Skip to:
Content

BuddyPress.org

Changeset 7638


Ignore:
Timestamp:
12/02/2013 08:49:29 PM (11 years ago)
Author:
boonebgorges
Message:

Prevent BP_User_Query from fetching spam users on alphabetical sort

BP_User_Query's 'alphabetical' sort type, in contrast to the other values of
'type', does not look at users' last_activity usermeta value. As a result, it
cannot infer spam/deleted/activated status in the same way as the other 'type'
values. To prevent spammed/deleted/unactivated users from being returned on
alphabetical sorts, we do a subquery that limits results to user_status = 0.

Fixes #5114

Props sbrajesh, imath

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-core/bp-core-classes.php

    r7636 r7638  
    311311                }
    312312
     313                // Alphabetical queries ignore last_activity, while BP uses last_activity
     314                // to infer spam/deleted/non-activated users. To ensure that these users
     315                // are filtered out, we add an appropriate sub-query.
     316                $sql['where'][] = "u.{$this->uid_name} IN ( SELECT ID FROM {$wpdb->users} WHERE " . bp_core_get_status_sql( '' ) . " )";
     317
    313318                break;
    314319
  • trunk/tests/testcases/core/class-bp-user-query.php

    r7338 r7638  
    223223        $this->assertEquals( array( $u2 ), $found_user_ids );
    224224    }
     225
     226    /**
     227     * @group type
     228     * @group spam
     229     */
     230    public function test_bp_user_query_type_alphabetical_spam_xprofileon() {
     231        if ( is_multisite() ) {
     232            return;
     233        }
     234
     235        // Make sure xprofile is on
     236        $xprofile_toggle = isset( buddypress()->active_components['xprofile'] );
     237        buddypress()->active_components['xprofile'] = 1;
     238        add_filter( 'bp_disable_profile_sync', '__return_false' );
     239
     240        $u1 = $this->create_user();
     241        $u2 = $this->create_user();
     242
     243        global $wpdb;
     244        bp_core_process_spammer_status( $u1, 'spam' );
     245
     246        $q = new BP_User_Query( array( 'type' => 'alphabetical', ) );
     247
     248        // Restore xprofile setting
     249        if ( $xprofile_toggle ) {
     250            buddypress()->active_components['xprofile'] = 1;
     251        } else {
     252            unset( buddypress()->active_components['xprofile'] );
     253        }
     254        remove_filter( 'bp_disable_profile_sync', '__return_false' );
     255
     256        $found_user_ids = null;
     257
     258        if ( ! empty( $q->results ) ) {
     259            $found_user_ids = array_values( wp_parse_id_list( wp_list_pluck( $q->results, 'ID' ) ) );
     260        }
     261
     262        // Do a assertNotContains because there are weird issues with user #1 as created by WP
     263        $this->assertNotContains( $u1, $found_user_ids );
     264    }
     265
     266    /**
     267     * @group type
     268     * @group spam
     269     */
     270    public function test_bp_user_query_type_alphabetical_spam_xprofileoff() {
     271        $u1 = $this->create_user();
     272        $u2 = $this->create_user();
     273
     274        // Make sure xprofile and profile sync are off
     275        $xprofile_toggle = isset( buddypress()->active_components['xprofile'] );
     276        buddypress()->active_components['xprofile'] = 0;
     277        add_filter( 'bp_disable_profile_sync', '__return_false' );
     278
     279        bp_core_process_spammer_status( $u1, 'spam' );
     280
     281        $q = new BP_User_Query( array( 'type' => 'alphabetical', ) );
     282
     283        // Restore xprofile setting
     284        if ( $xprofile_toggle ) {
     285            buddypress()->active_components['xprofile'] = 1;
     286        } else {
     287            unset( buddypress()->active_components['xprofile'] );
     288        }
     289        remove_filter( 'bp_disable_profile_sync', '__return_false' );
     290
     291        $found_user_ids = null;
     292
     293        if ( ! empty( $q->results ) ) {
     294            $found_user_ids = array_values( wp_parse_id_list( wp_list_pluck( $q->results, 'ID' ) ) );
     295        }
     296
     297        // Do a assertNotContains because there are weird issues with user #1 as created by WP
     298        $this->assertNotContains( $u1, $found_user_ids );
     299    }
     300
    225301}
Note: See TracChangeset for help on using the changeset viewer.