From f26024e7b67668a6c657750bcf678a9e8f88b13e Mon Sep 17 00:00:00 2001 From: Andrew Nacin Date: Wed, 26 May 2010 03:13:16 +0000 Subject: [PATCH] Prevent super admins from shooting themselves in the foot. props jorbin. Checks blog names against an array (filterable) of reserved keywords for subdirectory installs. fixes #13304. git-svn-id: https://develop.svn.wordpress.org/trunk@14928 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-admin/ms-edit.php | 8 ++++++++ wp-includes/ms-functions.php | 5 +++++ 2 files changed, 13 insertions(+) diff --git a/wp-admin/ms-edit.php b/wp-admin/ms-edit.php index 23419192b5..e20b89ae55 100644 --- a/wp-admin/ms-edit.php +++ b/wp-admin/ms-edit.php @@ -148,6 +148,14 @@ switch ( $_GET['action'] ) { $domain = ''; if ( ! preg_match( '/(--)/', $blog['domain'] ) && preg_match( '|^([a-zA-Z0-9-])+$|', $blog['domain'] ) ) $domain = strtolower( $blog['domain'] ); + + // If not a subdomain install, make sure the domain isn't a reserved word + if ( ! is_subdomain_install() ) { + $subdirectory_reserved_names = apply_filters( 'subdirectory_reserved_names', array( 'page', 'comments', 'blog', 'files', 'feed' ) ); + if ( in_array( $domain, $subdirectory_reserved_names ) ) + wp_die( sprintf( __('The following words are reserved for use by WordPress functions and cannot be used as blog names: %s' ), implode( ', ', $subdirectory_reserved_names ) ) ); + } + $email = sanitize_email( $blog['email'] ); $title = $blog['title']; diff --git a/wp-includes/ms-functions.php b/wp-includes/ms-functions.php index 431e99b22d..2be710c9c9 100644 --- a/wp-includes/ms-functions.php +++ b/wp-includes/ms-functions.php @@ -556,6 +556,11 @@ function wpmu_validate_blog_signup($blogname, $blog_title, $user = '') { add_site_option( 'illegal_names', $illegal_names ); } + // On sub dir installs, Some names are so illegal, only a filter can spring them from jail + if (! is_subdomain_install() ) + $illegal_names = array_merge($illegal_names, apply_filters( 'subdirectory_reserved_names', array( 'page', 'comments', 'blog', 'files', 'feed' ) ) ); + + if ( empty( $blogname ) ) $errors->add('blogname', __('Please enter a site name'));