WordPress.org
Get WordPress

Make WordPress Core

Opened 12 months ago

Last modified 6 weeks ago

#61146 new defect (bug)

Multisite: Marking a user account as spam, also marks the blogs he's a member of as spam

Reported by: ignatiusjeroe's profile ignatiusjeroe Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 6.5
Component: Networks and Sites Keywords: has-patch
Focuses: multisite Cc:

Description

Marking a user account as spam on wp-admin/network/users.php prohibits this user from logging in. Cool. But WP also fetches the blogs he's a member or and also marks these as spam. Network admins can mark a site as archived, spam, deleted and mature, to remove from public listings or disable. Resulting only super-admins being able to access these blogs. This makes no sense. One rotten apple should not ruin access to blogs for other users. What is the motive behind such design?

Marking a user account as spam should not influence the status of any site.

Attachments (1)

61146.diff (2.3 KB) - added by realloc 3 months ago.
Proposal to use a short circuit filter

Download all attachments as: .zip

Change History (7)

#1 @realloc
3 months ago

Upon reviewing the code, I can confirm that when a user account is marked as spam, all the sites linked to that user are set to 'spam' = '1'. Similarly, when a user is marked as 'notspam,' all their associated sites are updated to 'spam' = '0'.

This behaviour might be a good topic for discussion to understand its purpose and whether it works as intended.

@realloc
3 months ago

Proposal to use a short circuit filter

This ticket was mentioned in Slack in #core-multisite by realloc. View the logs.
7 weeks ago

#3 follow-up: @johnjamesjacoby
7 weeks ago

This behavior is intended, but should be made better.

This was geared towards open blogging planets (where sites could be created easily by anyone) so when a user signed up and created 100 spam blogs, a Super Admin could clean up the mess in one shot.

I feel like these days, I almost never want that to happen.

Same goes for the notspam action.

Here's what I think is the best end result:

  • Change the default behavior to not do this anymore :X
  • Add filters to re-enable it if desired
  • Related dev/user outreach about an intended backwards compatibility break

Specific to the attached diff, the apply_filters( 'handle pattern is only used by network-admin bulk-actions, so I would suggest different hook names.

Last edited 7 weeks ago by johnjamesjacoby (previous) (diff)

This ticket was mentioned in PR #8633 on WordPress/wordpress-develop by @realloc.
6 weeks ago #4

  • Keywords has-patch added

https://core.trac.wordpress.org/ticket/61146

#5 in reply to: ↑ 3 @realloc
6 weeks ago

Replying to johnjamesjacoby:

  • Change the default behavior to not do this anymore :X
  • Add filters to re-enable it if desired
  • Related dev/user outreach about an intended backwards compatibility break

Thank you for looking into it. I just inverted the default value and renamed the hook. :-)

This ticket was mentioned in Slack in #core-multisite by realloc. View the logs.
6 weeks ago

Note: See TracTickets for help on using tickets.