[wp-meta] [Making WordPress.org] #5575: Plugin Directory: Banned Users should not be able to upload plugins
Making WordPress.org
noreply at wordpress.org
Wed Jan 13 22:08:41 UTC 2021
#5575: Plugin Directory: Banned Users should not be able to upload plugins
---------------------+--------------------
Reporter: Ipstenu | Owner: (none)
Type: defect | Status: new
Priority: normal | Milestone:
Component: General | Keywords:
---------------------+--------------------
Related to #5574
In theory if that gets fixed properly this won't be AS needed, but at the
same time, seeing as it has shown flaws, we should have a failsafe that
checks for user permissions.
Now we have a lot of code that looks for things like this:
{{{
$user = new WP_User( get_current_user_id() );
if ( ! empty( $user->allcaps['bbp_blocked'] ) ) :
// Do the ban message here
endif;
}}}
And I thought about putting that into the upload shortcode file around
here:
https://meta.trac.wordpress.org/browser/sites/trunk/wordpress.org/public_html
/wp-content/plugins/plugin-directory/shortcodes/class-upload.php#L30
But at the same time, it strikes me that it would be better to have a
generic function like `is_user_banned()` to be reused, since this is not
the only time we would want to have that check, and we're crossing the DRY
border :)
We call bbp_blocked 11 times (attached image).
I don't know if this should be a plugin-specific 'just add another block
to the wall' ticket or if we should genericize this out and make it
flexible.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/5575>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list