WordPress.org

Make WordPress Core

Opened 7 years ago

Closed 6 years ago

Last modified 6 years ago

#4642 closed enhancement (fixed)

Enhanced wp-mail.php

Reported by: lexhair Owned by: ryan
Milestone: 2.5 Priority: normal
Severity: normal Version: 2.3
Component: Administration Keywords: has-patch tested
Focuses: Cc:

Description

Please consider adding a check box switch to the Blog by Email admin panel to dump emails that come from addresses not in the user database. The wp-mail.php code already has this functionality but must be user edited to implement.

Attachments (6)

4642.diff (2.4 KB) - added by Bobcat 7 years ago.
wp-mail.php patch, including email addr regexp fix
4642.2.diff (1.9 KB) - added by Bobcat 6 years ago.
wp-mail.php patch to set post_status based on the author's capabilities
4642.3.diff (2.9 KB) - added by Bobcat 6 years ago.
Set post status based on author's capabilities; includes new function get_userdatabyemail
4642.4.diff (3.8 KB) - added by Bobcat 6 years ago.
Set post status based on author's capabilities; includes new function get_user_by
4642.5.diff (4.1 KB) - added by Bobcat 6 years ago.
Set post status based on author's capabilities; includes new function get_user_by
4642.6.diff (2.0 KB) - added by Bobcat 6 years ago.
Set post status based on author's capabilities; calls get_user_by_email

Download all attachments as: .zip

Change History (28)

comment:1 Nazgul7 years ago

  • Milestone set to 2.4 (future)

I disagree with it being an option on the admin interface, but adding a few hooks and filters to wp-mail.php to make this possible through a plugin gets a +1 from me.

comment:2 Bobcat7 years ago

  • Cc Bobcat added

How about if emails from Contributors, Subscribers, and unknown users are set to post_status 'pending', while emails from Administrators, Editors, and Authors are published? This would mimic the behavior of the web interface where only Administrators, Editors, and Authors can publish their posts. I can give this a shot if it's an acceptable approach.

comment:3 Bobcat7 years ago

  • Keywords has-patch tested added
  • Owner changed from anonymous to Bobcat
  • Version set to 2.3

Attached patch to wp-mail.php sets post_status to 'publish' if the author is in the DB and has 'publish_posts' capability. Otherwise (unknown author or no 'publish_posts'), post_status is set to 'pending'. This is analogous to the behavior when posting via the web interface.

post_status may be overridden by a plugin hooking into the existing phone_content filter.

Patch was tested with version 2.3, using test case email senders of an administrator, an author, a subscriber, and a user not in the DB.

comment:4 Bobcat7 years ago

I found additional problems with the email address parsing (reported at http://wordpress.org/support/topic/137830?replies=3 ). I have the solution. Give me a couple days to fully test it and upload a new patch.

Bobcat7 years ago

wp-mail.php patch, including email addr regexp fix

comment:5 follow-up: Bobcat7 years ago

  • Keywords changed from has-patch, tested to has-patch tested

Uploaded revised patch which sets the post_status based on the author's capabilities, as well as fixes the regexp that extracts the author's email address (this fixes a problem where an email address containing a "-" was not recognized).

I'm done (pending any further comments).

comment:6 in reply to: ↑ 5 westi7 years ago

  • Keywords needs-patch added; has-patch removed

Replying to Bobcat:

Uploaded revised patch which sets the post_status based on the author's capabilities, as well as fixes the regexp that extracts the author's email address (this fixes a problem where an email address containing a "-" was not recognized).

I'm done (pending any further comments).

Good patch.

The email address sanitization has already changed in [6212] for #5169 could you update your patch to just do the post_status changes please.

comment:7 Bobcat7 years ago

Just a note that I'm waiting for #5169 to be resolved before continuing with this ticket/patch. I want to be able to test this patch with the final patch for #5169.

