/** * Catch a "Mark as Spammer/Not Spammer" click from the toolbar. * * When a site admin selects "Mark as Spammer/Not Spammer" from the admin menu * this action will fire and mark or unmark the user and their blogs as spam. * Must be a site admin for this function to run. * * Note: no longer used in the current state. See the Settings component. * * @param int $user_id Optional. User ID to mark as spam. Defaults to displayed * user. */ function bp_core_action_set_spammer_status($user_id = 0) { // Only super admins can currently spam users (but they can't spam // themselves) if (!is_super_admin() || bp_is_my_profile()) { return; } // Use displayed user if it's not yourself if (empty($user_id)) { $user_id = bp_displayed_user_id(); } if (bp_is_current_component('admin') && in_array(bp_current_action(), array('mark-spammer', 'unmark-spammer'))) { // Check the nonce check_admin_referer('mark-unmark-spammer'); // To spam or not to spam $status = bp_is_current_action('mark-spammer') ? 'spam' : 'ham'; // The heavy lifting bp_core_process_spammer_status($user_id, $status); // Add feedback message. @todo - Error reporting if ('spam' == $status) { bp_core_add_message(__('User marked as spammer. Spam users are visible only to site admins.', 'buddypress')); } else { bp_core_add_message(__('User removed as spammer.', 'buddypress')); } // Deprecated. Use bp_core_process_spammer_status. $is_spam = 'spam' == $status; do_action('bp_core_action_set_spammer_status', bp_displayed_user_id(), $is_spam); // Redirect back to where we came from bp_core_redirect(wp_get_referer()); } }
/** * Handles the setting of user capabilities, spamming, hamming, role, etc... */ function bp_settings_action_capabilities() { // Bail if not a POST action if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) { return; } // Bail if no submit action if (!isset($_POST['capabilities-submit'])) { return; } // Bail if not in settings if (!bp_is_settings_component() || !bp_is_current_action('capabilities')) { return false; } // 404 if there are any additional action variables attached if (bp_action_variables()) { bp_do_404(); return; } // Only super admins can currently spam users (but they can't spam // themselves) if (!is_super_admin() || bp_is_my_profile()) { return; } // Nonce check check_admin_referer('capabilities'); do_action('bp_settings_capabilities_before_save'); /** Spam **************************************************************/ $is_spammer = !empty($_POST['user-spammer']) ? true : false; if (bp_is_user_spammer(bp_displayed_user_id()) != $is_spammer) { $status = true == $is_spammer ? 'spam' : 'ham'; bp_core_process_spammer_status(bp_displayed_user_id(), $status); do_action('bp_core_action_set_spammer_status', bp_displayed_user_id(), $status); } /** Other *************************************************************/ do_action('bp_settings_capabilities_after_save'); // Redirect to the root domain bp_core_redirect(bp_displayed_user_domain() . bp_get_settings_slug() . '/capabilities/'); }
/** * Set up the user's profile admin page. * * Loaded before the page is rendered, this function does all initial * setup, including: processing form requests, registering contextual * help, and setting up screen options. * * @since 2.0.0 */ public function user_admin_load() { // Get the user ID. $user_id = $this->get_user_id(); // Can current user edit this profile? if (!$this->member_can_edit($user_id)) { wp_die(__('You cannot edit the requested user.', 'buddypress')); } // Build redirection URL. $redirect_to = remove_query_arg(array('action', 'error', 'updated', 'spam', 'ham', 'delete_avatar'), $_SERVER['REQUEST_URI']); $doaction = !empty($_REQUEST['action']) ? $_REQUEST['action'] : false; if (!empty($_REQUEST['user_status'])) { $spam = (bool) ('spam' === $_REQUEST['user_status']); if ($spam !== bp_is_user_spammer($user_id)) { $doaction = $_REQUEST['user_status']; } } /** * Fires at the start of the signups admin load. * * @since 2.0.0 * * @param string $doaction Current bulk action being processed. * @param array $_REQUEST Current $_REQUEST global. */ do_action_ref_array('bp_members_admin_load', array($doaction, $_REQUEST)); /** * Filters the allowed actions for use in the user admin page. * * @since 2.0.0 * * @param array $value Array of allowed actions to use. */ $allowed_actions = apply_filters('bp_members_admin_allowed_actions', array('update', 'delete_avatar', 'spam', 'ham')); // Prepare the display of the Community Profile screen. if (!in_array($doaction, $allowed_actions)) { add_screen_option('layout_columns', array('default' => 2, 'max' => 2)); get_current_screen()->add_help_tab(array('id' => 'bp-profile-edit-overview', 