Make WordPress Core

Opened 12 years ago

Closed 11 years ago

#23418 closed defect (bug) (fixed)

banned names / illegal_names not being banned

Reported by: dohman's profile dohman Owned by: nacin's profile nacin
Milestone: 3.5.2 Priority: normal
Severity: normal Version: 3.5.1
Component: Multisite Keywords: has-patch commit
Focuses: Cc:

Description

new site registrations are ignoring the banned names i add to the list in network options.

out of the gate the default banned names function works and the system does not let me register any of those default names. the illegal_names value in the wp_sitemeta table is populated with: a:7:{i:0;s:3:"www";i:1;s:3:"web";i:2;s:4:"root";i:3;s:5:"admin";i:4;s:4:"main";i:5;s:6:"invite";i:6;s:13:"administrator";}

when i add seven eight nine to the banned names field of the network setting page and save the page, the banned names field is populated with www web root admin main invite administrator seven eight nine, just how you would expect. but now the illegal_names value in the db is a:1:{i:0;s:61:"www web root admin main invite administrator seven eight nine";}

notice how the serialized array only has one string now instead of the original multiple strings. once it is saved like this users can register any site name including defaults like admin and root plus the new names i added to the list.

my setup: two fresh multisite 3.5.1 installs. one is on a vps and the other on a local xampp install. no plugins activated nor installed. using twenty twelve theme. these are test installs.

Attachments (4)

23418.diff (463 bytes) - added by MikeHansenMe 12 years ago.
23418.2.diff (437 bytes) - added by SergeyBiryukov 11 years ago.
23418.3.diff (1.1 KB) - added by nacin 11 years ago.
(untested)
23418.tests.diff (2.0 KB) - added by SergeyBiryukov 11 years ago.

Download all attachments as: .zip

Change History (16)

#1 @nacin
12 years ago

  • Milestone changed from Awaiting Review to 3.5.2

#2 @toscho
12 years ago

  • Cc info@… added

#3 @Ipstenu
12 years ago

  • Cc ipstenu@… added

@MikeHansenMe
12 years ago

#4 @MikeHansenMe
12 years ago

  • Cc mdhansen@… added

Added a patch to create an array to be stored. In the future it may be best to add 'illegal_names' to an array then check if $option_name is in the array. That way we could be a little more future proof.

#5 @MikeHansenMe
12 years ago

  • Keywords has-patch added

#6 @nacin
11 years ago

23418.2.diff looks great. We should consider an upgrade routine to fix illegal_names. Shouldn't be too difficult.

@nacin
11 years ago

(untested)

#7 @nacin
11 years ago

  • Keywords commit added

My upgrade routine (when fully wired up) got tested by Sergey and received "looks good" in IRC.

#8 @SergeyBiryukov
11 years ago

We didn't test for string values in [1046/tests]. 23418.tests.diff expands the test.

#9 @SergeyBiryukov
11 years ago

In 1295/tests:

Test for string values in test_sanitize_ms_options(). see #23418.

#10 @nacin
11 years ago

Note [22911]

  • In the 3.4 branch we bumped the DB version past the version used for disabling links in trunk, preventing it from running. In the future, we must avoid increasing branch DB version bumps to HEAD.

#11 @nacin
11 years ago

In 24448:

Fix storage of illegal_names. Add an upgrade routine to fix bad values.

props SergeyBiryukov.
see #23418.
for trunk.

#12 @nacin
11 years ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In 24449:

Fix storage of illegal_names. Add an upgrade routine to fix bad values.

Merges [24448] to the 3.5 branch. Bump DB version by one.

props SergeyBiryukov.
fixes #23418.

Note: See TracTickets for help on using tickets.