Bobcat6 years ago

wp-mail.php patch to set post_status based on the author's capabilities

comment:8 Bobcat6 years ago

  • Keywords has-patch added; needs-patch removed

Added patch 4642.2.diff, which sets the post_status based on the author's capabilities. (Email address validation removed as requested.) Tested with WP 2.3 + #5169 by sending test emails from users with and without publish_posts capability, and also from an unknown user.

comment:9 westi6 years ago

+1

Good Patch.

I think we should consider creating a get_userbyemail function and adding it to wp-includes/pluggable.php rather than continuing with the embedded query in wp-mail.php.

comment:10 follow-up: Bobcat6 years ago

OK, I can pattern it after get_userdatabylogin, but I don't know what to do with the following code:

$user_id = wp_cache_get($user_login, 'userlogins');
$userdata = wp_cache_get($user_id, 'users');
if ( $userdata )
        return $userdata;

Is there an equivalent for user_email? If so, how do I use it?

comment:11 in reply to: ↑ 10 westi6 years ago

Replying to Bobcat:

OK, I can pattern it after get_userdatabylogin, but I don't know what to do with the following code:

$user_id = wp_cache_get($user_login, 'userlogins');
$userdata = wp_cache_get($user_id, 'users');
if ( $userdata )
        return $userdata;

Is there an equivalent for user_email? If so, how do I use it?

There is no equivalent at the moment - for now code it without the caching and we can decide what to cache it on afterwards.

Bobcat6 years ago

Set post status based on author's capabilities; includes new function get_userdatabyemail

comment:12 Bobcat6 years ago

Revised patch to call new function in pluggable.php. Is there a way to check the capabilities directly from userdata without doing a "new WP_User"? I got an undefined method when I tried that.

comment:13 ryan6 years ago

WP_User is the way to go. What was the error, exactly.

Also, instead of adding another get_userdata* function, let's add get_user_by().

function get_user_by($field, $value, $output = OBJECT, $filter = 'raw')

get_user_by('email', 'blah@blah.blah');

get_term_by() offers an example.

comment:14 Bobcat6 years ago

When I tried $userdata->has_cap('publish_posts'), I got "Fatal error: Call to undefined method stdClass::has_cap()". I was hoping I could check the capabilities directly from $userdata (it's in there!).

Are you sure you want get_user_by()? When specifying email and login, for example, there are different sanitize functions that need to be called from within the function.

comment:15 Bobcat6 years ago

What would the SQL query look like for get_user_by() ? I don't know enough about SQL to derive it from the query in get_term_by().

Bobcat6 years ago

Set post status based on author's capabilities; includes new function get_user_by

comment:16 Bobcat6 years ago

OK, here you go - 4642.4.diff. I added the function get_user_by, which returns the ID, to pluggable.php. (The svn diff command output is funky because of where it resynchronized. Not sure how to make that look nicer.) I modified get_userbylogin to call get_user_by, but I removed the caching in the process, because I don't know how to add caching to get_user_by.

Bobcat6 years ago

Set post status based on author's capabilities; includes new function get_user_by

comment:17 Bobcat6 years ago

4642.5.diff is the final version of the patch. I added the caching back when calling get_userdatabylogin. I prefer 4642.3.diff, which has get_userdatabyemail. But you guys can pick whichever one you prefer.

It would be nice to get this into 2.4 (or earlier), as it leverages the post_status of pending when using the Blog By Email feature.

comment:18 ryan6 years ago

  • Owner changed from Bobcat to ryan

Bobcat6 years ago

Set post status based on author's capabilities; calls get_user_by_email

comment:19 Bobcat6 years ago

  • Keywords needs-testing added; tested removed

comment:20 ryan6 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [6349]) When posting by email, publish only if user has publish caps, otherwise set status to pending. Props Bobcat. fixes #4642

comment:21 lexhair6 years ago

Thanks to all of you for your consideration. Great job.

comment:22 Bobcat6 years ago

  • Keywords tested added; needs-testing removed

Tested with trunk revision 6349, FreeBSD 6.2-RELEASE-p1, MySQL 4.1.20, by sending three email messages, one with publish capability, one without, and one unknown user. Resulting posts were posted, pending, and pending from admin, respectively. This is the expected result.

Note: See TracTickets for help on using tickets.