'title' => __('Overview', 'buddypress'), 'content' => '<p>' . __('This is the admin view of a user's profile.', 'buddypress') . '</p>' . '<p>' . __('In the main column, you can edit the fields of the user's extended profile.', 'buddypress') . '</p>' . '<p>' . __('In the right-hand column, you can update the user's status, delete the user's avatar, and view recent statistics.', 'buddypress') . '</p>')); // Help panel - sidebar links. get_current_screen()->set_help_sidebar('<p><strong>' . __('For more information:', 'buddypress') . '</strong></p>' . '<p>' . __('<a href="https://codex.buddypress.org/administrator-guide/extended-profiles/">Managing Profiles</a>', 'buddypress') . '</p>' . '<p>' . __('<a href="https://buddypress.org/support/">Support Forums</a>', 'buddypress') . '</p>'); // Register metaboxes for the edit screen. add_meta_box('submitdiv', _x('Status', 'members user-admin edit screen', 'buddypress'), array($this, 'user_admin_status_metabox'), get_current_screen()->id, 'side', 'core'); // In case xprofile is not active. $this->stats_metabox->context = 'normal'; $this->stats_metabox->priority = 'core'; /** * Fires before loading the profile fields if component is active. * * Plugins should not use this hook, please use 'bp_members_admin_user_metaboxes' instead. * * @since 2.0.0 * * @param int $user_id Current user ID for the screen. * @param string $id Current screen ID. * @param object $stats_metabox Object holding position data for use with the stats metabox. */ do_action_ref_array('bp_members_admin_xprofile_metabox', array($user_id, get_current_screen()->id, $this->stats_metabox)); // If xProfile is inactive, difficult to know what's profile we're on. if ('normal' === $this->stats_metabox->context) { $display_name = bp_core_get_user_displayname($user_id); } else { $display_name = __('Member', 'buddypress'); } // User Stat metabox. add_meta_box('bp_members_admin_user_stats', sprintf(_x("%s's Stats", 'members user-admin edit screen', 'buddypress'), $display_name), array($this, 'user_admin_stats_metabox'), get_current_screen()->id, sanitize_key($this->stats_metabox->context), sanitize_key($this->stats_metabox->priority)); // Member Type metabox. Only added if member types have been registered. $member_types = bp_get_member_types(); if (!empty($member_types)) { add_meta_box('bp_members_admin_member_type', _x('Member Type', 'members user-admin edit screen', 'buddypress'), array($this, 'user_admin_member_type_metabox'), get_current_screen()->id, 'side', 'core'); } /** * Fires at the end of the Community Profile screen. * * Plugins can restrict metabox to "bp_moderate" admins by checking if * the first argument ($this->is_self_profile) is false in their callback. * They can also restrict their metabox to self profile editing * by setting it to true. * * @since 2.0.0 * * @param bool $is_self_profile Whether or not it is the current user's profile. * @param int $user_id Current user ID. */ do_action('bp_members_admin_user_metaboxes', $this->is_self_profile, $user_id); // Enqueue JavaScript files. wp_enqueue_script('postbox'); wp_enqueue_script('dashboard'); // Spam or Ham user. } elseif (in_array($doaction, array('spam', 'ham')) && empty($this->is_self_profile)) { check_admin_referer('edit-bp-profile_' . $user_id); if (bp_core_process_spammer_status($user_id, $doaction)) { $redirect_to = add_query_arg('updated', $doaction, $redirect_to); } else { $redirect_to = add_query_arg('error', $doaction, $redirect_to); } bp_core_redirect($redirect_to); // Update other stuff once above ones are done. } else { $this->redirect = $redirect_to; /** * Fires at end of user profile admin load if doaction does not match any available actions. * * @since 2.0.0 * * @param string $doaction Current bulk action being processed. * @param int $user_id Current user ID. * @param array $_REQUEST Current $_REQUEST global. * @param string $redirect Determined redirect url to send user to. */ do_action_ref_array('bp_members_admin_update_user', array($doaction, $user_id, $_REQUEST, $this->redirect)); bp_core_redirect($this->redirect); } }
