Skip to:
Content

bbPress.org

Opened 5 years ago

Closed 4 years ago

Last modified 3 years ago

#3368 closed defect (bug) (fixed)

Spam check not sending author information to Akismet for logged in users

Reported by: procifer's profile procifer Owned by: johnjamesjacoby's profile johnjamesjacoby
Milestone: 2.6.6 Priority: high
Severity: normal Version: 2.6.0
Component: Extend - Akismet Keywords: has-patch commit
Cc:

Description

Testing on a brand new WordPress 5.4 site with only Akismet 4.1.4 and bbPress 2.6.4 active, I've noticed that bbPress is not sending several author-related fields to Akismet when new Topics are created by logged in users.

To reproduce:

  1. Modify maybe_spam function in akismet.php to output what information is being sent to Akismet for debugging.
  2. In an incognito window, create and login to user account with topic posting permission and a non-empty Name, Email, and URL in profile.
  3. Attempt to create a new Topic
  4. Check output from 1 and see that comment_author, comment_author_email, and comment_author_url are blank.

I think the reason for this is the logic around line 113 of includes/extend/akismet.php, where it's checking for the presence of $anonymous_data, and uses information from it if not empty. The problem is that $anonymous_data seems to be non-empty even when a user is logged in, but the anonymous fields are blank or not accurate.

I'll attach a patch that fixes this in my testing. It also adjusts similar logic further down in that file when determining if submitted attributes match current post attributes for those fields.

The logic to determine username, email, and URL from $userdata and $anonymous_data could probably be refactored and shared between those two spots, and some better checking for possibly missing keys in $anonymous_data in the latter would be good. I am not very familiar with bbPress or that extension though, so it could use some thorough review by someone who is.

Getting those fields sent to Akismet will definitely help with spam detection on many many sites.

Attachments (1)

bbpress_akismet_fix_20200415.diff (2.0 KB) - added by procifer 5 years ago.

Download all attachments as: .zip

Change History (10)

#1 @johnjamesjacoby
5 years ago

  • Component changed from General to Extend - Akismet
  • Keywords commit added
  • Milestone changed from Awaiting Review to 2.6.5
  • Owner set to johnjamesjacoby
  • Priority changed from normal to high
  • Status changed from new to assigned
  • Version set to 2.6.0

Hey @procifer, thanks for the report.

Your findings and research make sense, to me.

It is not intentional to send empty user data for registered users to Akismet. I'll test this a bit more, but until then I think this makes sense to fit into the 2.6.5 release.

#2 @procifer
5 years ago

Great news, thanks for the quick reply @johnjamesjacoby !

#3 @netweb
5 years ago

See also #2853

#4 @johnjamesjacoby
5 years ago

  • Milestone changed from 2.6.5 to 2.6.6

This ticket was mentioned in Slack in #bbpress by stephdau. View the logs.


4 years ago

#6 @johnjamesjacoby
4 years ago

In 7128:

Akismet: fix spam check not sending author info for logged in users

This commit uses bbp_has_errors() to catch whether anonymous information exists or not, and falls back to the currently logged in user otherwise (anonymous has priority due to moderator ability to edit topics & replies).

This commit also improves the readability of a few lengthy function calls, and adds empty() checks to all of the related array key touches.

In branches/2.6, for 2.6.6.

Props procifer.

See #3368.

#7 @johnjamesjacoby
4 years ago

In 7129:

Akismet: fix spam check not sending author info for logged in users

This commit uses bbp_has_errors() to catch whether anonymous information exists or not, and falls back to the currently logged in user otherwise (anonymous has priority due to moderator ability to edit topics & replies).

This commit also improves the readability of a few lengthy function calls, and adds empty() checks to all of the related array key touches.

In trunk, for 2.7.

Props procifer.

See #3368.

#8 @johnjamesjacoby
4 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

#9 @stephdau
4 years ago

Thanks so much, @johnjamesjacoby ! <3

Note: See TracTickets for help on using tickets.