WordPress.org

Make WordPress Core

Opened 7 years ago

Closed 7 years ago

#23418 closed defect (bug) (fixed)

banned names / illegal_names not being banned

Reported by: dohman Owned by: nacin
Milestone: 3.5.2 Priority: normal
Severity: normal Version: 3.5.1
Component: Multisite Keywords: has-patch commit
Focuses: Cc:

Description

new site registrations are ignoring the banned names i add to the list in network options.

out of the gate the default banned names function works and the system does not let me register any of those default names. the illegal_names value in the wp_sitemeta table is populated with: a:7:{i:0;s:3:"www";i:1;s:3:"web";i:2;s:4:"root";i:3;s:5:"admin";i:4;s:4:"main";i:5;s:6:"invite";i:6;s:13:"administrator";}

when i add seven eight nine to the banned names field of the network setting page and save the page, the banned names field is populated with www web root admin main invite administrator seven eight nine, just how you would expect. but now the illegal_names value in the db is a:1:{i:0;s:61:"www web root admin main invite administrator seven eight nine";}

notice how the serialized array only has one string now instead of the original multiple strings. once it is saved like this users can register any site name including defaults like admin and root plus the new names i added to the list.

my setup: two fresh multisite 3.5.1 installs. one is on a vps and the other on a local xampp install. no plugins activated nor installed. using twenty twelve theme. these are test installs.

Attachments (4)

23418.diff (463 bytes) - added by MikeHansenMe 7 years ago.
23418.2.diff (437 bytes) - added by SergeyBiryukov 7 years ago.
23418.3.diff (1.1 KB) - added by nacin 7 years ago.
(untested)
23418.tests.diff (2.0 KB) - added by SergeyBiryukov 7 years ago.

Download all attachments as: .zip

Change History (16)

#1 @nacin
7 years ago

  • Milestone changed from Awaiting Review to 3.5.2

#2 @toscho
7 years ago

  • Cc info@… added

#3 @Ipstenu
7 years ago

  • Cc ipstenu@… added

@MikeHansenMe
7 years ago

#4 @MikeHansenMe
7 years ago

  • Cc mdhansen@… added

Added a patch to create an array to be stored. In the future it may be best to add 'illegal_names' to an array then check if $option_name is in the array. That way we could be a little more future proof.

#5 @MikeHansenMe
7 years ago

  • Keywords has-patch added

#6 @nacin
7 years ago

23418.2.diff looks great. We should consider an upgrade routine to fix illegal_names. Shouldn't be too difficult.

@nacin
7 years ago

(untested)

#7 @nacin
7 years ago

  • Keywords commit added

My upgrade routine (when fully wired up) got tested by Sergey and received "looks good" in IRC.

#8 @SergeyBiryukov
7 years ago

We didn't test for string values in [1046/tests]. 23418.tests.diff expands the test.

#9 @SergeyBiryukov
7 years ago

In 1295/tests:

Test for string values in test_sanitize_ms_options(). see #23418.

#10 @nacin
7 years ago

Note [22911]

  • In the 3.4 branch we bumped the DB version past the version used for disabling links in trunk, preventing it from running. In the future, we must avoid increasing branch DB version bumps to HEAD.

#11 @nacin
7 years ago

In 24448:

Fix storage of illegal_names. Add an upgrade routine to fix bad values.

props SergeyBiryukov.
see #23418.
for trunk.

#12 @nacin
7 years ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In 24449:

Fix storage of illegal_names. Add an upgrade routine to fix bad values.

Merges [24448] to the 3.5 branch. Bump DB version by one.

props SergeyBiryukov.
fixes #23418.

Note: See TracTickets for help on using tickets.