Opened 13 years ago
Closed 10 years ago
#18117 closed defect (bug) (fixed)
get_blog_details is sensitive to path's trailing slash
Reported by: | mitchoyoshitaka | Owned by: | jeremyfelt |
---|---|---|---|
Milestone: | 4.2 | Priority: | normal |
Severity: | normal | Version: | 3.0 |
Component: | Networks and Sites | Keywords: | has-patch |
Focuses: | multisite | Cc: |
Description
STR:
- Create a site, then edit it so that the domain is the main domain and the path is /sub. Note that the admin doesn't turn this into /sub/, nor give an error.
- Go to /sub/wp-admin. You'll notice it doesn't redirect, but it just gives you the main site's wp-admin. Going to /sub also just gets interpreted as a URL for the main site.
Potential solutions:
- Make the admin automatically turn the path of /sub into /sub/.
- Make get_blog_details match modulo trailing slash.
- (Document carefully in Codex and hope people read it.)
Attachments (5)
Change History (24)
#4
@
11 years ago
18117.diff corrects the out of control slashes on site-info.php
- Moves the capture of
$_POST['blog']
data viawp_unslash()
further up the file - Removes leading and trailing forward slashes from domain
- Ensures leading and trailing forward slashes on path
- Allows for clean display of URL and URL parts at
site-info.php
, clean URLs stored insiteurl
andhome
, and clean DB entries in the blogs table.
#5
@
11 years ago
- Keywords has-patch added; 2nd-opinion removed
- Milestone changed from Awaiting Review to 3.7
#6
@
11 years ago
- Milestone changed from 3.7 to Future Release
Per conversation with jeremyfelt, moving to future.
#8
@
10 years ago
The patch by @jeremyfelt still appears good, after a very slight refresh for offsets. I've added the unit tests I originally wrote for #23865, which pass with the patch.
#9
@
10 years ago
- Keywords needs-unit-tests added
- Milestone changed from Future Release to 4.1
Rather than attempting to resolve this in one specific place - site-info.php
- it makes sense to go to the root. 18117.3.diff adds some sanitization to update_blog_details()
for path.
- Explode into an array on
/
, so that multiple subdirectories can be specified. - Strip all empty array elements, so that
///
doesn't cause issues. - Implode with
/
and add leading and trailing slashes.
I actually think the above could be used for subdirectory validation at some point, but only when we're ready.
The tests @simonwheatley added in 18117.2.diff will work, though we'll need to refresh them and add to the tests/multisite/site.php
file. We could also think about breaking them into one test per assertion. They definitely should not be added to the massive list of current update_blog_details()
tests.
This would fix #23865 as well.
#10
@
10 years ago
I tried 18117.3.diff but it failed a couple of tests and kicked a ton of errors. Upon further investigation, I realized it was setting the path to //
for the main site and causing lots of problems. This was due to it forcing two slashes to be added here:
$details[ $field ] = '/' . implode( '/', $details[ $field ] ) . '/';
In 18117.4.diff I changed that line to:
$details[ $field ] = trailingslashit( '/' . implode( '/', $details[ $field ] ) );
That fixed the problem and now it's passing all the tests.
I also added the tests @simonwheatley included in 18117.2.diff and added a few more to cover the multiple subdirectories use case that @jeremyfelt mentioned.
I also had to fix some tests in test_update_blog_details()
. They were attempting to update the path without a leading slash (my-path/
) and asserting against that. Since we'd now be sanitizing the slashes properly in update_blog_details()
that test would no longer pass because it checks for the wrong thing.
So that last portion actually points out another issue. When a super admin updates the path of a site from site-info.php
, it updates the siteurl
and home
url prior to running through update_blog_details()
where we would now be checking the slashes. If they leave off the leading slash, then you end up with http://domain.compath
. This needs to be fixed too, but it should probably be its own ticket.
#11
@
10 years ago
- Keywords needs-unit-tests removed
Nice work @earnjam, good catch on the double trailing slashes. I'll run this through its paces in my configuration as well.
I'm wondering if we can tackle #23865 at the same time as it's very much related to your last comment.
#13
@
10 years ago
This is working great, @earnjam! I messed with things for a while and it all seems in place. The tests in 18117.5.diff have been updated to match some of the work from #30080.
I'm going to hold for now and bring this up during the multisite chat tomorrow. I'm confident that you've nailed it here, but I'm wary of dropping a change to update_blog_details()
right before a release candidate. I would also very much like to include the fix for #30417 at the same time.
#16
@
10 years ago
- Owner set to jeremyfelt
- Resolution set to fixed
- Status changed from new to closed
In 31155:
#18
@
10 years ago
- Resolution fixed deleted
- Status changed from closed to reopened
After a conversation and some thought, I was stretching a bit in an earlier patch to "validate" the number of slashes in all segments of a saved path. This isn't necessarily the right place to do that, especially because array_filter()
will strip out some valid paths - try /my-site/0/
.
By using $details[ $field ] = trailingslashit( '/' . trim( $details[ $field ], '/' ) );
, we can make sure any number of slashes on the front and back are stripped before adding ours back in.
A couple weird things can happen when updating a site address via
site-info.php
if you don't watch yourself. See http://cl.ly/image/413y2X3j3V1Q for slashes galore.We could probably do a bandaid fix here, but I'm not sure if it's completely critical. While random numbers of slashes can be entered on the page, it can be edited fairly easily through the same screen once you see it doesn't work.
I kind of want to say maybelater, with the grand hopes that some of this gets a refresh one day. This ticket has been hanging out for 2 years without a lot of noise.