#3368 closed defect (bug) (fixed)
Spam check not sending author information to Akismet for logged in users
Reported by: | procifer | Owned by: | johnjamesjacoby |
---|---|---|---|
Milestone: | 2.6.6 | Priority: | high |
Severity: | normal | Version: | 2.6.0 |
Component: | Extend - Akismet | Keywords: | has-patch commit |
Cc: |
Description
Testing on a brand new WordPress 5.4 site with only Akismet 4.1.4 and bbPress 2.6.4 active, I've noticed that bbPress is not sending several author-related fields to Akismet when new Topics are created by logged in users.
To reproduce:
- Modify
maybe_spam
function in akismet.php to output what information is being sent to Akismet for debugging. - In an incognito window, create and login to user account with topic posting permission and a non-empty Name, Email, and URL in profile.
- Attempt to create a new Topic
- Check output from 1 and see that
comment_author
,comment_author_email
, andcomment_author_url
are blank.
I think the reason for this is the logic around line 113 of includes/extend/akismet.php
, where it's checking for the presence of $anonymous_data
, and uses information from it if not empty. The problem is that $anonymous_data
seems to be non-empty even when a user is logged in, but the anonymous fields are blank or not accurate.
I'll attach a patch that fixes this in my testing. It also adjusts similar logic further down in that file when determining if submitted attributes match current post attributes for those fields.
The logic to determine username, email, and URL from $userdata
and $anonymous_data
could probably be refactored and shared between those two spots, and some better checking for possibly missing keys in $anonymous_data
in the latter would be good. I am not very familiar with bbPress or that extension though, so it could use some thorough review by someone who is.
Getting those fields sent to Akismet will definitely help with spam detection on many many sites.
Attachments (1)
Change History (10)
#1
@
5 years ago
- Component changed from General to Extend - Akismet
- Keywords commit added
- Milestone changed from Awaiting Review to 2.6.5
- Owner set to johnjamesjacoby
- Priority changed from normal to high
- Status changed from new to assigned
- Version set to 2.6.0
Hey @procifer, thanks for the report.
Your findings and research make sense, to me.
It is not intentional to send empty user data for registered users to Akismet. I'll test this a bit more, but until then I think this makes sense to fit into the 2.6.5 release.