Auto-generated wp-config.php doesn't have escaping for the MySQL password
|Reported by:||SaltwaterC||Owned by:|
During the WordPress installation, if the target filesystem doesn't have write permissions, the installer kindly asks:
"Sorry, but I can't write the wp-config.php file.
You can create the wp-config.php manually and paste the following text into it."
However, if the MySQL password contains chars like ' then the automatically generated line looks like this:
which makes the PHP engine to cough an error (specifically, the obvious: PHP Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING) an potentially annoy the person who installs WordPress.
Something tells me that if the wp-config.php goes straight to disk, this issue might be there as well. I am not intimate with the WordPress installer, but somebody who is may take a look to see if my hunch is right.