Skip to:
Content

BuddyPress.org

Opened 6 years ago

Closed 6 years ago

#7621 closed defect (bug) (fixed)

Activity data not cleared out when deleting user programatically

Reported by: boonebgorges's profile boonebgorges Owned by: boonebgorges's profile boonebgorges
Milestone: 3.0 Priority: normal
Severity: normal Version:
Component: Activity Keywords:
Cc:

Description

bp_activity_remove_all_user_data() is hooked to wpmu_delete_user and delete_user, and is responsible for cleaning up user activity data (including last_activity). However, the function bails if ! is_user_logged_in(). This doesn't make much sense: it doesn't provide any security (it doesn't ask *which* user is logged in), and it makes it impossible to clean up after users who are deleted in a programmatic fashion, such as via wp-cli.

Change History (2)

#1 @boonebgorges
6 years ago

Introduced in [3753]. That same changeset introduced many similar checks in places that may or may not make sense. I am uninterested in cleaning them all up right now :-D but I will fix this one.

#2 @boonebgorges
6 years ago

  • Owner set to boonebgorges
  • Resolution set to fixed
  • Status changed from new to closed

In 11738:

Remove logged-in check from bp_activity_remove_all_user_data().

This function is called on the delete_user and wpmu_delete_user hooks.
During normal operation, these hooks only fire for users with the
delete_users cap. So the is_user_logged_in() check is not necessary.
It also interferes with the ability to delete users fully in an
automated fashion, as by script.

Introduced in [3753].

Fixes #7621.

Note: See TracTickets for help on using tickets.