WordPress.org

Make WordPress Core

Changeset 24848


Ignore:
Timestamp:
07/29/13 03:23:51 (19 months ago)
Author:
nacin
Message:

Remove "special" multisite spam check in the authentication API.

The spamming of a site no longer directly affects a user of said site.

Moves the spam check to the wp_authenticate filter. Networks in need
of enhanced spam-fighting should leverage this same technique.

Allow is_user_spammy() to accept a WP_User object.

props willnorris, brianhogg.
fixes #24771. see #19714.

Location:
trunk/wp-includes
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/default-filters.php

    r24738 r24848  
    300300add_filter( 'heartbeat_nopriv_received', 'wp_auth_check', 10, 2 ); 
    301301 
     302// Default authentication filters 
     303add_filter( 'authenticate', 'wp_authenticate_username_password',  20, 3 ); 
     304add_filter( 'authenticate', 'wp_authenticate_spam_check',         99    ); 
     305 
    302306unset($filter, $action); 
  • trunk/wp-includes/ms-functions.php

    r24155 r24848  
    17061706 * @uses get_user_by() 
    17071707 * 
    1708  * @param string $user_login Optional. Defaults to current user. 
     1708 * @param string|WP_User $user Optional. Defaults to current user. WP_User object, 
     1709 *  or user login name as a string.  
    17091710 * @return bool 
    17101711 */ 
    1711 function is_user_spammy( $user_login = null ) { 
    1712     if ( $user_login ) 
    1713         $user = get_user_by( 'login', $user_login ); 
    1714     else 
    1715         $user = wp_get_current_user(); 
     1712function is_user_spammy( $user = null ) { 
     1713    if ( ! is_a( $user, 'WP_User' ) ) { 
     1714        if ( $user ) 
     1715            $user = get_user_by( 'login', $user ); 
     1716        else 
     1717            $user = wp_get_current_user(); 
     1718    } 
    17161719 
    17171720    return $user && isset( $user->spam ) && 1 == $user->spam; 
  • trunk/wp-includes/user.php

    r24719 r24848  
    9090        return new WP_Error( 'invalid_username', sprintf( __( '<strong>ERROR</strong>: Invalid username. <a href="%s" title="Password Lost and Found">Lost your password</a>?' ), wp_lostpassword_url() ) ); 
    9191 
    92     if ( is_multisite() ) { 
    93         // Is user marked as spam? 
    94         if ( 1 == $user->spam ) 
    95             return new WP_Error( 'spammer_account', __( '<strong>ERROR</strong>: Your account has been marked as a spammer.' ) ); 
    96  
    97         // Is a user's blog marked as spam? 
    98         if ( !is_super_admin( $user->ID ) && isset( $user->primary_blog ) ) { 
    99             $details = get_blog_details( $user->primary_blog ); 
    100             if ( is_object( $details ) && $details->spam == 1 ) 
    101                 return new WP_Error( 'blog_suspended', __( 'Site Suspended.' ) ); 
    102         } 
    103     } 
    104  
    10592    $user = apply_filters('wp_authenticate_user', $user, $password); 
    10693    if ( is_wp_error($user) ) 
     
    138125    } 
    139126 
     127    return $user; 
     128} 
     129 
     130/** 
     131 * For multisite blogs, check if the authenticated user has been marked as a 
     132 * spammer, or if the user's primary blog has been marked as spam. 
     133 * 
     134 * @since 3.7.0 
     135 */ 
     136function wp_authenticate_spam_check( $user ) { 
     137    if ( $user && is_a( $user, 'WP_User' ) && is_multisite() ) { 
     138        $spammed = apply_filters( 'check_is_user_spammed', is_user_spammy(), $user ); 
     139 
     140        if ( $spammed ) 
     141            return new WP_Error( 'spammer_account', __( '<strong>ERROR</strong>: Your account has been marked as a spammer.' ) ); 
     142    } 
    140143    return $user; 
    141144} 
Note: See TracChangeset for help on using the changeset viewer.