Skip to:
Content

bbPress.org

Opened 3 years ago

Last modified 5 hours ago

#3434 new enhancement

Akismet catches spam for moderator, but moderators are able to bypass spam

Reported by: r-a-y's profile r-a-y Owned by:
Milestone: Awaiting Review Priority: low
Severity: minor Version: 2.0
Component: Extend - Akismet Keywords: 2nd-opinion has-patch
Cc: SirLouen

Description

In the Akismet module, moderators are able to bypass Akismet checks:
https://github.com/bbpress/bbPress/blob/09313c9984c55429f3e664ca4383768b68ee34b9/src/includes/extend/akismet.php#L205-L211

However, if Akismet catches a post written by a moderator as spam, the following is listed in the "Akismet History" metabox with two entries:

  • Akismet caught this post as spam.
  • Post status was changed to publish.

See:
https://github.com/bbpress/bbPress/blob/09313c9984c55429f3e664ca4383768b68ee34b9/src/includes/extend/akismet.php#L578-L599

Perhaps changing the second log entry from "Post status was changed to publish" to "Akismet spam check overruled. Post status was published because user is a moderator" would be more clear and appropriate.

Change History (4)

#1 @r-a-y
3 years ago

  • Component changed from General to Extend - Akismet

#2 follow-up: @wpclungz1
6 days ago

In the Akismet module, moderators are able to bypass Akismet checks:

https://github.com/bbpress/bbPress/blob/09313c9984c55429f3e664ca4383768b68ee34b9/src/includes/extend/akismet.php#L205-L211

I got same issue ! Can anyone help me out ?

#3 in reply to: ↑ 2 @SirLouen
3 days ago

  • Cc SirLouen added
  • Keywords 2nd-opinion added; dev-feedback removed
  • Priority changed from normal to low
  • Severity changed from normal to minor
  • Type changed from defect (bug) to enhancement

I think that the post status log does the right thing, it informs of what's exactly happening: Akismet caught the spam and then, the post, automatically was set to publish because of the moderate permission

Replying to wpclungz1:

I got same issue ! Can anyone help me out ?

Still, anyone can easily extend the functionality of this using any of the hooks if needed, either if you want to inhibit that moderators are not bypassed by this module with the bbp_bypass_spam_enforcement filter hook.

After reviewing the akismet class code, personally I think that BBP_Akismet::update_post_meta is missing an action hook for adding functionality, like this issue suggests.

I'm submitting a patch with a possible solution also including the possibility to access the method update_post_history and being able to extend functionality and do things like proposed in this post, without having to do a bigger overhaul of the Akismet class.

For example, using my proposed hook, one could do what is mentioned in the OP:

<?php
function moderator_spam_notice ( $post_id ) {

        xdebug_break();

        if ( class_exists( 'BBP_Akismet' ) ) {
                if ( current_user_can( 'moderate', $post_id ) ) {
                        $akismet = new BBP_Akismet();
                        $akismet->update_post_history (
                                        $post_id,
                                        esc_html__( 'Akismet spam check overruled. Post status was published because user is a moderator' ),
                                        'moderator-bypass',
                        );
                }
        }
}

add_action( 'bbp_akismet_update_post_meta', 'moderator_spam_notice', 10, 1 );

PS: I would also add static to update_post_history because its not a function that need object context to work but for the proposed patch I'm leaving as-is.

This ticket was mentioned in PR #25 on bbpress/bbPress by @SirLouen.


3 days ago
#4

  • Keywords has-patch added
Note: See TracTickets for help on using tickets.