/var/www/wordpress/wp-admin/includes/admin.php
/var/www/wordpress/wp-admin/includes/bookmark.php
/var/www/wordpress/wp-admin/includes/class-ftp-pure.php
/var/www/wordpress/wp-admin/includes/class-ftp-sockets.php
/var/www/wordpress/wp-admin/includes/class-ftp.php
/var/www/wordpress/wp-admin/includes/class-pclzip.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-base.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-direct.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-ftpext.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-ftpsockets.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-ssh2.php
/var/www/wordpress/wp-admin/includes/class-wp-importer.php
/var/www/wordpress/wp-admin/includes/class-wp-upgrader.php
/var/www/wordpress/wp-admin/includes/comment.php
/var/www/wordpress/wp-admin/includes/continents-cities.php
/var/www/wordpress/wp-admin/includes/dashboard.php
/var/www/wordpress/wp-admin/includes/deprecated.php
/var/www/wordpress/wp-admin/includes/export.php
/var/www/wordpress/wp-admin/includes/file.php
/var/www/wordpress/wp-admin/includes/image-edit.php
/var/www/wordpress/wp-admin/includes/image.php
/var/www/wordpress/wp-admin/includes/import.php
/var/www/wordpress/wp-admin/includes/manifest.php
/var/www/wordpress/wp-admin/includes/media.php
/var/www/wordpress/wp-admin/includes/meta-boxes.php
/var/www/wordpress/wp-admin/includes/misc.php
/var/www/wordpress/wp-admin/includes/ms-deprecated.php
/var/www/wordpress/wp-admin/includes/ms.php
/var/www/wordpress/wp-admin/includes/nav-menu.php
/var/www/wordpress/wp-admin/includes/plugin-install.php
/var/www/wordpress/wp-admin/includes/plugin.php
/var/www/wordpress/wp-admin/includes/post.php
/var/www/wordpress/wp-admin/includes/schema.php
/var/www/wordpress/wp-admin/includes/taxonomy.php
/var/www/wordpress/wp-admin/includes/template.php
/var/www/wordpress/wp-admin/includes/theme-install.php
/var/www/wordpress/wp-admin/includes/theme.php
/var/www/wordpress/wp-admin/includes/update-core.php
/var/www/wordpress/wp-admin/includes/update.php
/var/www/wordpress/wp-admin/includes/upgrade.php
/var/www/wordpress/wp-admin/includes/user.php
/var/www/wordpress/wp-admin/includes/widgets.php
/var/www/wordpress/wp-admin/js/revisions-js.php
/var/www/wordpress/wp-admin/maint/repair.php
/var/www/wordpress/wp-admin/admin-ajax.php
/var/www/wordpress/wp-admin/admin-footer.php
/var/www/wordpress/wp-admin/admin-functions.php
/var/www/wordpress/wp-admin/admin-header.php
/var/www/wordpress/wp-admin/admin-post.php
/var/www/wordpress/wp-admin/admin.php
/var/www/wordpress/wp-admin/async-upload.php
/var/www/wordpress/wp-admin/comment.php
/var/www/wordpress/wp-admin/custom-background.php
/var/www/wordpress/wp-admin/custom-header.php
/var/www/wordpress/wp-admin/edit-attachment-rows.php
/var/www/wordpress/wp-admin/edit-comments.php
/var/www/wordpress/wp-admin/edit-form-advanced.php
/var/www/wordpress/wp-admin/edit-form-comment.php
/var/www/wordpress/wp-admin/edit-link-categories.php
/var/www/wordpress/wp-admin/edit-link-category-form.php
/var/www/wordpress/wp-admin/edit-link-form.php
/var/www/wordpress/wp-admin/edit-post-rows.php
/var/www/wordpress/wp-admin/edit-tag-form.php
/var/www/wordpress/wp-admin/edit-tags.php
/var/www/wordpress/wp-admin/edit.php
/var/www/wordpress/wp-admin/export.php
/var/www/wordpress/wp-admin/gears-manifest.php
/var/www/wordpress/wp-admin/import.php
/var/www/wordpress/wp-admin/index-extra.php
/var/www/wordpress/wp-admin/index.php
/var/www/wordpress/wp-admin/install-helper.php
/var/www/wordpress/wp-admin/install.php
/var/www/wordpress/wp-admin/link-add.php
/var/www/wordpress/wp-admin/link-category.php
/var/www/wordpress/wp-admin/link-manager.php
/var/www/wordpress/wp-admin/link-parse-opml.php
/var/www/wordpress/wp-admin/link.php
/var/www/wordpress/wp-admin/load-scripts.php
/var/www/wordpress/wp-admin/load-styles.php
/var/www/wordpress/wp-admin/media-new.php
/var/www/wordpress/wp-admin/media-upload.php
/var/www/wordpress/wp-admin/media.php
/var/www/wordpress/wp-admin/menu-header.php
/var/www/wordpress/wp-admin/menu.php
/var/www/wordpress/wp-admin/moderation.php
/var/www/wordpress/wp-admin/ms-admin.php
/var/www/wordpress/wp-admin/ms-delete-site.php
/var/www/wordpress/wp-admin/ms-edit.php
/var/www/wordpress/wp-admin/ms-options.php
/var/www/wordpress/wp-admin/ms-sites.php
/var/www/wordpress/wp-admin/ms-themes.php
/var/www/wordpress/wp-admin/ms-upgrade-network.php
/var/www/wordpress/wp-admin/ms-users.php
/var/www/wordpress/wp-admin/my-sites.php
/var/www/wordpress/wp-admin/nav-menus.php
/var/www/wordpress/wp-admin/network.php
#CodeDescriptions
1<?php
2/**
3 * Network installation administration panel.
