Opened 6 years ago
Last modified 6 years ago
#45879 new defect (bug)
WP_User::set_role() does not remove previous roles
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | |
| Component: | Role/Capability | Keywords: | |
| Focuses: | multisite | Cc: |
Description
If a user has a role that has been removed from WordPress by using remove_role() this role is not removed when using WP_User::set_role() on the user.
Example:
remove_role('subscriber') has been used on the install removing the subscriber role from available roles.
A new user is created with wp_create_user()
The new user is automatically assigned the role subscriber (which does not exist)
The new users role is set using WP_User::set_role()
In the database, the usermeta row with capabilities for the new user still contains the subscriber role and the new role is given an index of 1 instead of 0 in the $user->roles array.
Expected result:
WP_User::set_role() should effectively remove all previous roles from the user even if they have been removed from WordPress with remove_role().