Anti-Splog option Spam/Unspam Blog Users confusion and issue


First, the title of the option “Spam/Unspam Blog Users” as well as the by-line “Enable this to spam/unspam all of a blog’s users when the blog is spammed/unspammed.” is confusing to me. It seems to say that when a blog is marked as spam, this will cause all users assigned to that blog are marked as spam too.

But it appears the option does more than, or even the inverse of that. With this option activated, marking a user as spam will actually mark all blogs that that users is a member of as spam. This is the inverse of what the text says.

But more importantly, it will mark ALL blogs that that user is associated with as spam. Even those that that users is only a Subscriber to!

In both anti-splog.php and moderate.php the function get_blogs_of_user() is used. This returns all blogs that the user is associated with, indiscriminate of the user capability on those blogs. So I would suggest to add an extra check for the users capability to AT LEAST post un-moderated on that blog.

For example something like this in moderate.php line 14 and further:

$blogs = get_blogs_of_user( (int) $_GET['spam_user'], true );
foreach ( (array) $blogs as $key => $details ) {
if ( user_can( (int) $_GET['spam_user'], 'publish_posts' ) ) {
update_blog_status( $details->userblog_id, 'spam', '1' );
set_time_limit( 60 );

By the way, what’s the point of calling (=resetting) set_time_limit() each time in this foreach loop?