Skip to:
Content

BuddyPress.org

Changeset 7562


Ignore:
Timestamp:
11/12/2013 03:14:04 PM (11 years ago)
Author:
boonebgorges
Message:

Don't do capabilities checks in bp_core_process_spammer_status()

These inline checks prevent the function from being used programmatically, such
as during a cron job. Instead, we move the cap checks up to the controller
"action" functions.

Fixes #5233

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/bp-members/bp-members-actions.php

    r7228 r7562  
    2525 */
    2626function bp_core_action_set_spammer_status( $user_id = 0 ) {
     27
     28    // Only super admins can currently spam users (but they can't spam
     29    // themselves)
     30    if ( ! is_super_admin() || bp_is_my_profile() ) {
     31        return;
     32    }
    2733
    2834    // Use displayed user if it's not yourself

  • trunk/bp-members/bp-members-functions.php

    r7515 r7562  
    534534
    535535/**
    536  * Processes a spammed or unspammed user
    537  *
    538  * This function is called in three ways:
    539  *  - in bp_settings_action_capabilities() (from the front-end)
    540  *  - by bp_core_mark_user_spam_admin()    (from wp-admin)
    541  *  - bp_core_mark_user_ham_admin()        (from wp-admin)
    542  *
    543  * @since BuddyPress (1.6)
    544  *
    545  * @param int $user_id The user being spammed/hammed
    546  * @param string $status 'spam' if being marked as spam, 'ham' otherwise
     536 * Process a spammed or unspammed user.
     537 *
     538 * This function is called from three places:
     539 *
     540 * - in bp_settings_action_capabilities() (from the front-end)
     541 * - by bp_core_mark_user_spam_admin()    (from wp-admin)
     542 * - bp_core_mark_user_ham_admin()        (from wp-admin)
     543 *
     544 * @since BuddyPress (1.6.0)
     545 *
     546 * @param int $user_id The ID of the user being spammed/hammed.
     547 * @param string $status 'spam' if being marked as spam, 'ham' otherwise.
    547548 */
    548549function bp_core_process_spammer_status( $user_id, $status ) {
    549550    global $wpdb;
    550 
    551     // Only super admins can currently spam users
    552     if ( !is_super_admin() || bp_is_my_profile() )
    553         return;
    554551
    555552    // Bail if no user ID

  • trunk/bp-settings/bp-settings-actions.php

    r7228 r7562  
    279279    }
    280280
     281    // Only super admins can currently spam users (but they can't spam
     282    // themselves)
     283    if ( ! is_super_admin() || bp_is_my_profile() ) {
     284        return;
     285    }
     286
    281287    // Nonce check
    282288    check_admin_referer( 'capabilities' );
Note: See TracChangeset for help on using the changeset viewer.