WordPress 4.4
[autoinstalls/wordpress.git] / wp-admin / install.php
index edbc8c0136b354d69f4b9a99ac8e37b9bd0f9529..0e30ec0c915008a1cc683b7a11ee341890837bec 100644 (file)
 if ( false ) {
 ?>
 <!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml" >
+<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Error: PHP is not running</title>
 </head>
-<body>
-       <h1 id="logo"><img alt="WordPress" src="images/wordpress-logo.png" /></h1>
-       <h2>Error: PHP is not running</h2>
+<body class="wp-core-ui">
+       <p id="logo"><a href="https://wordpress.org/">WordPress</a></p>
+       <h1>Error: PHP is not running</h1>
        <p>WordPress requires that your web server is running PHP. Your server does not have PHP installed, or PHP is turned off.</p>
 </body>
 </html>
@@ -36,32 +36,48 @@ define( 'WP_INSTALLING', true );
 require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );
 
 /** Load WordPress Administration Upgrade API */
-require_once( dirname( __FILE__ ) . '/includes/upgrade.php' );
+require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
+
+/** Load WordPress Translation Install API */
+require_once( ABSPATH . 'wp-admin/includes/translation-install.php' );
 
 /** Load wpdb */
-require_once(dirname(dirname(__FILE__)) . '/wp-includes/wp-db.php');
+require_once( ABSPATH . WPINC . '/wp-db.php' );
+
+nocache_headers();
 
-$step = isset( $_GET['step'] ) ? $_GET['step'] : 0;
+$step = isset( $_GET['step'] ) ? (int) $_GET['step'] : 0;
 
 /**
  * Display install header.
  *
  * @since 2.5.0
- * @package WordPress
- * @subpackage Installer
+ *
+ * @param string $body_classes
  */
-function display_header() {
+function display_header( $body_classes = '' ) {
        header( 'Content-Type: text/html; charset=utf-8' );
+       if ( is_rtl() ) {
+               $body_classes .= 'rtl';
+       }
+       if ( $body_classes ) {
+               $body_classes = ' ' . $body_classes;
+       }
 ?>
 <!DOCTYPE html>
 <html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>>
 <head>
+       <meta name="viewport" content="width=device-width" />
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+       <meta name="robots" content="noindex,nofollow" />
        <title><?php _e( 'WordPress &rsaquo; Installation' ); ?></title>
-       <?php wp_admin_css( 'install', true ); ?>
+       <?php
+               wp_admin_css( 'install', true );
+               wp_admin_css( 'dashicons', true );
+       ?>
 </head>
-<body<?php if ( is_rtl() ) echo ' class="rtl"'; ?>>
-<h1 id="logo"><img alt="WordPress" src="images/wordpress-logo.png" /></h1>
+<body class="wp-core-ui<?php echo $body_classes ?>">
+<p id="logo"><a href="<?php echo esc_url( __( 'https://wordpress.org/' ) ); ?>" tabindex="-1"><?php _e( 'WordPress' ); ?></a></p>
 
 <?php
 } // end display_header()
@@ -70,71 +86,124 @@ function display_header() {
  * Display installer setup form.
  *
  * @since 2.8.0
- * @package WordPress
- * @subpackage Installer
+ *
+ * @param string|null $error
  */
 function display_setup_form( $error = null ) {
        global $wpdb;
-       $user_table = ( $wpdb->get_var("SHOW TABLES LIKE '$wpdb->users'") != null );
 
-       // Ensure that Blogs appear in search engines by default
+       $sql = $wpdb->prepare( "SHOW TABLES LIKE %s", $wpdb->esc_like( $wpdb->users ) );
+       $user_table = ( $wpdb->get_var( $sql ) != null );
+
+       // Ensure that Blogs appear in search engines by default.
        $blog_public = 1;
-       if ( ! empty( $_POST ) )
+       if ( isset( $_POST['weblog_title'] ) ) {
                $blog_public = isset( $_POST['blog_public'] );
+       }
 
