[wp-trac] [WordPress Trac] #40364: Improve site creation in multisite

WordPress Trac noreply at wordpress.org
Thu Feb 8 13:35:06 UTC 2018 

#40364: Improve site creation in multisite
-------------------------------------------------+------------------------
 Reporter:  jeremyfelt                           |       Owner:  flixos90
     Type:  enhancement                          |      Status:  assigned
 Priority:  normal                               |   Milestone:  5.0
Component:  Networks and Sites                   |     Version:
 Severity:  normal                               |  Resolution:
 Keywords:  ms-roadmap has-patch has-unit-tests  |     Focuses:  multisite
-------------------------------------------------+------------------------

Comment (by flixos90):

 [attachment:40364.8.diff] implements the points mentioned above. Most
 improvements are trivial, with the exception of validating/sanitizing site
 data:

 * The domain and path sanitization bits from `wpmu_create_blog()` have
 been removed and are now part of `wp_insert_site()` which is called by it.
 They are also enforced on updating a site with this information. This
 keeps them consistent at a centralized point. The parameters for
 `wpmu_new_blog` are now taken from the new site object, to ensure the
 passed values are sanitized.
 * Domain, path and network ID only need to be sanitized in
 `wp_insert_site()` / `wp_update_site()` when they're actually passed as
 arguments. Re-sanitizing the data when it comes from the original site
 object is not necessary.
 * As discussed at WordCamp US as well, there is no an action
 `validate_site_data`. It is passed an empty `WP_Error` object to add
 validation errors to. Since this is passed by reference anyway, it is
 better off as an action than as a filter, as the latter would allow
 tweaking the filter value in unexpected ways. All validation is part of a
 function `wp_validate_site_data()` which is hooked in by default.
 Validation ensures the domain is not empty and that the domain-path-
 network combination doesn't already exist. By having this in a centralized
 logic, these checks now happen correctly both when inserting and updating
 a site.

 I remember we considered going further with validation there, however I no
 longer think this is a good idea. The `domain_exists()` check certainly
 belongs here, because it ensures uniqueness (and that would normally be
 part of the database schema). But more finegrained validation should not
 be part of the database functions, but remain in pre-made checks like
 `wpmu_validate_blog_signup()`. This becomes particularly obvious since
 that function mostly checks the site name, which is not even part of the
 arguments (although it's technically somewhere in the domain or path).
 Let's keep the responsibilities of the functions as they are now and not
 overcomplicate this. `wp_insert_site()` will eventually replace
 `wpmu_create_blog()` (with a future `wp_install_site()` hooked into the
 `wp_insert_site` action), so we are also on the safe side by not
 integrating too specific validation into here.

 I will soon do another review of the unit tests and add further ones. I'll
 particularly pay attention to the hooked-in functions that were previously
 hard-coded somewhere. Once this has sufficient coverage, I think it can go
 in.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/40364#comment:40>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list