4 *
5 * A multi-step process allowing the user to enable a network of WordPress sites.
6 *
7 * @since 3.0.0
8 *
9 * @package WordPress
10 * @subpackage Administration
11 */
12
13define( 'WP_NETWORK_ADMIN_PAGE', true );
14
15/** WordPress Administration Bootstrap */
16require_once( './admin.php' );
17
18if ( ! is_super_admin() )
19 wp_die( __( 'You do not have sufficient permissions to manage options for this site.' ) );
20
21if ( is_multisite() && ! defined( 'MULTISITE' ) )
22 wp_die( __( 'The Network creation panel is not for WordPress MU networks.' ) );
23
24// We need to create references to ms global tables to enable Network.
25foreach ( $wpdb->tables( 'ms_global' ) as $table => $prefixed_table )
26 $wpdb->$table = $prefixed_table;
27
28/**
29 * Check for an existing network.
30 *
31 * @since 3.0.0
32 * @return Whether a network exists.
33 */
34function network_domain_check() {
35 global $wpdb;
36 if ( $wpdb->get_var( "SHOW TABLES LIKE '$wpdb->site'" ) )
37 return $wpdb->get_var( "SELECT domain FROM $wpdb->site ORDER BY id ASC LIMIT 1" );
38 return false;
39}
40
41/**
42 * Allow subdomain install
43 *
44 * @since 3.0.0
45 * @return bool Whether subdomain install is allowed
46 */
47function allow_subdomain_install() {
48 $domain = preg_replace( '|https?://([^/]+)|', '$1', get_option( 'siteurl' ) );
49 if( false !== strpos( $domain, '/' ) || 'localhost' == $domain || preg_match( '|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+|', $domain ) )
50 return false;
51
52 return true;
53}
54/**
55 * Allow subdirectory install
56 *
57 * @since 3.0.0
58 * @return bool Whether subdirectory install is allowed
59 */
60function allow_subdirectory_install() {
61 global $wpdb;
62 if ( apply_filters( 'allow_subdirectory_install', false ) )
63 return true;
64
65 if ( defined( 'ALLOW_SUBDIRECTORY_INSTALL' ) && ALLOW_SUBDIRECTORY_INSTALL )
66 return true;
67
68 $post = $wpdb->get_row( "SELECT ID FROM $wpdb->posts WHERE post_date < DATE_SUB(NOW(), INTERVAL 1 MONTH) AND post_status = 'publish'" );
69 if ( empty( $post ) )
70 return true;
71
72 return false;
73}
74/**
75 * Get base domain of network.
76 *
77 * @since 3.0.0
78 * @return string Base domain.
79 */
80function get_clean_basedomain() {
81 if ( $existing_domain = network_domain_check() )
82 return $existing_domain;
83 $domain = preg_replace( '|https?://|', '', get_option( 'siteurl' ) );
84 if ( $slash = strpos( $domain, '/' ) )
85 $domain = substr( $domain, 0, $slash );
86 return $domain;
87}
88
89if ( ! network_domain_check() && ( ! defined( 'WP_ALLOW_MULTISITE' ) || ! WP_ALLOW_MULTISITE ) )
90 wp_die( __( 'You must define the <code>WP_ALLOW_MULTISITE</code> constant as true in your wp-config.php file to allow creation of a Network.' ) );
91
92$title = __( 'Create a Network of WordPress Sites' );
93$parent_file = 'tools.php';
94
95add_contextual_help($current_screen,
96 '<p>' . __('This screen allows you to configure a network as having subdomains (<code>site1.example.com</code>) or subdirectories (<code>example.com/site1</code>). Subdomains require wildcard subdomains to be enabled in Apache and DNS records, if your host allows it.') . '</p>' .
97 '<p>' . __('Choose subdomains or subdirectories; this can only be switched afterwards by reconfiguring your install. Fill out the network details, and click install. If this does not work, you may have to add a wildcard DNS record (for subdomains) or change to another setting in Permalinks (for subdirectories).') . '</p>' .
98 '<p>' . __('The next screen for Network will give you individually-generated lines of code to add to your wp-config.php and .htaccess files. Make sure the settings of your FTP client make files starting with a dot visible, so that you can find .htaccess; you may have to create this file if it really is not there. Make backup copies of those two files.') . '</p>' .
99 '<p>' . __('Add a <code>blogs.dir</code> directory under <code>/wp-content</code> and add the designated lines of code to wp-config.php (just before <code>/*...stop editing...*/</code>) and <code>.htaccess</code> (replacing the existing WordPress rules).') . '</p>' .
100 '<p>' . __('Refreshing your browser will take you to a screen with an archive of those added lines of code. A set of six links under Super Admin will appear at the top of the main left navigation menu. The multisite network is now enabled.') . '</p>' .
101 '<p>' . __('The choice of subdirectory sites is disabled if this setup is more than a month old because of permalink problems with “/blog/” from the main site. This disabling will be addressed soon in a future version.') . '</p>' .
102 '<p><strong>' . __('For more information:') . '</strong></p>' .
103 '<p>' . __('<a href="http://codex.wordpress.org/Create_A_Network" target="_blank">General Network Creation Documentation</a>') . '</p>' .
104 '<p>' . __('<a href="http://codex.wordpress.org/Tools_Network_SubPanel" target="_blank">Tools > Network Documentation</a>') . '</p>' .
105 '<p>' . __('<a href="http://wordpress.org/support/" target="_blank">Support Forums</a>') . '</p>'
106);
107
108include( './admin-header.php' );
109?>
110<div class="wrap">
111<?php screen_icon(); ?>
112<h2><?php echo esc_html( $title ); ?></h2>
113
114<?php
115/**
116 * Prints step 1 for Network installation process.
