WordPress.org

Make WordPress Core

Opened 2 years ago

Last modified 20 months ago

#23746 new defect (bug)

add_role require string does not check for empty string

Reported by: Kenshino Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 3.5.1
Component: Role/Capability Keywords: has-patch
Focuses: Cc:

Description (last modified by SergeyBiryukov)

<?php add_role( $role, $display_name, $capabilities ); ?>

add_role works with $role as ''.

Perhaps it should check for empty string before allowing it to be added?

Attachments (2)

23746.diff (944 bytes) - added by michielhab 2 years ago.
23746.diff
23746-2.diff (1.1 KB) - added by dannydehaan 20 months ago.
23746-2

Download all attachments as: .zip

Change History (7)

comment:1 @Kenshino2 years ago

Couldn't put single quotes

comment:2 @SergeyBiryukov2 years ago

  • Description modified (diff)

@michielhab2 years ago

23746.diff

comment:3 @michielhab2 years ago

  • Cc michielhab added

Added check on $role in function add_role. If empty then return. 23746.diff

comment:4 @SergeyBiryukov2 years ago

  • Keywords has-patch added

comment:5 @dannydehaan20 months ago

I've made a little change in the patch of Michiel. In his patch in the file wp-includes/capabilities.php:164 the script is checking if $this->roles[$role] isset. After that the script is checking if $role isset. I've switched those 2 if's.

@dannydehaan20 months ago

23746-2

Note: See TracTickets for help on using tickets.