Skip to:

Opened 11 years ago

Closed 10 years ago

#1568 closed defect (bug) (fixed)

Check user_status (spam/deleted) when posting

Reported by: johnjamesjacoby Owned by:
Milestone: 2.0 Priority: high
Severity: normal Version: 2.0
Component: Component - Users Keywords: has-patch


Right now we use mapped weta caps to make sure that only capable users can create forums, topics, and replies. The actual user status needs to be tested to ensure that spam/deleted users aren't allowed to sneak by, as they can still have caps in the DB in certain circumstances.

Attachments (1)

1568.diff (3.1 KB) - added by sorich87 10 years ago.

Download all attachments as: .zip

Change History (3)

10 years ago

#1 @sorich87
10 years ago

  • Keywords has-patch added

The attached patch uses a 'do_not_allow' capability as WordPress does for the 'edit_users' capability on Multisites. I hope this is the best approach.

Last edited 10 years ago by sorich87 (previous) (diff)

#2 @johnjamesjacoby
10 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [3392]) Map to 'do_not_allow' cap if user is marked as spam or deleted. Fixes #1568. Props sorich87.

Note: See TracTickets for help on using tickets.