117 *
118 * @todo Realistically, step 1 should be a welcome screen explaining what a Network is and such. Navigating to Tools > Network
119 * should not be a sudden "Welcome to a new install process! Fill this out and click here." See also contextual help todo.
120 *
121 * @since 3.0.0
122 */
123function network_step1( $errors = false ) {
124 global $is_apache;
125
126 if ( get_option( 'siteurl' ) != get_option( 'home' ) ) {
127 echo '<div class="error"><p><strong>' . __('Error:') . '</strong> ' . sprintf( __( 'Your <strong>WordPress address</strong> must match your <strong>Site address</strong> before creating a Network. See <a href="%s">General Settings</a>.' ), esc_url( admin_url( 'options-general.php' ) ) ) . '</p></div>';
128 echo '</div>';
129 include ('./admin-footer.php' );
130 die();
131 }
132
133 $active_plugins = get_option( 'active_plugins' );
134 if ( ! empty( $active_plugins ) ) {
135 echo '<div class="updated"><p><strong>' . __('Warning:') . '</strong> ' . sprintf( __( 'Please <a href="%s">deactivate your plugins</a> before enabling the Network feature.' ), admin_url( 'plugins.php?plugin_status=active' ) ) . '</p></div><p>' . __( 'Once the network is created, you may reactivate your plugins.' ) . '</p>';
136 echo '</div>';
137 include( './admin-footer.php' );
138 die();
139 }
140
141 $hostname = get_clean_basedomain();
142 $has_ports = strstr( $hostname, ':' );
143 if ( ( false !== $has_ports && ! in_array( $has_ports, array( ':80', ':443' ) ) ) ) {
144 echo '<div class="error"><p><strong>' . __( 'Error:') . '</strong> ' . __( 'You cannot install a network of sites with your server address.' ) . '</p></div>';
145 echo '<p>' . sprintf( __( 'You cannot use port numbers such as <code>%s</code>.' ), $has_ports ) . '</p>';
146 echo '<a href="' . esc_url( admin_url() ) . '">' . __( 'Return to Dashboard' ) . '</a>';
147 echo '</div>';
148 include( './admin-footer.php' );
149 die();
150 }
151
152 echo '<form method="post" action="">';
153
154 wp_nonce_field( 'install-network-1' );
155
156 $error_codes = array();
157 if ( is_wp_error( $errors ) ) {
158 echo '<div class="error"><p><strong>' . __( 'ERROR: The network could not be created.' ) . '</strong></p>';
159 foreach ( $errors->get_error_messages() as $error )
160 echo "<p>$error</p>";
161 echo '</div>';
162 $error_codes = $errors->get_error_codes();
163 }
164
165 if ( WP_CONTENT_DIR != ABSPATH . 'wp-content' )
166 echo '<div class="error"><p><strong>' . __('Warning!') . '</strong> ' . __( 'Networks may not be fully compatible with custom wp-content directories.' ) . '</p></div>';
167
168 $site_name = ( ! empty( $_POST['sitename'] ) && ! in_array( 'empty_sitename', $error_codes ) ) ? $_POST['sitename'] : sprintf( _x('%s Sites', 'Default network name' ), get_option( 'blogname' ) );
169 $admin_email = ( ! empty( $_POST['email'] ) && ! in_array( 'invalid_email', $error_codes ) ) ? $_POST['email'] : get_option( 'admin_email' );//Connection Handling
170 ?>
171 <p><?php _e( 'Welcome to the Network installation process!' ); ?></p>
172 <p><?php _e( 'Fill in the information below and you’ll be on your way to creating a network of WordPress sites. We will create configuration files in the next step.' ); ?></p>
173 <?php
174
175 if ( isset( $_POST['subdomain_install'] ) ) {
176 $subdomain_install = (bool) $_POST['subdomain_install'];
177 } elseif ( apache_mod_loaded('mod_rewrite') ) { // assume nothing
178 $subdomain_install = true;
179 } elseif ( !allow_subdirectory_install() ) {
180 $subdomain_install = true;
181 } else {
182 $subdomain_install = false;
183 if ( $got_mod_rewrite = got_mod_rewrite() ) // dangerous assumptions
184 echo '<div class="updated inline"><p><strong>' . __( 'Note:' ) . '</strong> ' . __( 'Please make sure the Apache <code>mod_rewrite</code> module is installed as it will be used at the end of this installation.' ) . '</p>';
185 elseif ( $is_apache )
186 echo '<div class="error inline"><p><strong>' . __( 'Warning!' ) . '</strong> ' . __( 'It looks like the Apache <code>mod_rewrite</code> module is not installed.' ) . '</p>';
187 if ( $got_mod_rewrite || $is_apache ) // Protect against mod_rewrite mimicry (but ! Apache)
188 echo '<p>' . __( 'If <code>mod_rewrite</code> is disabled, ask your administrator to enable that module, or look at the <a href="http://httpd.apache.org/docs/mod/mod_rewrite.html">Apache documentation</a> or <a href="http://www.google.com/search?q=apache+mod_rewrite">elsewhere</a> for help setting it up.' ) . '</p></div>';
189 }
190
191 if ( allow_subdomain_install() && allow_subdirectory_install() ) : ?>
192 <h3><?php esc_html_e( 'Addresses of Sites in your Network' ); ?></h3>
