Index: wp-admin/setup-config.php
===================================================================
--- wp-admin/setup-config.php	(revision 17094)
+++ wp-admin/setup-config.php	(working copy)
@@ -42,6 +42,7 @@
 require_once(ABSPATH . WPINC . '/load.php');
 require_once(ABSPATH . WPINC . '/compat.php');
 require_once(ABSPATH . WPINC . '/functions.php');
+require_once(ABSPATH . WPINC . '/formatting.php');
 require_once(ABSPATH . WPINC . '/class-wp-error.php');
 require_once(ABSPATH . WPINC . '/version.php');
 
@@ -170,7 +171,7 @@
 	 */
 	define('DB_NAME', $dbname);
 	define('DB_USER', $uname);
-	define('DB_PASSWORD', $passwrd);
+	define('DB_PASSWORD', stripslashes($passwrd));
 	define('DB_HOST', $dbhost);
 	/**#@-*/
 
@@ -223,7 +224,7 @@
 				$configFile[$line_num] = str_replace("'username_here'", "'$uname'", $line);
 				break;
 			case "define('DB_PASSW":
-				$configFile[$line_num] = str_replace("'password_here'", "'$passwrd'", $line);
+				$configFile[$line_num] = str_replace("'password_here'", "'" . addslashes_gpc($passwrd) . "'", $line);
 				break;
 			case "define('DB_HOST'":
 				$configFile[$line_num] = str_replace("localhost", $dbhost, $line);