/** * Catch requests to mark individual users as spam/ham from users.php. * * @since 2.0.0 */ function bp_core_admin_user_manage_spammers() { // Print our inline scripts on non-Multisite. add_action('admin_footer', 'bp_core_admin_user_spammed_js'); $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : false; $updated = isset($_REQUEST['updated']) ? $_REQUEST['updated'] : false; $mode = isset($_POST['mode']) ? $_POST['mode'] : false; // If this is a multisite, bulk request, stop now! if ('list' == $mode) { return; } // Process a spam/ham request. if (!empty($action) && in_array($action, array('spam', 'ham'))) { check_admin_referer('bp-spam-user'); $user_id = !empty($_REQUEST['user']) ? intval($_REQUEST['user']) : false; if (empty($user_id)) { return; } $redirect = wp_get_referer(); $status = $action == 'spam' ? 'spam' : 'ham'; // Process the user. bp_core_process_spammer_status($user_id, $status); $redirect = add_query_arg(array('updated' => 'marked-' . $status), $redirect); wp_redirect($redirect); } // Display feedback. if (!empty($updated) && in_array($updated, array('marked-spam', 'marked-ham'))) { if ('marked-spam' === $updated) { $notice = __('User marked as spammer. Spam users are visible only to site admins.', 'buddypress'); } else { $notice = __('User removed from spam.', 'buddypress'); } bp_core_add_admin_notice($notice); } }
/** * Hook to WP's make_ham_user and run our custom BP spam functions. * * @since 1.6.0 * * @param int $user_id The user ID passed from the make_ham_user hook. */ function bp_core_mark_user_ham_admin($user_id) { bp_core_process_spammer_status($user_id, 'ham', false); }
/** * @group type * @group spam */ public function test_bp_user_query_type_alphabetical_spam_xprofileoff() { $u1 = $this->factory->user->create(); $u2 = $this->factory->user->create(); // Make sure xprofile and profile sync are off $xprofile_toggle = isset(buddypress()->active_components['xprofile']); buddypress()->active_components['xprofile'] = 0; add_filter('bp_disable_profile_sync', '__return_false'); bp_core_process_spammer_status($u1, 'spam'); $q = new BP_User_Query(array('type' => 'alphabetical')); // Restore xprofile setting if ($xprofile_toggle) { buddypress()->active_components['xprofile'] = 1; } else { unset(buddypress()->active_components['xprofile']); } remove_filter('bp_disable_profile_sync', '__return_false'); $found_user_ids = null; if (!empty($q->results)) { $found_user_ids = array_values(wp_parse_id_list(wp_list_pluck($q->results, 'ID'))); } // Do a assertNotContains because there are weird issues with user #1 as created by WP $this->assertNotContains($u1, $found_user_ids); }
/** * @group bp_blogs_restore_data */ public function test_bp_blogs_restore_data() { if (!is_multisite()) { return; } // Create a regular member $u = $this->factory->user->create(); // Create blogs $b1 = $this->factory->blog->create(array('user_id' => $u)); $b2 = $this->factory->blog->create(array('user_id' => $u)); $expected = array($b1 => $b1, $b2 => $b2); // Mark the user as spam bp_core_process_spammer_status($u, 'spam'); // get all blogs for user $blogs = bp_blogs_get_blogs_for_user($u, true); $blog_ids = wp_list_pluck($blogs['blogs'], 'blog_id'); $this->assertNotEquals($expected, array_map('intval', $blog_ids), 'User marked as spam should not have any blog registered'); // Ham the user bp_core_process_spammer_status($u, 'ham'); // get all blogs for user $blogs = bp_blogs_get_blogs_for_user($u, true); $blog_ids = wp_list_pluck($blogs['blogs'], 'blog_id'); $this->assertEquals($expected, array_map('intval', $blog_ids)); }
public function test_bp_core_process_spammer_status_bp_make_ham_user_filter() { add_filter('bp_make_ham_user', array($this, 'notification_filter_callback')); $u1 = $this->factory->user->create(); $n = bp_core_process_spammer_status($u1, 'ham'); remove_filter('bp_make_ham_user', array($this, 'notification_filter_callback')); $this->assertSame('bp_make_ham_user', $this->filter_fired); }
/** * Handles the setting of user capabilities, spamming, hamming, role, etc... * * @since 1.6.0 */ function bp_settings_action_capabilities() { // Bail if not a POST action. if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) { return; } // Bail if no submit action. if (!isset($_POST['capabilities-submit'])) { return; } // Bail if not in settings. if (!bp_is_settings_component() || !bp_is_current_action('capabilities')) { return false; } // 404 if there are any additional action variables attached if (bp_action_variables()) { bp_do_404(); return; } // Only super admins can currently spam users (but they can't spam // themselves). if (!is_super_admin() || bp_is_my_profile()) { return; } // Nonce check. check_admin_referer('capabilities'); /** * Fires before the capabilities settings have been saved. * * @since 1.6.0 */ do_action('bp_settings_capabilities_before_save'); /* Spam **************************************************************/ $is_spammer = !empty($_POST['user-spammer']) ? true : false; if (bp_is_user_spammer(bp_displayed_user_id()) != $is_spammer) { $status = true == $is_spammer ? 'spam' : 'ham'; bp_core_process_spammer_status(bp_displayed_user_id(), $status); /** * Fires after processing a user as a spammer. * * @since 1.1.0 * * @param int $value ID of the currently displayed user. * @param string $status Determined status of "spam" or "ham" for the displayed user. */ do_action('bp_core_action_set_spammer_status', bp_displayed_user_id(), $status); } /* Other *************************************************************/ /** * Fires after the capabilities settings have been saved and before redirect. * * @since 1.6.0 */ do_action('bp_settings_capabilities_after_save'); // Redirect to the root domain. bp_core_redirect(bp_displayed_user_domain() . bp_get_settings_slug() . '/capabilities/'); }
