Opened 12 years ago
Last modified 5 years ago
#21994 new enhancement
Subdomains may not exceed 63 characters in length
Reported by: | humanshell | Owned by: | |
---|---|---|---|
Milestone: | Priority: | low | |
Severity: | normal | Version: | 3.4 |
Component: | Networks and Sites | Keywords: | has-patch |
Focuses: | multisite | Cc: |
Description
According to section 3.1 "Name space specifications and terminology" of RFC1034, domain names are nodes in a tree structure and "Each node has a label, which is zero to 63 octets in length."
WP should help to correctly enforce this requirement, so I've attached a patch that adds a maxlength="63" attribute on the input field on line 126 of wp-admin/network/site-new.php. This should help sites and network admins prevent the creation of blogs hosted on subdomain installs that will not resolve properly, and at the same time allow for maximum length subdomains.
Attachments (2)
Change History (14)
#2
@
12 years ago
Later on down the RFC......:
To simplify implementations, the total number of octets that represent a domain name (i.e., the sum of all label octets and label lengths) is limited to 255.
#3
@
12 years ago
This URL is over 300 characters, has a node that is over 63, and totally works when I set it up locally:
http://seutperspiciatisundeomnisistenatuserrorsitvoluptatem.accusantiumdoloremque
laudantium.totamremaperiameaqueipsaquaeabillonventoreveritatisetquasiarchitectobe
ataevitaedictasuntexplicabohitectobeataevitaedictasuntexplicabohitectobeataevitaedict
asuntexplicabo908237527525727592572727wetuiowuwtwtthwktkjwthhkwhjkthjkhhttkhwekhtk/
#4
@
12 years ago
This URL is over 300 characters, has a node that is over 63, and totally works when I set it up locally:
Yeah, many systems are known to ignore that RFC limitation, but there are other systems (ie. DNS servers) which are known to limit to the RFC as well.
#6
@
11 years ago
- Keywords needs-patch added; has-patch removed
- Milestone changed from Awaiting Review to Future Release
- Priority changed from normal to low
It would be interesting to visit this at some point in an attempt to help guide toward best practice.
As Boone mentioned, this should happen server side rather than with the maxchars
attribute on the input field. We should probably use a filter to allow for this to be overridden.
#7
@
11 years ago
- Milestone changed from Future Release to 3.9
Moving to 3.9 for discussion. This should be addressed as part of a domain strategy with multisite.
#9
@
11 years ago
- Keywords has-patch added; needs-patch removed
21994.diff adds a strlen()
check to the new site process for both subdomain and domain. A max of 63 characters for the label and a max of 255 characters for the full domain.
RFC1034 doesn't really clarify, but per RFC 2181, 255 is the total limit for a domain name rather than the sum of all labels without separators.
Another interesting note from RFC 1034 that this doesn't attempt to address:
Brother nodes may not have the same label, although the same label can be used for nodes which are not brothers.
#10
@
11 years ago
Trying to think, does this have the potential to break when multibyte overloading is used?
#11
@
11 years ago
- Milestone changed from 3.9 to Future Release
21994.diff is a pretty cheap attempt. There are probably other places beyond the new site form that we can touch this in. Pushing to a future release.
There should also probably be some server-side validation going on here. At the moment, if you enter a subdomain longer than 63 characters, WP will allow the blog to be created, but then it will be accessible through a browser.