193 <p><?php _e( 'Please choose whether you would like sites in your WordPress network to use sub-domains or sub-directories. <strong>You cannot change this later.</strong>' ); ?></p>
194 <p><?php _e( 'You will need a wildcard DNS record if you are going to use the virtual host (sub-domain) functionality.' ); ?></p>
195 <?php // @todo: Link to an MS readme? ?>
196 <table class="form-table">
197 <tr>
198 <th><label><input type='radio' name='subdomain_install' value='1'<?php checked( $subdomain_install ); ?> /> <?php _e( 'Sub-domains' ); ?></label></th>
199 <td><?php printf( _x( 'like <code>site1.%1$s</code> and <code>site2.%1$s</code>', 'subdomain examples' ), $hostname ); ?></td>
200 </tr>
201 <tr>
202 <th><label><input type='radio' name='subdomain_install' value='0'<?php checked( ! $subdomain_install ); ?> /> <?php _e( 'Sub-directories' ); ?></label></th>
203 <td><?php printf( _x( 'like <code>%1$s/site1</code> and <code>%1$s/site2</code>', 'subdirectory examples' ), $hostname ); ?></td>
204 </tr>
205 </table>
206
207<?php
208 endif;
209
210 $is_www = ( 0 === strpos( $hostname, 'www.' ) );
211 if ( $is_www ) :
212 ?>
213 <h3><?php esc_html_e( 'Server Address' ); ?></h3>
214 <p><?php printf( __( 'We recommend you change your siteurl to <code>%1$s</code> before enabling the network feature. It will still be possible to visit your site using the <code>www</code> prefix with an address like <code>%2$s</code> but any links will not have the <code>www</code> prefix.' ), substr( $hostname, 4 ), $hostname ); ?></h3>
215 <table class="form-table">
216 <tr>
217 <th scope='row'><?php esc_html_e( 'Server Address' ); ?></th>
218 <td>
219 <?php printf( __( 'The internet address of your network will be <code>%s</code>.' ), $hostname ); ?>
220 </td>
221 </tr>
222 </table>
223 <?php endif; ?>
224
225 <h3><?php esc_html_e( 'Network Details' ); ?></h3>
226 <table class="form-table">
227 <?php if ( 'localhost' == $hostname ) : ?>
228 <tr>
229 <th scope="row"><?php esc_html_e( 'Sub-directory Install' ); ?></th>
230 <td><?php
231 _e( 'Because you are using <code>localhost</code>, the sites in your WordPress network must use sub-directories. Consider using <code>localhost.localdomain</code> if you wish to use sub-domains.' );
232 // Uh oh:
233 if ( !allow_subdirectory_install() )
234 echo ' <strong>' . __( 'Warning!' ) . ' ' . __( 'The main site in a sub-directory install will need to use a modified permalink structure, potentially breaking existing links.' ) . '</strong>';
235 ?></td>
236 </tr>
237 <?php elseif ( !allow_subdomain_install() ) : ?>
238 <tr>
239 <th scope="row"><?php esc_html_e( 'Sub-directory Install' ); ?></th>
240 <td><?php
241 _e( 'Because your install is in a directory, the sites in your WordPress network must use sub-directories.' );
242 // Uh oh:
243 if ( !allow_subdirectory_install() )
244 echo ' <strong>' . __( 'Warning!' ) . ' ' . __( 'The main site in a sub-directory install will need to use a modified permalink structure, potentially breaking existing links.' ) . '</strong>';
245 ?></td>
246 </tr>
247 <?php elseif ( !allow_subdirectory_install() ) : ?>
248 <tr>
249 <th scope="row"><?php esc_html_e( 'Sub-domain Install' ); ?></th>
250 <td><?php _e( 'Because your install is not new, the sites in your WordPress network must use sub-domains.' );
251 echo ' <strong>' . __( 'The main site in a sub-directory install will need to use a modified permalink structure, potentially breaking existing links.' ) . '</strong>';
252 ?></td>
253 </tr>
254 <?php endif; ?>
255 <?php if ( ! $is_www ) : ?>
256 <tr>
257 <th scope='row'><?php esc_html_e( 'Server Address' ); ?></th>
258 <td>
259 <?php printf( __( 'The internet address of your network will be <code>%s</code>.' ), $hostname ); ?>
260 </td>
261 </tr>
262 <?php endif; ?>
263 <tr>
264 <th scope='row'><?php esc_html_e( 'Network Title' ); ?></th>
265 <td>
266 <input name='sitename' type='text' size='45' value='<?php echo esc_attr( $site_name ); ?>' />
267 <br /><?php _e( 'What would you like to call your network?' ); ?>
268 </td>
269 </tr>
270 <tr>
271 <th scope='row'><?php esc_html_e( 'Admin E-mail Address' ); ?></th>
272 <td>
273 <input name='email' type='text' size='45' value='<?php echo esc_attr( $admin_email ); ?>' />
274 <br /><?php _e( 'Your email address.' ); ?>
275 </td>
276 </tr>
277 </table>
278 <p class='submit'><input class="button-primary" name='submit' type='submit' value='<?php esc_attr_e( 'Install' ); ?>' /></p>
279 </form>
280 <?php
281}
282
283/**
284 * Prints step 2 for Network installation process.
285 *
286 * @since 3.0.0
287 */
288function network_step2( $errors = false ) {
289 global $base, $wpdb;
290 $hostname = get_clean_basedomain();
291
292 // Wildcard DNS message.
