Skip to:
Content

bbPress.org

Opened 5 years ago

Closed 3 months ago

Last modified 3 months ago

#3434 closed enhancement (fixed)

Akismet catches spam for moderator, but moderators are able to bypass spam

Reported by: r-a-y's profile r-a-y Owned by: johnjamesjacoby's profile johnjamesjacoby
Milestone: Awaiting Review Priority: low
Severity: minor Version: 2.0
Component: Extend - Akismet Keywords: 2nd-opinion has-patch
Cc: SirLouen

Description

In the Akismet module, moderators are able to bypass Akismet checks:
https://github.com/bbpress/bbPress/blob/09313c9984c55429f3e664ca4383768b68ee34b9/src/includes/extend/akismet.php#L205-L211

However, if Akismet catches a post written by a moderator as spam, the following is listed in the "Akismet History" metabox with two entries:

  • Akismet caught this post as spam.
  • Post status was changed to publish.

See:
https://github.com/bbpress/bbPress/blob/09313c9984c55429f3e664ca4383768b68ee34b9/src/includes/extend/akismet.php#L578-L599

Perhaps changing the second log entry from "Post status was changed to publish" to "Akismet spam check overruled. Post status was published because user is a moderator" would be more clear and appropriate.

Change History (6)

#1 @r-a-y
5 years ago

  • Component changed from General to Extend - Akismet

#2 follow-up: @wpclungz1
16 months ago

In the Akismet module, moderators are able to bypass Akismet checks:

 HTML
<a href="https://www.aiaccount.com"></a>        <a href="https://www.3ecpa.com.sg"></a> <a href="https://www.3ecpa.com.my "></a>        <a href="https://www.aihrms.com "></a>  <a href="https://a-nz1.shop"></a>       <a href="https://a-nz2.shop"></a>       <a href="https://a-nz3.shop"></a>       <a href="https://a-nz4.shop"></a>       <a href="https://a-nz5.shop"></a>       <a href="https://a-nz6.shop"></a>       <a href="https://a-nz7.shop"></a>       <a href="https://a-nz8.shop"></a>       <a href="https://a-nz9.shop"></a>       <a href="https://a-nz10.shop"></a>      <a href="https://a-nz11.shop"></a>      <a href="https://a-nz12.shop"></a>      <a href="https://a-nz13.shop"></a>      <a href="https://a-nz14.shop"></a>      <a href="https://a-nz15.shop"></a>      <a href="https://a-nz16.shop"></a>      <a href="https://a-nz17.shop"></a>      <a href="https://a-nz18.shop"></a>      <a href="https://a-nz19.shop"></a>      <a href="https://a-nz20.shop"></a>      <a href="https://a-nz21.shop"></a>      <a href="https://a-nz22.shop"></a>      <a href="https://a-nz23.shop"></a>      <a href="https://a-nz24.shop"></a>      <a href="https://a-nz25.shop"></a>      <a href="https://a-nz26.shop"></a>      <a href="https://a-nz27.shop"></a>      <a href="https://a-nz28.shop"></a>      <a href="https://a-nz29.shop"></a>      <a href="https://a-nz30.shop"></a>

https://github.com/bbpress/bbPress/blob/09313c9984c55429f3e664ca4383768b68ee34b9/src/includes/extend/akismet.php#L205-L211

I got same issue ! Can anyone help me out ?

#3 in reply to: ↑ 2 @SirLouen
16 months ago

  • Cc SirLouen added
  • Keywords 2nd-opinion added; dev-feedback removed
  • Priority changed from normal to low
  • Severity changed from normal to minor
  • Type changed from defect (bug) to enhancement

I think that the post status log does the right thing, it informs of what's exactly happening: Akismet caught the spam and then, the post, automatically was set to publish because of the moderate permission

Replying to wpclungz1:

I got same issue ! Can anyone help me out ?

Still, anyone can easily extend the functionality of this using any of the hooks if needed, either if you want to inhibit that moderators are not bypassed by this module with the bbp_bypass_spam_enforcement filter hook.

After reviewing the akismet class code, personally I think that BBP_Akismet::update_post_meta is missing an action hook for adding functionality, like this issue suggests.

I'm submitting a patch with a possible solution also including the possibility to access the method update_post_history and being able to extend functionality and do things like proposed in this post, without having to do a bigger overhaul of the Akismet class.

For example, using my proposed hook, one could do what is mentioned in the OP:

<?php
function moderator_spam_notice ( $post_id ) {
        if ( class_exists( 'BBP_Akismet' ) ) {
                if ( current_user_can( 'moderate', $post_id ) ) {
                        $akismet = new BBP_Akismet();
                        $akismet->update_post_history (
                                        $post_id,
                                        esc_html__( 'Akismet spam check overruled. Post status was published because user is a moderator' ),
                                        'moderator-bypass',
                        );
                }
        }
}

add_action( 'bbp_akismet_update_post_meta', 'moderator_spam_notice', 10, 1 );

PS: I would also add static to update_post_history because its not a function that need object context to work but for the proposed patch I'm leaving as-is.

Last edited 15 months ago by SirLouen (previous) (diff)

This ticket was mentioned in PR #25 on bbpress/bbPress by @SirLouen.
16 months ago #4

  • Keywords has-patch added

Trac Issue:
https://bbpress.trac.wordpress.org/ticket/3434

#5 @johnjamesjacoby
3 months ago

  • Owner set to johnjamesjacoby
  • Resolution set to fixed
  • Status changed from new to closed

In 7356:

Akismet: improve verbiage in history log items.

When Akismet catches spam for moderators, and moderators are able to bypass spam, a second log entry is inserted into the history to explain why, and the previous verbiage was not very clear.

This commit attempts to provide some clarity, while also respecting that this specific code is filterable, and that the spam recommendation could be overruled by third-party plugins for any reason.

This commit also adds some hooks by request, and improves some related code docs.

Props johnjamesjacoby, r-a-y, sirlouen.

In trunk, for 2.7.

See r7353. Fixes #3434.

Note: See TracTickets for help on using tickets.