Opened 8 years ago
Last modified 7 years ago
#3069 new defect (bug)
author metabox shows unfiltered IP address
Reported by: | mattiejas | Owned by: | |
---|---|---|---|
Milestone: | 2.7 | Priority: | normal |
Severity: | normal | Version: | trunk |
Component: | General - Administration | Keywords: | has-screenshots needs-patch |
Cc: |
Description
This concerns the function bbp_author_metabox in src/includes/admin/metaboxes.php; in that function the 'bbp_get_author_ip' filter is not applied when fetching the author's ip address for display into the user interface:
https://bbpress.trac.wordpress.org/browser/trunk/src/includes/admin/metaboxes.php#L636
I believe that the bbp_author_ip function should be used there, instead of a raw get_post_meta call, as bbp_author_ip applies the filter properly; see
https://bbpress.trac.wordpress.org/browser/trunk/src/includes/users/template.php#L587
The bbp_author_ip function also appears to be used a lot elsewhere in the code to display author's ip addresses.
A screenshot is attached showing an example of where the problem occurs, when editing replies via the admin interface. Actual IP address is blurred out for security reasons.
(I ran into this trying to hide IP addresses from the user interface via the 'bbp_get_author_ip' filter.)
Attachments (1)
Change History (7)
#1
@
8 years ago
- Component changed from API - Actions/Filters to General - Administration
- Keywords needs-patch added
#2
@
8 years ago
Thanks for the quick and very informative response, John. I wasn't aware that get_post_metadata had a separate filter, and I'm sorry for not reading the docs more closely to figure this out (although as far as I could find, it's not listed in the wordpress codex unfortunately). I'll try it out.
#3
@
8 years ago
No need to apologize. It's great that you thought you spotted something, and took the time to describe what you found in such detail, and included a use-case.
It really could use either approach, as there are pros and cons (like you've discovered) by having specific wrappers for things.
This ticket was mentioned in Slack in #bbpress by jjj. View the logs.
7 years ago
#6
@
7 years ago
In case anyone stumbles on this, just to post my solution to the problem here:
function wpse59607_remove_meta_box() { remove_meta_box( 'bbp_author_metabox', 'topic', 'side' ); remove_meta_box( 'bbp_author_metabox', 'reply', 'side' ); } add_action( 'add_meta_boxes', 'wpse59607_remove_meta_box', 999 );
This will hide the entire author meta box (which doesn't contain much information anyway), including the IP address. I found this easier than messing with get_post_metadata, which potentially might have other implications, e.g. for anti spam. Although I have no knowledge of how those actually work I could imagine they might also use get_post_meta.
Hey @mattiejas, thanks for the ticket here.
The admin-area metaboxes use
get_post_meta()
intentionally, to expose the data as close as possible to what's present in the database. If you need to filter the data here, you can use theget_post_metadata
filter, and check that$meta_key
is_bbp_author_ip
.I just noticed we don't have singular wrappers for the other anonymous user meta values, but
bbp_author_metabox()
is shared across both topics and replies. If we did want to switch to usingbbp_author_ip()
here, we'd probably want two meta-box functions (one each, for topics/replies.)