Opened 13 years ago
Closed 13 years ago
#3754 closed defect (bug) (fixed)
Drop support for 'afilter'
Reported by: | boonebgorges | Owned by: | |
---|---|---|---|
Milestone: | 1.6 | Priority: | normal |
Severity: | normal | Version: | 1.2.10 |
Component: | Activity | Keywords: | dev-feedback has-patch |
Cc: |
Description
I ran across an ugly problem recently related to the old 'afilter' URL param for bp-activity. A single spam blog comment was left on one of the sites of a MS network, and, because of a plugin the site was using, it got included in the activity stream. But a glitch in the way that afilter is processed meant that when you attached an afilter argument to any activity page on the site - including the activity streams of individual members - the user_id and other activity filter parameters are skipped, and the spam activity comment was showing up under these circumstances for every user of the site. This didn't matter for normal users, but somehow Google's crawlers picked up on it, and got the site tagged as a spam farm, since the same spam comment was showing up hundreds of times across the site.
The offending logic is here: http://buddypress.trac.wordpress.org/browser/trunk/bp-activity/bp-activity-template.php#L377
Can we just drop the first clause?
Change History (6)
#4
@
13 years ago
Looks like 'afilter' was introduced in BP 1.1. Does BP-Default in BP 1.1 run on BP 1.5+? I know 1.1 had the split WP/BP theme thing going on. If it doesn't work, and there's no straightforward way to make it work (such as the old backwards compatibility plugin, and the more modern template pack), I'd suggest removing it as we wouldn't be breaking backpat, as we'd have already broken it.
We could also throw a deprecated warning just in case some plugin is trying to use it.
Bump. Another option is that we could disable the clause by default, but allow it to be reenabled by a filter. See 3754.patch.
To be clear: this issue should only affect people whose (very old) theme has afilter links built into it. So it will affect a very small subset of users. IMO, asking them to filter the proposed bp_activity_support_legacy_afilter is reasonable.