293 if ( is_wp_error( $errors ) )
294 echo '<div class="error">' . $errors->get_error_message() . '</div>';
295
296 if ( $_POST ) {
297 $subdomain_install = allow_subdomain_install() ? ( allow_subdirectory_install() ? ! empty( $_POST['subdomain_install'] ) : true ) : false;
298 } else {
299 if ( is_multisite() ) {
300 $subdomain_install = is_subdomain_install();
301?>
302 <div class="updated"><p><strong><?php _e( 'Notice: The Network feature is already enabled.' ); ?></strong> <?php _e( 'The original configuration steps are shown here for reference.' ); ?></p></div>
303<?php } else {
304 $subdomain_install = (bool) $wpdb->get_var( "SELECT meta_value FROM $wpdb->sitemeta WHERE site_id = 1 AND meta_key = 'subdomain_install'" );
305?>
306 <div class="error"><p><strong><?php _e('Warning:'); ?></strong> <?php _e( 'An existing WordPress network was detected.' ); ?></p></div>
307 <p><?php _e( 'Please complete the configuration steps. To create a new network, you will need to empty or remove the network database tables.' ); ?></p>
308<?php
309 }
310 }
311
312 if ( $_POST || ! is_multisite() ) {
313?>
314 <h3><?php esc_html_e( 'Enabling the Network' ); ?></h3>
315 <p><?php _e( 'Complete the following steps to enable the features for creating a network of sites.' ); ?></p>
316 <div class="updated inline"><p><?php
317 if ( iis7_supports_permalinks() )
318 _e( '<strong>Caution:</strong> We recommend you back up your existing <code>wp-config.php</code> file.' );
319 else
320 _e( '<strong>Caution:</strong> We recommend you back up your existing <code>wp-config.php</code> and <code>.htaccess</code> files.' );
321 ?></p></div>
322<?php
323 }
324?>
325 <ol>
326 <li><p><?php
327 printf( __( 'Create a <code>blogs.dir</code> directory in <code>%s</code>. This directory is used to stored uploaded media for your additional sites and must be writeable by the web server.' ), WP_CONTENT_DIR );
328 if ( WP_CONTENT_DIR != ABSPATH . 'wp-content' )
329 echo ' <strong>' . __('Warning:') . ' ' . __( 'Networks may not be fully compatible with custom wp-content directories.' ) . '</strong';
330 ?></p></li>
331 <li><p><?php printf( __( 'Add the following to your <code>wp-config.php</code> file in <code>%s</code> <strong>above</strong> the line reading <code>/* That’s all, stop editing! Happy blogging. */</code>:' ), ABSPATH ); ?></p>
332 <textarea class="code" readonly="readonly" cols="100" rows="7">
333define( 'MULTISITE', true );
334define( 'SUBDOMAIN_INSTALL', <?php echo $subdomain_install ? 'true' : 'false'; ?> );//Cross Site Scripting
335$base = '<?php echo $base; ?>';//Cross Site Scripting
336define( 'DOMAIN_CURRENT_SITE', '<?php echo $hostname; ?>' );//Cross Site Scripting
337define( 'PATH_CURRENT_SITE', '<?php echo $base; ?>' );//Cross Site Scripting
338define( 'SITE_ID_CURRENT_SITE', 1 );
339define( 'BLOG_ID_CURRENT_SITE', 1 );</textarea>
340<?php
341 $keys_salts = array( 'AUTH_KEY' => '', 'SECURE_AUTH_KEY' => '', 'LOGGED_IN_KEY' => '', 'NONCE_KEY' => '', 'AUTH_SALT' => '', 'SECURE_AUTH_SALT' => '', 'LOGGED_IN_SALT' => '', 'NONCE_SALT' => '' );
342 foreach ( $keys_salts as $c => $v ) {
343 if ( defined( $c ) )
344 unset( $keys_salts[ $c ] );
345 }
346 if ( ! empty( $keys_salts ) ) {
347 $from_api = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/salt/' );
348 if ( is_wp_error( $from_api ) ) {
349 foreach ( $keys_salts as $c => $v ) {
350 $keys_salts[ $c ] = wp_generate_password( 64, true, true );
351 }
352 } else {
353 $from_api = explode( "\n", wp_remote_retrieve_body( $from_api ) );
354 foreach ( $keys_salts as $c => $v ) {
355 $keys_salts[ $c ] = substr( array_shift( $from_api ), 28, 64 );
356 }
357 }
358 $num_keys_salts = count( $keys_salts );
359?>
360 <p><?php
361 echo _n( 'This unique authentication key is also missing from your <code>wp-config.php</code> file.', 'These unique authentication keys are also missing from your <code>wp-config.php</code> file.', $num_keys_salts ); ?> <?php _e( 'To make your installation more secure, you should also add:' ) ?></p>//Arbitrary file disclosing
362 <textarea class="code" readonly="readonly" cols="100" rows="<?php echo $num_keys_salts; ?>"><?php//Cross Site Scripting
363 foreach ( $keys_salts as $c => $v ) {
364 echo "\ndefine( '$c', '$v' );";
365 }
366?></textarea>
367<?php
368 }
369?>
370</li>
371<?php
372 if ( iis7_supports_permalinks() ) :
373
374 if ( $subdomain_install ) {
375 $web_config_file =
376'<?xml version="1.0" encoding="UTF-8"?>
377<configuration>
