Skip to:
Content
Pages
Categories
Search
Top
Bottom

No Flood Control – Buddypress 1.6.2

  • @patricksaad

    Participant

    There is no flood control on the Buddypress 1.6.2 Activity page. I checked the function bp_core_check_for_flood in bp-core/bp-core-moderation.php and it’s not used in the activity files at all.

    function bp_core_check_for_flood( $user_id = 0 ) {

    // Option disabled. No flood checks.
    if ( !$throttle_time = bp_get_option( ‘_bp_throttle_time’ ) )
    return true;

    // Bail if no user ID passed
    if ( empty( $user_id ) )
    return false;

    $last_posted = get_user_meta( $user_id, ‘_bp_last_posted’, true );
    if ( isset( $last_posted ) && ( time() < ( $last_posted + $throttle_time ) ) && !current_user_can( 'throttle' ) )
    return false;

    return true;
    }

    It looks for an option "_bp_throttle_time" which isn't set anywhere in the backend and it also needs a meta key named _bp_last_posted which isn't created in the database (so fetching it via get_user_meta won't work). Am I supposed to modify my core files so I can implement Flood Control?

Viewing 6 replies - 1 through 6 (of 6 total)
  • @modemlooper

    Moderator

    Probably a function that didn’t get finished.

    @patricksaad

    Participant

    Quoting from Version 1.6 Codex:

    Activity is now checked for blacklisted words and flooding protection has been added. (#3732)
    Add bp-core-moderation.php to provide basic functions for checking submitted content against illegal keys and flooding. (#3732)

    So basically any average perso ninstalling Buddypress will not have Flood Control, but a savvy developer can scratch his head and go fix Flood Control in more than one files:
    – bp-core/bp-moderation.php
    – bp-activity/bp-activity-functions.php
    – bp-themes/bp-default/_inc/ajax.php

    If you know what you’re doing and analyze / update code in these files, you can setup flood protection on your activity page, otherwise you’re fooled to think you have flood protection, at least in 1.6.2.

    @hnla

    Participant

    Great are you going to patch it for us then 🙂

    Patches can be returned on a ticket to: buddypress.trac.wordpress.org/

    @modemlooper

    Moderator

    So basically any average perso ninstalling Buddypress will not have Flood Control, but a savvy developer can scratch his head and go fix Flood Control i

    Exactly, if you fix it and can submit a patch then you help open source projects. 😉

    @patricksaad

    Participant

    I reopened this ticket https://buddypress.trac.wordpress.org/ticket/3732 and DJPaul set the milestone to 1.7, and now I have no idea how to submit my patch (I am still not familiar with the process on buddypress.trax.org).

    Anyway, I fixed up a patch and tested it on Buddypress 1.6.3. Maybe you can check out the changes and submit a patch on my behalf if you can. You can download files I modified at http://we.tl/HpU6emIJs4 and check things out.

    @hnla

    Participant

    Create the patch from changes made on a copy of BP trunk checkout from the repo then attach the patch file to your ticket, then we can apply the patch to our trunk checkouts.

    ‘Trunk’  is effectively 1.7 and represents all the code that will be released as 1.7 when ready.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘No Flood Control – Buddypress 1.6.2’ is closed to new replies.
Skip to toolbar