-       $weblog_title = isset( $_POST['weblog_title'] ) ? trim( stripslashes( $_POST['weblog_title'] ) ) : '';
-       $user_name = isset($_POST['user_name']) ? trim( stripslashes( $_POST['user_name'] ) ) : 'admin';
-       $admin_password = isset($_POST['admin_password']) ? trim( stripslashes( $_POST['admin_password'] ) ) : '';
-       $admin_email  = isset( $_POST['admin_email']  ) ? trim( stripslashes( $_POST['admin_email'] ) ) : '';
+       $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
+       $user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : '';
+       $admin_email  = isset( $_POST['admin_email']  ) ? trim( wp_unslash( $_POST['admin_email'] ) ) : '';
 
        if ( ! is_null( $error ) ) {
 ?>
-<p class="message"><?php printf( __( '<strong>ERROR</strong>: %s' ), $error ); ?></p>
+<h1><?php _ex( 'Welcome', 'Howdy' ); ?></h1>
+<p class="message"><?php echo $error; ?></p>
 <?php } ?>
-<form id="setup" method="post" action="install.php?step=2">
+<form id="setup" method="post" action="install.php?step=2" novalidate="novalidate">
        <table class="form-table">
                <tr>
                        <th scope="row"><label for="weblog_title"><?php _e( 'Site Title' ); ?></label></th>
                        <td><input name="weblog_title" type="text" id="weblog_title" size="25" value="<?php echo esc_attr( $weblog_title ); ?>" /></td>
                </tr>
                <tr>
-                       <th scope="row"><label for="user_name"><?php _e('Username'); ?></label></th>
+                       <th scope="row"><label for="user_login"><?php _e('Username'); ?></label></th>
                        <td>
                        <?php
                        if ( $user_table ) {
                                _e('User(s) already exists.');
+                               echo '<input name="user_name" type="hidden" value="admin" />';
                        } else {
                                ?><input name="user_name" type="text" id="user_login" size="25" value="<?php echo esc_attr( sanitize_user( $user_name, true ) ); ?>" />
-                               <p><?php _e( 'Usernames can have only alphanumeric characters, spaces, underscores, hyphens, periods and the @ symbol.' ); ?></p>
+                               <p><?php _e( 'Usernames can have only alphanumeric characters, spaces, underscores, hyphens, periods, and the @ symbol.' ); ?></p>
                        <?php
                        } ?>
                        </td>
                </tr>
                <?php if ( ! $user_table ) : ?>
-               <tr>
+               <tr class="form-field form-required user-pass1-wrap">
                        <th scope="row">
-                               <label for="admin_password"><?php _e('Password, twice'); ?></label>
-                               <p><?php _e('A password will be automatically generated for you if you leave this blank.'); ?></p>
+                               <label for="pass1">
+                                       <?php _e( 'Password' ); ?>
+                               </label>
                        </th>
                        <td>
-                               <input name="admin_password" type="password" id="pass1" size="25" value="" />
-                               <p><input name="admin_password2" type="password" id="pass2" size="25" value="" /></p>
-                               <div id="pass-strength-result"><?php _e('Strength indicator'); ?></div>
-                               <p><?php _e('Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ &amp; ).'); ?></p>
+                               <div class="">
+                                       <?php $initial_password = isset( $_POST['admin_password'] ) ? stripslashes( $_POST['admin_password'] ) : wp_generate_password( 18 ); ?>
+                                       <input type="password" name="admin_password" id="pass1" class="regular-text" autocomplete="off" data-reveal="1" data-pw="<?php echo esc_attr( $initial_password ); ?>" aria-describedby="pass-strength-result" />
+                                       <button type="button" class="button button-secondary wp-hide-pw hide-if-no-js" data-start-masked="<?php echo (int) isset( $_POST['admin_password'] ); ?>" data-toggle="0" aria-label="<?php esc_attr_e( 'Hide password' ); ?>">
+                                               <span class="dashicons dashicons-hidden"></span>
+                                               <span class="text"><?php _e( 'Hide' ); ?></span>
+                                       </button>
+                                       <div id="pass-strength-result" aria-live="polite"></div>
+                               </div>
+                               <p><span class="description important hide-if-no-js">
+                               <strong><?php _e( 'Important:' ); ?></strong>
+                               <?php /* translators: The non-breaking space prevents 1Password from thinking the text "log in" should trigger a password save prompt. */ ?>
+                               <?php _e( 'You will need this password to log&nbsp;in. Please store it in a secure location.' ); ?></span></p>
+                       </td>
+               </tr>
+               <tr class="form-field form-required user-pass2-wrap hide-if-js">
+                       <th scope="row">
+                               <label for="pass2"><?php _e( 'Repeat Password' ); ?>
