Opened 3 years ago
Last modified 10 hours ago
#3434 new enhancement
Akismet catches spam for moderator, but moderators are able to bypass spam
Reported by: | r-a-y | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | low |
Severity: | minor | Version: | 2.0 |
Component: | Extend - Akismet | Keywords: | 2nd-opinion has-patch |
Cc: | SirLouen |
Description
In the Akismet module, moderators are able to bypass Akismet checks:
https://github.com/bbpress/bbPress/blob/09313c9984c55429f3e664ca4383768b68ee34b9/src/includes/extend/akismet.php#L205-L211
However, if Akismet catches a post written by a moderator as spam, the following is listed in the "Akismet History" metabox with two entries:
- Akismet caught this post as spam.
- Post status was changed to publish.
Perhaps changing the second log entry from "Post status was changed to publish" to "Akismet spam check overruled. Post status was published because user is a moderator" would be more clear and appropriate.
Change History (5)
#3
in reply to:
↑ 2
@
2 days ago
- Cc SirLouen added
- Keywords 2nd-opinion added; dev-feedback removed
- Priority changed from normal to low
- Severity changed from normal to minor
- Type changed from defect (bug) to enhancement
I think that the post status log does the right thing, it informs of what's exactly happening: Akismet caught the spam and then, the post, automatically was set to publish because of the moderate
permission
Replying to wpclungz1:
I got same issue ! Can anyone help me out ?
Still, anyone can easily extend the functionality of this using any of the hooks if needed, either if you want to inhibit that moderators are not bypassed by this module with the bbp_bypass_spam_enforcement
filter hook.
After reviewing the akismet class code, personally I think that BBP_Akismet::update_post_meta
is missing an action hook for adding functionality, like this issue suggests.
I'm submitting a patch with a possible solution also including the possibility to access the method update_post_history
and being able to extend functionality and do things like proposed in this post, without having to do a bigger overhaul of the Akismet class.
For example, using my proposed hook, one could do what is mentioned in the OP:
<?php function moderator_spam_notice ( $post_id ) { xdebug_break(); if ( class_exists( 'BBP_Akismet' ) ) { if ( current_user_can( 'moderate', $post_id ) ) { $akismet = new BBP_Akismet(); $akismet->update_post_history ( $post_id, esc_html__( 'Akismet spam check overruled. Post status was published because user is a moderator' ), 'moderator-bypass', ); } } } add_action( 'bbp_akismet_update_post_meta', 'moderator_spam_notice', 10, 1 );
PS: I would also add static
to update_post_history
because its not a function that need object context to work but for the proposed patch I'm leaving as-is.
This ticket was mentioned in PR #25 on bbpress/bbPress by @SirLouen.
2 days ago
#4
- Keywords has-patch added
Trac Issue:
https://bbpress.trac.wordpress.org/ticket/3434
In the Akismet module, moderators are able to bypass Akismet checks:
https://github.com/bbpress/bbPress/blob/09313c9984c55429f3e664ca4383768b68ee34b9/src/includes/extend/akismet.php#L205-L211
I got same issue ! Can anyone help me out ?