[buddypress-trac] [BuddyPress] #4814: spammer can create group

buddypress-trac noreply at wordpress.org
Wed May 1 14:17:52 UTC 2013


#4814: spammer can create group
--------------------------+-----------------------
 Reporter:  intimez       |       Owner:  r-a-y
     Type:  defect (bug)  |      Status:  reopened
 Priority:  normal        |   Milestone:  1.8
Component:  Groups        |     Version:  1.7
 Severity:  critical      |  Resolution:
 Keywords:  dev-feedback  |
--------------------------+-----------------------

Comment (by johnjamesjacoby):

 Replying to [comment:8 DJPaul]:
 > Reopening. If we are going to kill the page like this, we should use the
 existing bp_is_user_spammer() and bp_is_user_deleted() functions, rather
 than off-load the logic.
 >
 > This is also a fairly substantial change in our approach; until now,
 we've not stopped spam accounts being able to *read* the site, and instead
 have been preventing them posting to forms, and blocking them from
 creating new content (this bug not withstanding), etc. I think I prefer
 this "old" approach, so I wanted to re-open for a bit more discussion.
 >
 > Sorry for not having seen this patch in the last couple of months to
 offer this feedback prior to the commit.
 Agree with Paul here. Something tells me the approach is probably fine,
 though it is a drastic behavioral change to make without having discussed
 it in a dev chat together. The wp_die() approach gets the point across,
 but maybe it should be a more informative message/page within the theme?
 Like a 404 but for logged in users.

-- 
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/4814#comment:9>
BuddyPress <http://buddypress.org/>
BuddyPress


More information about the buddypress-trac mailing list