/**
* Processes new site registrations.
*
* Checks the data provided by the user during blog signup. Verifies
* the validity and uniqueness of blog paths and domains.
*
* This function prevents the current user from registering a new site
* with a blogname equivalent to another user's login name. Passing the
* $user parameter to the function, where $user is the other user, is
* effectively an override of this limitation.
*
* Filter 'wpmu_validate_blog_signup' if you want to modify
* the way that WordPress validates new site signups.
*
* @since MU
*
* @global wpdb $wpdb
* @global string $domain
*
* @param string $blogname The blog name provided by the user. Must be unique.
* @param string $blog_title The blog title provided by the user.
* @param WP_User|string $user Optional. The user object to check against the new site name.
* @return array Contains the new site data and error messages.
*/
function wpmu_validate_blog_signup($blogname, $blog_title, $user = '')
{
global $wpdb, $domain;
$current_site = get_current_site();
$base = $current_site->path;
$blog_title = strip_tags($blog_title);
$errors = new WP_Error();
$illegal_names = get_site_option('illegal_names');
if ($illegal_names == false) {
$illegal_names = array('www', 'web', 'root', 'admin', 'main', 'invite', 'administrator');
add_site_option('illegal_names', $illegal_names);
}
/*
* On sub dir installs, some names are so illegal, only a filter can
* spring them from jail.
*/
if (!is_subdomain_install()) {
$illegal_names = array_merge($illegal_names, get_subdirectory_reserved_names());
}
if (empty($blogname)) {
$errors->add('blogname', __('Please enter a site name.'));
}
if (preg_match('/[^a-z0-9]+/', $blogname)) {
$errors->add('blogname', __('Only lowercase letters (a-z) and numbers are allowed.'));
}
if (in_array($blogname, $illegal_names)) {
$errors->add('blogname', __('That name is not allowed.'));
}
if (strlen($blogname) < 4 && !is_super_admin()) {
$errors->add('blogname', __('Site name must be at least 4 characters.'));
}
if (strpos($blogname, '_') !== false) {
$errors->add('blogname', __('Sorry, site names may not contain the character “_”!'));
}
// do not allow users to create a blog that conflicts with a page on the main blog.
if (!is_subdomain_install() && $wpdb->get_var($wpdb->prepare("SELECT post_name FROM " . $wpdb->get_blog_prefix($current_site->blog_id) . "posts WHERE post_type = 'page' AND post_name = %s", $blogname))) {
$errors->add('blogname', __('Sorry, you may not use that site name.'));
}
// all numeric?
if (preg_match('/^[0-9]*$/', $blogname)) {
$errors->add('blogname', __('Sorry, site names must have letters too!'));
}
/**
* Filter the new site name during registration.
*
* The name is the site's subdomain or the site's subdirectory
* path depending on the network settings.
*
* @since MU
*
* @param string $blogname Site name.
*/
$blogname = apply_filters('newblogname', $blogname);
$blog_title = wp_unslash($blog_title);
if (empty($blog_title)) {
$errors->add('blog_title', __('Please enter a site title.'));
}
// Check if the domain/path has been used already.
if (is_subdomain_install()) {
$mydomain = $blogname . '.' . preg_replace('|^www\\.|', '', $domain);
$path = $base;
} else {
$mydomain = "{$domain}";
$path = $base . $blogname . '/';
}
if (domain_exists($mydomain, $path, $current_site->id)) {
$errors->add('blogname', __('Sorry, that site already exists!'));
}
if (username_exists($blogname)) {
if (!is_object($user) || is_object($user) && $user->user_login != $blogname) {
$errors->add('blogname', __('Sorry, that site is reserved!'));
}
}
// Has someone already signed up for this domain?
$signup = $wpdb->get_row($wpdb->prepare("SELECT * FROM {$wpdb->signups} WHERE domain = %s AND path = %s", $mydomain, $path));
// TODO: Check email too?
if (!empty($signup)) {
$diff = current_time('timestamp', true) - mysql2date('U', $signup->registered);
// If registered more than two days ago, cancel registration and let this signup go through.
if ($diff > 2 * DAY_IN_SECONDS) {
$wpdb->delete($wpdb->signups, array('domain' => $mydomain, 'path' => $path));
} else {
$errors->add('blogname', __('That site is currently reserved but may be available in a couple days.'));
}
}
$result = array('domain' => $mydomain, 'path' => $path, 'blogname' => $blogname, 'blog_title' => $blog_title, 'user' => $user, 'errors' => $errors);
/**
* Filter site details and error messages following registration.
*
* @since MU
*
* @param array $result {
* Array of domain, path, blog name, blog title, user and error messages.
*
* @type string $domain Domain for the site.
* @type string $path Path for the site. Used in subdirectory installs.
* @type string $blogname The unique site name (slug).
* @type string $blog_title Blog title.
* @type string|WP_User $user By default, an empty string. A user object if provided.
* @type WP_Error $errors WP_Error containing any errors found.
