* The permissions for the base directory must allow for writing files in order
* for the wp-config.php to be created using this page.
*
- * @internal This file must be parsable by PHP4.
- *
* @package WordPress
* @subpackage Administration
*/
*/
error_reporting(0);
-define( 'ABSPATH', dirname( dirname( __FILE__ ) ) . '/' );
+if ( ! defined( 'ABSPATH' ) ) {
+ define( 'ABSPATH', dirname( dirname( __FILE__ ) ) . '/' );
+}
require( ABSPATH . 'wp-settings.php' );
<?php wp_admin_css( 'install', true ); ?>
</head>
<body class="<?php echo implode( ' ', $body_classes ); ?>">
-<p id="logo"><a href="<?php esc_attr_e( 'https://wordpress.org/' ); ?>" tabindex="-1"><?php _e( 'WordPress' ); ?></a></p>
+<p id="logo"><a href="<?php echo esc_url( __( 'https://wordpress.org/' ) ); ?>" tabindex="-1"><?php _e( 'WordPress' ); ?></a></p>
<?php
} // end function setup_config_display_header();
setup_config_display_header();
?>
-<h1 class="screen-reader-text"><?php _e( 'Setup your database connection' ) ?></h1>
+<h1 class="screen-reader-text"><?php _e( 'Set up your database connection' ) ?></h1>
<form method="post" action="setup-config.php?step=2">
<p><?php _e( 'Below you should enter your database connection details. If you’re not sure about these, contact your host.' ); ?></p>
<table class="form-table">
<tr>
<th scope="row"><label for="dbname"><?php _e( 'Database Name' ); ?></label></th>
<td><input name="dbname" id="dbname" type="text" size="25" value="wordpress" /></td>
- <td><?php _e( 'The name of the database you want to run WP in.' ); ?></td>
+ <td><?php _e( 'The name of the database you want to use with WordPress.' ); ?></td>
</tr>
<tr>
- <th scope="row"><label for="uname"><?php _e( 'User Name' ); ?></label></th>
+ <th scope="row"><label for="uname"><?php _e( 'Username' ); ?></label></th>
<td><input name="uname" id="uname" type="text" size="25" value="<?php echo htmlspecialchars( _x( 'username', 'example username' ), ENT_QUOTES ); ?>" /></td>
- <td><?php _e( 'Your MySQL username' ); ?></td>
+ <td><?php _e( 'Your database username.' ); ?></td>
</tr>
<tr>
<th scope="row"><label for="pwd"><?php _e( 'Password' ); ?></label></th>
<td><input name="pwd" id="pwd" type="text" size="25" value="<?php echo htmlspecialchars( _x( 'password', 'example password' ), ENT_QUOTES ); ?>" autocomplete="off" /></td>
- <td><?php _e( '…and your MySQL password.' ); ?></td>
+ <td><?php _e( 'Your database password.' ); ?></td>
</tr>
<tr>
<th scope="row"><label for="dbhost"><?php _e( 'Database Host' ); ?></label></th>
if ( ! empty( $wpdb->error ) )
wp_die( $wpdb->error->get_error_message() . $tryagain_link );
- // Fetch or generate keys and salts.
- $no_api = isset( $_POST['noapi'] );
- if ( ! $no_api ) {
- $secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/salt/' );
+ $wpdb->query( "SELECT $prefix" );
+ if ( ! $wpdb->last_error ) {
+ // MySQL was able to parse the prefix as a value, which we don't want. Bail.
+ wp_die( __( '<strong>ERROR</strong>: "Table Prefix" is invalid.' ) );
}
- if ( $no_api || is_wp_error( $secret_keys ) ) {
- $secret_keys = array();
+ // Generate keys and salts using secure CSPRNG; fallback to API if enabled; further fallback to original wp_generate_password().
+ try {
+ $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_ []{}<>~`+=,.;:/?|';
+ $max = strlen($chars) - 1;
for ( $i = 0; $i < 8; $i++ ) {
- $secret_keys[] = wp_generate_password( 64, true, true );
+ $key = '';
+ for ( $j = 0; $j < 64; $j++ ) {
+ $key .= substr( $chars, random_int( 0, $max ), 1 );
+ }
+ $secret_keys[] = $key;
}
- } else {
- $secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) );
- foreach ( $secret_keys as $k => $v ) {
- $secret_keys[$k] = substr( $v, 28, 64 );
+ } catch ( Exception $ex ) {
+ $no_api = isset( $_POST['noapi'] );
+
+ if ( ! $no_api ) {
+ $secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/salt/' );
+ }
+
+ if ( $no_api || is_wp_error( $secret_keys ) ) {
+ $secret_keys = array();
+ for ( $i = 0; $i < 8; $i++ ) {
+ $secret_keys[] = wp_generate_password( 64, true, true );
+ }
+ } else {
+ $secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) );
+ foreach ( $secret_keys as $k => $v ) {
+ $secret_keys[$k] = substr( $v, 28, 64 );
+ }
}
}
$key = 0;
- // Not a PHP5-style by-reference foreach, as this file must be parseable by PHP4.
foreach ( $config_file as $line_num => $line ) {
if ( '$table_prefix =' == substr( $line, 0, 16 ) ) {
$config_file[ $line_num ] = '$table_prefix = \'' . addcslashes( $prefix, "\\'" ) . "';\r\n";