While it is fair enough that It allows them to direct the subdomain URL to their own site, it is not a security issue.
Doing that does not give them access to any data or admin screens that they did not already have access to.
Thread Starter
_ck_
(@_ck_)
It’s a security issue if users can control how your site behaves.
The entire sanitation check is highly dubious in this plugin and not robust enough.
$domain = $wpdb->escape( $_POST[ 'domain' ] );
if ( $domain == '' ) {
wp_die( "You must enter a domain" );
}
if( null == $wpdb->get_row( "SELECT blog_id FROM {$wpdb->blogs} WHERE domain = ...
&& null == $wpdb->get_row( "SELECT blog_id FROM {$wpdb->dmtable} WHERE domain = ...'
So a user can enter high ascii characters, unicode, leading dots, trailing dots, ip addresses, “localhost” and a whole bunch of other questionable entries that may cause undesired behavior.
It would probably be a good idea to test if the domain entered
1. is not an ip
2. is dotted (not dotless or localhost)
3. doesn’t contain the domain of the multisite home network
4. actually has an rdns A record or CNAME
5. that rdns resolves to the current network ip
So a user can enter high ascii characters, unicode, leading dots, trailing dots, ip addresses, “localhost” and a whole bunch of other questionable entries that may cause undesired behavior.
Agreed – however that does not make it a security issue.
How about adding some filters so that _ck_ can add those checks they so chose?
This is absolutely a security issue. Let us consider this scenario. Site-A gets 50,000 unique hits a day. User-B makes Site-B and maps Site-A’s domain and then plasters spam, porn, and affiliate crap everywhere. Site-A’s domain name has been compromised in this scenario. Let’s also imagine you fix that one scenario. User-B maps a subdomain of Site-A on his blog and now has http://free.Site-A.com pointing to his blog. In both cases Site-A’s domain name has been compromised by an unauthorized user.
If you think one user jacking another users domain name is not a security issue, I think you need to think again.
This plugin desperately needs the following:
1.) Check to see if domain is mapped elsewhere.
2.) Have a back end option checkbox that allows super admins to approve domain mappings that are submitted by a user.
3.) A checkbox in the back end that allows or disallows users to map SUBDOMAINS of an already mapped domain. I.E if UserA only has http://SiteA.com mapped then UserB cannot map http://www.SiteA.com