WordPress.org

Make WordPress Core

Opened 6 months ago

Closed 4 months ago

#46744 closed enhancement (duplicate)

Prevent default_role being set to dangerous values

Reported by: dd32 Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Options, Meta APIs Keywords:
Focuses: Cc:

Description

A number of vulnerabilities have occurred in plugins which allow setting arbitrary options, similar to #46705 I think it's worth preventing default_role being set to administrator while users_can_register is enabled.

I'd suggest it being implemented as a run-time filter on the default_role value so that plugins can disable the functionality (plus some UI magic), but basically:

function filter_default_role( $default_role ) {
  // $users_can_register = ....
  if ( $users_can_register && get_role( $default_role )->has_cap( 'manage_options' /* or other cap deemed useful, `publish_posts` could also be used */ ) ) {
    $default_role = 'subscriber';
  }
  return $default_role;
}

#46705 may render this invalid, but this would protect against an options-overwrite bug having much more impact (where a bot overwrites the above values, gets an administrator account, adds PHP to theme files or installs malicious plugins, etc).

Change History (2)

#1 @kraftbj
6 months ago

  • Keywords close added

I'd consider this a duplicate of #43936.

#2 @desrosj
4 months ago

  • Keywords close removed
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

I think that's fair, @kraftbj.

@dd32 feel free to reopen if you feel this is inaccurate. Otherwise, please add any additional thoughts to #43936.

Note: See TracTickets for help on using tickets.