Users: Provide a full user object when checking for a spammy multisite user

`is_user_spammy()` falls back to the current user if one is not provided. There is no current user during authentication, so the result is always `false`. Pass a user to fill the void.

Adds tests for `wp_authenticate_spam_check()`.

Props websupporter.
Fixes #36546.


git-svn-id: https://develop.svn.wordpress.org/trunk@37316 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Jeremy Felt
2016-04-27 05:35:37 +00:00
parent ff8553ea6b
commit 534f0e92a0
2 changed files with 47 additions and 1 deletions

View File

@@ -302,7 +302,7 @@ function wp_authenticate_spam_check( $user ) {
* @param bool $spammed Whether the user is considered a spammer.
* @param WP_User $user User to check against.
*/
$spammed = apply_filters( 'check_is_user_spammed', is_user_spammy(), $user );
$spammed = apply_filters( 'check_is_user_spammed', is_user_spammy( $user ), $user );
if ( $spammed )
return new WP_Error( 'spammer_account', __( '<strong>ERROR</strong>: Your account has been marked as a spammer.' ) );