[wp-trac] [WordPress Trac] #11777: ms-edit.php / addblog action improperly sanitizes domains

[WordPress Trac]

#11777: ms-edit.php / addblog action improperly sanitizes domains
-------------------------------+--------------------------------------------
 Reporter:  Denis-de-Bernardy  |       Owner:  ryan     
     Type:  defect (bug)       |      Status:  new      
 Priority:  normal             |   Milestone:  3.0      
Component:  Security           |     Version:  3.0      
 Severity:  normal             |    Keywords:  multisite
-------------------------------+--------------------------------------------

Comment(by Denis-de-Bernardy):

 ms-options.php has a slightly different approach to sanitization, which is
 equally bug prone:

 $blogname = untrailingslashit( sanitize_user( str_replace( '.', '',
 str_replace( $current_site->domain . $current_site->path, '',
 $details->domain . $details->path ) ) ) );

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/11777#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software