[buddypress-trac] [BuddyPress Trac] #6156: bp_is_user_deleted() incorrectly checks user_status === 2
buddypress-trac
noreply at wordpress.org
Thu Jan 22 03:53:26 UTC 2015
#6156: bp_is_user_deleted() incorrectly checks user_status === 2
-----------------------------+------------------------------------------
Reporter: johnjamesjacoby | Owner:
Type: defect (bug) | Status: new
Priority: high | Milestone: 2.3
Component: Members | Version:
Severity: normal | Keywords: needs-patch needs-unit-tests
-----------------------------+------------------------------------------
With our recent move to handling sign-ups the WordPress multisite way,
we've taken over user_status "2" as meaning 'registered but not yet
active' instead of 'you deleted your account but we kept your data for
you.'
From what I can tell, when deleting a user, WordPress deletes the database
entries completely for that user and their associated meta. Both
`wpmu_delete_user()` and `wp_delete_user()` delete user data, and no where
in WordPress core is the `deleted` column in the users table used.
I vaguely recall Andy and I discussing what `user_status` digit to use for
"deleted" users and think we picked "2" based on a popular plugin at the
time that basically allowed for deleting users by hiding them with a
`user_status` of 2, so we secretly matched it to support that plugin.
Since `bp_is_user_deleted()` is only used in `bp_is_user_active()` and
most of those usages should be `bp_is_user_inactive()` I think these
functions need an audit and unit-tests to ensure they are doing what they
should, and what we want them to.
Marking priority as high in 2.3, as future `user_status` improvements will
rely on making sure these functions are hardened.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6156>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list