Ticket #6123: 6123.patch

src/bp-core/bp-core-catchuri.php

@@ -269 +269 @@
                                         return;
                                 }
 
-                                // If the displayed user is marked as a spammer, 404 (unless logged-
+                                // If the displayed user is marked as a spammer or the account is not active, 404 (unless logged-
                                 // in user is a super admin)
-                                if ( bp_displayed_user_id() && bp_is_user_spammer( bp_displayed_user_id() ) ) {
-                                        if ( bp_current_user_can( 'bp_moderate' ) ) {
-                                                bp_core_add_message( __( 'This user has been marked as a spammer. Only site admins can view this profile.', 'buddypress' ), 'warning' );
-                                        } else {
+                                if ( bp_displayed_user_id() ) {
+
+                                        // Do not display a "not activated" signup as a member
+                                        if ( ! bp_is_signup_activated( bp_displayed_user_id() ) ) {
                                                 bp_do_404();
                                                 return;
                                         }
+
+                                        // Only display spammer if the user is a super admin
+                                        if ( bp_is_user_spammer( bp_displayed_user_id() ) ) {
+                                                if ( bp_current_user_can( 'bp_moderate' ) ) {
+                                                        bp_core_add_message( __( 'This user has been marked as a spammer. Only site admins can view this profile.', 'buddypress' ), 'warning' );
+                                                } else {
+                                                        bp_do_404();
+                                                        return;
+                                                }
+                                        }
                                 }
 
                                 // Bump the offset

src/bp-members/bp-members-functions.php

@@ -977 +977 @@
 }
 
 /**
+ * Check whether a signup has been activated.
+ *
+ * On non multisite config, a not activated signup account can be displayed as a member.
+ * In case BP_SIGNUPS_SKIP_USER_CREATION is not set to true, we keep on creating the user,
+ * so we need to check if the user status is set to 2.
+ *
+ * @since BuddyPress (2.2.0)
+ *
+ * @param int $user_id The ID for the user.
+ * @return bool True if signup has been activated, otherwise false.
+ */
+function bp_is_signup_activated( $user_id = 0 ) {
+
+        // No user to check
+        if ( empty( $user_id ) ) {
+                return false;
+        }
+
+        $bp = buddypress();
+
+        // Assume signup is not activated
+        $is_activated = false;
+
+        // Setup our user
+        $user = false;
+
+        // Get locally-cached data if available
+        switch ( $user_id ) {
+                case bp_loggedin_user_id() :
+                        $user = ! empty( $bp->loggedin_user->userdata ) ? $bp->loggedin_user->userdata : false;
+                        break;
+
+                case bp_displayed_user_id() :
+                        $user = ! empty( $bp->displayed_user->userdata ) ? $bp->displayed_user->userdata : false;
+                        break;
+        }
+
+        // Manually get userdata if still empty
+        if ( empty( $user ) ) {
+                $user = get_userdata( $user_id );
+        }
+
+        /**
+         * User found
+         * Check the network config to eventually get the user status
+         */
+        if ( ! empty( $user ) ) {
+                if ( ! bp_is_network_activated() ) {
+                        $is_activated = 2 != $user->user_status;
+
+                // When BuddyPress is network activated, as it's a multisite config
+                // users are not created till the signup hasn't been activated.
+                // having a user set, means the signup has been activated.
+                } else {
+                        $is_activated = true;
+                }
+        }
+
+        /**
+         * Filters whether a signup has been activated.
+         *
+         * @since BuddyPress (2.2.0)
+         *
+         * @param bool $is_activated Whether or not signup has been activated.
+         * @param WP_User the user object
+         */
+        return apply_filters( 'bp_is_signup_activated', (bool) $is_activated, $user );
+}
+
+/**
  * Check whether a user has been marked as deleted.
  *
  * @param int $user_id The ID for the user.

src/bp-members/bp-members-loader.php

@@ -199 +199 @@
                         // users without the cap trying to access a spammer's subnav page will get
                         // redirected to the root of the spammer's profile page.  this occurs by
                         // by removing the component in the canonical stack.
-                        if ( bp_is_user_spammer( bp_displayed_user_id() ) && ! bp_current_user_can( 'bp_moderate' ) ) {
+                        if ( ( bp_is_user_spammer( bp_displayed_user_id() ) && ! bp_current_user_can( 'bp_moderate' ) ) || ! bp_is_signup_activated( bp_displayed_user_id() ) ) {
                                 unset( $bp->canonical_stack['component'] );
                         }
                 }