Multisite: Marking a user account as spam, also marks the blogs he's a member of as spam

[ignatiusjeroe]

Marking a user account as spam on wp-admin/network/users.php prohibits this user from logging in. Cool. But WP also fetches the blogs he's a member or and also marks these as spam. Network admins can mark a site as archived, spam, deleted and mature, to remove from public listings or disable. Resulting only super-admins being able to access these blogs. This makes no sense. One rotten apple should not ruin access to blogs for other users. What is the motive behind such design?

Marking a user account as spam should not influence the status of any site.

[realloc]

Upon reviewing the ​code, I can confirm that when a user account is marked as spam, all the sites linked to that user are set to 'spam' = '1'. Similarly, when a user is marked as 'notspam,' all their associated sites are ​updated to 'spam' = '0'.

This behaviour might be a good topic for discussion to understand its purpose and whether it works as intended.

[realloc]

Proposal to use a short circuit filter

[johnjamesjacoby]

This behavior is intended, but should be made better.

This was geared towards open blogging planets (where sites could be created easily by anyone) so when a user signed up and created 100 spam blogs, a Super Admin could clean up the mess in one shot.

I feel like these days, I almost never want that to happen.

Same goes for the notspam action.

Here's what I think is the best end result:

• Change the default behavior to not do this anymore :X
• Add filters to re-enable it if desired
• Related dev/user outreach about an intended backwards compatibility break

---

Specific to the attached diff, the apply_filters( 'handle pattern is only used by network-admin bulk-actions, so I would suggest different hook names.

https://core.trac.wordpress.org/ticket/61146

[realloc]

Replying to johnjamesjacoby:

• Change the default behavior to not do this anymore :X
• Add filters to re-enable it if desired
• Related dev/user outreach about an intended backwards compatibility break

Thank you for looking into it. I just inverted the default value and renamed the hook. :-)

Review from Gemini:

The changes in src/wp-admin/network/users.php are well-implemented and adhere to WordPress coding standards.

Here's a summary of the review:

• HTTP Status Codes: Explicitly adding 403 to wp_die() calls for unauthorized actions is a good practice for proper HTTP response handling.
• New Filter: The introduction of the network_user_spam_propagate_to_blogs filter provides valuable flexibility for developers to control spam status propagation. The associated PHPDoc block is correctly formatted and includes the @since 6.9.0 tag, parameter descriptions, and type hints.
• Security Enhancement: The addition of is_super_admin() checks for both "spam" and "notspam" actions prevents unauthorized modification of network administrators, which is a significant security improvement.
• Multi-network Compatibility: The refinement in the "notspam" logic to include && get_current_network_id() === $details->site_id ensures that blog status updates are correctly scoped to the current network, improving behavior in multi-network installations.
• Indentation and Readability: The code maintains consistent indentation and remains highly readable.

Overall, these changes improve security, flexibility, and correctness within the WordPress network user management.