Prevent super admins from shooting themselves in the foot. props jorbin. Checks blog names against an array (filterable) of reserved keywords for subdirectory installs. fixes #13304.

git-svn-id: http://svn.automattic.com/wordpress/trunk@14928 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/ms-edit.php

@@ -148,6 +148,14 @@ switch ( $_GET['action'] ) {
 		$domain = '';
 		if ( ! preg_match( '/(--)/', $blog['domain'] ) && preg_match( '|^([a-zA-Z0-9-])+$|', $blog['domain'] ) )
 			$domain = strtolower( $blog['domain'] );
+
+		// If not a subdomain install, make sure the domain isn't a reserved word
+		if ( ! is_subdomain_install() ) {
+			$subdirectory_reserved_names = apply_filters( 'subdirectory_reserved_names', array( 'page', 'comments', 'blog', 'files', 'feed' ) );
+			if ( in_array( $domain, $subdirectory_reserved_names ) )
+				wp_die( sprintf( __('The following words are reserved for use by WordPress functions and cannot be used as blog names: <code>%s</code>' ), implode( '</code>, <code>', $subdirectory_reserved_names ) ) );
+		}
+
 		$email = sanitize_email( $blog['email'] );
 		$title = $blog['title'];
 

wp-includes/ms-functions.php

@@ -556,6 +556,11 @@ function wpmu_validate_blog_signup($blogname, $blog_title, $user = '') {
 		add_site_option( 'illegal_names', $illegal_names );
 	}
 
+	// On sub dir installs, Some names are so illegal, only a filter can spring them from jail
+	if (! is_subdomain_install() )
+		$illegal_names = array_merge($illegal_names, apply_filters( 'subdirectory_reserved_names', array( 'page', 'comments', 'blog', 'files', 'feed' ) ) );
+
+
 	if ( empty( $blogname ) )
 		$errors->add('blogname', __('Please enter a site name'));