Make WordPress Core

Opened 2 years ago

Last modified 16 hours ago

#23746 assigned defect (bug)

add_role require string does not check for empty string

Reported by: Kenshino Owned by: chriscct7
Milestone: 4.4 Priority: normal
Severity: normal Version: 3.5
Component: Role/Capability Keywords: needs-refresh has-patch
Focuses: Cc:

Description (last modified by SergeyBiryukov)

<?php add_role( $role, $display_name, $capabilities ); ?>

add_role works with $role as ''.

Perhaps it should check for empty string before allowing it to be added?

Attachments (2)

23746.diff (944 bytes) - added by michielhab 2 years ago.
23746-2.diff (1.1 KB) - added by dannydehaan 2 years ago.

Download all attachments as: .zip

Change History (8)

comment:1 @Kenshino2 years ago

Couldn't put single quotes

comment:2 @SergeyBiryukov2 years ago

  • Description modified (diff)

@michielhab2 years ago


comment:3 @michielhab2 years ago

  • Cc michielhab added

Added check on $role in function add_role. If empty then return. 23746.diff

comment:4 @SergeyBiryukov2 years ago

  • Keywords has-patch added

comment:5 @dannydehaan2 years ago

I've made a little change in the patch of Michiel. In his patch in the file wp-includes/capabilities.php:164 the script is checking if $this->roles[$role] isset. After that the script is checking if $role isset. I've switched those 2 if's.

@dannydehaan2 years ago


comment:6 @chriscct716 hours ago

  • Keywords needs-refresh added
  • Milestone changed from Awaiting Review to 4.4
  • Owner set to chriscct7
  • Status changed from new to assigned
  • Version changed from 3.5.1 to 3.5
Note: See TracTickets for help on using tickets.