Opened 12 years ago
Closed 12 years ago
#4560 closed defect (bug) (fixed)
Subdomains may not exceed 63 characters in length
Reported by: | humanshell | Owned by: | |
---|---|---|---|
Milestone: | 1.7 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Core | Keywords: | has-patch commit |
Cc: |
Description
According to section 3.1 "Name space specifications and terminology" of RFC1034, domain names are nodes in a tree structure and "Each node has a label, which is zero to 63 octets in length."
BP should help to correctly enforce this requirement, so I've attached a patch that increases the maxlength attribute on the input field on line 466 of bp-blogs-template.php from "50" to "63" allowed characters. This should help sites and users prevent the creation of blogs hosted on subdomain installs that will not resolve properly, and at the same time allow for maximum length subdomains.
Attachments (1)
Change History (6)
#1
@
12 years ago
- Keywords 2nd-opinion added
- Milestone changed from Awaiting Review to 1.7
- Type changed from enhancement to defect (bug)
#2
@
12 years ago
- Keywords commit added
We can change the form input but WordPress core will need to address the issue in an appropriate form validation function (if they want to - this might be considered breaking backpat). As Boone says, this type of client side validation won't stop anyone with malicious intent.
#4
@
12 years ago
- Keywords 2nd-opinion removed
My vote is that we should enforce the proper maxlength
on the form generated by BP, but not do any server-side checking, for similar reasons to why we eliminated BP-specific username validation - this is a job for WP. So let's commit the current patch. humanshell, continue to petition on the upstream patch, especially for some server-side checks.
#5
@
12 years ago
- Resolution set to fixed
- Status changed from new to closed
(In [6480]) Increase the maxlength attribute on the site registration template from 50 to 63.
- 63 characters is the maximum length of domains per RFC1034.
- While not universally enforced, some systems such as some DNS servers do follow the RFC.
- Server-side validation has been intentionally omitted as this should be handled upstream in WordPress; see #WP21994
Fixes #4560, props humanshell
To say a bit more about this: Without some sort of restriction in place (either a
maxlength
on the markup or by doing proper server-side length validation), BP/WP allows blog creation with these long subdomains. But then the created blogs are inaccessible on some server setups (might be a 32-bit thing, I don't know). So we really need to do *something*. I'd suggest this patch + some server-side checks.See also http://core.trac.wordpress.org/ticket/21994. If this problem were fixed upstream (which would really be the ideal), we could just piggy back on it.