Opened 14 years ago
Closed 13 years ago
#15486 closed defect (bug) (duplicate)
Auto-generated wp-config.php doesn't have escaping for the MySQL password
Reported by: | SaltwaterC | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.0.1 |
Component: | Upgrade/Install | Keywords: | has-patch |
Focuses: | Cc: |
Description
During the WordPress installation, if the target filesystem doesn't have write permissions, the installer kindly asks:
"Sorry, but I can't write the wp-config.php file.
You can create the wp-config.php manually and paste the following text into it."
However, if the MySQL password contains chars like ' then the automatically generated line looks like this:
define('DB_PASSWORD', 'random-input'more-random-junk');
which makes the PHP engine to cough an error (specifically, the obvious: PHP Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING) an potentially annoy the person who installs WordPress.
Something tells me that if the wp-config.php goes straight to disk, this issue might be there as well. I am not intimate with the WordPress installer, but somebody who is may take a look to see if my hunch is right.
Attachments (1)
Change History (6)
#3
@
14 years ago
I think we should just not let people use that char in there password if they are using setup-config.php instead.
One possible source of such a legit character in the password may come from other applications which auto-generate a random password, doing so could lead to scenario's in which the user has to change their password in order to use setup-config.php
I think we should just not let people use that char in there password if they are using setup-config.php instead.