WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#13527 closed defect (bug) (duplicate)

Lots of things broken when multisite site is named "blog" — should not allow such blogs

Reported by: mitchoyoshitaka Owned by:
Milestone: Priority: normal
Severity: major Version: 3.0
Component: Multisite Keywords:
Focuses: Cc:

Description

I just tried to create my first Multisite install (subdirectory style) and, as a first test, tried to create a site called "blog".

Some of you who read this probably are already laughing. :(

So here's what happens: it says the site was created, but...

  • going to /blog gives me a 404.
  • clicking on "backend" doesn't change the site I'm looking at.
  • logging into /wp-admin with the new site's admin credentials redirects me to /blog/wp-admin/?c=5 and says "You don’t have permission to view this site. Please contact the system administrator." There is then no clear way to "log out" and get rid of the credentials.

Perhaps this actually is conflating a number of issues, but it most definitely seems related to the /blog URL resolution issues (#12002,#12931).

IDEA: If the /blog URL issue is not going to be resolved for 3.0, I suggest that sites with the address /blog be disallowed. An error should be returned saying "that site address is not allowed."

Change History (11)

comment:1 mitchoyoshitaka4 years ago

Same deal with wp-admin. wp-content also gets royally messed up, just giving you the default wp-content blank page instead of being a real site.

comment:2 follow-up: nacin4 years ago

I thought we blocked most/all of these already. #13304?

comment:3 in reply to: ↑ 2 mitchoyoshitaka4 years ago

Replying to nacin:

I thought we blocked most/all of these already. #13304?

Hmm... seems like it's not working here. Need to reopen #13304? I'm curious if someone else can reproduce these.

comment:4 follow-up: nacin4 years ago

I don't think we're preventing you from shooting yourself in the foot in the admin area, only on registration. I think I question that logic, but nonetheless that's why #13304 is now closed.

comment:5 ocean904 years ago

mitchoyoshitaka, did you create the site via ms-sites.php? There is no check for this.

comment:6 follow-up: ocean904 years ago

going to /blog gives me a 404.

Create a blog.php and you get not a 404.

comment:7 in reply to: ↑ 4 mitchoyoshitaka4 years ago

Replying to nacin:

I don't think we're preventing you from shooting yourself in the foot in the admin area, only on registration. I think I question that logic, but nonetheless that's why #13304 is now closed.

I see. I also disagree with that logic... it seriously becomes broken and is not self-evident why.

comment:8 in reply to: ↑ 6 mitchoyoshitaka4 years ago

Replying to ocean90:

going to /blog gives me a 404.

Create a blog.php and you get not a 404.

Well, the question is why are we allowing creation of a site which requires such special handling, without even telling the user that special handling is required.

comment:9 follow-up: nacin4 years ago

  • Resolution set to duplicate
  • Status changed from new to closed

Mitcho, I completely agree. Closing this as a duplicate and re-opening #13304.

comment:10 nacin4 years ago

  • Milestone 3.0 deleted

comment:11 in reply to: ↑ 9 mitchoyoshitaka4 years ago

Replying to nacin:

Mitcho, I completely agree. Closing this as a duplicate and re-opening #13304.

Thanks.

Note: See TracTickets for help on using tickets.