378 <system.webServer>
379 <rewrite>
380 <rules>
381 <rule name="WordPress Rule 1" stopProcessing="true">
382 <match url="^index\.php$" ignoreCase="false" />
383 <action type="None" />
384 </rule>
385 <rule name="WordPress Rule 2" stopProcessing="true">
386 <match url="^files/(.+)" ignoreCase="false" />
387 <action type="Rewrite" url="wp-includes/ms-files.php?file={R:1}" appendQueryString="false" />
388 </rule>
389 <rule name="WordPress Rule 3" stopProcessing="true">
390 <match url="^" ignoreCase="false" />
391 <conditions logicalGrouping="MatchAny">
392 <add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" />
393 <add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" />
394 </conditions>
395 <action type="None" />
396 </rule>
397 <rule name="WordPress Rule 4" stopProcessing="true">
398 <match url="." ignoreCase="false" />
399 <action type="Rewrite" url="index.php" />
400 </rule>
401 </rules>
402 </rewrite>
403 </system.webServer>
404</configuration>';
405 } else {
406 $web_config_file =
407'<?xml version="1.0" encoding="UTF-8"?>
408<configuration>
409 <system.webServer>
410 <rewrite>
411 <rules>
412 <rule name="WordPress Rule 1" stopProcessing="true">
413 <match url="^index\.php$" ignoreCase="false" />
414 <action type="None" />
415 </rule>
416 <rule name="WordPress Rule 2" stopProcessing="true">
417 <match url="^([_0-9a-zA-Z-]+/)?files/(.+)" ignoreCase="false" />
418 <action type="Rewrite" url="wp-includes/ms-files.php?file={R:2}" appendQueryString="false" />
419 </rule>
420 <rule name="WordPress Rule 3" stopProcessing="true">
421 <match url="^([_0-9a-zA-Z-]+/)?wp-admin$" ignoreCase="false" />
422 <action type="Redirect" url="{R:1}wp-admin/" redirectType="Permanent" />
423 </rule>
424 <rule name="WordPress Rule 4" stopProcessing="true">
425 <match url="^" ignoreCase="false" />
426 <conditions logicalGrouping="MatchAny">
427 <add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" />
428 <add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" />
429 </conditions>
430 <action type="None" />
431 </rule>
432 <rule name="WordPress Rule 5" stopProcessing="true">
433 <match url="^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*)" ignoreCase="false" />
434 <action type="Rewrite" url="{R:2}" />
435 </rule>
436 <rule name="WordPress Rule 6" stopProcessing="true">
437 <match url="^([_0-9a-zA-Z-]+/)?(.*\.php)$" ignoreCase="false" />
438 <action type="Rewrite" url="{R:2}" />
439 </rule>
440 <rule name="WordPress Rule 7" stopProcessing="true">
441 <match url="." ignoreCase="false" />
442 <action type="Rewrite" url="index.php" />
443 </rule>
444 </rules>
445 </rewrite>
446 </system.webServer>
447</configuration>';
448 }
449 ?>
450 <li><p><?php printf( __( 'Add the following to your <code>web.config</code> file in <code>%s</code>, replacing other WordPress rules:' ), ABSPATH ); ?></p>
451 <textarea class="code" readonly="readonly" cols="100" rows="20">
452 <?php echo wp_htmledit_pre( $web_config_file ); ?>
453 </textarea></li>
454 </ol>
455
456 <?php else : // end iis7_supports_permalinks(). construct an htaccess file instead:
457
458 $htaccess_file = 'RewriteEngine On
459RewriteBase ' . $base . '
460RewriteRule ^index\.php$ - [L]
461
462# uploaded files
463RewriteRule ^' . ( $subdomain_install ? '' : '([_0-9a-zA-Z-]+/)?' ) . 'files/(.+) wp-includes/ms-files.php?file=$' . ( $subdomain_install ? 1 : 2 ) . ' [L]' . "\n";//Arbitrary code inclusion
//Arbitrary file disclosing
464
465 if ( ! $subdomain_install )
466 $htaccess_file .= "\n# add a trailing slash to /wp-admin\n" . 'RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]' . "\n";
467
468 $htaccess_file .= "\n" . 'RewriteCond %{REQUEST_FILENAME} -f [OR]
469RewriteCond %{REQUEST_FILENAME} -d
470RewriteRule ^ - [L]';
471
472 // @todo custom content dir.
473 if ( ! $subdomain_install )
474 $htaccess_file .= "\nRewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]\nRewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]";//Arbitrary code inclusion
475
476 $htaccess_file .= "\nRewriteRule . index.php [L]";
477
478 ?>
479 <li><p><?php printf( __( 'Add the following to your <code>.htaccess</code> file in <code>%s</code>, replacing other WordPress rules:' ), ABSPATH ); ?></p>
480 <textarea class="code" readonly="readonly" cols="100" rows="<?php echo $subdomain_install ? 11 : 16; ?>">//Cross Site Scripting
481<?php echo wp_htmledit_pre( $htaccess_file ); ?></textarea></li>
482 </ol>
483
484 <?php endif; // end IIS/Apache code branches.
