diff options
author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-07-18 10:18:19 +0000 |
---|---|---|
committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-07-18 10:18:19 +0000 |
commit | 71ce998303ad6cf7a0cce565a449de8d5ac9a676 (patch) | |
tree | a13ddb2c2490c74e59af4bc047e233f446f457ef | |
parent | 49273e675bb2297508335c8c9d8a1c34ea37766d (diff) | |
download | wordpress-mu-71ce998303ad6cf7a0cce565a449de8d5ac9a676.tar.gz wordpress-mu-71ce998303ad6cf7a0cce565a449de8d5ac9a676.tar.xz wordpress-mu-71ce998303ad6cf7a0cce565a449de8d5ac9a676.zip |
Strictly sanitize username or blogname.
Strip "@" in blogname when using VHOSTs
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1384 7be80a69-a1ef-0310-a953-fb0f7c49ff36
-rw-r--r-- | wp-includes/wpmu-functions.php | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/wp-includes/wpmu-functions.php b/wp-includes/wpmu-functions.php index 35fc5ab..bf72107 100644 --- a/wp-includes/wpmu-functions.php +++ b/wp-includes/wpmu-functions.php @@ -921,7 +921,7 @@ function wpmu_validate_user_signup($user_name, $user_email) { function wpmu_validate_blog_signup($blogname, $blog_title, $user = '') { global $wpdb, $domain, $base; - $blogname = sanitize_user( $blogname ); + $blogname = sanitize_user( $blogname, true ); $blog_title = strip_tags( $blog_title ); $blog_title = substr( $blog_title, 0, 50 ); @@ -1145,7 +1145,7 @@ function generate_random_password( $len = 8 ) { } function wpmu_create_user( $user_name, $password, $email) { - $user_name = ereg_replace("[^A-Za-z0-9]", "", $user_name); + $user_name = sanitize_user( $user_name, true ); if ( username_exists($user_name) ) return false; @@ -1165,7 +1165,9 @@ function wpmu_create_user( $user_name, $password, $email) { } function wpmu_create_blog($domain, $path, $title, $user_id, $meta = '', $site_id = 1) { - $domain = sanitize_user( $domain ); + $domain = sanitize_user( $domain, true ); + if( constant( 'VHOST' ) == 'yes' ) + $domain = str_replace( '@', '', $domain ); $title = strip_tags( $title ); $user_id = (int) $user_id; |