bbpress skips check for number of links if blacklist is empty

[dpacmittal]

The function bbp_check_for_moderation() in includes/common/functions.php has this code:

// Bail if blacklist is empty
	if ( empty( $blacklist ) )
		return true;
.
.
.
.

	/** Max Links *************************************************************/

	$max_links = get_option( 'comment_max_links' );
	if ( !empty( $max_links ) ) {

		// How many links?
		$num_links = preg_match_all( '/<a [^>]*href/i', $content, $match_out );

		// Allow for bumping the max to include the user's URL
		$num_links = apply_filters( 'comment_max_links_url', $num_links, $_post['url'] );

		// Das ist zu viele links!
		if ( $num_links >= $max_links ) {
			return false;
		}
	}

Bailing if blacklist is empty should be done after checking the number of links.

[netweb]

Thanks for the report, seems valid, will take a closer look soon.

[netweb]

In 2546.diff​

• Check the moderation_keys after comment_max_links
• Change regex to (http|ftp|https):// links as $content is raw and not wrapped in HTML anchors.

A couple of things:

• This will need some docs on the codex to coincide with bbPress 2.6 as quite a few people will be caught out by this (myself included on bbpress.org) as bbp_check_for_moderation is only skipped if the user is a keymaster.

• Inform users how to change the number of allowed links in /wp-admin/options-discussion.php

• We currently do not display a template notice if a forum, topic or reply fails the bbp_check_for_moderation check, we should add a template notice for this.

[netweb]

Related: #1988 Pending Moderation template notice

[netweb]

Related: #2645 Add support to approve and unapprove pending topics and replies

[johnjamesjacoby]

In 5488:

Change behavior of bbp_check_for_moderation() so empty moderation_keys no longer skips max_links check. Props netweb. See #2546.

[johnjamesjacoby]

This should now be fixed.