Skip to:
Content

BuddyPress.org

Opened 8 years ago

Closed 8 years ago

#4560 closed defect (bug) (fixed)

Subdomains may not exceed 63 characters in length

Reported by: humanshell Owned by:
Milestone: 1.7 Priority: normal
Severity: normal Version:
Component: Core Keywords: has-patch commit
Cc:

Description

According to section 3.1 "Name space specifications and terminology" of RFC1034, domain names are nodes in a tree structure and "Each node has a label, which is zero to 63 octets in length."

BP should help to correctly enforce this requirement, so I've attached a patch that increases the maxlength attribute on the input field on line 466 of bp-blogs-template.php from "50" to "63" allowed characters. This should help sites and users prevent the creation of blogs hosted on subdomain installs that will not resolve properly, and at the same time allow for maximum length subdomains.

Attachments (1)

bp-subdomain-maxlength-REV1.diff (1.1 KB) - added by humanshell 8 years ago.

Download all attachments as: .zip

Change History (6)

#1 @boonebgorges
8 years ago

  • Keywords 2nd-opinion added
  • Milestone changed from Awaiting Review to 1.7
  • Type changed from enhancement to defect (bug)

To say a bit more about this: Without some sort of restriction in place (either a maxlength on the markup or by doing proper server-side length validation), BP/WP allows blog creation with these long subdomains. But then the created blogs are inaccessible on some server setups (might be a 32-bit thing, I don't know). So we really need to do *something*. I'd suggest this patch + some server-side checks.

See also http://core.trac.wordpress.org/ticket/21994. If this problem were fixed upstream (which would really be the ideal), we could just piggy back on it.

#2 @DJPaul
8 years ago

  • Keywords commit added

We can change the form input but WordPress core will need to address the issue in an appropriate form validation function (if they want to - this might be considered breaking backpat). As Boone says, this type of client side validation won't stop anyone with malicious intent.

#3 @DJPaul
8 years ago

Are we going to add server-side checks in BP for this, or wait for WP to do that?

#4 @boonebgorges
8 years ago

  • Keywords 2nd-opinion removed

My vote is that we should enforce the proper maxlength on the form generated by BP, but not do any server-side checking, for similar reasons to why we eliminated BP-specific username validation - this is a job for WP. So let's commit the current patch. humanshell, continue to petition on the upstream patch, especially for some server-side checks.

#5 @djpaul
8 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [6480]) Increase the maxlength attribute on the site registration template from 50 to 63.

  • 63 characters is the maximum length of domains per ​RFC1034.
  • While not universally enforced, some systems such as some DNS servers do follow the RFC.
  • Server-side validation has been intentionally omitted as this should be handled upstream in WordPress; see #WP21994

Fixes #4560, props humanshell

Note: See TracTickets for help on using tickets.