WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 8 months ago

#18186 closed defect (bug) (fixed)

Default registration assumptions in WP Multisite

Reported by: terryjsmith Owned by: nacin
Milestone: 3.7 Priority: normal
Severity: normal Version: 3.2.1
Component: Multisite Keywords: has-patch commit
Focuses: Cc:

Description

By default, when you create a new site, it does not set the "registration" site meta key. However, in wp-signup.php by default it assumes it to "all" and allows users and sites to be created (line 381):

// Main
$active_signup = get_site_option( 'registration' );
if ( !$active_signup )
        $active_signup = 'all';

However, in the network settings page, by default it sets it to none (line 75):

if ( !get_site_option( 'registration' ) )
        update_site_option( 'registration', 'none' );

With the new simple flow from a standalone to multi-site installation, new blogs should likely have it set to none by default or it should be an option during set up.

Props to leenewton for discovery.

Attachments (2)

18186.diff (514 bytes) - added by wpmuguru 16 months ago.
18186.2.diff (526 bytes) - added by jeremyfelt 8 months ago.

Download all attachments as: .zip

Change History (9)

comment:1 terryjsmith3 years ago

  • Component changed from General to Security
  • Severity changed from major to normal

comment:2 follow-up: nacin19 months ago

  • Component changed from Security to Multisite

populate_network () does indeed set registration => none. I seem to recall that registration was on by default in MU — perhaps this is some code dating back to then?

comment:3 in reply to: ↑ 2 wpmuguru17 months ago

Replying to nacin:

populate_network () does indeed set registration => none. I seem to recall that registration was on by default in MU — perhaps this is some code dating back to then?

I believe that the default in wp-signup.php was to address the potential where the row had been deleted from the sitemeta table. Changing the default to 'none' in wp-signup.php would be fine.

wpmuguru16 months ago

comment:4 wpmuguru16 months ago

  • Keywords has-patch added
  • Milestone changed from Awaiting Review to 3.6

Moving to 3.6 for review.

comment:5 ryan11 months ago

  • Milestone changed from 3.6 to Future Release

jeremyfelt8 months ago

comment:6 jeremyfelt8 months ago

  • Keywords commit added
  • Milestone changed from Future Release to 3.7

18186.2.diff is refreshed against trunk.

comment:7 nacin8 months ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In 25112:

Have wp-signup.php match the proper default for the 'registration' network option.

props wpmuguru.
fixes #18186.

Note: See TracTickets for help on using tickets.