/** * Processes new site registrations. * * Checks the data provided by the user during blog signup. Verifies * the validity and uniqueness of blog paths and domains. * * This function prevents the current user from registering a new site * with a blogname equivalent to another user's login name. Passing the * $user parameter to the function, where $user is the other user, is * effectively an override of this limitation. * * Filter 'wpmu_validate_blog_signup' if you want to modify * the way that WordPress validates new site signups. * * @since MU * * @global wpdb $wpdb * @global string $domain * * @param string $blogname The blog name provided by the user. Must be unique. * @param string $blog_title The blog title provided by the user. * @param WP_User|string $user Optional. The user object to check against the new site name. * @return array Contains the new site data and error messages. */ function wpmu_validate_blog_signup($blogname, $blog_title, $user = '') { global $wpdb, $domain; $current_site = get_current_site(); $base = $current_site->path; $blog_title = strip_tags($blog_title); $errors = new WP_Error(); $illegal_names = get_site_option('illegal_names'); if ($illegal_names == false) { $illegal_names = array('www', 'web', 'root', 'admin', 'main', 'invite', 'administrator'); add_site_option('illegal_names', $illegal_names); } /* * On sub dir installs, some names are so illegal, only a filter can * spring them from jail. */ if (!is_subdomain_install()) { $illegal_names = array_merge($illegal_names, get_subdirectory_reserved_names()); } if (empty($blogname)) { $errors->add('blogname', __('Please enter a site name.')); } if (preg_match('/[^a-z0-9]+/', $blogname)) { $errors->add('blogname', __('Only lowercase letters (a-z) and numbers are allowed.')); } if (in_array($blogname, $illegal_names)) { $errors->add('blogname', __('That name is not allowed.')); } if (strlen($blogname) < 4 && !is_super_admin()) { $errors->add('blogname', __('Site name must be at least 4 characters.')); } if (strpos($blogname, '_') !== false) { $errors->add('blogname', __('Sorry, site names may not contain the character “_”!')); } // do not allow users to create a blog that conflicts with a page on the main blog. if (!is_subdomain_install() && $wpdb->get_var($wpdb->prepare("SELECT post_name FROM " . $wpdb->get_blog_prefix($current_site->blog_id) . "posts WHERE post_type = 'page' AND post_name = %s", $blogname))) { $errors->add('blogname', __('Sorry, you may not use that site name.')); } // all numeric? if (preg_match('/^[0-9]*$/', $blogname)) { $errors->add('blogname', __('Sorry, site names must have letters too!')); } /** * Filter the new site name during registration. * * The name is the site's subdomain or the site's subdirectory * path depending on the network settings. * * @since MU * * @param string $blogname Site name. */ $blogname = apply_filters('newblogname', $blogname); $blog_title = wp_unslash($blog_title); if (empty($blog_title)) { $errors->add('blog_title', __('Please enter a site title.')); } // Check if the domain/path has been used already. if (is_subdomain_install()) { $mydomain = $blogname . '.' . preg_replace('|^www\\.|', '', $domain); $path = $base; } else { $mydomain = "{$domain}"; $path = $base . $blogname . '/'; } if (domain_exists($mydomain, $path, $current_site->id)) { $errors->add('blogname', __('Sorry, that site already exists!')); } if (username_exists($blogname)) { if (!is_object($user) || is_object($user) && $user->user_login != $blogname) { $errors->add('blogname', __('Sorry, that site is reserved!')); } } // Has someone already signed up for this domain? $signup = $wpdb->get_row($wpdb->prepare("SELECT * FROM {$wpdb->signups} WHERE domain = %s AND path = %s", $mydomain, $path)); // TODO: Check email too? if (!empty($signup)) { $diff = current_time('timestamp', true) - mysql2date('U', $signup->registered); // If registered more than two days ago, cancel registration and let this signup go through. if ($diff > 2 * DAY_IN_SECONDS) { $wpdb->delete($wpdb->signups, array('domain' => $mydomain, 'path' => $path)); } else { $errors->add('blogname', __('That site is currently reserved but may be available in a couple days.')); } } $result = array('domain' => $mydomain, 'path' => $path, 'blogname' => $blogname, 'blog_title' => $blog_title, 'user' => $user, 'errors' => $errors); /** * Filter site details and error messages following registration. * * @since MU * * @param array $result { * Array of domain, path, blog name, blog title, user and error messages. * * @type string $domain Domain for the site. * @type string $path Path for the site. Used in subdirectory installs. * @type string $blogname The unique site name (slug). * @type string $blog_title Blog title. * @type string|WP_User $user By default, an empty string. A user object if provided. * @type WP_Error $errors WP_Error containing any errors found. * } */ return apply_filters('wpmu_validate_blog_signup', $result); }
