Changeset 24848

Timestamp:

07/29/2013 03:23:51 AM (12 years ago)

Author:

nacin

Message:

Remove "special" multisite spam check in the authentication API.

The spamming of a site no longer directly affects a user of said site.

Moves the spam check to the wp_authenticate filter. Networks in need
of enhanced spam-fighting should leverage this same technique.

Allow is_user_spammy() to accept a WP_User object.

props willnorris, brianhogg.
fixes #24771. see #19714.

Location:

trunk/wp-includes

Files:

• default-filters.php (modified) (1 diff)
• ms-functions.php (modified) (1 diff)
• user.php (modified) (2 diffs)

trunk/wp-includes/default-filters.php

@@ -300 +300 @@
 add_filter( 'heartbeat_nopriv_received', 'wp_auth_check', 10, 2 );
 
+// Default authentication filters
+add_filter( 'authenticate', 'wp_authenticate_username_password',  20, 3 );
+add_filter( 'authenticate', 'wp_authenticate_spam_check',         99    );
+
 unset($filter, $action);

trunk/wp-includes/ms-functions.php

@@ -1706 +1706 @@
  * @uses get_user_by()
  *
- * @param string $user_login Optional. Defaults to current user.
+ * @param string|WP_User $user Optional. Defaults to current user. WP_User object,
+ *  or user login name as a string. 
  * @return bool
  */
-function is_user_spammy( $user_login = null ) {
-    if ( $user_login )
-        $user = get_user_by( 'login', $user_login );
-    else
-        $user = wp_get_current_user();
+function is_user_spammy( $user = null ) {
+    if ( ! is_a( $user, 'WP_User' ) ) {
+        if ( $user )
+            $user = get_user_by( 'login', $user );
+        else
+            $user = wp_get_current_user();
+    }
 
     return $user && isset( $user->spam ) && 1 == $user->spam;

trunk/wp-includes/user.php

@@ -90 +90 @@
         return new WP_Error( 'invalid_username', sprintf( __( '<strong>ERROR</strong>: Invalid username. <a href="%s" title="Password Lost and Found">Lost your password</a>?' ), wp_lostpassword_url() ) );
 
-    if ( is_multisite() ) {
-        // Is user marked as spam?
-        if ( 1 == $user->spam )
-            return new WP_Error( 'spammer_account', __( '<strong>ERROR</strong>: Your account has been marked as a spammer.' ) );
-
-        // Is a user's blog marked as spam?
-        if ( !is_super_admin( $user->ID ) && isset( $user->primary_blog ) ) {
-            $details = get_blog_details( $user->primary_blog );
-            if ( is_object( $details ) && $details->spam == 1 )
-                return new WP_Error( 'blog_suspended', __( 'Site Suspended.' ) );
-        }
-    }
-
     $user = apply_filters('wp_authenticate_user', $user, $password);
     if ( is_wp_error($user) )
@@ -138 +125 @@
     }
 
+    return $user;
+}
+
+/**
+ * For multisite blogs, check if the authenticated user has been marked as a
+ * spammer, or if the user's primary blog has been marked as spam.
+ *
+ * @since 3.7.0
+ */
+function wp_authenticate_spam_check( $user ) {
+    if ( $user && is_a( $user, 'WP_User' ) && is_multisite() ) {
+        $spammed = apply_filters( 'check_is_user_spammed', is_user_spammy(), $user );
+
+        if ( $spammed )
+            return new WP_Error( 'spammer_account', __( '<strong>ERROR</strong>: Your account has been marked as a spammer.' ) );
+    }
     return $user;
 }