Changeset 10940

Timestamp:

04/30/2021 08:11:45 AM (5 years ago)

Author:

dd32

Message:

Login: When blocking users from the Admin UI, reference them by ID rather than by email to simplify some logic.

This also allows switching prior to including bbPress, avoiding issues related to code that sets all users as bbp_participant & [10939].

Follow up to [10928].

Location:

sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/admin

Files:

• class-user-registrations-list-table.php (modified) (1 diff)
• ui.php (modified) (1 diff)

sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/admin/class-user-registrations-list-table.php

@@ -244 +244 @@
 
         } else {
-            $url = add_query_arg(
-                'email',
-                urlencode( $item->user_email ),
+            // Account created, find the user.
+            $user = get_user_by( 'login', $item->user_login );
+
+            $url = add_query_arg(
+                'user_id',
+                urlencode( $user->ID ),
                 admin_url( 'admin-post.php?action=login_block_account' )
             );
-            $url = wp_nonce_url( $url, 'block_account_' . $item->user_email );
-
-            if (
-                ! ( $user = get_user_by( 'login', $item->user_login ) ) ||
-                'BLOCKED' !== substr( $user->user_pass, 0, 7 )
-            ) {
+            $url = wp_nonce_url( $url, 'block_account_' . $user->ID );
+
+            if ( $user && 'BLOCKED' !== substr( $user->user_pass, 0, 7 ) ) {
                 $row_actions['block-account'] = '<a href="' . esc_url( $url ) . '">Block Account</a>';
             }

sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/admin/ui.php

@@ -204 +204 @@
     }
 
-    $email = $_REQUEST['email'] ?? '';
-
-    check_admin_referer( 'block_account_' . $email );
-
-    $user = get_user_by( 'email', $email );
-    if ( $user && defined( 'WPORG_SUPPORT_FORUMS_BLOGID' ) ) {
+    if ( empty( $_REQUEST['user_id'] ) ) {
+        die();
+    }
+
+    $user_id = (int) $_REQUEST['user_id'];
+
+    check_admin_referer( 'block_account_' . $user_id );
+
+    if ( $user_id && defined( 'WPORG_SUPPORT_FORUMS_BLOGID' ) ) {
+
+        // Switch first so that bbPress loads with the correct context.
+        // This also ensures that the bbp_participant code doesn't kick in.
+        switch_to_blog( WPORG_SUPPORT_FORUMS_BLOGID );
+
         // Load the support forums.. 
         include_once WP_PLUGIN_DIR . '/bbpress/bbpress.php';
         include_once WP_PLUGIN_DIR . '/support-forums/support-forums.php';
 
-        // Then switch to it (Must be done after bbPress is loaded to get roles)
-        switch_to_blog( WPORG_SUPPORT_FORUMS_BLOGID );
-
         // Set the user to blocked. Support forum hooks will take care of the rest.
-        bbp_set_user_role( $user->ID, bbp_get_blocked_role() );
+        bbp_set_user_role( $user_id, bbp_get_blocked_role() );
 
         restore_current_blog();