Administration: Warn when open registration and new user default is privileged.

Previously, WordPress allowed site owners to open registration AND to set the default new user level to "Administrator" or "Editor". While this combination may make sense for some sites, this is genrally a really really bad idea.

With this changeset:
- Administrator and Editor roles are now removed from the new user default role selector in the General Options admin screen.
- If such a role was selected before, an alert is shown in Site Health.
- A new filter is introduced: `default_role_dropdown_excluded_roles` allows developers to change the default excluded roles in the dropdown.

Props kraftbj, subrataemfluence, roytanck, dd32, ottok, jrf, eatingrules, verygoode, generosus, stevejburge, arunu1996, benniledl, audrasjb, mukesh27, swissspidy, Mte90, zodiac1978, pooja1210, davidbaumwald, johnbillion, jorbin, SirLouen, oglekler, kirasong, shailu25, huzaifaalmesbah, jsmansart.
Fixes #43936.



git-svn-id: https://develop.svn.wordpress.org/trunk@61687 602fd350-edb4-49c9-b593-d223f7449a82

Author: audrasjb

src/wp-admin/includes/class-wp-site-health.php

@@ -1882,6 +1882,42 @@ public function get_test_available_updates_disk_space() {
 		return $result;
 	}
 
+	/**
+	 * Tests if registration is open to everyone and the default role is privileged.
+	 *
+	 * @since 7.0.0
+	 *
+	 * @return array The test results.
+	 */
+	public function get_test_insecure_registration() {
+		$users_can_register = get_option( 'users_can_register' );
+		$default_role       = get_option( 'default_role' );
+
+		$result = array(
+			'label'       => __( 'Open Registration with privileged default role' ),
+			'status'      => 'good',
+			'badge'       => array(
+				'label' => __( 'Security' ),
+				'color' => 'blue',
+			),
+			'description' => '<p>' . __( 'The combination of open registration setting and the default user role may lead to security issues.' ) . '</p>',
+			'actions'     => '',
+			'test'        => 'insecure_registration',
+		);
+
+		if ( $users_can_register && in_array( $default_role, array( 'editor', 'administrator' ), true ) ) {
+			$result['description'] = __( 'Registration is open to anyone, and the default role is set to a privileged role.' );
+			$result['status']      = 'critical';
+			$result['actions']     = sprintf(
+				'<p><a href="%s">%s</a></p>',
+				esc_url( admin_url( 'options-general.php' ) ),
+				__( 'Change these settings' )
+			);
+		}
+
+		return $result;
+	}
+
 	/**
 	 * Tests if plugin and theme temporary backup directories are writable or can be created.
 	 *
@@ -2889,6 +2925,10 @@ public static function get_tests() {
 					'label' => __( 'Autoloaded options' ),
 					'test'  => 'autoloaded_options',
 				),
+				'insecure_registration'        => array(
+					'label' => __( 'Open Registration with privileged default role' ),
+					'test'  => 'insecure_registration',
+				),
 				'search_engine_visibility'     => array(
 					'label' => __( 'Search Engine Visibility' ),
 					'test'  => 'search_engine_visibility',

src/wp-admin/includes/template.php

@@ -967,13 +967,18 @@ function parent_dropdown( $default_page = 0, $parent_page = 0, $level = 0, $post
  * Prints out option HTML elements for role selectors.
  *
  * @since 2.1.0
+ * @since 7.0.0 Added $editable_roles parameter.
  *
- * @param string $selected Slug for the role that should be already selected.
+ * @param string $selected       Slug for the role that should be already selected.
+ * @param array  $editable_roles Array of roles to include in the dropdown. Defaults to all
+ *                               roles the current user is allowed to edit.
  */
-function wp_dropdown_roles( $selected = '' ) {
+function wp_dropdown_roles( $selected = '', $editable_roles = null ) {
 	$r = '';
 
-	$editable_roles = array_reverse( get_editable_roles() );
+	if ( null === $editable_roles ) {
+		$editable_roles = array_reverse( get_editable_roles() );
+	}
 
 	foreach ( $editable_roles as $role => $details ) {
 		$name = translate_user_role( $details['name'] );

src/wp-admin/options-general.php

@@ -304,7 +304,28 @@ class="<?php echo esc_attr( $classes_for_button ); ?>"
 <tr>
 <th scope="row"><label for="default_role"><?php _e( 'New User Default Role' ); ?></label></th>
 <td>
-<select name="default_role" id="default_role"><?php wp_dropdown_roles( get_option( 'default_role' ) ); ?></select>
+	<?php
+	/**
+	 * Filters the roles to be excluded from the default_role option.
+	 *
+	 * @since 7.0.0
+	 *
+	 * @param string[] $roles_to_exclude Array of roles to exclude from the dropdown.
+	 *                                   Defaults to administrator and editor.
+	 */
+	$excluded_roles = (array) apply_filters( 'default_role_dropdown_excluded_roles', array( 'administrator', 'editor' ) );
+
+	$editable_roles = array_reverse( get_editable_roles() );
+
+	$selected = get_option( 'default_role' );
+
+	foreach ( $editable_roles as $role => $details ) {
+		if ( in_array( $role, $excluded_roles, true ) && $role !== $selected ) {
+			unset( $editable_roles[ $role ] );
+		}
+	}
+	?>
+	<select name="default_role" id="default_role"><?php wp_dropdown_roles( $selected, $editable_roles ); ?></select>
 </td>
 </tr>