[buddypress-trac] [BuddyPress] #3101: Spammed blog removes all blog entries and spams user. Unspamming doesn't reverse table row deletes.
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Mon Mar 7 01:57:55 UTC 2011
#3101: Spammed blog removes all blog entries and spams user. Unspamming doesn't
reverse table row deletes.
-------------------------------------------------+-------------------------
Reporter: bigtweet | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Awaiting
Component: Core | Review
Keywords: blog, spam, wp_bp_user_blogs, | Version: 1.2.8
wp_users, Anti-Splog |
-------------------------------------------------+-------------------------
Setup
======
WordPress 3.1, BuddyPress 1.2.8
Anti-Splog 1.0.7 http://premium.wpmudev.org/project/anti-splog
Overview
========
When a single blog is spammed from the Sites panel in the Dashboard,
all the blog entries for the associated user are removed from the
wp_bp_user_blogs table. The user is also spammed in wp_users table (is
this a WP bug/feature?).
When a spammed blog is unspammed from the Sites panel, the entries in the
wp_bp_user_blogs table are not restored.
Detail
========
I noticed the following queries being issued for user 13 when a single
blog was spammed:
DELETE FROM wp_bp_user_blogs WHERE user_id = 13
UPDATE `wp_users` SET `spam` = 1 WHERE `ID` = 13
I think the DELETE should be qualified by blog id and not by user id.
Should the user be spammed here? Should I file a WP bug or is this a
feature? (Once a user is spammed, they can't be unspammed from
Dashboard).
Anti-Splog
============
Using Anti-Splog (plugin to mark blogs as spam) showed me another aspect
of this potential BuddyPress bug and let me identify the places in the BP
code that were issuing the queries.
What I did was to create 2 blogs in succession and force both to be
spammed (tweak in Anti-Splog). This caused the following sequence of
queries:
INSERT INTO wp_bp_user_blogs ( user_id, blog_id ) VALUES ( 13, 50 )
DELETE FROM wp_bp_user_blogs WHERE user_id = 13
INSERT INTO wp_bp_user_blogs ( user_id, blog_id ) VALUES ( 13, 50 )
INSERT INTO wp_bp_user_blogs ( user_id, blog_id ) VALUES ( 13, 51 )
DELETE FROM wp_bp_user_blogs WHERE user_id = 13
INSERT INTO wp_bp_user_blogs ( user_id, blog_id ) VALUES ( 13, 51 )
What is interesting to note is:
1. There are 2 INSERTs for each blog creation (expected just 1).
2. There is a DELETE that seems like it should be qualified by blog id
instead of user id.
The queries are being generated from
wp-content/plugins/buddypress/bp-blogs/bp-blogs-classes.php
The INSERTs are coming from function save()
The DELETEs are coming from function delete_blogs_for_user()
Summary
========
I think that only the blog being spammed should be removed from table
wp_bp_user_blogs. It would be nice to have a hook that re-inserted this
entry into wp_bp_user_blogs when a blog is unspammed. Without this, a
blog will never again be accessible to BuddyPress.
I would like to solicit an opinion on whether spamming a user when a blog
is spammed seems like a WP feature, or whether I should file a WordPress
bug.
Thanks,
Scott
--
Ticket URL: <https://trac.buddypress.org/ticket/3101>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list