WordPress.org

Make WordPress Core

Changeset 24848


Ignore:
Timestamp:
07/29/2013 03:23:51 AM (5 years ago)
Author:
nacin
Message:

Remove "special" multisite spam check in the authentication API.

The spamming of a site no longer directly affects a user of said site.

Moves the spam check to the wp_authenticate filter. Networks in need
of enhanced spam-fighting should leverage this same technique.

Allow is_user_spammy() to accept a WP_User object.

props willnorris, brianhogg.
fixes #24771. see #19714.

Location:
trunk/wp-includes
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/default-filters.php

    r24738 r24848  
    300300add_filter( 'heartbeat_nopriv_received', 'wp_auth_check', 10, 2 );
    301301
     302// Default authentication filters
     303add_filter( 'authenticate', 'wp_authenticate_username_password',  20, 3 );
     304add_filter( 'authenticate', 'wp_authenticate_spam_check',         99    );
     305
    302306unset($filter, $action);
  • trunk/wp-includes/ms-functions.php

    r24155 r24848  
    17061706 * @uses get_user_by()
    17071707 *
    1708  * @param string $user_login Optional. Defaults to current user.
     1708 * @param string|WP_User $user Optional. Defaults to current user. WP_User object,
     1709 *  or user login name as a string.
    17091710 * @return bool
    17101711 */
    1711 function is_user_spammy( $user_login = null ) {
    1712     if ( $user_login )
    1713         $user = get_user_by( 'login', $user_login );
    1714     else
    1715         $user = wp_get_current_user();
     1712function is_user_spammy( $user = null ) {
     1713    if ( ! is_a( $user, 'WP_User' ) ) {
     1714        if ( $user )
     1715            $user = get_user_by( 'login', $user );
     1716        else
     1717            $user = wp_get_current_user();
     1718    }
    17161719
    17171720    return $user && isset( $user->spam ) && 1 == $user->spam;
  • trunk/wp-includes/user.php

    r24719 r24848  
    9090        return new WP_Error( 'invalid_username', sprintf( __( '<strong>ERROR</strong>: Invalid username. <a href="%s" title="Password Lost and Found">Lost your password</a>?' ), wp_lostpassword_url() ) );
    9191
    92     if ( is_multisite() ) {
    93         // Is user marked as spam?
    94         if ( 1 == $user->spam )
    95             return new WP_Error( 'spammer_account', __( '<strong>ERROR</strong>: Your account has been marked as a spammer.' ) );
    96 
    97         // Is a user's blog marked as spam?
    98         if ( !is_super_admin( $user->ID ) && isset( $user->primary_blog ) ) {
    99             $details = get_blog_details( $user->primary_blog );
    100             if ( is_object( $details ) && $details->spam == 1 )
    101                 return new WP_Error( 'blog_suspended', __( 'Site Suspended.' ) );
    102         }
    103     }
    104 
    10592    $user = apply_filters('wp_authenticate_user', $user, $password);
    10693    if ( is_wp_error($user) )
     
    138125    }
    139126
     127    return $user;
     128}
     129
     130/**
     131 * For multisite blogs, check if the authenticated user has been marked as a
     132 * spammer, or if the user's primary blog has been marked as spam.
     133 *
     134 * @since 3.7.0
     135 */
     136function wp_authenticate_spam_check( $user ) {
     137    if ( $user && is_a( $user, 'WP_User' ) && is_multisite() ) {
     138        $spammed = apply_filters( 'check_is_user_spammed', is_user_spammy(), $user );
     139
     140        if ( $spammed )
     141            return new WP_Error( 'spammer_account', __( '<strong>ERROR</strong>: Your account has been marked as a spammer.' ) );
     142    }
    140143    return $user;
    141144}
Note: See TracChangeset for help on using the changeset viewer.