Ticket #14516: stripslashes-db-values-on-install-2.patch
| File stripslashes-db-values-on-install-2.patch, 1.7 KB (added by , 15 years ago) |
|---|
-
wp-admin/setup-config.php
152 152 break; 153 153 154 154 case 2: 155 $dbname = trim( $_POST['dbname']);156 $uname = trim( $_POST['uname']);157 $passwrd = trim( $_POST['pwd']);158 $dbhost = trim( $_POST['dbhost']);155 $dbname = trim(stripslashes($_POST['dbname'])); 156 $uname = trim(stripslashes($_POST['uname'])); 157 $passwrd = trim(stripslashes($_POST['pwd'])); 158 $dbhost = trim(stripslashes($_POST['dbhost'])); 159 159 $prefix = trim($_POST['prefix']); 160 160 if ( empty($prefix) ) 161 161 $prefix = 'wp_'; … … 215 215 foreach ($configFile as $line_num => $line) { 216 216 switch (substr($line,0,16)) { 217 217 case "define('DB_NAME'": 218 $configFile[$line_num] = str_replace("database_name_here", $dbname, $line);218 $configFile[$line_num] = str_replace("database_name_here", addslashes($dbname), $line); 219 219 break; 220 220 case "define('DB_USER'": 221 $configFile[$line_num] = str_replace(" 'username_here'", "'$uname'", $line);221 $configFile[$line_num] = str_replace("username_here", addslashes($uname), $line); 222 222 break; 223 223 case "define('DB_PASSW": 224 $configFile[$line_num] = str_replace(" 'password_here'", "'$passwrd'", $line);224 $configFile[$line_num] = str_replace("password_here", addslashes($passwrd), $line); 225 225 break; 226 226 case "define('DB_HOST'": 227 $configFile[$line_num] = str_replace("localhost", $dbhost, $line);227 $configFile[$line_num] = str_replace("localhost", addslashes($dbhost), $line); 228 228 break; 229 229 case '$table_prefix =': 230 230 $configFile[$line_num] = str_replace('wp_', $prefix, $line);