Ticket #13839: 13839.7.diff
| File 13839.7.diff, 2.7 KB (added by , 13 years ago) |
|---|
-
wp-admin/setup-config.php
160 160 break; 161 161 162 162 case 2: 163 $dbname = trim($_POST['dbname']); 164 $uname = trim($_POST['uname']); 165 $passwrd = trim($_POST['pwd']); 166 $dbhost = trim($_POST['dbhost']); 167 $prefix = trim($_POST['prefix']); 168 if ( empty($prefix) ) 169 $prefix = 'wp_'; 163 foreach ( array( 'dbname', 'uname', 'pwd', 'dbhost', 'prefix' ) as $key ) 164 $$key = trim( stripslashes( $_POST[ $key ] ) ); 170 165 171 // Validate $prefix: it can only contain letters, numbers and underscores 166 $tryagain_link = '</p><p class="step"><a href="setup-config.php?step=1" onclick="javascript:history.go(-1);return false;" class="button">' . __( 'Try Again' ) . '</a>'; 167 168 if ( empty( $prefix ) ) 169 wp_die( __( '<strong>ERROR</strong>: "Table Prefix" must not be empty.' . $tryagain_link ) ); 170 171 // Validate $prefix: it can only contain letters, numbers and underscores. 172 172 if ( preg_match( '|[^a-z0-9_]|i', $prefix ) ) 173 wp_die( __( '<strong>ERROR</strong>: "Table Prefix" can only contain numbers, letters, and underscores.' ) );173 wp_die( __( '<strong>ERROR</strong>: "Table Prefix" can only contain numbers, letters, and underscores.' . $tryagain_link ) ); 174 174 175 175 // Test the db connection. 176 176 /**#@+ … … 178 178 */ 179 179 define('DB_NAME', $dbname); 180 180 define('DB_USER', $uname); 181 define('DB_PASSWORD', $p asswrd);181 define('DB_PASSWORD', $pwd); 182 182 define('DB_HOST', $dbhost); 183 183 /**#@-*/ 184 184 185 185 // We'll fail here if the values are no good. 186 186 require_wp_db(); 187 if ( ! empty( $wpdb->error ) ) { 188 $back = '<p class="step"><a href="setup-config.php?step=1" onclick="javascript:history.go(-1);return false;" class="button">' . __( 'Try Again' ) . '</a></p>'; 189 wp_die( $wpdb->error->get_error_message() . $back ); 190 } 187 if ( ! empty( $wpdb->error ) ) 188 wp_die( $wpdb->error->get_error_message() . $tryagain_link ); 191 189 192 190 // Fetch or generate keys and salts. 193 191 $no_api = isset( $_POST['noapi'] ); … … 221 219 $key = 0; 222 220 foreach ( $config_file as &$line ) { 223 221 if ( '$table_prefix =' == substr( $line, 0, 16 ) ) { 224 $line = '$table_prefix = \'' . $prefix. "';\r\n";222 $line = '$table_prefix = \'' . addcslashes( $prefix, "\\'" ) . "';\r\n"; 225 223 continue; 226 224 } 227 225 … … 236 234 case 'DB_USER' : 237 235 case 'DB_PASSWORD' : 238 236 case 'DB_HOST' : 239 $line = "define('" . $constant . "'," . $padding . "'" . constant( $constant) . "');\r\n";237 $line = "define('" . $constant . "'," . $padding . "'" . addcslashes( constant( $constant ), "\\'" ) . "');\r\n"; 240 238 break; 241 239 case 'AUTH_KEY' : 242 240 case 'SECURE_AUTH_KEY' :