} get_current_screen()->add_help_tab(array('id' => 'overview', 'title' => __('Overview'), 'content' => '<p>' . __('This screen is for Super Admins to add new sites to the network. This is not affected by the registration settings.') . '</p>' . '<p>' . __('If the admin email for the new site does not exist in the database, a new user will also be created.') . '</p>')); get_current_screen()->set_help_sidebar('<p><strong>' . __('For more information:') . '</strong></p>' . '<p>' . __('<a href="https://codex.wordpress.org/Network_Admin_Sites_Screen" target="_blank">Documentation on Site Management</a>') . '</p>' . '<p>' . __('<a href="https://wordpress.org/support/forum/multisite/" target="_blank">Support Forums</a>') . '</p>'); if (isset($_REQUEST['action']) && 'add-site' == $_REQUEST['action']) { check_admin_referer('add-blog', '_wpnonce_add-blog'); if (!is_array($_POST['blog'])) { wp_die(__('Can’t create an empty site.')); } $blog = $_POST['blog']; $domain = ''; if (preg_match('|^([a-zA-Z0-9-])+$|', $blog['domain'])) { $domain = strtolower($blog['domain']); } // If not a subdomain install, make sure the domain isn't a reserved word if (!is_subdomain_install()) { $subdirectory_reserved_names = get_subdirectory_reserved_names(); if (in_array($domain, $subdirectory_reserved_names)) { wp_die(sprintf(__('The following words are reserved for use by WordPress functions and cannot be used as blog names: <code>%s</code>'), implode('</code>, <code>', $subdirectory_reserved_names))); } } $title = $blog['title']; $meta = array('public' => 1); // Handle translation install for the new site. if (!empty($_POST['WPLANG']) && wp_can_install_language_pack()) { $language = wp_download_language_pack(wp_unslash($_POST['WPLANG'])); if ($language) { $meta['WPLANG'] = $language; } } if (empty($domain)) { wp_die(__('Missing or invalid site address.'));
/** * short url router. * Will validation the request path and check so it don't equals `wp-admin`, `wp-content` or `wp`. * If any short url exists in the database it will collect the post and try to redirect to the permalink if it not empty. * * @param object $query */ public function router($query) { $request = strtolower($query->request); $req_uri = $_SERVER['REQUEST_URI']; // If the request uri ends with a slash it should if (isset($req_uri[strlen($req_uri) - 1]) && $req_uri[strlen($req_uri) - 1] === '/') { return $query; } $subdirectories = ['wp-admin', 'wp-content', 'wp', 'wordpress']; if (function_exists('get_subdirectory_reserved_names')) { $subdirectories = array_merge($subdirectories, get_subdirectory_reserved_names()); } $paths_to_prevent = apply_filters('short_url_prevent_paths', $subdirectories); // If the request don't match with the regex or match 'wp-admin' or 'wp-content' should we not proceeed with the redirect. if (!preg_match('/^[a-zA-Z0-9\\-\\_]+$/', $request) && in_array($request, $paths_to_prevent)) { return $query; } $posts = $this->get_posts($request); $post = array_shift($posts); // Don't allow empty post. if (empty($post)) { return $query; } $url = get_permalink($post->ID); // If the url is false or empty we should not proceed with the redirect. if ($url === false || empty($url)) { return $query; } // Let's redirect baby! wp_safe_redirect($url); exit; }
/** * Is a site URL okay to save? * * @since 1.8.0 * * @global wpdb $wpdb * * @param string $domain * @param string $path * @param string $slug * * @return boolean */ function wp_validate_site_url($domain, $path, $site_id = 0) { global $wpdb; // Does domain exist on this network $exists = domain_exists($domain, $path, get_current_site()->id); // Bail if domain is current site ID if ($exists == $site_id) { return true; } // Bail if domain exists and it's not this site if (true === $exists) { return false; } // Bail if site is in signups table $signup = $wpdb->get_row($wpdb->prepare("SELECT * FROM {$wpdb->signups} WHERE domain = %s AND path = %s", $domain, $path)); if (!empty($signup)) { return false; } // Bail if user is a super admin if (is_super_admin()) { return true; } // Get pieces of domain & path $paths = explode('/', $path); $domains = substr_count($domain, '.') > 1 ? (array) substr($domain, 0, strpos($domain, '.')) : array(); $pieces = array_filter(array_merge($domains, $paths)); // Loop through pieces foreach ($pieces as $slug) { // Bail if empty if (empty($slug)) { return false; } // Bail if not lowercase or numbers if (preg_match('/[^a-z0-9]+/', $slug)) { return false; } // All numeric? if (preg_match('/^[0-9]*$/', $slug)) { return false; } // Bail if less than 4 chars if (strlen($slug) < 3) { return false; } // Get illegal names $illegal_names = get_site_option('illegal_names'); // Maybe merge reserved names if (!is_subdomain_install()) { $illegal_names = array_merge($illegal_names, get_subdirectory_reserved_names()); } // Bail if contains illegal names if (in_array($slug, $illegal_names, true)) { return false; } // Bail if username exists if (username_exists($slug)) { return false; } // Bail if subdirectory install and page exists on primary site of network if (!is_subdomain_install()) { switch_to_blog(get_current_site()->blog_id); $page = get_page_by_path($slug); restore_current_blog(); if (!empty($page)) { return false; } } } // Okay, s'all good return true; }