[wp-trac] [WordPress Trac] #36546: user marked as spam can log in

WordPress Trac noreply at wordpress.org
Sat Apr 16 07:21:22 UTC 2016


#36546: user marked as spam can log in
--------------------------------+-----------------------------
 Reporter:  websupporter        |      Owner:
     Type:  defect (bug)        |     Status:  new
 Priority:  normal              |  Milestone:  Awaiting Review
Component:  Networks and Sites  |    Version:  trunk
 Severity:  normal              |   Keywords:
  Focuses:  multisite           |
--------------------------------+-----------------------------
 When the admin marks a user as "spam" the function
 `wp_authenticate_spam_check()` is supposed to block this user from logging
 in.

 `wp_authenticate_spam_check()` utilizes `is_user_spammy()` to do so. This
 function expects the WP User Object. If it is not given, it will fall back
 to the currently logged in user, but - if I am not mistaken - the user is
 not logged in yet, so the fallback does not work.

 Since we have the user object when performing the `is_user_spammy`-test,
 we can simply hand it over and the user can't login no more.

 ____
 P.S.: Its the first time, I try to patch something, I hope I get
 everything right.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/36546>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list