* }
*/
return apply_filters('wpmu_validate_blog_signup', $result);
}
}
get_current_screen()->add_help_tab(array('id' => 'overview', 'title' => __('Overview'), 'content' => '<p>' . __('This screen is for Super Admins to add new sites to the network. This is not affected by the registration settings.') . '</p>' . '<p>' . __('If the admin email for the new site does not exist in the database, a new user will also be created.') . '</p>'));
get_current_screen()->set_help_sidebar('<p><strong>' . __('For more information:') . '</strong></p>' . '<p>' . __('<a href="https://codex.wordpress.org/Network_Admin_Sites_Screen" target="_blank">Documentation on Site Management</a>') . '</p>' . '<p>' . __('<a href="https://wordpress.org/support/forum/multisite/" target="_blank">Support Forums</a>') . '</p>');
if (isset($_REQUEST['action']) && 'add-site' == $_REQUEST['action']) {
check_admin_referer('add-blog', '_wpnonce_add-blog');
if (!is_array($_POST['blog'])) {
wp_die(__('Can’t create an empty site.'));
}
$blog = $_POST['blog'];
$domain = '';
if (preg_match('|^([a-zA-Z0-9-])+$|', $blog['domain'])) {
$domain = strtolower($blog['domain']);
}
// If not a subdomain install, make sure the domain isn't a reserved word
if (!is_subdomain_install()) {
$subdirectory_reserved_names = get_subdirectory_reserved_names();
if (in_array($domain, $subdirectory_reserved_names)) {
wp_die(sprintf(__('The following words are reserved for use by WordPress functions and cannot be used as blog names: <code>%s</code>'), implode('</code>, <code>', $subdirectory_reserved_names)));
}
}
$title = $blog['title'];
$meta = array('public' => 1);
// Handle translation install for the new site.
if (!empty($_POST['WPLANG']) && wp_can_install_language_pack()) {
$language = wp_download_language_pack(wp_unslash($_POST['WPLANG']));
if ($language) {
$meta['WPLANG'] = $language;
}
}
if (empty($domain)) {
wp_die(__('Missing or invalid site address.'));
/**
* short url router.
* Will validation the request path and check so it don't equals `wp-admin`, `wp-content` or `wp`.
* If any short url exists in the database it will collect the post and try to redirect to the permalink if it not empty.
*
* @param object $query
*/
public function router($query)
{
$request = strtolower($query->request);
$req_uri = $_SERVER['REQUEST_URI'];
// If the request uri ends with a slash it should
if (isset($req_uri[strlen($req_uri) - 1]) && $req_uri[strlen($req_uri) - 1] === '/') {
return $query;
}
$subdirectories = ['wp-admin', 'wp-content', 'wp', 'wordpress'];
if (function_exists('get_subdirectory_reserved_names')) {
$subdirectories = array_merge($subdirectories, get_subdirectory_reserved_names());
}
$paths_to_prevent = apply_filters('short_url_prevent_paths', $subdirectories);
// If the request don't match with the regex or match 'wp-admin' or 'wp-content' should we not proceeed with the redirect.
if (!preg_match('/^[a-zA-Z0-9\\-\\_]+$/', $request) && in_array($request, $paths_to_prevent)) {
return $query;
}
$posts = $this->get_posts($request);
$post = array_shift($posts);
// Don't allow empty post.
if (empty($post)) {
return $query;
}
$url = get_permalink($post->ID);
// If the url is false or empty we should not proceed with the redirect.
if ($url === false || empty($url)) {
return $query;
}
// Let's redirect baby!
wp_safe_redirect($url);
exit;
}
/**
* Is a site URL okay to save?
*
* @since 1.8.0
*
* @global wpdb $wpdb
*
* @param string $domain
* @param string $path
* @param string $slug
*
* @return boolean
*/
function wp_validate_site_url($domain, $path, $site_id = 0)
{
global $wpdb;
// Does domain exist on this network
$exists = domain_exists($domain, $path, get_current_site()->id);
// Bail if domain is current site ID
if ($exists == $site_id) {
return true;
}
// Bail if domain exists and it's not this site
if (true === $exists) {
return false;
}
// Bail if site is in signups table
$signup = $wpdb->get_row($wpdb->prepare("SELECT * FROM {$wpdb->signups} WHERE domain = %s AND path = %s", $domain, $path));
if (!empty($signup)) {
return false;
}
// Bail if user is a super admin
if (is_super_admin()) {
return true;
}
// Get pieces of domain & path
$paths = explode('/', $path);
$domains = substr_count($domain, '.') > 1 ? (array) substr($domain, 0, strpos($domain, '.')) : array();
$pieces = array_filter(array_merge($domains, $paths));
// Loop through pieces
foreach ($pieces as $slug) {
// Bail if empty
if (empty($slug)) {
return false;
}
// Bail if not lowercase or numbers
if (preg_match('/[^a-z0-9]+/', $slug)) {
return false;
}
// All numeric?
if (preg_match('/^[0-9]*$/', $slug)) {
return false;
}
// Bail if less than 4 chars
if (strlen($slug) < 3) {
return false;
}
// Get illegal names
$illegal_names = get_site_option('illegal_names');
// Maybe merge reserved names
if (!is_subdomain_install()) {
$illegal_names = array_merge($illegal_names, get_subdirectory_reserved_names());
}
// Bail if contains illegal names
if (in_array($slug, $illegal_names, true)) {
return false;
}
// Bail if username exists
if (username_exists($slug)) {
return false;
}
// Bail if subdirectory install and page exists on primary site of network
if (!is_subdomain_install()) {
switch_to_blog(get_current_site()->blog_id);
$page = get_page_by_path($slug);
restore_current_blog();
if (!empty($page)) {
return false;
}
}
}
// Okay, s'all good
return true;
}
