The MU forums have moved to WordPress.org

Bug Report - Possible Security Concerns ? (2 posts)

  1. mdgross
    Member
    Posted 15 years ago #

    When I create a new blog from the "Site Admin > Blogs > Add A Blog" feature it creates the following user meta....

    21708	5079	wp_89_capabilities	a:1:{s:13:"administrator";b:1;}
    21709	5079	wp_89_user_level		10

    When I navigate to the "Site Admin > Blogs > Edit (blog 89)" and set the newly created admin user to editor the user meta looks like

    21708	5079	wp_89_capabilities	a:1:{s:6:"editor";b:1;}
    21709	5079	wp_89_user_level		10

    Apparently even though the user's role was changed to Editor, the user level stays at 10. According to http://codex.wordpress.org/Roles_and_Capabilities#Editor the editor should only receive 7 access.

    User levels are around for backward compatibility with plug-ins, but to my knowledge do not affect the core WordPress functionality anymore.

  2. tdjcbe
    Member
    Posted 15 years ago #

    Best bet would be to raise the issue on trac:

    http://trac.mu.wordpress.org

    I'm not in a position to verify this though right now. Someone else is going to have to. Maybe a regular wp issue as well.

About this Topic