Skip to:
Content

BuddyPress.org

Opened 13 years ago

Closed 13 years ago

Last modified 13 years ago

#3666 closed defect (bug) (fixed)

bp_core_catch_no_access() not 404ing for spammers

Reported by: djpaul's profile DJPaul Owned by:
Milestone: 1.5.1 Priority: normal
Severity: major Version:
Component: Core Keywords: has-patch
Cc:

Description

The "if the displayed user was marked as a spammer" block in bp_core_catch_no_access() does not fire. This is a regression from BP 1.2.10.

Attachments (1)

3666.01.patch (834 bytes) - added by boonebgorges 13 years ago.

Download all attachments as: .zip

Change History (5)

#1 @boonebgorges
13 years ago

  • Keywords has-patch 2nd-opinion added

There are a bunch of things happening here. Not sure the best way to solve it.

The first issue is that bp_core_catch_no_access() is hooked way too late. It will almost never catch, because our screen functions get loaded before wp:10, and we kill all output after that. 01.patch hooks it to bp_init:8, which is after our globals and nav have been established, but early enough to be effective.

The second issue is that a bp_do_404() launched in bp_core_catch_no_access() doesn't seem to work in any case. Not sure what to do about that.

The third issue, and how we can at least fix this ticket for today, is that we should move the displayed_user spammer check where we set displayed_user, in bp_core_set_uri_globals(). See 01.patch to see what I mean. That fix alone will solve the problem in this ticket.

#2 @boonebgorges
13 years ago

  • Keywords 2nd-opinion removed

I'm going to apply only the change that moves the is_spammer check up into bp_core_set_uri_globals(). The changed hook has the potential to cause unforeseen changes, so I would like to hold off on it so that we can discuss and test further. I'll open a separate ticket for it: #3674

#3 @boonebgorges
13 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [5234]) Moves bp_core_is_user_spammer() 404 check from bp_core_catch_no_access() to bp_core_set_uri_globals(), to ensure that it's run in time to 404 for non-super-admins. Fixes #3666

#4 @boonebgorges
13 years ago

(In [5235]) Moves bp_core_is_user_spammer() 404 check from bp_core_catch_no_access() to bp_core_set_uri_globals(), to ensure that it's run in time to 404 for non-super-admins. Fixes #3666

Note: See TracTickets for help on using tickets.