Opened 4 years ago
Closed 4 years ago
#8316 closed defect (bug) (fixed)
Multisite: Marking a user as a spammer can unintentionally mark legitimate sites as spam as well
Reported by: | r-a-y | Owned by: | r-a-y |
---|---|---|---|
Milestone: | 6.1.0 | Priority: | high |
Severity: | major | Version: | 1.6 |
Component: | Members | Keywords: | has-patch commit |
Cc: |
Description
The problem occurs in bp_core_process_spammer_status()
.
The call to fetch a user's sites via get_blogs_of_user()
doesn't take into account whether other users might be an administrator of the site.
If the site has more than one admin, we shouldn't mark the site as spam since the site might be active.
Attached patch includes a fix and unit test.
I opted to replace the call to get_blogs_of_user()
with a lighter version that doesn't pull up the site object for each site. This logic is pulled from get_blogs_of_user()
: https://github.com/WordPress/WordPress/blob/5.4-branch/wp-includes/user.php#L654-L669.
To determine if the site has more than one admin, I'm using count_users()
.
Hi @r-a-y thanks a lot for you ticket/patch and unit test 💪
Patch looks good to me, let's have it in!