+                                       <span class="description"><?php _e( '(required)' ); ?></span>
+                               </label>
+                       </th>
+                       <td>
+                               <input name="admin_password2" type="password" id="pass2" autocomplete="off" />
+                       </td>
+               </tr>
+               <tr class="pw-weak">
+                       <th scope="row"><?php _e( 'Confirm Password' ); ?></th>
+                       <td>
+                               <label>
+                                       <input type="checkbox" name="pw_weak" class="pw-checkbox" />
+                                       <?php _e( 'Confirm use of weak password' ); ?>
+                               </label>
                        </td>
                </tr>
                <?php endif; ?>
                <tr>
-                       <th scope="row"><label for="admin_email"><?php _e( 'Your E-mail' ); ?></label></th>
-                       <td><input name="admin_email" type="text" id="admin_email" size="25" value="<?php echo esc_attr( $admin_email ); ?>" />
+                       <th scope="row"><label for="admin_email"><?php _e( 'Your Email' ); ?></label></th>
+                       <td><input name="admin_email" type="email" id="admin_email" size="25" value="<?php echo esc_attr( $admin_email ); ?>" />
                        <p><?php _e( 'Double-check your email address before continuing.' ); ?></p></td>
                </tr>
                <tr>
-                       <th scope="row"><label for="blog_public"><?php _e( 'Privacy' ); ?></label></th>
-                       <td colspan="2"><label><input type="checkbox" name="blog_public" value="1" <?php checked( $blog_public ); ?> /> <?php _e( 'Allow my site to appear in search engines like Google and Technorati.' ); ?></label></td>
+                       <th scope="row"><?php has_action( 'blog_privacy_selector' ) ? _e( 'Site Visibility' ) : _e( 'Search Engine Visibility' ); ?></th>
+                       <td>
+                               <fieldset>
+                                       <legend class="screen-reader-text"><span><?php has_action( 'blog_privacy_selector' ) ? _e( 'Site Visibility' ) : _e( 'Search Engine Visibility' ); ?> </span></legend>
+                                       <?php
+                                       if ( has_action( 'blog_privacy_selector' ) ) { ?>
+                                               <input id="blog-public" type="radio" name="blog_public" value="1" <?php checked( 1, $blog_public ); ?> />
+                                               <label for="blog-public"><?php _e( 'Allow search engines to index this site' );?></label><br/>
+                                               <input id="blog-norobots" type="radio" name="blog_public" value="0" <?php checked( 0, $blog_public ); ?> />
+                                               <label for="blog-norobots"><?php _e( 'Discourage search engines from indexing this site' ); ?></label>
+                                               <p class="description"><?php _e( 'Note: Neither of these options blocks access to your site &mdash; it is up to search engines to honor your request.' ); ?></p>
+                                               <?php
+                                               /** This action is documented in wp-admin/options-reading.php */
+                                               do_action( 'blog_privacy_selector' );
+                                        } else { ?>
+                                               <label for="blog_public"><input name="blog_public" type="checkbox" id="blog_public" value="0" <?php checked( 0, $blog_public ); ?> />
+                                               <?php _e( 'Discourage search engines from indexing this site' ); ?></label>
+                                               <p class="description"><?php _e( 'It is up to search engines to honor this request.' ); ?></p>
+                                       <?php } ?>
+                               </fieldset>
+                       </td>
                </tr>
        </table>
-       <p class="step"><input type="submit" name="Submit" value="<?php esc_attr_e( 'Install WordPress' ); ?>" class="button" /></p>
+       <p class="step"><?php submit_button( __( 'Install WordPress' ), 'large', 'Submit', false, array( 'id' => 'submit' ) ); ?></p>
+       <input type="hidden" name="language" value="<?php echo isset( $_REQUEST['language'] ) ? esc_attr( $_REQUEST['language'] ) : ''; ?>" />
 </form>
 <?php
 } // end display_setup_form()
@@ -142,79 +211,135 @@ function display_setup_form( $error = null ) {
 // Let's check to make sure WP isn't already installed.
 if ( is_blog_installed() ) {
        display_header();
-       die( '<h1>' . __( 'Already Installed' ) . '</h1><p>' . __( 'You appear to have already installed WordPress. To reinstall please clear your old database tables first.' ) . '</p><p class="step"><a href="../wp-login.php" class="button">' . __('Log In') . '</a></p></body></html>' );
+       die( '<h1>' . __( 'Already Installed' ) . '</h1><p>' . __( 'You appear to have already installed WordPress. To reinstall please clear your old database tables first.' ) . '</p><p class="step"><a href="' . esc_url( wp_login_url() ) . '" class="button button-large">' . __( 'Log In' ) . '</a></p></body></html>' );
 }
 
