From 4e3c7fddd0fef20f4640463a888d9eea146d3dbc Mon Sep 17 00:00:00 2001 From: nacin Date: Wed, 26 May 2010 03:13:16 +0000 Subject: [PATCH] Prevent super admins from shooting themselves in the foot. props jorbin. Checks blog names against an array (filterable) of reserved keywords for subdirectory installs. fixes #13304. git-svn-id: http://svn.automattic.com/wordpress/trunk@14928 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/ms-edit.php | 8 ++++++++ wp-includes/ms-functions.php | 5 +++++ 2 files changed, 13 insertions(+) diff --git a/wp-admin/ms-edit.php b/wp-admin/ms-edit.php index 23419192b..e20b89ae5 100644 --- a/wp-admin/ms-edit.php +++ b/wp-admin/ms-edit.php @@ -148,6 +148,14 @@ switch ( $_GET['action'] ) { $domain = ''; if ( ! preg_match( '/(--)/', $blog['domain'] ) && preg_match( '|^([a-zA-Z0-9-])+$|', $blog['domain'] ) ) $domain = strtolower( $blog['domain'] ); + + // If not a subdomain install, make sure the domain isn't a reserved word + if ( ! is_subdomain_install() ) { + $subdirectory_reserved_names = apply_filters( 'subdirectory_reserved_names', array( 'page', 'comments', 'blog', 'files', 'feed' ) ); + if ( in_array( $domain, $subdirectory_reserved_names ) ) + wp_die( sprintf( __('The following words are reserved for use by WordPress functions and cannot be used as blog names: %s' ), implode( ', ', $subdirectory_reserved_names ) ) ); + } + $email = sanitize_email( $blog['email'] ); $title = $blog['title']; diff --git a/wp-includes/ms-functions.php b/wp-includes/ms-functions.php index 431e99b22..2be710c9c 100644 --- a/wp-includes/ms-functions.php +++ b/wp-includes/ms-functions.php @@ -556,6 +556,11 @@ function wpmu_validate_blog_signup($blogname, $blog_title, $user = '') { add_site_option( 'illegal_names', $illegal_names ); } + // On sub dir installs, Some names are so illegal, only a filter can spring them from jail + if (! is_subdomain_install() ) + $illegal_names = array_merge($illegal_names, apply_filters( 'subdirectory_reserved_names', array( 'page', 'comments', 'blog', 'files', 'feed' ) ) ); + + if ( empty( $blogname ) ) $errors->add('blogname', __('Please enter a site name'));