Make WordPress Core

Opened 14 years ago

Closed 13 years ago

#15486 closed defect (bug) (duplicate)

Auto-generated wp-config.php doesn't have escaping for the MySQL password

Reported by: saltwaterc's profile SaltwaterC Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.0.1
Component: Upgrade/Install Keywords: has-patch
Focuses: Cc:

Description

During the WordPress installation, if the target filesystem doesn't have write permissions, the installer kindly asks:

"Sorry, but I can't write the wp-config.php file.

You can create the wp-config.php manually and paste the following text into it."

However, if the MySQL password contains chars like ' then the automatically generated line looks like this:

define('DB_PASSWORD', 'random-input'more-random-junk');

which makes the PHP engine to cough an error (specifically, the obvious: PHP Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING) an potentially annoy the person who installs WordPress.

Something tells me that if the wp-config.php goes straight to disk, this issue might be there as well. I am not intimate with the WordPress installer, but somebody who is may take a look to see if my hunch is right.

Attachments (1)

15486.patch (1.2 KB) - added by SergeyBiryukov 14 years ago.

Download all attachments as: .zip

Change History (6)

#1 @SergeyBiryukov
14 years ago

  • Keywords has-patch added

#2 @westi
14 years ago

I think we should just not let people use that char in there password if they are using setup-config.php instead.

#3 @dd32
14 years ago

I think we should just not let people use that char in there password if they are using setup-config.php instead.

One possible source of such a legit character in the password may come from other applications which auto-generate a random password, doing so could lead to scenario's in which the user has to change their password in order to use setup-config.php

#4 @nacin
14 years ago

  • Milestone changed from Awaiting Review to Future Release

#5 @SergeyBiryukov
13 years ago

  • Milestone Future Release deleted
  • Resolution set to duplicate
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.