Make WordPress Core

Opened 13 years ago

Closed 11 years ago

#18186 closed defect (bug) (fixed)

Default registration assumptions in WP Multisite

Reported by: terryjsmith's profile terryjsmith Owned by: nacin's profile nacin
Milestone: 3.7 Priority: normal
Severity: normal Version: 3.2.1
Component: Multisite Keywords: has-patch commit
Focuses: Cc:

Description

By default, when you create a new site, it does not set the "registration" site meta key. However, in wp-signup.php by default it assumes it to "all" and allows users and sites to be created (line 381):

// Main
$active_signup = get_site_option( 'registration' );
if ( !$active_signup )
        $active_signup = 'all';

However, in the network settings page, by default it sets it to none (line 75):

if ( !get_site_option( 'registration' ) )
        update_site_option( 'registration', 'none' );

With the new simple flow from a standalone to multi-site installation, new blogs should likely have it set to none by default or it should be an option during set up.

Props to leenewton for discovery.

Attachments (2)

18186.diff (514 bytes) - added by wpmuguru 12 years ago.
18186.2.diff (526 bytes) - added by jeremyfelt 11 years ago.

Download all attachments as: .zip

Change History (9)

#1 @terryjsmith
13 years ago

  • Component changed from General to Security
  • Severity changed from major to normal

#2 follow-up: @nacin
12 years ago

  • Component changed from Security to Multisite

populate_network () does indeed set registration => none. I seem to recall that registration was on by default in MU — perhaps this is some code dating back to then?

#3 in reply to: ↑ 2 @wpmuguru
12 years ago

Replying to nacin:

populate_network () does indeed set registration => none. I seem to recall that registration was on by default in MU — perhaps this is some code dating back to then?

I believe that the default in wp-signup.php was to address the potential where the row had been deleted from the sitemeta table. Changing the default to 'none' in wp-signup.php would be fine.

@wpmuguru
12 years ago

#4 @wpmuguru
12 years ago

  • Keywords has-patch added
  • Milestone changed from Awaiting Review to 3.6

Moving to 3.6 for review.

#5 @ryan
12 years ago

  • Milestone changed from 3.6 to Future Release

@jeremyfelt
11 years ago

#6 @jeremyfelt
11 years ago

  • Keywords commit added
  • Milestone changed from Future Release to 3.7

18186.2.diff is refreshed against trunk.

#7 @nacin
11 years ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In 25112:

Have wp-signup.php match the proper default for the 'registration' network option.

props wpmuguru.
fixes #18186.

Note: See TracTickets for help on using tickets.