Domain Mapping, User Management, and get_site_url vs. get_blogaddress_by_*

  • boboudreau

    (@boboudreau)


    10 years, 3 months ago

    Is there any reason that wp-activate.php uses get_blogaddress_by_id() to fetch the URL of a multi-site blog? Line 98, wordpress/wp-activate.php.

    Most areas in WordPress that need to get a site URL will get it using get_site_url() – from wordpress/wp-includes/link-template.php.

    If you have the blog_id, you could switch to the blog in question, and get the URL with get_site_url(). Or even, call:

    $url = get_site_url($blog_id);

    The reason I ask is that get_site_url passes the result to a filter, which allows plugins to manipulate the “home page” of a blog. Anyone who uses a domain mapping plugin for their child sites (http://wordpress.org/plugins/wordpress-mu-domain-mapping/) does not want their home URL to be http://basesite.com/fakechildpath, but rather http://childsite.com.

    This in itself isn’t a huge problem, as http://basesite.com/fakechildpath will eventually map to the right place, but it doesn’t look nice.

    The real problem occurs when you combine a domain mapping plugin with a WordPress security plugin (which forces users to login with a security argument in the querystring which is checked in the Referrer). Here, you’d want to rewrite any request for get_site_url with path=’wp-login.php’ to contain the additional querystring.

    Not having the ability to do this is forcing me to modify WP Core, which will just get clobbered the next time I update WordPress.

    Is this the proper forum to introduce changes to WP Core, or should I just fork and submit a pull request somewhere?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Advisor and Activist

    10 years, 3 months ago

    Anyone who uses a domain mapping plugin for their child sites (http://wordpress.org/plugins/wordpress-mu-domain-mapping/) does not want their home URL to be http://basesite.com/fakechildpath, but rather http://childsite.com.

    I’m confused here, because I am using the domain mapping plugin and my home URL is childsite.com

    What security plugin are you using that doesn’t pick that up?

    Thread Starter boboudreau

    (@boboudreau)

    10 years, 3 months ago

    Sorry for any confusion – so any child site’s home URL, as returned by the function get_blogaddress_by_id() will return http://basesite.com/childsitepath with the subdirectory you set the child site up with initially.

    The domain mapping plugin itself will still properly map http://childsite.com to the blog defined in your base site as http://basesite.com/childsitepath, so clicking the link takes you to the right place. Point being, get_blogaddress_by_id does not provide a mechanism (action hook, or filter) to change the URL to the domain-mapped version, or append a security string after wp-login.php.

    I’ve already provided a patch to WordPress, so we’ll see if that’s something everyone is comfortable with (https://core.trac.wordpress.org/ticket/26855). I don’t know why there are even calls to both get_blogaddress_by_id and get_site_url, or why WordPress stores the site URL in two places (wp_blogs, wp_#_options).

    I’m using Bit51’s Better WordPress Security Plugin (now maintained by iThemes), which has a “hide backend” feature, forcing users to type in a special URL to be redirected to wp-login (with a secret key). I’d like users to go to this secret URL, or at least have the secret key appended to any link generated by WordPress.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Domain Mapping, User Management, and get_site_url vs. get_blogaddress_by_*’ is closed to new replies.