/** * Set up the user's profile admin page. * * Loaded before the page is rendered, this function does all initial * setup, including: processing form requests, registering contextual * help, and setting up screen options. * * @access public * @since BuddyPress (2.0.0) */ public function user_admin_load() { if (!($user_id = intval($_GET['user_id']))) { wp_die(__('No users were found', 'buddypress')); } // only edit others profile if (get_current_user_id() == $user_id) { bp_core_redirect(get_edit_user_link($user_id)); } // Build redirection URL $redirect_to = remove_query_arg(array('action', 'error', 'updated', 'spam', 'ham', 'delete_avatar'), $_SERVER['REQUEST_URI']); $doaction = !empty($_REQUEST['action']) ? $_REQUEST['action'] : false; if (!empty($_REQUEST['user_status'])) { $spam = 'spam' == $_REQUEST['user_status'] ? true : false; if ($spam != bp_is_user_spammer($user_id)) { $doaction = $_REQUEST['user_status']; } } // Call an action for plugins to hook in early do_action_ref_array('bp_members_admin_load', array($doaction, $_REQUEST)); // Allowed actions $allowed_actions = apply_filters('bp_members_admin_allowed_actions', array('update', 'delete_avatar', 'spam', 'ham')); // Prepare the display of the Community Profile screen if (!in_array($doaction, $allowed_actions)) { add_screen_option('layout_columns', array('default' => 2, 'max' => 2)); get_current_screen()->add_help_tab(array('id' => 'bp-profile-edit-overview', 'title' => __('Overview', 'buddypress'), 'content' => '<p>' . __('This is the admin view of a user's profile.', 'buddypress') . '</p>' . '<p>' . __('In the main column, you can edit the fields of the user's extended profile.', 'buddypress') . '</p>' . '<p>' . __('In the right-hand column, you can update the user's status, delete the user's avatar, and view recent statistics.', 'buddypress') . '</p>')); // Help panel - sidebar links get_current_screen()->set_help_sidebar('<p><strong>' . __('For more information:', 'buddypress') . '</strong></p>' . '<p>' . __('<a href="http://codex.buddypress.org/buddypress-site-administration/managing-user-profiles/">Managing Profiles</a>', 'buddypress') . '</p>' . '<p>' . __('<a href="http://buddypress.org/support/">Support Forums</a>', 'buddypress') . '</p>'); // Register metaboxes for the edit screen. add_meta_box('submitdiv', _x('Status', 'members user-admin edit screen', 'buddypress'), array(&$this, 'user_admin_status_metabox'), get_current_screen()->id, 'side', 'core'); // In case xprofile is not active $this->stats_metabox->context = 'normal'; $this->stats_metabox->priority = 'core'; /** * xProfile Hooks to load the profile fields if component is active * Plugins should not use this hook, please use 'bp_members_admin_user_metaboxes' instead */ do_action_ref_array('bp_members_admin_xprofile_metabox', array($user_id, get_current_screen()->id, $this->stats_metabox)); // If xProfile is inactive, difficult to know what's profile we're on $display_name = false; if ('normal' == $this->stats_metabox->context) { $display_name = ' - ' . esc_html(bp_core_get_user_displayname($user_id)); } // User Stat metabox add_meta_box('bp_members_admin_user_stats', _x('Stats' . $display_name, 'members user-admin edit screen', 'buddypress'), array(&$this, 'user_admin_stats_metabox'), get_current_screen()->id, sanitize_key($this->stats_metabox->context), sanitize_key($this->stats_metabox->priority)); // Custom metabox ? do_action('bp_members_admin_user_metaboxes'); // Enqueue javascripts wp_enqueue_script('postbox'); wp_enqueue_script('dashboard'); // Spam or Ham user } else { if (in_array($doaction, array('spam', 'ham'))) { check_admin_referer('edit-bp-profile_' . $user_id); if (bp_core_process_spammer_status($user_id, $doaction)) { $redirect_to = add_query_arg('updated', $doaction, $redirect_to); } else { $redirect_to = add_query_arg('error', $doaction, $redirect_to); } bp_core_redirect($redirect_to); // Update other stuff once above ones are done } else { $this->redirect = $redirect_to; do_action_ref_array('bp_members_admin_update_user', array($doaction, $user_id, $_REQUEST, $this->redirect)); bp_core_redirect($this->redirect); } } }