diff -r c7c34916027a -r 177826044cd9 wp/wp-includes/ms-deprecated.php --- a/wp/wp-includes/ms-deprecated.php Mon Oct 14 18:06:33 2019 +0200 +++ b/wp/wp-includes/ms-deprecated.php Mon Oct 14 18:28:13 2019 +0200 @@ -271,10 +271,13 @@ _deprecated_function( __FUNCTION__, '3.3.0', 'wp_redirect()' ); $ref = ''; - if ( isset( $_GET['ref'] ) ) - $ref = $_GET['ref']; - if ( isset( $_POST['ref'] ) ) - $ref = $_POST['ref']; + if ( isset( $_GET['ref'] ) && isset( $_POST['ref'] ) && $_GET['ref'] !== $_POST['ref'] ) { + wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 ); + } elseif ( isset( $_POST['ref'] ) ) { + $ref = $_POST[ 'ref' ]; + } elseif ( isset( $_GET['ref'] ) ) { + $ref = $_GET[ 'ref' ]; + } if ( $ref ) { $ref = wpmu_admin_redirect_add_updated_param( $ref ); @@ -287,7 +290,9 @@ } $url = wpmu_admin_redirect_add_updated_param( $url ); - if ( isset( $_GET['redirect'] ) ) { + if ( isset( $_GET['redirect'] ) && isset( $_POST['redirect'] ) && $_GET['redirect'] !== $_POST['redirect'] ) { + wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 ); + } elseif ( isset( $_GET['redirect'] ) ) { if ( substr( $_GET['redirect'], 0, 2 ) == 's_' ) $url .= '&action=blogs&s='. esc_html( substr( $_GET['redirect'], 2 ) ); } elseif ( isset( $_POST['redirect'] ) ) { @@ -546,3 +551,137 @@ return isset( $current_user->$local_key ); } + +/** + * Store basic site info in the blogs table. + * + * This function creates a row in the wp_blogs table and returns + * the new blog's ID. It is the first step in creating a new blog. + * + * @since MU (3.0.0) + * @deprecated 5.1.0 Use `wp_insert_site()` + * @see wp_insert_site() + * + * @param string $domain The domain of the new site. + * @param string $path The path of the new site. + * @param int $site_id Unless you're running a multi-network install, be sure to set this value to 1. + * @return int|false The ID of the new row + */ +function insert_blog($domain, $path, $site_id) { + _deprecated_function( __FUNCTION__, '5.1.0', 'wp_insert_site()' ); + + $data = array( + 'domain' => $domain, + 'path' => $path, + 'site_id' => $site_id, + ); + + $site_id = wp_insert_site( $data ); + if ( is_wp_error( $site_id ) ) { + return false; + } + + clean_blog_cache( $site_id ); + + return $site_id; +} + +/** + * Install an empty blog. + * + * Creates the new blog tables and options. If calling this function + * directly, be sure to use switch_to_blog() first, so that $wpdb + * points to the new blog. + * + * @since MU (3.0.0) + * @deprecated 5.1.0 + * + * @global wpdb $wpdb + * @global WP_Roles $wp_roles + * + * @param int $blog_id The value returned by wp_insert_site(). + * @param string $blog_title The title of the new site. + */ +function install_blog( $blog_id, $blog_title = '' ) { + global $wpdb, $wp_roles; + + _deprecated_function( __FUNCTION__, '5.1.0' ); + + // Cast for security + $blog_id = (int) $blog_id; + + require_once( ABSPATH . 'wp-admin/includes/upgrade.php' ); + + $suppress = $wpdb->suppress_errors(); + if ( $wpdb->get_results( "DESCRIBE {$wpdb->posts}" ) ) { + die( '

' . __( 'Already Installed' ) . '

' . __( 'You appear to have already installed WordPress. To reinstall please clear your old database tables first.' ) . '

' ); + } + $wpdb->suppress_errors( $suppress ); + + $url = get_blogaddress_by_id( $blog_id ); + + // Set everything up + make_db_current_silent( 'blog' ); + populate_options(); + populate_roles(); + + // populate_roles() clears previous role definitions so we start over. + $wp_roles = new WP_Roles(); + + $siteurl = $home = untrailingslashit( $url ); + + if ( ! is_subdomain_install() ) { + + if ( 'https' === parse_url( get_site_option( 'siteurl' ), PHP_URL_SCHEME ) ) { + $siteurl = set_url_scheme( $siteurl, 'https' ); + } + if ( 'https' === parse_url( get_home_url( get_network()->site_id ), PHP_URL_SCHEME ) ) { + $home = set_url_scheme( $home, 'https' ); + } + } + + update_option( 'siteurl', $siteurl ); + update_option( 'home', $home ); + + if ( get_site_option( 'ms_files_rewriting' ) ) { + update_option( 'upload_path', UPLOADBLOGSDIR . "/$blog_id/files" ); + } else { + update_option( 'upload_path', get_blog_option( get_network()->site_id, 'upload_path' ) ); + } + + update_option( 'blogname', wp_unslash( $blog_title ) ); + update_option( 'admin_email', '' ); + + // remove all perms + $table_prefix = $wpdb->get_blog_prefix(); + delete_metadata( 'user', 0, $table_prefix . 'user_level', null, true ); // delete all + delete_metadata( 'user', 0, $table_prefix . 'capabilities', null, true ); // delete all +} + +/** + * Set blog defaults. + * + * This function creates a row in the wp_blogs table. + * + * @since MU (3.0.0) + * @deprecated MU + * @deprecated Use wp_install_defaults() + * + * @global wpdb $wpdb WordPress database abstraction object. + * + * @param int $blog_id Ignored in this function. + * @param int $user_id + */ +function install_blog_defaults( $blog_id, $user_id ) { + global $wpdb; + + _deprecated_function( __FUNCTION__, 'MU' ); + + require_once( ABSPATH . 'wp-admin/includes/upgrade.php' ); + + $suppress = $wpdb->suppress_errors(); + + wp_install_defaults( $user_id ); + + $wpdb->suppress_errors( $suppress ); +}