+/**
+ * @global string $wp_version
+ * @global string $required_php_version
+ * @global string $required_mysql_version
+ * @global wpdb   $wpdb
+ */
+global $wp_version, $required_php_version, $required_mysql_version;
+
 $php_version    = phpversion();
 $mysql_version  = $wpdb->db_version();
 $php_compat     = version_compare( $php_version, $required_php_version, '>=' );
 $mysql_compat   = version_compare( $mysql_version, $required_mysql_version, '>=' ) || file_exists( WP_CONTENT_DIR . '/db.php' );
 
 if ( !$mysql_compat && !$php_compat )
-       $compat = sprintf( __('You cannot install because <a href="http://codex.wordpress.org/Version_%1$s">WordPress %1$s</a> requires PHP version %2$s or higher and MySQL version %3$s or higher. You are running PHP version %4$s and MySQL version %5$s.'), $wp_version, $required_php_version, $required_mysql_version, $php_version, $mysql_version );
+       $compat = sprintf( __( 'You cannot install because <a href="https://codex.wordpress.org/Version_%1$s">WordPress %1$s</a> requires PHP version %2$s or higher and MySQL version %3$s or higher. You are running PHP version %4$s and MySQL version %5$s.' ), $wp_version, $required_php_version, $required_mysql_version, $php_version, $mysql_version );
 elseif ( !$php_compat )
-       $compat = sprintf( __('You cannot install because <a href="http://codex.wordpress.org/Version_%1$s">WordPress %1$s</a> requires PHP version %2$s or higher. You are running version %3$s.'), $wp_version, $required_php_version, $php_version );
+       $compat = sprintf( __( 'You cannot install because <a href="https://codex.wordpress.org/Version_%1$s">WordPress %1$s</a> requires PHP version %2$s or higher. You are running version %3$s.' ), $wp_version, $required_php_version, $php_version );
 elseif ( !$mysql_compat )
-       $compat = sprintf( __('You cannot install because <a href="http://codex.wordpress.org/Version_%1$s">WordPress %1$s</a> requires MySQL version %2$s or higher. You are running version %3$s.'), $wp_version, $required_mysql_version, $mysql_version );
+       $compat = sprintf( __( 'You cannot install because <a href="https://codex.wordpress.org/Version_%1$s">WordPress %1$s</a> requires MySQL version %2$s or higher. You are running version %3$s.' ), $wp_version, $required_mysql_version, $mysql_version );
 
