#3101 closed defect (bug) (no action required)
Spammed blog removes all blog entries and spams user. Unspamming doesn't reverse table row deletes.
Reported by: | bigtweet | Owned by: | |
---|---|---|---|
Milestone: | 1.2.8 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Blogs | Keywords: | |
Cc: |
Description
Setup
======
WordPress 3.1, BuddyPress 1.2.8
Anti-Splog 1.0.7 http://premium.wpmudev.org/project/anti-splog
Overview
========
When a single blog is spammed from the Sites panel in the Dashboard,
all the blog entries for the associated user are removed from the
wp_bp_user_blogs table. The user is also spammed in wp_users table (is this a WP bug/feature?).
When a spammed blog is unspammed from the Sites panel, the entries in the wp_bp_user_blogs table are not restored.
Detail
========
I noticed the following queries being issued for user 13 when a single blog was spammed:
DELETE FROM wp_bp_user_blogs WHERE user_id = 13
UPDATE wp_users
SET spam
= 1 WHERE ID
= 13
I think the DELETE should be qualified by blog id and not by user id.
Should the user be spammed here? Should I file a WP bug or is this a feature? (Once a user is spammed, they can't be unspammed from Dashboard).
Anti-Splog
============
Using Anti-Splog (plugin to mark blogs as spam) showed me another aspect of this potential BuddyPress bug and let me identify the places in the BP code that were issuing the queries.
What I did was to create 2 blogs in succession and force both to be spammed (tweak in Anti-Splog). This caused the following sequence of queries:
INSERT INTO wp_bp_user_blogs ( user_id, blog_id ) VALUES ( 13, 50 )
DELETE FROM wp_bp_user_blogs WHERE user_id = 13
INSERT INTO wp_bp_user_blogs ( user_id, blog_id ) VALUES ( 13, 50 )
INSERT INTO wp_bp_user_blogs ( user_id, blog_id ) VALUES ( 13, 51 )
DELETE FROM wp_bp_user_blogs WHERE user_id = 13
INSERT INTO wp_bp_user_blogs ( user_id, blog_id ) VALUES ( 13, 51 )
What is interesting to note is:
- There are 2 INSERTs for each blog creation (expected just 1).
- There is a DELETE that seems like it should be qualified by blog id instead of user id.
The queries are being generated from
wp-content/plugins/buddypress/bp-blogs/bp-blogs-classes.php
The INSERTs are coming from function save()
The DELETEs are coming from function delete_blogs_for_user()
Summary
========
I think that only the blog being spammed should be removed from table wp_bp_user_blogs. It would be nice to have a hook that re-inserted this entry into wp_bp_user_blogs when a blog is unspammed. Without this, a blog will never again be accessible to BuddyPress.
I would like to solicit an opinion on whether spamming a user when a blog is spammed seems like a WP feature, or whether I should file a WordPress bug.
Thanks,
Scott
Change History (3)
#2
@
14 years ago
- Resolution set to invalid
- Status changed from new to closed
My apologies. It was the Anti-Splog plugin causing this problem. It turns out that the culprit was a setting called "Spam/Unspam Blog Users". Setting this to Yes exhibited the behaviour described above.
This bug can be closed. I will be opening a bug against the Anti-Splog plugin.
Scott
Disable the anti-splog plugin.
Now go mark a blog as spam. (Yes, you can do that and it is built in.) Did the spammed blog get deleted? If not, then it was the plugin.