Make WordPress Core


Ignore:
Timestamp:
07/29/2013 03:23:51 AM (11 years ago)
Author:
nacin
Message:

Remove "special" multisite spam check in the authentication API.

The spamming of a site no longer directly affects a user of said site.

Moves the spam check to the wp_authenticate filter. Networks in need
of enhanced spam-fighting should leverage this same technique.

Allow is_user_spammy() to accept a WP_User object.

props willnorris, brianhogg.
fixes #24771. see #19714.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/user.php

    r24719 r24848  
    9090        return new WP_Error( 'invalid_username', sprintf( __( '<strong>ERROR</strong>: Invalid username. <a href="%s" title="Password Lost and Found">Lost your password</a>?' ), wp_lostpassword_url() ) );
    9191
    92     if ( is_multisite() ) {
    93         // Is user marked as spam?
    94         if ( 1 == $user->spam )
    95             return new WP_Error( 'spammer_account', __( '<strong>ERROR</strong>: Your account has been marked as a spammer.' ) );
    96 
    97         // Is a user's blog marked as spam?
    98         if ( !is_super_admin( $user->ID ) && isset( $user->primary_blog ) ) {
    99             $details = get_blog_details( $user->primary_blog );
    100             if ( is_object( $details ) && $details->spam == 1 )
    101                 return new WP_Error( 'blog_suspended', __( 'Site Suspended.' ) );
    102         }
    103     }
    104 
    10592    $user = apply_filters('wp_authenticate_user', $user, $password);
    10693    if ( is_wp_error($user) )
     
    138125    }
    139126
     127    return $user;
     128}
     129
     130/**
     131 * For multisite blogs, check if the authenticated user has been marked as a
     132 * spammer, or if the user's primary blog has been marked as spam.
     133 *
     134 * @since 3.7.0
     135 */
     136function wp_authenticate_spam_check( $user ) {
     137    if ( $user && is_a( $user, 'WP_User' ) && is_multisite() ) {
     138        $spammed = apply_filters( 'check_is_user_spammed', is_user_spammy(), $user );
     139
     140        if ( $spammed )
     141            return new WP_Error( 'spammer_account', __( '<strong>ERROR</strong>: Your account has been marked as a spammer.' ) );
     142    }
    140143    return $user;
    141144}
Note: See TracChangeset for help on using the changeset viewer.