Changeset 7515

Timestamp:

11/05/2013 02:34:47 PM (12 years ago)

Author:

boonebgorges

Message:

Cast a broader net when checking for wp-login.php for spammed users

By checking only $_GLOBALSpagenow?, we're relying on WordPress to have
initialized properly. In some instances, this does not happen reliably, so
we add a fallback to the value of $_SERVERSCRIPT_NAME?. This helps to
prevent redirect loops for spammers in a larger number of instances.

File:

• trunk/bp-members/bp-members-functions.php (modified) (1 diff)

trunk/bp-members/bp-members-functions.php

@@ -1542 +1542 @@
 function bp_stop_live_spammer() {
     // if we're on the login page, stop now to prevent redirect loop
-    if ( isset( $_GLOBALS['pagenow'] ) && strpos( $GLOBALS['pagenow'], 'wp-login.php' ) !== false ) {
+    $is_login = false;
+    if ( isset( $_GLOBALS['pagenow'] ) && false !== strpos( $GLOBALS['pagenow'], 'wp-login.php' ) ) {
+        $is_login = true;
+    } else if ( isset( $_SERVER['SCRIPT_NAME'] ) && false !== strpos( $_SERVER['SCRIPT_NAME'], 'wp-login.php' ) ) {
+        $is_login = true;
+    }
+
+    if ( $is_login ) {
         return;
     }