Make WordPress Core

Opened 12 years ago

Closed 12 years ago

#19009 closed defect (bug) (fixed)

wpmu_delete_blog() can wipe out an entire network

Reported by: nacin's profile nacin Owned by: nacin's profile nacin
Milestone: 3.3 Priority: normal
Severity: critical Version: 3.0
Component: Multisite Keywords:
Focuses: Cc:

Description

Steps to reproduce:

  1. Create a network.
  1. Create a second blog.
  1. Via BLOG_ID_CURRENT_SITE, set the second blog to be the main blog.
  1. Delete the original blog at the / path.

wpmu_delete_blog() will wipe out all blogs LIKE blog\_prefix%, which nukes the entire network.

Solution: iterate over and drop $wpdb->tables('blog') only.

Attachments (3)

19009.diff (1.7 KB) - added by nacin 12 years ago.
19009.2.diff (1.8 KB) - added by nacin 12 years ago.
19009.3.diff (2.5 KB) - added by nacin 12 years ago.

Download all attachments as: .zip

Change History (9)

#1 @nacin
12 years ago

Also, wpmu_delete_blog(), for blog ID 1, should automatically kick force to false. Otherwise things go haywire.

@nacin
12 years ago

@nacin
12 years ago

#2 @nacin
12 years ago

19009.2.diff keeps the wpmu_drop_tables filter. As commented above, it kicks $force to false if $blog_id == 1.

Also, cruft like autosave_draft_ids and the blog_list site_option is canned.

#3 @ryan
12 years ago

Passes unit tests.

#4 @nacin
12 years ago

I think we should also prevent $force when $current_site->path == $blog->path && $current_site->domain == $blog->domain. When this site disappears, the network admin will likely not work, and startup might fail.

Ideally we need to make this more explicit, such as denying the ability to delete these blogs in the UI (at the cap level, perhaps). Perhaps a better API distinction needs to be made with is_main_site(), the root domain/path, and blog_id 1, which can all be different.

@nacin
12 years ago

#5 @nacin
12 years ago

19009.3.diff avoids destroying the initial, main, or root blogs -- three different concepts that are often all the same blog.

#6 @nacin
12 years ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In [19038]:

Make wpmu_delete_blog() slightly less crappy. Prevents the entire network from being dropped in a particularly rare edge case. Removes some zombie code. fixes #19009.

Note: See TracTickets for help on using tickets.