[wp-trac] [WordPress Trac] #43936: Settings: Warn when open registration and new user default is privileged
WordPress Trac
noreply at wordpress.org
Wed Oct 2 09:07:13 UTC 2024
#43936: Settings: Warn when open registration and new user default is privileged
-------------------------------------------------+-------------------------
Reporter: kraftbj | Owner: audrasjb
Type: feature request | Status: accepted
Priority: normal | Milestone: 6.8
Component: Security | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-user-docs needs- | Focuses:
testing changes-requested | administration
-------------------------------------------------+-------------------------
Comment (by benniledl):
@davidbaumwald, do you think it's enough to check if the default_role has
the capability to edit_published_posts?
WordPress recommends assigning the "Author" role (which is the first role
with this capability) only to trusted authors. However, this assumes that
roles haven't been customized to bypass this capability check.
Would it be better to check all capabilities, excluding only those
available to the "Contributor" (an untrusted) role? Here's a reference to
the capabilities assigned to Contributors: WordPress Roles and
Capabilities.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43936#comment:66>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list