.4
  • Resolution set to fixed
  • Status changed from new to closed
  • Version set to 3.1.3

Fixed in [19735].

Note: See TracTickets for help on using tickets.