Lots of things broken when multisite site is named "blog" — should not allow such blogs

[mitchoyoshitaka]

I just tried to create my first Multisite install (subdirectory style) and, as a first test, tried to create a site called "blog".

Some of you who read this probably are already laughing. :(

So here's what happens: it says the site was created, but...

• going to /blog gives me a 404.
• clicking on "backend" doesn't change the site I'm looking at.
• logging into /wp-admin with the new site's admin credentials redirects me to /blog/wp-admin/?c=5 and says "You don’t have permission to view this site. Please contact the system administrator." There is then no clear way to "log out" and get rid of the credentials.

Perhaps this actually is conflating a number of issues, but it most definitely seems related to the /blog URL resolution issues (#12002,#12931).

IDEA: If the /blog URL issue is not going to be resolved for 3.0, I suggest that sites with the address /blog be disallowed. An error should be returned saying "that site address is not allowed."

[mitchoyoshitaka]

Same deal with wp-admin. wp-content also gets royally messed up, just giving you the default wp-content blank page instead of being a real site.

[nacin]

I thought we blocked most/all of these already. #13304?

[mitchoyoshitaka]

Replying to nacin:

I thought we blocked most/all of these already. #13304?

Hmm... seems like it's not working here. Need to reopen #13304? I'm curious if someone else can reproduce these.

[nacin]

I don't think we're preventing you from shooting yourself in the foot in the admin area, only on registration. I think I question that logic, but nonetheless that's why #13304 is now closed.

[ocean90]

mitchoyoshitaka, did you create the site via ms-sites.php? There is no check for this.

[ocean90]

going to /blog gives me a 404.

Create a blog.php and you get not a 404.

[mitchoyoshitaka]

Replying to nacin:

I don't think we're preventing you from shooting yourself in the foot in the admin area, only on registration. I think I question that logic, but nonetheless that's why #13304 is now closed.

I see. I also disagree with that logic... it seriously becomes broken and is not self-evident why.

[mitchoyoshitaka]

Replying to ocean90:

going to /blog gives me a 404.

Create a blog.php and you get not a 404.

Well, the question is why are we allowing creation of a site which requires such special handling, without even telling the user that special handling is required.

[nacin]

Mitcho, I completely agree. Closing this as a duplicate and re-opening #13304.

[mitchoyoshitaka]

Replying to nacin:

Mitcho, I completely agree. Closing this as a duplicate and re-opening #13304.

Thanks.