WordPress.org

Make WordPress Core

Changeset 20661


Ignore:
Timestamp:
04/30/12 21:56:32 (2 years ago)
Author:
ryan
Message:

setup-config.php cleanups

  • Don't allow an empty prefix
  • Make slashing consistent and sane

Props SergeyBiryukov
Fixes #13839

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/setup-config.php

    r20564 r20661  
    161161 
    162162    case 2: 
    163     $dbname  = trim($_POST['dbname']); 
    164     $uname   = trim($_POST['uname']); 
    165     $passwrd = trim($_POST['pwd']); 
    166     $dbhost  = trim($_POST['dbhost']); 
    167     $prefix  = trim($_POST['prefix']); 
    168     if ( empty($prefix) ) 
    169         $prefix = 'wp_'; 
    170  
    171     // Validate $prefix: it can only contain letters, numbers and underscores 
     163    foreach ( array( 'dbname', 'uname', 'pwd', 'dbhost', 'prefix' ) as $key ) 
     164        $$key = trim( stripslashes( $_POST[ $key ] ) ); 
     165 
     166    $tryagain_link = '</p><p class="step"><a href="setup-config.php?step=1" onclick="javascript:history.go(-1);return false;" class="button">' . __( 'Try Again' ) . '</a>'; 
     167 
     168    if ( empty( $prefix ) ) 
     169        wp_die( __( '<strong>ERROR</strong>: "Table Prefix" must not be empty.' . $tryagain_link ) ); 
     170 
     171    // Validate $prefix: it can only contain letters, numbers and underscores. 
    172172    if ( preg_match( '|[^a-z0-9_]|i', $prefix ) ) 
    173         wp_die( __( '<strong>ERROR</strong>: "Table Prefix" can only contain numbers, letters, and underscores.' ) ); 
     173        wp_die( __( '<strong>ERROR</strong>: "Table Prefix" can only contain numbers, letters, and underscores.' . $tryagain_link ) ); 
    174174 
    175175    // Test the db connection. 
     
    179179    define('DB_NAME', $dbname); 
    180180    define('DB_USER', $uname); 
    181     define('DB_PASSWORD', $passwrd); 
     181    define('DB_PASSWORD', $pwd); 
    182182    define('DB_HOST', $dbhost); 
    183183    /**#@-*/ 
     
    185185    // We'll fail here if the values are no good. 
    186186    require_wp_db(); 
    187     if ( ! empty( $wpdb->error ) ) { 
    188         $back = '<p class="step"><a href="setup-config.php?step=1" onclick="javascript:history.go(-1);return false;" class="button">' . __( 'Try Again' ) . '</a></p>'; 
    189         wp_die( $wpdb->error->get_error_message() . $back ); 
    190     } 
     187    if ( ! empty( $wpdb->error ) ) 
     188        wp_die( $wpdb->error->get_error_message() . $tryagain_link ); 
    191189 
    192190    // Fetch or generate keys and salts. 
     
    222220    foreach ( $config_file as &$line ) { 
    223221        if ( '$table_prefix  =' == substr( $line, 0, 16 ) ) { 
    224             $line = '$table_prefix  = \'' . $prefix . "';\r\n"; 
     222            $line = '$table_prefix  = \'' . addcslashes( $prefix, "\\'" ) . "';\r\n"; 
    225223            continue; 
    226224        } 
     
    237235            case 'DB_PASSWORD' : 
    238236            case 'DB_HOST'     : 
    239                 $line = "define('" . $constant . "'," . $padding . "'" . constant( $constant ) . "');\r\n"; 
     237                $line = "define('" . $constant . "'," . $padding . "'" . addcslashes( constant( $constant ), "\\'" ) . "');\r\n"; 
    240238                break; 
    241239            case 'AUTH_KEY'         : 
Note: See TracChangeset for help on using the changeset viewer.