Ticket #13839: 13839.2.diff

wp-admin/setup-config.php

@@ -155 +155 @@
         $passwrd = trim($_POST['pwd']);
         $dbhost  = trim($_POST['dbhost']);
         $prefix  = trim($_POST['prefix']);
+
+        $tryagain_link = '</p><p class="step"><a href="setup-config.php?step=1" onclick="javascript:history.go(-1);return false;" class="button">' . /*WP_I18N_ERROR_TRYAGAIN*/'Try Again'/*/WP_I18N_ERROR_TRYAGAIN*/ . '</a>';
+
+        // Validate $prefix: it can only contain letters, numbers and underscores
         if ( empty($prefix) )
-                $prefix = 'wp_';
+                wp_die( /*WP_I18N_EMPTY_PREFIX*/'<strong>ERROR</strong>: "Table Prefix" must not be empty.'/*/WP_I18N_EMPTY_PREFIX*/ . $tryagain_link );
 
-        // Validate $prefix: it can only contain letters, numbers and underscores
         if ( preg_match( '|[^a-z0-9_]|i', $prefix ) )
-                wp_die( /*WP_I18N_BAD_PREFIX*/'<strong>ERROR</strong>: "Table Prefix" can only contain numbers, letters, and underscores.'/*/WP_I18N_BAD_PREFIX*/ );
+                wp_die( /*WP_I18N_BAD_PREFIX*/'<strong>ERROR</strong>: "Table Prefix" can only contain numbers, letters, and underscores.'/*/WP_I18N_BAD_PREFIX*/ . $tryagain_link );
 
         // Test the db connection.
         /**#@+
@@ -174 +177 @@
 
         // We'll fail here if the values are no good.
         require_wp_db();
-        if ( ! empty( $wpdb->error ) ) {
-                $back = '<p class="step"><a href="setup-config.php?step=1" onclick="javascript:history.go(-1);return false;" class="button">Try Again</a></p>';
-                wp_die( $wpdb->error->get_error_message() . $back );
-        }
+        if ( ! empty( $wpdb->error ) )
+                wp_die( $wpdb->error->get_error_message() . $tryagain_link );
 
         // Fetch or generate keys and salts.
         $no_api = isset( $_POST['noapi'] );
@@ -215 +216 @@
         foreach ($configFile as $line_num => $line) {
                 switch (substr($line,0,16)) {
                         case "define('DB_NAME'":
+                                $dbname = addcslashes($dbname, "\\'");
                                 $configFile[$line_num] = str_replace("database_name_here", $dbname, $line);
                                 break;
                         case "define('DB_USER'":
+                                $uname = addcslashes($uname, "\\'");
                                 $configFile[$line_num] = str_replace("'username_here'", "'$uname'", $line);
                                 break;
                         case "define('DB_PASSW":
+                                $passwrd = addcslashes($passwrd, "\\'");
                                 $configFile[$line_num] = str_replace("'password_here'", "'$passwrd'", $line);
                                 break;
                         case "define('DB_HOST'":