 if ( !$mysql_compat || !$php_compat ) {
        display_header();
-       die('<h1>' . __('Insufficient Requirements') . '</h1><p>' . $compat . '</p></body></html>');
+       die( '<h1>' . __( 'Insufficient Requirements' ) . '</h1><p>' . $compat . '</p></body></html>' );
+}
+
+if ( ! is_string( $wpdb->base_prefix ) || '' === $wpdb->base_prefix ) {
+       display_header();
+       die( '<h1>' . __( 'Configuration Error' ) . '</h1><p>' . __( 'Your <code>wp-config.php</code> file has an empty database table prefix, which is not supported.' ) . '</p></body></html>' );
+}
+
+// Set error message if DO_NOT_UPGRADE_GLOBAL_TABLES isn't set as it will break install.
+if ( defined( 'DO_NOT_UPGRADE_GLOBAL_TABLES' ) ) {
+       display_header();
+       die( '<h1>' . __( 'Configuration Error' ) . '</h1><p>' . __( 'The constant DO_NOT_UPGRADE_GLOBAL_TABLES cannot be defined when installing WordPress.' ) . '</p></body></html>' );
+}
+
+/**
+ * @global string    $wp_local_package
+ * @global WP_Locale $wp_locale
+ */
+$language = '';
+if ( ! empty( $_REQUEST['language'] ) ) {
+       $language = preg_replace( '/[^a-zA-Z_]/', '', $_REQUEST['language'] );
+} elseif ( isset( $GLOBALS['wp_local_package'] ) ) {
+       $language = $GLOBALS['wp_local_package'];
 }
 
 switch($step) {
-       case 0: // Step 1
-       case 1: // Step 1, direct link.
-         display_header();
+       case 0: // Step 0
+
+               if ( wp_can_install_language_pack() && empty( $language ) && ( $languages = wp_get_available_translations() ) ) {
+                       display_header( 'language-chooser' );
+                       echo '<form id="setup" method="post" action="?step=1">';
+                       wp_install_language_form( $languages );
+                       echo '</form>';
+                       break;
+               }
+
+               // Deliberately fall through if we can't reach the translations API.
+
+       case 1: // Step 1, direct link or from language chooser.
+               if ( ! empty( $language ) ) {
+                       $loaded_language = wp_download_language_pack( $language );
+                       if ( $loaded_language ) {
+                               load_default_textdomain( $loaded_language );
+                               $GLOBALS['wp_locale'] = new WP_Locale();
+                       }
+               }
+
+               display_header();
 ?>
-<h1><?php _e( 'Welcome' ); ?></h1>
-<p><?php printf( __( 'Welcome to the famous five minute WordPress installation process! You may want to browse the <a href="%s">ReadMe documentation</a> at your leisure. Otherwise, just fill in the information below and you&#8217;ll be on your way to using the most extendable and powerful personal publishing platform in the world.' ), '../readme.html' ); ?></p>
+<h1><?php _ex( 'Welcome', 'Howdy' ); ?></h1>
+<p><?php _e( 'Welcome to the famous five-minute WordPress installation process! Just fill in the information below and you&#8217;ll be on your way to using the most extendable and powerful personal publishing platform in the world.' ); ?></p>
 
-<h1><?php _e( 'Information needed' ); ?></h1>
+<h2><?php _e( 'Information needed' ); ?></h2>
 <p><?php _e( 'Please provide the following information. Don&#8217;t worry, you can always change these settings later.' ); ?></p>
 
 <?php
                display_setup_form();
                break;
        case 2:
+               if ( ! empty( $language ) && load_default_textdomain( $language ) ) {
+                       $loaded_language = $language;
+                       $GLOBALS['wp_locale'] = new WP_Locale();
+               } else {
+                       $loaded_language = 'en_US';
+               }
+
                if ( ! empty( $wpdb->error ) )
                        wp_die( $wpdb->error->get_error_message() );
 
