#5575 closed defect (bug) (duplicate)
Plugin Directory: Banned Users should not be able to upload plugins
Reported by: | Ipstenu | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Component: | Plugin Directory | Keywords: | |
Cc: |
Description
Related to #5574
In theory if that gets fixed properly this won't be AS needed, but at the same time, seeing as it has shown flaws, we should have a failsafe that checks for user permissions.
Now we have a lot of code that looks for things like this:
$user = new WP_User( get_current_user_id() ); if ( ! empty( $user->allcaps['bbp_blocked'] ) ) : // Do the ban message here endif;
And I thought about putting that into the upload shortcode file around here: https://meta.trac.wordpress.org/browser/sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/shortcodes/class-upload.php#L30
But at the same time, it strikes me that it would be better to have a generic function like is_user_banned()
to be reused, since this is not the only time we would want to have that check, and we're crossing the DRY border :)
We call bbp_blocked 11 times (attached image).
I don't know if this should be a plugin-specific 'just add another block to the wall' ticket or if we should genericize this out and make it flexible.
All the uses of bbp_blocked