diff options
| author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2007-09-10 11:24:02 +0000 |
|---|---|---|
| committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2007-09-10 11:24:02 +0000 |
| commit | d8fb87d7ddc277af5818897be8c9c961b9587715 (patch) | |
| tree | 393b7ab489c271af60674c342e01953b8dd88c32 | |
| parent | 5e253fc0b9526b0f0469f54329393a06a8a6b97a (diff) | |
| download | wordpress-mu-d8fb87d7ddc277af5818897be8c9c961b9587715.tar.gz wordpress-mu-d8fb87d7ddc277af5818897be8c9c961b9587715.tar.xz wordpress-mu-d8fb87d7ddc277af5818897be8c9c961b9587715.zip | |
Sanitize domain and email. Fixes #417
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1045 7be80a69-a1ef-0310-a953-fb0f7c49ff36
| -rw-r--r-- | wp-includes/wpmu-functions.php | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/wp-includes/wpmu-functions.php b/wp-includes/wpmu-functions.php index d78bcb9..a1fe89c 100644 --- a/wp-includes/wpmu-functions.php +++ b/wp-includes/wpmu-functions.php @@ -908,6 +908,7 @@ function wpmu_validate_user_signup($user_name, $user_email) { $errors = new WP_Error(); $user_name = sanitize_title($user_name); + $user_email = sanitize_email( $user_email ); if ( empty( $user_name ) ) $errors->add('user_name', __("Please enter a username")); @@ -1001,6 +1002,9 @@ function wpmu_validate_user_signup($user_name, $user_email) { function wpmu_validate_blog_signup($blog_id, $blog_title, $user = '') { global $wpdb, $domain, $base; + $blog_id = sanitize_user( $blog_id ); + $blog_title = sanitize_title( $blog_title ); + $errors = new WP_Error(); $illegal_names = get_site_option( "illegal_names" ); if( $illegal_names == false ) { @@ -1096,6 +1100,9 @@ function wpmu_signup_blog($domain, $path, $title, $user, $user_email, $meta = '' function wpmu_signup_user($user, $user_email, $meta = '') { global $wpdb; + $user = sanitize_user( $user ); + $user_email = sanitize_email( $user_email ); + $key = substr( md5( time() . rand() . $user_email ), 0, 16 ); $registered = current_time('mysql', true); $meta = serialize($meta); @@ -1230,7 +1237,8 @@ function wpmu_create_user( $user_name, $password, $email) { } function wpmu_create_blog($domain, $path, $title, $user_id, $meta = '', $site_id = 1) { - $domain = addslashes( $domain ); + $domain = sanitize_user( $domain ); + $title = sanitize_title( $title ); $user_id = (int) $user_id; if( empty($path) ) @@ -1240,10 +1248,6 @@ function wpmu_create_blog($domain, $path, $title, $user_id, $meta = '', $site_id if ( domain_exists($domain, $path, $site_id) ) return new WP_Error('blog_taken', __('Blog already exists.')); - // Need to backup wpdb table names, and create a new wp_blogs entry for new blog. - // Need to get blog_id from wp_blogs, and create new table names. - // Must restore table names at the end of function. - if ( !defined("WP_INSTALLING") ) define( "WP_INSTALLING", true ); |