[wp-trac] [WordPress Trac] #34844: Primary network site loads with any arbitrary path on sub-folder networks

WordPress Trac noreply at wordpress.org
Sun Dec 13 09:45:58 UTC 2015


#34844: Primary network site loads with any arbitrary path on sub-folder networks
-------------------------------------------------+-------------------------
 Reporter:  mordauk                              |       Owner:
     Type:  defect (bug)                         |      Status:  closed
 Priority:  normal                               |   Milestone:
Component:  Networks and Sites                   |     Version:  4.4
 Severity:  normal                               |  Resolution:  duplicate
 Keywords:  has-patch needs-testing reporter-    |     Focuses:  multisite
  feedback                                       |
-------------------------------------------------+-------------------------
Description changed by SergeyBiryukov:

Old description:

> Take this example:
>
> - Network install with subfolders
> - Primary site is /
> - Any number of sites in the network
>
> On some server setups (including WordPress.org itself), if you navigate
> to `site.com/a-non-registered-site-path` the primary site is loaded,
> whereas the expected behavior is for a `site not found` error.
>
> Screenshot of network admin at `site.com/`:
> [[Image(https://cldup.com/OGIvbqftgW-2000x2000.png)]]
> Screenshot of network admin at `site.com/a-non-registered-site-path`:
> [[Image(https://cldup.com/qh6r9CGdhL-2000x2000.png)]]
>
> This happens because `$paths` in `get_site_by_path()` includes both `a
> -non-registered-site-path` and `/` as allowed paths which are then used
> for the `IN` statement of the SQL to find the current site:
> {{{
> $sql = $wpdb->prepare( "SELECT * FROM $wpdb->blogs WHERE domain = %s",
> $domains[0] );
> $sql .= " AND path IN ($search_paths) ORDER BY CHAR_LENGTH(path) DESC
> LIMIT 1";
> $site = $wpdb->get_row( $sql );
> }}}
> I've managed to fix the issue by only adding `/` to `$paths` if `$paths`
> is empty.
>
> I found a related discussion in
> https://core.trac.wordpress.org/ticket/31507 and some related comments in
> https://core.trac.wordpress.org/ticket/27003 where `get_site_by_path()`
> was first introduced but none of them quite address this issue.

New description:

 Take this example:

 - Network install with subfolders
 - Primary site is /
 - Any number of sites in the network

 On some server setups (including WordPress.org itself), if you navigate to
 `site.com/a-non-registered-site-path` the primary site is loaded, whereas
 the expected behavior is for a `site not found` error.

 Screenshot of network admin at `site.com/`:
 [[Image(https://cldup.com/OGIvbqftgW-2000x2000.png)]]
 Screenshot of network admin at `site.com/a-non-registered-site-path`:
 [[Image(https://cldup.com/qh6r9CGdhL-2000x2000.png)]]

 This happens because `$paths` in `get_site_by_path()` includes both `a
 -non-registered-site-path` and `/` as allowed paths which are then used
 for the `IN` statement of the SQL to find the current site:
 {{{
 $sql = $wpdb->prepare( "SELECT * FROM $wpdb->blogs WHERE domain = %s",
 $domains[0] );
 $sql .= " AND path IN ($search_paths) ORDER BY CHAR_LENGTH(path) DESC
 LIMIT 1";
 $site = $wpdb->get_row( $sql );
 }}}
 I've managed to fix the issue by only adding `/` to `$paths` if `$paths`
 is empty.

 I found a related discussion in #31507 and some related comments in #27003
 where `get_site_by_path()` was first introduced but none of them quite
 address this issue.

--

--
Ticket URL: <https://core.trac.wordpress.org/ticket/34844#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list