Changeset 13630

Timestamp:

03/09/2010 05:06:58 PM (15 years ago)

Author:

wpmuguru

Message:

block invalid site names/urls in add site, see #11777

File:

• trunk/wp-admin/ms-edit.php (modified) (1 diff)

trunk/wp-admin/ms-edit.php

@@ -136 +136 @@
             wp_die( "Can't create an empty site." );
         $blog = $_POST['blog'];
-        $domain = sanitize_user( str_replace( '/', '', $blog[ 'domain' ] ) );
+        $domain = '';
+        if ( ! preg_match( '/(--)/', $blog[ 'domain' ] ) && preg_match( '|^([a-zA-Z0-9-])+$|', $blog[ 'domain' ] ) )
+            $domain = strtolower( $blog[ 'domain' ] );
         $email = sanitize_email( $blog[ 'email' ] );
         $title = $blog[ 'title' ];
 
-        if ( empty($domain) || empty($email) )
-            wp_die( __('Missing site address or email address.') );
+        if ( empty( $domain ) )
+            wp_die( __( 'Missing or invalid site address.' ) );
+        if ( empty( $email ) )
+            wp_die( __( 'Missing email address.' ) );
         if ( !is_email( $email ) )
-            wp_die( __('Invalid email address') );
+            wp_die( __( 'Invalid email address' ) );
 
         if ( is_subdomain_install() ) {