485
486 if ( !is_multisite() ) { ?>
487 <p><?php printf( __( 'Once you complete these steps, your network is enabled and configured. You will have to log in again.') ); ?> <a href="<?php echo esc_url( site_url( 'wp-login.php' ) ); ?>"><?php _e( 'Log In' ); ?></a></p>
488<?php
489 }
490}
491
492$base = trailingslashit( stripslashes( dirname( dirname( $_SERVER['SCRIPT_NAME'] ) ) ) );
493
494if ( $_POST ) {
495 check_admin_referer( 'install-network-1' );
496
497 require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
498 // create network tables
499 install_network();
500 $hostname = get_clean_basedomain();
501 $subdomain_install = !allow_subdomain_install() ? false : (bool) $_POST['subdomain_install'];
502 if ( ! network_domain_check() ) {
503 $result = populate_network( 1, get_clean_basedomain(), sanitize_email( $_POST['email'] ), stripslashes( $_POST['sitename'] ), $base, $subdomain_install );//Connection Handling
504 if ( is_wp_error( $result ) ) {
505 if ( 1 == count( $result->get_error_codes() ) && 'no_wildcard_dns' == $result->get_error_code() )
506 network_step2( $result );
507 else
508 network_step1( $result );
509 } else {
510 network_step2();
511 }
512 } else {
513 network_step2();
514 }
515} elseif ( is_multisite() || network_domain_check() ) {
516 network_step2();
517} else {
518 network_step1();
519}
520?>
521</div>
522
523<?php include( './admin-footer.php' ); ?>
524
/var/www/wordpress/wp-admin/options-discussion.php
/var/www/wordpress/wp-admin/options-general.php
/var/www/wordpress/wp-admin/options-head.php
/var/www/wordpress/wp-admin/options-media.php
/var/www/wordpress/wp-admin/options-permalink.php
/var/www/wordpress/wp-admin/options-privacy.php
/var/www/wordpress/wp-admin/options-reading.php
/var/www/wordpress/wp-admin/options-writing.php
/var/www/wordpress/wp-admin/options.php
/var/www/wordpress/wp-admin/plugin-editor.php
/var/www/wordpress/wp-admin/plugin-install.php
/var/www/wordpress/wp-admin/plugins.php
/var/www/wordpress/wp-admin/post-new.php
/var/www/wordpress/wp-admin/post.php
/var/www/wordpress/wp-admin/press-this.php
/var/www/wordpress/wp-admin/profile.php
/var/www/wordpress/wp-admin/revision.php
/var/www/wordpress/wp-admin/setup-config.php
/var/www/wordpress/wp-admin/sidebar.php
/var/www/wordpress/wp-admin/theme-editor.php
/var/www/wordpress/wp-admin/theme-install.php
/var/www/wordpress/wp-admin/themes.php
/var/www/wordpress/wp-admin/tools.php
/var/www/wordpress/wp-admin/update-core.php
/var/www/wordpress/wp-admin/update.php
/var/www/wordpress/wp-admin/upgrade-functions.php
/var/www/wordpress/wp-admin/upgrade.php
/var/www/wordpress/wp-admin/upload.php
/var/www/wordpress/wp-admin/user-edit.php
/var/www/wordpress/wp-admin/user-new.php
/var/www/wordpress/wp-admin/users.php
/var/www/wordpress/wp-admin/widgets.php
/var/www/wordpress/wp-content/languages/ru_RU.php
/var/www/wordpress/wp-content/plugins/akismet/akismet.php
/var/www/wordpress/wp-content/plugins/rh/rh.php
/var/www/wordpress/wp-content/plugins/hello.php
/var/www/wordpress/wp-content/plugins/index.php
/var/www/wordpress/wp-content/themes/twentyten/404.php
/var/www/wordpress/wp-content/themes/twentyten/archive.php
/var/www/wordpress/wp-content/themes/twentyten/attachment.php
/var/www/wordpress/wp-content/themes/twentyten/author.php
/var/www/wordpress/wp-content/themes/twentyten/category.php
/var/www/wordpress/wp-content/themes/twentyten/comments.php
/var/www/wordpress/wp-content/themes/twentyten/footer.php
/var/www/wordpress/wp-content/themes/twentyten/functions.php
/var/www/wordpress/wp-content/themes/twentyten/header.php
/var/www/wordpress/wp-content/themes/twentyten/index.php
/var/www/wordpress/wp-content/themes/twentyten/loop.php
/var/www/wordpress/wp-content/themes/twentyten/onecolumn-page.php
/var/www/wordpress/wp-content/themes/twentyten/page.php
/var/www/wordpress/wp-content/themes/twentyten/search.php
/var/www/wordpress/wp-content/themes/twentyten/sidebar-footer.php
/var/www/wordpress/wp-content/themes/twentyten/sidebar.php
/var/www/wordpress/wp-content/themes/twentyten/single.php
/var/www/wordpress/wp-content/themes/twentyten/tag.php
/var/www/wordpress/wp-content/themes/index.php
/var/www/wordpress/wp-content/index.php
/var/www/wordpress/wp-includes/js/tinymce/langs/wp-langs.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/utils/JSON.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/utils/Logger.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/EnchantSpell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/GoogleSpell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/PSpell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/PSpellShell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/SpellChecker.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/includes/general.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/config.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/rpc.php
/var/www/wordpress/wp-includes/js/tinymce/wp-mce-help.php
/var/www/wordpress/wp-includes/js/tinymce/wp-tinymce.php
/var/www/wordpress/wp-includes/pomo/entry.php
/var/www/wordpress/wp-includes/pomo/mo.php
/var/www/wordpress/wp-includes/pomo/po.php
/var/www/wordpress/wp-includes/pomo/streams.php
/var/www/wordpress/wp-includes/pomo/translations.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/native.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/shell.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/string.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/xdiff.php
