- $dbname = trim($_POST['dbname']);
- $uname = trim($_POST['uname']);
- $passwrd = trim($_POST['pwd']);
- $dbhost = trim($_POST['dbhost']);
- $prefix = trim($_POST['prefix']);
- if (empty($prefix)) $prefix = 'wp_';
-
- // Test the db connection.
- define('DB_NAME', $dbname);
- define('DB_USER', $uname);
- define('DB_PASSWORD', $passwrd);
- define('DB_HOST', $dbhost);
-
- // We'll fail here if the values are no good.
- require_once('../wp-includes/wp-db.php');
- $handle = fopen('../wp-config.php', 'w');
-
- foreach ($configFile as $line_num => $line) {
- switch (substr($line,0,16)) {
- case "define('DB_NAME'":
- fwrite($handle, str_replace("wordpress", $dbname, $line));
- break;
- case "define('DB_USER'":
- fwrite($handle, str_replace("'username'", "'$uname'", $line));
- break;
- case "define('DB_PASSW":
- fwrite($handle, str_replace("'password'", "'$passwrd'", $line));
- break;
- case "define('DB_HOST'":
- fwrite($handle, str_replace("localhost", $dbhost, $line));
- break;
- case '$table_prefix =':
- fwrite($handle, str_replace('wp_', $prefix, $line));
+ load_default_textdomain( $language );
+ $GLOBALS['wp_locale'] = new WP_Locale();
+
+ $dbname = trim( wp_unslash( $_POST[ 'dbname' ] ) );
+ $uname = trim( wp_unslash( $_POST[ 'uname' ] ) );
+ $pwd = trim( wp_unslash( $_POST[ 'pwd' ] ) );
+ $dbhost = trim( wp_unslash( $_POST[ 'dbhost' ] ) );
+ $prefix = trim( wp_unslash( $_POST[ 'prefix' ] ) );
+
+ $step_1 = 'setup-config.php?step=1';
+ $install = 'install.php';
+ if ( isset( $_REQUEST['noapi'] ) ) {
+ $step_1 .= '&noapi';
+ }
+
+ if ( ! empty( $language ) ) {
+ $step_1 .= '&language=' . $language;
+ $install .= '?language=' . $language;
+ } else {
+ $install .= '?language=en_US';
+ }
+
+ $tryagain_link = '</p><p class="step"><a href="' . $step_1 . '" onclick="javascript:history.go(-1);return false;" class="button button-large">' . __( 'Try again' ) . '</a>';
+
+ if ( empty( $prefix ) )
+ wp_die( __( '<strong>ERROR</strong>: "Table Prefix" must not be empty.' . $tryagain_link ) );
+
+ // Validate $prefix: it can only contain letters, numbers and underscores.
+ if ( preg_match( '|[^a-z0-9_]|i', $prefix ) )
+ wp_die( __( '<strong>ERROR</strong>: "Table Prefix" can only contain numbers, letters, and underscores.' . $tryagain_link ) );
+
+ // Test the db connection.
+ /**#@+
+ * @ignore
+ */
+ define('DB_NAME', $dbname);
+ define('DB_USER', $uname);
+ define('DB_PASSWORD', $pwd);
+ define('DB_HOST', $dbhost);
+ /**#@-*/
+
+ // Re-construct $wpdb with these new values.
+ unset( $wpdb );
+ require_wp_db();
+
+ /*
+ * The wpdb constructor bails when WP_SETUP_CONFIG is set, so we must
+ * fire this manually. We'll fail here if the values are no good.
+ */
+ $wpdb->db_connect();
+
+ if ( ! empty( $wpdb->error ) )
+ wp_die( $wpdb->error->get_error_message() . $tryagain_link );
+
+ // Fetch or generate keys and salts.
+ $no_api = isset( $_POST['noapi'] );
+ if ( ! $no_api ) {
+ $secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/salt/' );
+ }
+
+ if ( $no_api || is_wp_error( $secret_keys ) ) {
+ $secret_keys = array();
+ for ( $i = 0; $i < 8; $i++ ) {
+ $secret_keys[] = wp_generate_password( 64, true, true );
+ }
+ } else {
+ $secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) );
+ foreach ( $secret_keys as $k => $v ) {
+ $secret_keys[$k] = substr( $v, 28, 64 );
+ }
+ }
+
+ $key = 0;
+ // Not a PHP5-style by-reference foreach, as this file must be parseable by PHP4.
+ foreach ( $config_file as $line_num => $line ) {
+ if ( '$table_prefix =' == substr( $line, 0, 16 ) ) {
+ $config_file[ $line_num ] = '$table_prefix = \'' . addcslashes( $prefix, "\\'" ) . "';\r\n";
+ continue;
+ }
+
+ if ( ! preg_match( '/^define\(\'([A-Z_]+)\',([ ]+)/', $line, $match ) )
+ continue;
+
+ $constant = $match[1];
+ $padding = $match[2];
+
+ switch ( $constant ) {
+ case 'DB_NAME' :
+ case 'DB_USER' :
+ case 'DB_PASSWORD' :
+ case 'DB_HOST' :
+ $config_file[ $line_num ] = "define('" . $constant . "'," . $padding . "'" . addcslashes( constant( $constant ), "\\'" ) . "');\r\n";
+ break;
+ case 'DB_CHARSET' :
+ if ( 'utf8mb4' === $wpdb->charset || ( ! $wpdb->charset && $wpdb->has_cap( 'utf8mb4' ) ) ) {
+ $config_file[ $line_num ] = "define('" . $constant . "'," . $padding . "'utf8mb4');\r\n";
+ }