Making WordPress.org

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#5575 closed defect (bug) (duplicate)

Plugin Directory: Banned Users should not be able to upload plugins

Reported by: ipstenu's profile Ipstenu Owned by:
Milestone: Priority: normal
Component: Plugin Directory Keywords:
Cc:

Description

Related to #5574

In theory if that gets fixed properly this won't be AS needed, but at the same time, seeing as it has shown flaws, we should have a failsafe that checks for user permissions.

Now we have a lot of code that looks for things like this:

$user = new WP_User( get_current_user_id() );

if ( ! empty( $user->allcaps['bbp_blocked'] ) ) :
	// Do the ban message here
endif;

And I thought about putting that into the upload shortcode file around here: https://meta.trac.wordpress.org/browser/sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/shortcodes/class-upload.php#L30

But at the same time, it strikes me that it would be better to have a generic function like is_user_banned() to be reused, since this is not the only time we would want to have that check, and we're crossing the DRY border :)

We call bbp_blocked 11 times (attached image).

I don't know if this should be a plugin-specific 'just add another block to the wall' ticket or if we should genericize this out and make it flexible.

Attachments (1)

Screen Shot 2021-01-13 at 2.05.46 PM.jpg (499.2 KB) - added by Ipstenu 4 years ago.
All the uses of bbp_blocked

Download all attachments as: .zip

Change History (3)

@Ipstenu
4 years ago

All the uses of bbp_blocked

#1 @dd32
4 years ago

  • Resolution set to duplicate
  • Status changed from new to closed

This should be fixed via #4691 as blocked users can not login, and any existing sessions should be invalidated upon blocking.

#2 @dd32
4 years ago

  • Component changed from General to Plugin Directory
Note: See TracTickets for help on using tickets.