[wp-trac] [WordPress Trac] #36546: user marked as spam can log in
WordPress Trac
noreply at wordpress.org
Sat Apr 16 07:21:22 UTC 2016
#36546: user marked as spam can log in
--------------------------------+-----------------------------
Reporter: websupporter | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Networks and Sites | Version: trunk
Severity: normal | Keywords:
Focuses: multisite |
--------------------------------+-----------------------------
When the admin marks a user as "spam" the function
`wp_authenticate_spam_check()` is supposed to block this user from logging
in.
`wp_authenticate_spam_check()` utilizes `is_user_spammy()` to do so. This
function expects the WP User Object. If it is not given, it will fall back
to the currently logged in user, but - if I am not mistaken - the user is
not logged in yet, so the fallback does not work.
Since we have the user object when performing the `is_user_spammy`-test,
we can simply hand it over and the user can't login no more.
____
P.S.: Its the first time, I try to patch something, I hope I get
everything right.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36546>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list