WordPress.org

Make WordPress Core

Changeset 13630


Ignore:
Timestamp:
03/09/2010 05:06:58 PM (10 years ago)
Author:
wpmuguru
Message:

block invalid site names/urls in add site, see #11777

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/ms-edit.php

    r13609 r13630  
    136136            wp_die( "Can't create an empty site." );
    137137        $blog = $_POST['blog'];
    138         $domain = sanitize_user( str_replace( '/', '', $blog[ 'domain' ] ) );
     138        $domain = '';
     139        if ( ! preg_match( '/(--)/', $blog[ 'domain' ] ) && preg_match( '|^([a-zA-Z0-9-])+$|', $blog[ 'domain' ] ) )
     140            $domain = strtolower( $blog[ 'domain' ] );
    139141        $email = sanitize_email( $blog[ 'email' ] );
    140142        $title = $blog[ 'title' ];
    141143
    142         if ( empty($domain) || empty($email) )
    143             wp_die( __('Missing site address or email address.') );
     144        if ( empty( $domain ) )
     145            wp_die( __( 'Missing or invalid site address.' ) );
     146        if ( empty( $email ) )
     147            wp_die( __( 'Missing email address.' ) );
    144148        if ( !is_email( $email ) )
    145             wp_die( __('Invalid email address') );
     149            wp_die( __( 'Invalid email address' ) );
    146150
    147151        if ( is_subdomain_install() ) {
Note: See TracChangeset for help on using the changeset viewer.