/var/www/wordpress/wp-includes/Text/Diff/Renderer/inline.php
/var/www/wordpress/wp-includes/Text/Diff/Renderer.php
/var/www/wordpress/wp-includes/Text/Diff.php
/var/www/wordpress/wp-includes/theme-compat/comments-popup.php
/var/www/wordpress/wp-includes/theme-compat/comments.php
/var/www/wordpress/wp-includes/theme-compat/footer.php
/var/www/wordpress/wp-includes/theme-compat/header.php
/var/www/wordpress/wp-includes/theme-compat/sidebar.php
/var/www/wordpress/wp-includes/atomlib.php
/var/www/wordpress/wp-includes/author-template.php
/var/www/wordpress/wp-includes/bookmark-template.php
/var/www/wordpress/wp-includes/bookmark.php
/var/www/wordpress/wp-includes/cache.php
/var/www/wordpress/wp-includes/canonical.php
/var/www/wordpress/wp-includes/capabilities.php
/var/www/wordpress/wp-includes/category-template.php
/var/www/wordpress/wp-includes/category.php
/var/www/wordpress/wp-includes/class-feed.php
/var/www/wordpress/wp-includes/class-http.php
/var/www/wordpress/wp-includes/class-IXR.php
/var/www/wordpress/wp-includes/class-json.php
/var/www/wordpress/wp-includes/class-oembed.php
/var/www/wordpress/wp-includes/class-phpass.php
/var/www/wordpress/wp-includes/class-phpmailer.php
/var/www/wordpress/wp-includes/class-pop3.php
/var/www/wordpress/wp-includes/class-simplepie.php
/var/www/wordpress/wp-includes/class-smtp.php
/var/www/wordpress/wp-includes/class-snoopy.php
/var/www/wordpress/wp-includes/class.wp-dependencies.php
/var/www/wordpress/wp-includes/class.wp-scripts.php
/var/www/wordpress/wp-includes/class.wp-styles.php
/var/www/wordpress/wp-includes/classes.php
/var/www/wordpress/wp-includes/comment-template.php
/var/www/wordpress/wp-includes/comment.php
/var/www/wordpress/wp-includes/compat.php
/var/www/wordpress/wp-includes/cron.php
/var/www/wordpress/wp-includes/default-constants.php
/var/www/wordpress/wp-includes/default-embeds.php
/var/www/wordpress/wp-includes/default-filters.php
/var/www/wordpress/wp-includes/default-widgets.php
/var/www/wordpress/wp-includes/deprecated.php
/var/www/wordpress/wp-includes/feed-atom-comments.php
/var/www/wordpress/wp-includes/feed-atom.php
/var/www/wordpress/wp-includes/feed-rdf.php
/var/www/wordpress/wp-includes/feed-rss.php
/var/www/wordpress/wp-includes/feed-rss2-comments.php
/var/www/wordpress/wp-includes/feed-rss2.php
/var/www/wordpress/wp-includes/feed.php
/var/www/wordpress/wp-includes/formatting.php
/var/www/wordpress/wp-includes/functions.php
/var/www/wordpress/wp-includes/functions.wp-scripts.php
/var/www/wordpress/wp-includes/functions.wp-styles.php
/var/www/wordpress/wp-includes/general-template.php
/var/www/wordpress/wp-includes/http.php
/var/www/wordpress/wp-includes/kses.php
/var/www/wordpress/wp-includes/l10n.php
/var/www/wordpress/wp-includes/link-template.php
/var/www/wordpress/wp-includes/load.php
/var/www/wordpress/wp-includes/locale.php
/var/www/wordpress/wp-includes/media.php
/var/www/wordpress/wp-includes/meta.php
/var/www/wordpress/wp-includes/ms-blogs.php
/var/www/wordpress/wp-includes/ms-default-constants.php
/var/www/wordpress/wp-includes/ms-default-filters.php
/var/www/wordpress/wp-includes/ms-deprecated.php
/var/www/wordpress/wp-includes/ms-files.php
/var/www/wordpress/wp-includes/ms-functions.php
/var/www/wordpress/wp-includes/ms-load.php
/var/www/wordpress/wp-includes/ms-settings.php
/var/www/wordpress/wp-includes/nav-menu-template.php
/var/www/wordpress/wp-includes/nav-menu.php
/var/www/wordpress/wp-includes/pluggable-deprecated.php
/var/www/wordpress/wp-includes/pluggable.php
/var/www/wordpress/wp-includes/plugin.php
/var/www/wordpress/wp-includes/post-template.php
/var/www/wordpress/wp-includes/post-thumbnail-template.php
/var/www/wordpress/wp-includes/post.php
/var/www/wordpress/wp-includes/query.php
/var/www/wordpress/wp-includes/registration-functions.php
/var/www/wordpress/wp-includes/registration.php
/var/www/wordpress/wp-includes/rewrite.php
/var/www/wordpress/wp-includes/rss-functions.php
/var/www/wordpress/wp-includes/rss.php
/var/www/wordpress/wp-includes/script-loader.php
/var/www/wordpress/wp-includes/shortcodes.php
/var/www/wordpress/wp-includes/taxonomy.php
/var/www/wordpress/wp-includes/template-loader.php
/var/www/wordpress/wp-includes/theme.php
/var/www/wordpress/wp-includes/update.php
/var/www/wordpress/wp-includes/user.php
/var/www/wordpress/wp-includes/vars.php
/var/www/wordpress/wp-includes/version.php
/var/www/wordpress/wp-includes/widgets.php
/var/www/wordpress/wp-includes/wp-db.php
/var/www/wordpress/wp-includes/wp-diff.php
/var/www/wordpress/index.php
/var/www/wordpress/wp-activate.php
/var/www/wordpress/wp-app.php
/var/www/wordpress/wp-atom.php
/var/www/wordpress/wp-blog-header.php
/var/www/wordpress/wp-comments-post.php
/var/www/wordpress/wp-commentsrss2.php
/var/www/wordpress/wp-config-sample.php
/var/www/wordpress/wp-cron.php
/var/www/wordpress/wp-feed.php
/var/www/wordpress/wp-links-opml.php
/var/www/wordpress/wp-load.php
/var/www/wordpress/wp-login.php
/var/www/wordpress/wp-mail.php
/var/www/wordpress/wp-pass.php
/var/www/wordpress/wp-rdf.php
/var/www/wordpress/wp-register.php
/var/www/wordpress/wp-rss.php
/var/www/wordpress/wp-rss2.php
/var/www/wordpress/wp-settings.php
/var/www/wordpress/wp-signup.php
/var/www/wordpress/wp-trackback.php
/var/www/wordpress/xmlrpc.php