WordPress MU

So with the new updates to wpmu I no longer have to worry about long lists of links from blog spammers, but my main problem is now are like 1000 character long blog titles.

I set the signup form to have a maximum character length of 50, but you can still spam it with a script.

I also tried to write a little script that would limit the title to 50 chars on the back end,

$tempTitle = $filtered_results['blog_title'];

    $limit = 50;
	if (strlen($tempTitle) > $limit)
	$tempTitle = substr($tempTitle, 0, strrpos(substr($tempTitle, 0, $limit), ' ')) . '...';
	$blog_title = $tempTitle;

put the following around line 310 in wp-signup.php

Still log in every morning to super long blog titles advertising ring tones or whatever. Where exactly would I have to stop this madness? I am not trying to stop the spammers (not yet anyway) I just want to limit blog titles to less than 50 chars so that it doesn't mess up my front page formating so much.

Any help would be very much appreciated.

Find where the title and/or username is passed to a function inside wp-signup.php, and trim it right before that.

Or, you could plug-in to the sign up init, and check for post being set, and if it is you can trim the posted results. If you go that route be sure you also run the same filtering/parsing that WP does on it first, so that you end up with the expected results. (Meaning the you don't end up with some half eaten tags or something).

exactly, the problem is I am having trouble finding exactly where the title is being passed. I thought it was around line 310 but it doesn't seem to be. Could you help me figure out where that function call is?

and yes I agree that it should be filtered first, that is what I was trying to do above.

Thanks in advance.

I was looking for this exact same thing last night - I think where we stopped was in going to wp-includes/wpmu_functions.php and poking in there when the blgo was about to be created.

I looked through wp-includes/wpmu_functions.php, where exactly were you thinking of putting in the rule?

wpmu_validate_blog_signup looks to be promising. (around line 1000)

could my little snippet of code from above work there?
something like

$blog_title = strip_tags( $blog_title );
$tempTitle = $blog_title;

    $limit = 50;
	if (strlen($tempTitle) > $limit)
	$tempTitle = substr($tempTitle, 0, strrpos(substr($tempTitle, 0, $limit), ' ')) . '...';
	$blog_title = $tempTitle;

I am not familiar enough (yet) with all the functions to know if this is the one I want to go hacking into.

Thanks again for the tips.

Without looking, yeah probably around there. :D I know it sounds right. I am always hacking and reading that file.

Well I guess I will give it a go and see how the spammer deal with it... I will keep you posted.

Honestly, it doesn't need to go in that file. All the data is gathered by the sign-up page, through post variables.

While I don't have that file open at the moment, finding that field (look for $_POST['field-name']) is the first step.

Next, see if it is parsed (meaning cleaned up) in the sign-up file or if it happens after it is passed to the function.

Find out how it is cleaned up.

Next, hook into the sign-up init action (I think that's it's name, it's towards the top, but it is not wp_head), and check for $_POST being set. If it is, perform the same cleanup that MU does on it, then run your length chop on it, if applicable, and carry on.

Not a single core edit to be had.

Not that I'm opposed to core edits, but when a hook is available like this, it sure makes it easier to upgrade when the time comes.

Well, Ron and I were both looking at wp-signup the other night and couldn't find it, but we're also both sick, so that's my excuse... :D

It works! Today I signed on and saw a nicely cropped at 50 chars title for some levitra spamm whoo hoo! Now at least the spammers that I cant stop wont royally destroy my layout.

Sorry I couldn't understans clearly. Can you help me where do we paste these codes? or can you send us edited page codes?
Thanks for interest.

And how about spambot, which register blogs not through web page and direct through post-request?

That was fixed in the version after the one you're running.