Changeset 1384

Show
Ignore:
Timestamp:
07/18/08 10:18:19 (4 months ago)
Author:
donncha
Message:

Strictly sanitize username or blogname.
Strip "@" in blogname when using VHOSTs

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/wp-includes/wpmu-functions.php

    r1380 r1384  
    922922        global $wpdb, $domain, $base; 
    923923 
    924         $blogname = sanitize_user( $blogname ); 
     924        $blogname = sanitize_user( $blogname, true ); 
    925925        $blog_title = strip_tags( $blog_title ); 
    926926        $blog_title = substr( $blog_title, 0, 50 ); 
     
    11461146 
    11471147function wpmu_create_user( $user_name, $password, $email) { 
    1148         $user_name = ereg_replace("[^A-Za-z0-9]", "", $user_name); 
     1148        $user_name = sanitize_user( $user_name, true ); 
    11491149        if ( username_exists($user_name) ) 
    11501150                return false; 
     
    11661166 
    11671167function wpmu_create_blog($domain, $path, $title, $user_id, $meta = '', $site_id = 1) { 
    1168         $domain = sanitize_user( $domain ); 
     1168        $domain = sanitize_user( $domain, true ); 
     1169        if( constant( 'VHOST' ) == 'yes' ) 
     1170                $domain = str_replace( '@', '', $domain ); 
    11691171        $title = strip_tags( $title ); 
    11701172        $user_id = (int) $user_id;