id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
15486	Auto-generated wp-config.php doesn't have escaping for the MySQL password	SaltwaterC		"During the WordPress installation, if the target filesystem doesn't have write permissions, the installer kindly asks:

""Sorry, but I can't write the wp-config.php file.

You can create the wp-config.php manually and paste the following text into it.""

However, if the MySQL password contains chars like ' then the automatically generated line looks like this:

define('DB_PASSWORD', 'random-input'more-random-junk');

which makes the PHP engine to cough an error (specifically, the obvious: PHP Parse error:  syntax error, unexpected T_CONSTANT_ENCAPSED_STRING) an potentially annoy the person who installs WordPress.

Something tells me that if the wp-config.php goes straight to disk, this issue might be there as well. I am not intimate with the WordPress installer, but somebody who is may take a look to see if my hunch is right."	defect (bug)	closed	normal		Upgrade/Install	3.0.1	normal	duplicate	has-patch