[wp-trac] [WordPress Trac] #41443: Update /wp-admin/network/site-new.php to use wpmu_validate_blog_signup()

WordPress Trac noreply at wordpress.org
Wed Sep 27 06:04:30 UTC 2017 

#41443: Update /wp-admin/network/site-new.php to use wpmu_validate_blog_signup()
--------------------------------+------------------------------
 Reporter:  neversettle         |       Owner:
     Type:  enhancement         |      Status:  new
 Priority:  normal              |   Milestone:  Awaiting Review
Component:  Networks and Sites  |     Version:  4.8
 Severity:  normal              |  Resolution:
 Keywords:                      |     Focuses:  multisite
--------------------------------+------------------------------

Comment (by neversettle):

 Replying to [comment:2 flixos90]:
 > Thanks for the ticket @neversettle, and welcome to Trac!
 >

 Thank you, and the explanation is really appreciated! That distinction
 makes sense, but I wonder if it can be improved. It seems like "unsafe"
 characters / problematic site names (whether subdir or subdomain mode)
 should apply to both user-registration and admins. I think super admins
 should be protected from creating site names that will result in broken
 sites. On the other side, if characters are safe for an admin to use in a
 site name why shouldn't a registration-based user be allowed to use them
 as well?

 Maybe it would be as simple as having an additional filter for the admin
 context with the same validation that new-site.php uses. Or, if I am
 missing something, what validation should plugins be calling right before
 passing a new site name to `wpmu_create_blog()`? It seems like even in an
 admin context, there should be something more than just checking
 `get_subdirectory_reserved_names()` first, which is why we've always used
 `wpmu_validate_blog_signup()`. But that has the consistency issue between
 user vs. admin.

 From our perspective consistency in "safe" / "allowed" names is more
 important than flexibility for the admins. What we've found generally is
 that any site name an admin would actually create manually they'd also
 want their users to be able to create through self-registration.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/41443#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list