WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 11 months ago

#23746 closed defect (bug) (fixed)

add_role require string does not check for empty string

Reported by: Kenshino Owned by: chriscct7
Milestone: 4.4 Priority: normal
Severity: normal Version: 3.5
Component: Role/Capability Keywords: has-patch
Focuses: Cc:

Description (last modified by SergeyBiryukov)

<?php add_role( $role, $display_name, $capabilities ); ?>

add_role works with $role as ''.

Perhaps it should check for empty string before allowing it to be added?

Attachments (3)

23746.diff (944 bytes) - added by michielhab 3 years ago.
23746.diff
23746-2.diff (1.1 KB) - added by dannydehaan 3 years ago.
23746-2
23746.3.diff (1.7 KB) - added by MikeHansenMe 11 months ago.

Download all attachments as: .zip

Change History (11)

#1 @Kenshino
3 years ago

Couldn't put single quotes

#2 @SergeyBiryukov
3 years ago

  • Description modified (diff)

@michielhab
3 years ago

23746.diff

#3 @michielhab
3 years ago

  • Cc michielhab added

Added check on $role in function add_role. If empty then return. 23746.diff

#4 @SergeyBiryukov
3 years ago

  • Keywords has-patch added

#5 @dannydehaan
3 years ago

I've made a little change in the patch of Michiel. In his patch in the file wp-includes/capabilities.php:164 the script is checking if $this->roles[$role] isset. After that the script is checking if $role isset. I've switched those 2 if's.

@dannydehaan
3 years ago

23746-2

#6 @chriscct7
11 months ago

  • Keywords needs-refresh added
  • Milestone changed from Awaiting Review to 4.4
  • Owner set to chriscct7
  • Status changed from new to assigned
  • Version changed from 3.5.1 to 3.5

#7 @MikeHansenMe
11 months ago

  • Keywords needs-refresh removed

#8 @wonderboymusic
11 months ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 33967:

Ensure that role is not empty before adding it in add_role() function and methods.

Props MikeHansenMe, dannydehaan, michielhab.
Fixes #23746.

Note: See TracTickets for help on using tickets.