Skip to:

Opened 13 years ago

Last modified 7 years ago

#3732 reopened enhancement

Moderation, blacklisting, and flooding

Reported by: johnjamesjacoby's profile johnjamesjacoby Owned by: johnjamesjacoby's profile johnjamesjacoby
Milestone: Awaiting Contributions Priority: high
Severity: normal Version: 1.6
Component: Activity Keywords: needs-patch
Cc: patricksaad, vivek@…


With spam an ever increasing concern, BuddyPress is currently ill equipped to prevent spam or unapproved content before it starts. As such, BuddyPress core needs functions that can check any submitted data against WordPress core's illegal keys, as well as protect any child component from flooding.

Change History (15)

#1 @johnjamesjacoby
13 years ago

(In [5272]) Introduce bbp-core-moderation.php to provide basic functions for checking submitted content against illegal keys and flooding. See #3732.

#2 @johnjamesjacoby
13 years ago

(In [5273]) Change filter names so they match function names in bbp-core-moderation. See #3732.

#3 @johnjamesjacoby
13 years ago

(In [5274]) Use new _core_ prefixed function names in bbp-core-moderation.php. See #3732.

#4 @johnjamesjacoby
13 years ago

(In [5277]) Add moderation keys and blacklist keys filters to Activity stream component. Introduce function for gathering the activity types that should be checked, and default to updates and comments per the Akismet extension. See #3732.

#5 @johnjamesjacoby
12 years ago

  • Resolution set to fixed
  • Status changed from new to closed

Functions are in, activity stream is using it. Other components can take advantage of this at a later date. Note that bbPress 2 already uses these. Closing as fixed.

#6 @patricksaad
11 years ago

  • Cc patricksaad added

#7 @patricksaad
11 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

The function bp_core_check_for_flood in bbp-core-moderation.php is not hooked to anything. No flood control on activity page.

#8 @DJPaul
11 years ago

  • Milestone changed from 1.6 to 1.7

#9 @DJPaul
11 years ago

  • Version set to 1.6

#10 @DJPaul
11 years ago

  • Component changed from Core to Activity
  • Keywords needs-patch added
  • Milestone changed from 1.7 to Future Release
  • Priority changed from major to high

#11 @sooskriszta
10 years ago

  • Cc vivek@… added

#12 @DJPaul
8 years ago

  • Type changed from task to enhancement

#13 @tw2113
7 years ago

Can verify in trunk that comment:7 above is accurate. We still are not hooking bp_core_check_for_flood() into anything. Not quite sure offhand where we would want to.

#14 @r-a-y
7 years ago

comment:7 is correct.

There is reference to a _bp_throttle_time option and a _bp_last_posted user meta being saved, but we do not use any of this at the moment.

Could piggyback onto the WP comment moderation throttle time to start. The _bp_last_posted user meta entry might be problematic because it could be too general. For example, components might want to have a separate throttle based on their content instead of a site-wide throttle.

#15 @johnjamesjacoby
7 years ago

These were lifted straight from bbPress 2's implementation, which had changed slightly since this was put in, so we'd want to update it.

I think a global throttle period for the user is a fine first step, and if individual components want to have their own specific throttles, those could be implemented later.

The idea with this is to prevent spamming of any repeating action, like sending 50 friend requests a minute kinda thing, and per-component settings aren't necessary to meet that requirement.

Note: See TracTickets for help on using tickets.