[wpmu-trac] [WordPress MU Trac] #798: Marked user as spammer,
but still able to login and create blogs
WordPress MU Trac
wpmu-trac at lists.automattic.com
Wed Nov 19 02:24:06 GMT 2008
#798: Marked user as spammer, but still able to login and create blogs
------------------------+---------------------------------------------------
Reporter: MrBrian | Owner: somebody
Type: defect | Status: new
Priority: normal | Milestone:
Component: component1 | Version:
Severity: normal | Keywords:
------------------------+---------------------------------------------------
I noticed that I marked a spammer as spam and all of his blogs were marked
as spam. The next day I discover that he's created another 10 blogs with
the same account. Checked wp_users and the spam value is set to 1, so I
started investigating. I believe the filter
'''wordpressmu_authenticate_siteadmin''' is the only thing standing
between a spammer logging in and creating new blogs, and it's function is
to check the primary blog of non-admin users for being marked as spam.
Wouldn't it make more sense if the function checked if the user was marked
as spam instead of checking their primary blog? I think there are also
circumstances where the primary_blog value can be set to a blog that the
user doesn't own, but i'm not positive there.
Anyways, I checked the primary blog of the spammer and his blog is marked
as spam in the database also. I changed the password of the spammer's user
account and logged in with success under the account. Based on the code I
looked at, that shouldn't happen... I don't know why the spammer can still
log in. Hope you have some more knowledge on the issue - i'm going to code
in a quick spam check against the users.
--
Ticket URL: <http://trac.mu.wordpress.org/ticket/798>
WordPress MU Trac <http://mu.wordpress.org/>
WordPress Multiuser
More information about the wpmu-trac
mailing list