X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/80b7979fccf09a75af3f4c111fa27060ae6dbf85..245e789b234afa4525862e7a6e5e3c2e7a52ef20:/wp-admin/install.php diff --git a/wp-admin/install.php b/wp-admin/install.php index e39d1f4f..d29c8098 100644 --- a/wp-admin/install.php +++ b/wp-admin/install.php @@ -15,8 +15,8 @@ if ( false ) {
WordPress requires that your web server is running PHP. Your server does not have PHP installed, or PHP is turned off.
@@ -36,10 +36,10 @@ define( 'WP_INSTALLING', true ); require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' ); /** Load WordPress Administration Upgrade API */ -require_once( dirname( __FILE__ ) . '/includes/upgrade.php' ); +require_once( ABSPATH . 'wp-admin/includes/upgrade.php' ); /** Load wpdb */ -require_once(dirname(dirname(__FILE__)) . '/wp-includes/wp-db.php'); +require_once( ABSPATH . 'wp-includes/wp-db.php' ); $step = isset( $_GET['step'] ) ? (int) $_GET['step'] : 0; @@ -47,8 +47,6 @@ $step = isset( $_GET['step'] ) ? (int) $_GET['step'] : 0; * Display install header. * * @since 2.5.0 - * @package WordPress - * @subpackage Installer */ function display_header() { header( 'Content-Type: text/html; charset=utf-8' ); @@ -56,12 +54,15 @@ function display_header() { > +' . __( 'You appear to have already installed WordPress. To reinstall please clear your old database tables first.' ) . '
' ); + die( '' . __( 'You appear to have already installed WordPress. To reinstall please clear your old database tables first.' ) . '
' ); } $php_version = phpversion(); @@ -187,38 +187,38 @@ switch($step) { display_header(); // Fill in the data we gathered - $weblog_title = isset( $_POST['weblog_title'] ) ? trim( stripslashes( $_POST['weblog_title'] ) ) : ''; - $user_name = isset($_POST['user_name']) ? trim( stripslashes( $_POST['user_name'] ) ) : 'admin'; - $admin_password = isset($_POST['admin_password']) ? $_POST['admin_password'] : ''; - $admin_password_check = isset($_POST['admin_password2']) ? $_POST['admin_password2'] : ''; - $admin_email = isset( $_POST['admin_email'] ) ?trim( stripslashes( $_POST['admin_email'] ) ) : ''; + $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : ''; + $user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : ''; + $admin_password = isset($_POST['admin_password']) ? wp_unslash( $_POST['admin_password'] ) : ''; + $admin_password_check = isset($_POST['admin_password2']) ? wp_unslash( $_POST['admin_password2'] ) : ''; + $admin_email = isset( $_POST['admin_email'] ) ?trim( wp_unslash( $_POST['admin_email'] ) ) : ''; $public = isset( $_POST['blog_public'] ) ? (int) $_POST['blog_public'] : 0; // check e-mail address $error = false; if ( empty( $user_name ) ) { // TODO: poka-yoke - display_setup_form( __('you must provide a valid username.') ); + display_setup_form( __( 'Please provide a valid username.' ) ); $error = true; } elseif ( $user_name != sanitize_user( $user_name, true ) ) { - display_setup_form( __('the username you provided has invalid characters.') ); + display_setup_form( __( 'The username you provided has invalid characters.' ) ); $error = true; } elseif ( $admin_password != $admin_password_check ) { // TODO: poka-yoke - display_setup_form( __( 'your passwords do not match. Please try again' ) ); + display_setup_form( __( 'Your passwords do not match. Please try again.' ) ); $error = true; } else if ( empty( $admin_email ) ) { // TODO: poka-yoke - display_setup_form( __( 'you must provide an e-mail address.' ) ); + display_setup_form( __( 'You must provide an email address.' ) ); $error = true; } elseif ( ! is_email( $admin_email ) ) { // TODO: poka-yoke - display_setup_form( __( 'that isn’t a valid e-mail address. E-mail addresses look like:username@example.com
' ) );
+ display_setup_form( __( 'Sorry, that isn’t a valid email address. Email addresses look like username@example.com
.' ) );
$error = true;
}
if ( $error === false ) {
$wpdb->show_errors();
- $result = wp_install($weblog_title, $user_name, $admin_email, $public, '', $admin_password);
+ $result = wp_install($weblog_title, $user_name, $admin_email, $public, '', wp_slash( $admin_password ) );
extract( $result, EXTR_SKIP );
?>
@@ -241,14 +241,16 @@ switch($step) {
-
+
+