[wp-trac] [WordPress Trac] #34844: Primary network site loads with any arbitrary path on sub-folder networks
WordPress Trac
noreply at wordpress.org
Sun Dec 13 09:45:58 UTC 2015
#34844: Primary network site loads with any arbitrary path on sub-folder networks
-------------------------------------------------+-------------------------
Reporter: mordauk | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Networks and Sites | Version: 4.4
Severity: normal | Resolution: duplicate
Keywords: has-patch needs-testing reporter- | Focuses: multisite
feedback |
-------------------------------------------------+-------------------------
Description changed by SergeyBiryukov:
Old description:
> Take this example:
>
> - Network install with subfolders
> - Primary site is /
> - Any number of sites in the network
>
> On some server setups (including WordPress.org itself), if you navigate
> to `site.com/a-non-registered-site-path` the primary site is loaded,
> whereas the expected behavior is for a `site not found` error.
>
> Screenshot of network admin at `site.com/`:
> [[Image(https://cldup.com/OGIvbqftgW-2000x2000.png)]]
> Screenshot of network admin at `site.com/a-non-registered-site-path`:
> [[Image(https://cldup.com/qh6r9CGdhL-2000x2000.png)]]
>
> This happens because `$paths` in `get_site_by_path()` includes both `a
> -non-registered-site-path` and `/` as allowed paths which are then used
> for the `IN` statement of the SQL to find the current site:
> {{{
> $sql = $wpdb->prepare( "SELECT * FROM $wpdb->blogs WHERE domain = %s",
> $domains[0] );
> $sql .= " AND path IN ($search_paths) ORDER BY CHAR_LENGTH(path) DESC
> LIMIT 1";
> $site = $wpdb->get_row( $sql );
> }}}
> I've managed to fix the issue by only adding `/` to `$paths` if `$paths`
> is empty.
>
> I found a related discussion in
> https://core.trac.wordpress.org/ticket/31507 and some related comments in
> https://core.trac.wordpress.org/ticket/27003 where `get_site_by_path()`
> was first introduced but none of them quite address this issue.
New description:
Take this example:
- Network install with subfolders
- Primary site is /
- Any number of sites in the network
On some server setups (including WordPress.org itself), if you navigate to
`site.com/a-non-registered-site-path` the primary site is loaded, whereas
the expected behavior is for a `site not found` error.
Screenshot of network admin at `site.com/`:
[[Image(https://cldup.com/OGIvbqftgW-2000x2000.png)]]
Screenshot of network admin at `site.com/a-non-registered-site-path`:
[[Image(https://cldup.com/qh6r9CGdhL-2000x2000.png)]]
This happens because `$paths` in `get_site_by_path()` includes both `a
-non-registered-site-path` and `/` as allowed paths which are then used
for the `IN` statement of the SQL to find the current site:
{{{
$sql = $wpdb->prepare( "SELECT * FROM $wpdb->blogs WHERE domain = %s",
$domains[0] );
$sql .= " AND path IN ($search_paths) ORDER BY CHAR_LENGTH(path) DESC
LIMIT 1";
$site = $wpdb->get_row( $sql );
}}}
I've managed to fix the issue by only adding `/` to `$paths` if `$paths`
is empty.
I found a related discussion in #31507 and some related comments in #27003
where `get_site_by_path()` was first introduced but none of them quite
address this issue.
--
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34844#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list