Opened 4 years ago
Closed 4 years ago
#46744 closed enhancement (duplicate)
Prevent default_role being set to dangerous values
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Options, Meta APIs | Keywords: | |
Focuses: | Cc: |
Description
A number of vulnerabilities have occurred in plugins which allow setting arbitrary options, similar to #46705 I think it's worth preventing default_role
being set to administrator
while users_can_register
is enabled.
I'd suggest it being implemented as a run-time filter on the default_role
value so that plugins can disable the functionality (plus some UI magic), but basically:
function filter_default_role( $default_role ) { // $users_can_register = .... if ( $users_can_register && get_role( $default_role )->has_cap( 'manage_options' /* or other cap deemed useful, `publish_posts` could also be used */ ) ) { $default_role = 'subscriber'; } return $default_role; }
#46705 may render this invalid, but this would protect against an options-overwrite bug having much more impact (where a bot overwrites the above values, gets an administrator account, adds PHP to theme files or installs malicious plugins, etc).
Change History (2)
Note: See
TracTickets for help on using
tickets.
I'd consider this a duplicate of #43936.