HostForge-Systems/wordpress
Template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Networks and Sites: Don't automatically mark website as spam when an account is marked as spam.

Browse Source 
This changeset does the following:
- Explicitly add `403` to `wp_die()` calls for unauthorized actions
- Introduce the `network_user_spam_propagate_to_blogs` filter to provide flexibility for developers to control spam status propagation
- Use `is_super_admin()` checks for both "spam" and "notspam" actions to prevent unauthorized modification of network administrators
- Refine the "notspam" logic to ensure that blog status updates are correctly scoped to the current network
- Add related unit tests coverage

Props ignatiusjeroe, realloc, johnjamesjacoby, westonruter, mukesh27, pratiknawkar94, anukasha.
Fixes #61146.


Built from https://develop.svn.wordpress.org/trunk@61660


git-svn-id: http://core.svn.wordpress.org/trunk@60971 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
audrasjb
2026-02-17 09:25:40 +00:00
parent 1144a460c8
commit 650e77076d
2 changed files with 36 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
wp-admin/network/users.php
View File

@@ -86,16 +86,27 @@ if ( isset( $_GET['action'] ) ) {
/* translators: %s: User login. */
__( 'Warning! User cannot be modified. The user %s is a network administrator.' ),
esc_html( $user->user_login )
)
),
403
);
}
$userfunction = 'all_spam';
$blogs = get_blogs_of_user( $user_id, true );
foreach ( (array) $blogs as $details ) {
if ( ! is_main_site( $details->userblog_id ) ) { // Main site is not a spam!
update_blog_status( $details->userblog_id, 'spam', '1' );
/**
* Filters whether to propagate the blog status when a user is marked as spam.
*
* @since 7.0.0
*
* @param bool $propagate Whether to propagate the blog status. Default false.
* @param int $user_id User ID.
*/
if ( apply_filters( 'propagate_network_user_spam_to_blogs', false, $user_id ) ) {
foreach ( get_blogs_of_user( $user_id, true ) as $details ) {
// Assuming the main site is not a spam.
if ( ! is_main_site( $details->userblog_id ) ) {
update_blog_status( $details->userblog_id, 'spam', '1' );
}
}
}
@@ -108,11 +119,28 @@ if ( isset( $_GET['action'] ) ) {
case 'notspam':
$user = get_userdata( $user_id );
if ( is_super_admin( $user->ID ) ) {
wp_die(
sprintf(
/* translators: %s: User login. */
__( 'Warning! User cannot be modified. The user %s is a network administrator.' ),
esc_html( $user->user_login )
),
403
);
}
$userfunction = 'all_notspam';
$blogs = get_blogs_of_user( $user_id, true );
foreach ( (array) $blogs as $details ) {
update_blog_status( $details->userblog_id, 'spam', '0' );
/** This filter is documented in wp-admin/network/users.php */
if ( apply_filters( 'propagate_network_user_spam_to_blogs', false, $user_id ) ) {
foreach ( get_blogs_of_user( $user_id, true ) as $details ) {
if ( ! is_main_site( $details->userblog_id ) && get_current_network_id() === $details->site_id ) {
// Assuming main site is never a spam and part of the current network.
update_blog_status( $details->userblog_id, 'spam', '0' );
}
}
}
$user_data = $user->to_array();

2
wp-includes/version.php
View File

@@ -16,7 +16,7 @@
*
* @global string $wp_version
*/
$wp_version = '7.0-alpha-61659';
$wp_version = '7.0-alpha-61660';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.