                display_header();
                // Fill in the data we gathered
-               $weblog_title = isset( $_POST['weblog_title'] ) ? trim( stripslashes( $_POST['weblog_title'] ) ) : '';
-               $user_name = isset($_POST['user_name']) ? trim( stripslashes( $_POST['user_name'] ) ) : 'admin';
-               $admin_password = isset($_POST['admin_password']) ? $_POST['admin_password'] : '';
-               $admin_password_check = isset($_POST['admin_password2']) ? $_POST['admin_password2'] : '';
-               $admin_email  = isset( $_POST['admin_email']  ) ?trim( stripslashes( $_POST['admin_email'] ) ) : '';
-               $public       = isset( $_POST['blog_public']  ) ? (int) $_POST['blog_public'] : 0;
-               // check e-mail address
+               $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
+               $user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : '';
+               $admin_password = isset($_POST['admin_password']) ? wp_unslash( $_POST['admin_password'] ) : '';
+               $admin_password_check = isset($_POST['admin_password2']) ? wp_unslash( $_POST['admin_password2'] ) : '';
+               $admin_email  = isset( $_POST['admin_email'] ) ?trim( wp_unslash( $_POST['admin_email'] ) ) : '';
+               $public       = isset( $_POST['blog_public'] ) ? (int) $_POST['blog_public'] : 1;
+
+               // Check email address.
                $error = false;
                if ( empty( $user_name ) ) {
                        // TODO: poka-yoke
-                       display_setup_form( __('you must provide a valid username.') );
+                       display_setup_form( __( 'Please provide a valid username.' ) );
                        $error = true;
                } elseif ( $user_name != sanitize_user( $user_name, true ) ) {
-                       display_setup_form( __('the username you provided has invalid characters.') );
+                       display_setup_form( __( 'The username you provided has invalid characters.' ) );
                        $error = true;
                } elseif ( $admin_password != $admin_password_check ) {
                        // TODO: poka-yoke
-                       display_setup_form( __( 'your passwords do not match. Please try again' ) );
+                       display_setup_form( __( 'Your passwords do not match. Please try again.' ) );
                        $error = true;
-               } else if ( empty( $admin_email ) ) {
+               } elseif ( empty( $admin_email ) ) {
                        // TODO: poka-yoke
-                       display_setup_form( __( 'you must provide an e-mail address.' ) );
+                       display_setup_form( __( 'You must provide an email address.' ) );
                        $error = true;
                } elseif ( ! is_email( $admin_email ) ) {
                        // TODO: poka-yoke
-                       display_setup_form( __( 'that isn&#8217;t a valid e-mail address.  E-mail addresses look like: <code>username@example.com</code>' ) );
+                       display_setup_form( __( 'Sorry, that isn&#8217;t a valid email address. Email addresses look like <code>username@example.com</code>.' ) );
                        $error = true;
                }
 
                if ( $error === false ) {
                        $wpdb->show_errors();
-                       $result = wp_install($weblog_title, $user_name, $admin_email, $public, '', $admin_password);
-                       extract( $result, EXTR_SKIP );
+                       $result = wp_install( $weblog_title, $user_name, $admin_email, $public, '', wp_slash( $admin_password ), $loaded_language );
 ?>
 
 <h1><?php _e( 'Success!' ); ?></h1>
@@ -229,21 +354,30 @@ switch($step) {
        <tr>
                <th><?php _e( 'Password' ); ?></th>
                <td><?php
-               if ( ! empty( $password ) && empty($admin_password_check) )
-                       echo '<code>'. esc_html($password) .'</code><br />';
-               echo "<p>$password_message</p>"; ?>
+               if ( ! empty( $result['password'] ) && empty( $admin_password_check ) ): ?>
+                       <code><?php echo esc_html( $result['password'] ) ?></code><br />
+               <?php endif ?>
+                       <p><?php echo $result['password_message'] ?></p>
                </td>
        </tr>
 </table>
 
-<p class="step"><a href="../wp-login.php" class="button"><?php _e( 'Log In' ); ?></a></p>
+<p class="step"><a href="<?php echo esc_url( wp_login_url() ); ?>" class="button button-large"><?php _e( 'Log In' ); ?></a></p>
 
 <?php
                }
                break;
 }
+if ( !wp_is_mobile() ) {
 ?>
 <script type="text/javascript">var t = document.getElementById('weblog_title'); if (t){ t.focus(); }</script>
+<?php } ?>
 <?php wp_print_scripts( 'user-profile' ); ?>
+<?php wp_print_scripts( 'language-chooser' ); ?>
+<script type="text/javascript">
+jQuery( function( $ ) {
+       $( '.hide-if-no-js' ).removeClass( 'hide-if-no-js' );
+} );
+</script>
 </body>
 </html>