Make WordPress Core

Opened 6 years ago

Last modified 6 years ago

#45879 new defect (bug)

WP_User::set_role() does not remove previous roles

Reported by: fried_eggz's profile fried_eggz Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Role/Capability Keywords:
Focuses: multisite Cc:


If a user has a role that has been removed from WordPress by using remove_role() this role is not removed when using WP_User::set_role() on the user.


remove_role('subscriber') has been used on the install removing the subscriber role from available roles.

A new user is created with wp_create_user()

The new user is automatically assigned the role subscriber (which does not exist)

The new users role is set using WP_User::set_role()

In the database, the usermeta row with capabilities for the new user still contains the subscriber role and the new role is given an index of 1 instead of 0 in the $user->roles array.

Expected result:

WP_User::set_role() should effectively remove all previous roles from the user even if they have been removed from WordPress with remove_role().

Change History (1)

#1 @swissspidy
6 years ago

  • Component changed from General to Role/Capability
  • Focuses multisite added
Note: See TracTickets for help on using tickets.