Skip to:
Content

BuddyPress.org

Changeset 12665


Ignore:
Timestamp:
06/16/2020 04:30:46 AM (11 months ago)
Author:
r-a-y
Message:

Members: When marking a user as a spammer, do not mark sites as spam if the site has more than one administrator.

Previously on a multisite install, we would mark all the spammer's
sites as spam. This is pretty aggressive and could unintentionally
mark legitmiate sites as spam as well.

To address this, we now only mark a site as spam if the spammer is the
sole administrator of the site.

See #8316 (for trunk).

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-members/bp-members-functions.php

    r12663 r12665  
    697697    if ( $do_wp_cleanup ) {
    698698
    699         // Get the blogs for the user.
    700         $blogs = get_blogs_of_user( $user_id, true );
    701 
    702         foreach ( (array) array_values( $blogs ) as $details ) {
    703 
    704             // Do not mark the main or current root blog as spam.
    705             if ( 1 == $details->userblog_id || bp_get_root_blog_id() == $details->userblog_id ) {
    706                 continue;
     699        // Mark blogs as spam if the user is the sole admin of a site.
     700        if ( is_multisite() ) {
     701            /*
     702             * No native function to fetch a user's blogs by role, so do it manually.
     703             *
     704             * This logic is mostly copied from get_blogs_of_user().
     705             */
     706            $meta = get_user_meta( $user_id );
     707
     708            foreach ( $meta as $key => $val ) {
     709                if ( 'capabilities' !== substr( $key, -12 ) ) {
     710                    continue;
     711                }
     712                if ( $wpdb->base_prefix && 0 !== strpos( $key, $wpdb->base_prefix ) ) {
     713                    continue;
     714                }
     715                $site_id = str_replace( array( $wpdb->base_prefix, '_capabilities' ), '', $key );
     716                if ( ! is_numeric( $site_id ) ) {
     717                    continue;
     718                }
     719
     720                $site_id = (int) $site_id;
     721
     722                // Do not mark the main or current root blog as spam.
     723                if ( 1 === $site_id || bp_get_root_blog_id() === $site_id ) {
     724                    continue;
     725                }
     726
     727                // Now, do check for administrator role.
     728                $role = maybe_unserialize( $val );
     729                if ( empty( $role['administrator'] ) ) {
     730                    continue;
     731                }
     732
     733                // Check if the site has more than 1 admin. If so, bail.
     734                $counts = count_users( 'time', $site_id );
     735                if ( empty( $counts['avail_roles']['administrator'] ) || $counts['avail_roles']['administrator'] > 1 ) {
     736                    continue;
     737                }
     738
     739                // Now we can spam the blog.
     740                update_blog_status( $site_id, 'spam', $is_spam );
    707741            }
    708 
    709             // Update the blog status.
    710             update_blog_status( $details->userblog_id, 'spam', $is_spam );
    711742        }
    712743
  • trunk/tests/phpunit/testcases/members/functions.php

    r12606 r12665  
    538538        $this->assertSame( 'bp_make_ham_user', $this->filter_fired );
    539539
     540    }
     541
     542    /**
     543     * @group bp_core_process_spammer_status
     544     * @ticket BP8316
     545     */
     546    public function test_bp_core_process_spammer_status_ms_should_only_spam_sites_with_one_admin() {
     547        if ( ! is_multisite() ) {
     548            $this->markTestSkipped();
     549        }
     550
     551        $u1 = self::factory()->user->create();
     552        $u2 = self::factory()->user->create();
     553
     554        $b1 = self::factory()->blog->create( array( 'user_id' => $u1 ) );
     555
     556        // Add user 2 to site as administrator.
     557        add_user_to_blog( $b1, $u2, 'administrator' );
     558
     559        // Mark user 2 as a spammer.
     560        bp_core_process_spammer_status( $u2, 'spam' );
     561
     562        // Ensure site isn't marked as spam because there is more than one admin.
     563        $site = get_site( $b1 );
     564        $this->assertEmpty( $site->spam );
    540565    }
    541566
Note: See TracChangeset for help on using the changeset viewer.