Stop Spammers Conflict With BBPress and Buddypress

  • SiteDesignUSA

    (@sitedesignusa)


    11 years ago

    Hi and great plugin. It worked great on my sites until I decided to use buddypress and bbpress.

    I sandbox my development and have wp debug on and it started firing all sorts of notices. 

    Notice: bbp_setup_current_user was called incorrectly. The current user is being initialized without using $wp->init()

    I looked up what was going on and Stop Spammers is calling the function is_user_logged_in() too early in the stack.

    This can cause all sorts of weird errors and permission issues.

    per this link…
    https://buddypress.trac.www.ads-software.com/ticket/4957
    quote”The debug notice is annoying, but invoking the current user that early in the stack is going to cause a myriad of other invisible issues with both BuddyPress and bbPress. Closing this as wontfix.”endquote.

    I found the workaround here…
    https://github.com/wp-e-commerce/WP-e-Commerce/issues/497

    The fix is to call after the theme is loaded. Instead of bbp_loaded we use after_setup_theme because that is what triggers the notice.

    Line 76 holds the setup_current_user() function for buddypress in

    plugins/buddypress/bp-core/bp-core-dependency.php

    Line 142 holds the setup_current_user() for bbpress in

    plugins/bbpress/includes/core/sub-actions.php

    Neither plugin likes other plugins to call for user info too early in the stack. It causes too many untraceable issues (see above link).

    I corrected by adding / replacing line 27 in stop-spammer-registrations.php

    add_action('bbp_loaded','kpg_load_all_checks',99); // try hooking into bbpress loaded

    to

    add_action('after_setup_theme','kpg_load_all_checks',99); // try hooking into bbpress loaded

    I corrected by adding / replacing line 59 in stop-spammer-registrations.php

    remove_action('bbp_loaded','kpg_load_all_checks',99); // try hooking into bbpress loaded

    to

    remove_action('after_setup_theme','kpg_load_all_checks',99); // try hooking into bbpress loaded

    So I changed lines 27 and 59 in stop-spammer-registrations.php and the notices stopped.

    Hope it helps!

    -TJ

    https://www.ads-software.com/plugins/stop-spammer-registrations-plugin/

Viewing 4 replies - 1 through 4 (of 4 total)

  • I have disabled checking for a logged in user when bbpress is loaded. This will result, I am sure, in many bbpress sysops being locked out of their own sites.

    Until the bbpress developers stop trying to load their plugins early and stop assuming that they are the only plugin using the wp actions, this problem will persist.

    If nothing is done about bbpress soon, I will just have to prevent the plugin from loading when bbpress is detected.

    You can download the current beta at blogseye.com. I have a few changes that I need to finish up before I release the next production version. If I don’t hear anything positive about bbpress, the next commit will have code to exit the plugin when bbpress is detected.

    Keith

    I think that moving the checks to “after_setup_theme” allows bbpress to save the comments and registrations, effectively preventing the plugin from blocking spam. At this point bbpress has already processed the comments, registrations, and logins.

    I may make the changes that you have suggested and leave it to the bbpress group to fix bbpress so plugins like mine can process comments before bbpress sees them.

    Keith

    John James Jacoby

    (@johnjamesjacoby)

    Until the bbpress developers stop trying to load their plugins early and stop assuming that they are the only plugin using the wp actions, this problem will persist.

    You misunderstand how WordPress’s user initialization works, and why every plugin (including BuddyPress and bbPress) depends on the load order for the current user being correct. bbPress does *not* load anything earlier than it should be, nor does it assume it’s the only plugin running (quite the contrary actually; it assumes any other combination of multisite/multinetwork/plugin/theme is running.) What’s actually happening, is bbPress is seeing that a plugin is attempting to do something that is very bad, and alerting the site admin about it — it appears your plugin is doing that bad thing.

    By looking for anything relating to the $current_user or their capabilities before $wp->init() executes, you’re skipping ahead of several key WordPress API’s, bypassing roles, capabilities, language settings, and more. It’s a bad practice that the WordPress codebase silently allows without (currently) triggering a notice of its own. Because both BuddyPress and bbPress do rely on the $current_user being complete and correct, they are going to alert site administrators when other plugins are _doing_it_wrong().

    If nothing is done about bbpress soon, I will just have to prevent the plugin from loading when bbpress is detected.

    I may make the changes that you have suggested and leave it to the bbpress group to fix bbpress so plugins like mine can process comments before bbpress sees them.

    Nothing needs to be (or is going to be) changed in bbPress in this regard, at least until WordPress core provides plugins a reliable way to hook into roles and capabilities. I personally think disabling your plugin rather than addressing the problem in your code is a bad decision for your users, and hope you strive instead for compatibility and security.

    Happy to help explain this in more detail in the #bbpress IRC channel on Freenode. Several of us idle in there, so ping “jjj” when you’re around if you’d like to chat more.

    I’ve removed all references to bbPress in the next version of the plugin. It loads on ‘init’, which is the recommended point to load plugin events.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Stop Spammers Conflict With BBPress and Buddypress’ is closed to new replies.