- if (empty($prefix)) $prefix = 'wp_';
-
- // Test the db connection.
- define('DB_NAME', $dbname);
- define('DB_USER', $uname);
- define('DB_PASSWORD', $passwrd);
- define('DB_HOST', $dbhost);
-
- // We'll fail here if the values are no good.
- require_once('../wp-includes/wp-db.php');
- $handle = fopen('../wp-config.php', 'w');
-
- foreach ($configFile as $line_num => $line) {
- switch (substr($line,0,16)) {
- case "define('DB_NAME'":
- fwrite($handle, str_replace("wordpress", $dbname, $line));
- break;
- case "define('DB_USER'":
- fwrite($handle, str_replace("'username'", "'$uname'", $line));
- break;
- case "define('DB_PASSW":
- fwrite($handle, str_replace("'password'", "'$passwrd'", $line));
- break;
- case "define('DB_HOST'":
- fwrite($handle, str_replace("localhost", $dbhost, $line));
- break;
+ if ( empty($prefix) )
+ $prefix = 'wp_';
+
+ // Validate $prefix: it can only contain letters, numbers and underscores
+ if ( preg_match( '|[^a-z0-9_]|i', $prefix ) )
+ wp_die( /*WP_I18N_BAD_PREFIX*/'<strong>ERROR</strong>: "Table Prefix" can only contain numbers, letters, and underscores.'/*/WP_I18N_BAD_PREFIX*/ );
+
+ // Test the db connection.
+ /**#@+
+ * @ignore
+ */
+ define('DB_NAME', $dbname);
+ define('DB_USER', $uname);
+ define('DB_PASSWORD', $passwrd);
+ define('DB_HOST', $dbhost);
+ /**#@-*/
+
+ // We'll fail here if the values are no good.
+ require_wp_db();
+ if ( ! empty( $wpdb->error ) ) {
+ $back = '<p class="step"><a href="setup-config.php?step=1" onclick="javascript:history.go(-1);return false;" class="button">Try Again</a></p>';
+ wp_die( $wpdb->error->get_error_message() . $back );
+ }
+
+ // Fetch or generate keys and salts.
+ $no_api = isset( $_POST['noapi'] );
+ require_once( ABSPATH . WPINC . '/plugin.php' );
+ require_once( ABSPATH . WPINC . '/l10n.php' );
+ require_once( ABSPATH . WPINC . '/pomo/translations.php' );
+ if ( ! $no_api ) {
+ require_once( ABSPATH . WPINC . '/class-http.php' );
+ require_once( ABSPATH . WPINC . '/http.php' );
+ wp_fix_server_vars();
+ /**#@+
+ * @ignore
+ */
+ function get_bloginfo() {
+ return ( ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . str_replace( $_SERVER['PHP_SELF'], '/wp-admin/setup-config.php', '' ) );
+ }
+ /**#@-*/
+ $secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/salt/' );
+ }
+
+ if ( $no_api || is_wp_error( $secret_keys ) ) {
+ $secret_keys = array();
+ require_once( ABSPATH . WPINC . '/pluggable.php' );
+ for ( $i = 0; $i < 8; $i++ ) {
+ $secret_keys[] = wp_generate_password( 64, true, true );
+ }
+ } else {
+ $secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) );
+ foreach ( $secret_keys as $k => $v ) {
+ $secret_keys[$k] = substr( $v, 28, 64 );
+ }
+ }
+ $key = 0;
+
+ foreach ($configFile as $line_num => $line) {
+ switch (substr($line,0,16)) {
+ case "define('DB_NAME'":
+ $configFile[$line_num] = str_replace("database_name_here", $dbname, $line);
+ break;
+ case "define('DB_USER'":
+ $configFile[$line_num] = str_replace("'username_here'", "'$uname'", $line);
+ break;
+ case "define('DB_PASSW":
+ $configFile[$line_num] = str_replace("'password_here'", "'$passwrd'", $line);
+ break;
+ case "define('DB_HOST'":
+ $configFile[$line_num] = str_replace("localhost", $dbhost, $line);
+ break;