[wp-trac] [WordPress Trac] #33615: Multisite: It is possible to create sites with wp-content, wp-admin or wp-includes as path
WordPress Trac
noreply at wordpress.org
Sun Aug 30 16:03:40 UTC 2015
#33615: Multisite: It is possible to create sites with wp-content, wp-admin or wp-
includes as path
--------------------------+-----------------------------
Reporter: thomaswm | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 4.3
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
When creating a new site on `wp-admin/network/site-new.php`, there is a
text which says that the new site's path (on subdirectory installs) or
subdomain (on subdomain installs) may only contain lowercase letters and
numbers.
However, the regex expression, which checks if the path/domain entered by
the user is valid, also allows dashes (-) in the path/domain.
You can see this in line 41 of `wp-admin/network/site-new.php`:
{{{
if ( preg_match( '|^([a-zA-Z0-9-])+$|', $blog['domain'] ) )
}}}
This causes another problem:
In subdirectory installs, it is possible to create subsites with `wp-
content`, `wp-includes` or `wp-admin` as path. These subsites then
conflict with the corresponding folders of the main site.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/33615>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list