WordPress.org

Make WordPress Core

Opened 5 years ago

Last modified 18 months ago

#35274 new enhancement

Break-out conditional in allow_subdomain_install()

Reported by: stevegrunwell Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Networks and Sites Keywords: has-patch has-unit-tests
Focuses: multisite Cc:

Description

Attached patch expands the conditional within allow_subdomain_install()with better inline documentation, replaces the IP address regex with filter_var( $var, FILTER_VALIDATE_IP ) ([supported in PHP 5.2.0+), and adds unit tests.

This came about while working on a refresh for #22330, trying to add missing unit tests along the way, and includes one of the regex changes from @nacin's patch.

Attachments (2)

35274.diff (2.7 KB) - added by stevegrunwell 5 years ago.
35274.2.diff (3.2 KB) - added by stevegrunwell 5 years ago.
Updated diff that restores the original regex for IP addresses rather than using filter_var()

Download all attachments as: .zip

Change History (6)

@stevegrunwell
5 years ago

#1 @stevegrunwell
5 years ago

  • Keywords has-patch has-unit-tests added

#2 @nacin
5 years ago

We have never used filter_var() in core. Filter is enabled by default, but it can be disabled. I would estimate that this would be a minuscule number of sites, but even 0.1% is still tens of thousands of sites that would see a fatal error unexpectedly. Granted, very few would be trying to create a network, but I'd expect at least one bug report citing it upon release.

While someone is unlikely to deliberately disable ext/filter, it's actually not terribly uncommon to use the flag --disable-all and then add back what you need -- and sometimes an important one is missed.

@stevegrunwell
5 years ago

Updated diff that restores the original regex for IP addresses rather than using filter_var()

#3 @stevegrunwell
5 years ago

Fair point, patch has been updated to use the current regex pattern.

As far as core never using filter_var() that's technically true, but I did find one instance in wp-includes/class-phpmailer.php (which is why I was like "okay, cool, let's use filter_var()"). I've yet to come across a system with the filters disabled, but that doesn't mean they're not out there :)

#4 @chriscct7
5 years ago

  • Version trunk deleted
Note: See TracTickets for help on using tickets.