Opened 12 years ago
Closed 11 years ago
#23418 closed defect (bug) (fixed)
banned names / illegal_names not being banned
Reported by: | dohman | Owned by: | nacin |
---|---|---|---|
Milestone: | 3.5.2 | Priority: | normal |
Severity: | normal | Version: | 3.5.1 |
Component: | Multisite | Keywords: | has-patch commit |
Focuses: | Cc: |
Description
new site registrations are ignoring the banned names i add to the list in network options.
out of the gate the default banned names function works and the system does not let me register any of those default names. the illegal_names value in the wp_sitemeta table is populated with: a:7:{i:0;s:3:"www";i:1;s:3:"web";i:2;s:4:"root";i:3;s:5:"admin";i:4;s:4:"main";i:5;s:6:"invite";i:6;s:13:"administrator";}
when i add seven eight nine to the banned names field of the network setting page and save the page, the banned names field is populated with www web root admin main invite administrator seven eight nine, just how you would expect. but now the illegal_names value in the db is a:1:{i:0;s:61:"www web root admin main invite administrator seven eight nine";}
notice how the serialized array only has one string now instead of the original multiple strings. once it is saved like this users can register any site name including defaults like admin and root plus the new names i added to the list.
my setup: two fresh multisite 3.5.1 installs. one is on a vps and the other on a local xampp install. no plugins activated nor installed. using twenty twelve theme. these are test installs.
Attachments (4)
Change History (16)
#6
@
11 years ago
23418.2.diff looks great. We should consider an upgrade routine to fix illegal_names. Shouldn't be too difficult.
#7
@
11 years ago
- Keywords commit added
My upgrade routine (when fully wired up) got tested by Sergey and received "looks good" in IRC.
#8
@
11 years ago
We didn't test for string values in [1046/tests]. 23418.tests.diff expands the test.
#9
@
11 years ago
In 1295/tests:
Added a patch to create an array to be stored. In the future it may be best to add 'illegal_names' to an array then check if $option_name is in the array. That way we could be a little more future proof.