Opened 4 years ago

Closed 3 years ago

Last modified 3 years ago

#5575 closed defect (bug) (duplicate)

Plugin Directory: Banned Users should not be able to upload plugins

Reported by: ipstenu's profile Ipstenu Owned by:
Milestone: Priority: normal
Component: Plugin Directory Keywords:


Related to #5574

In theory if that gets fixed properly this won't be AS needed, but at the same time, seeing as it has shown flaws, we should have a failsafe that checks for user permissions.

Now we have a lot of code that looks for things like this:

$user = new WP_User( get_current_user_id() );

if ( ! empty( $user->allcaps['bbp_blocked'] ) ) :
	// Do the ban message here

And I thought about putting that into the upload shortcode file around here:

But at the same time, it strikes me that it would be better to have a generic function like is_user_banned() to be reused, since this is not the only time we would want to have that check, and we're crossing the DRY border :)

We call bbp_blocked 11 times (attached image).

I don't know if this should be a plugin-specific 'just add another block to the wall' ticket or if we should genericize this out and make it flexible.

Attachments (1)

Screen Shot 2021-01-13 at 2.05.46 PM.jpg (499.2 KB) - added by Ipstenu 4 years ago.
All the uses of bbp_blocked

Download all attachments as: .zip

Change History (3)

4 years ago

All the uses of bbp_blocked

#1 @dd32
3 years ago

  • Resolution set to duplicate
  • Status changed from new to closed

This should be fixed via #4691 as blocked users can not login, and any existing sessions should be invalidated upon blocking.

#2 @dd32
3 years ago

  • Component changed from General to Plugin Directory
Note: See TracTickets for help on using tickets.