From 65b33d260819604dfb5b14772f33388389868299 Mon Sep 17 00:00:00 2001
From: Dion Hulse <dd32@git.wordpress.org>
Date: Sun, 28 Mar 2010 01:57:45 +0000
Subject: [PATCH] Validate Table Prefix in wp-config.php generator. Props
 johnl1479. Fixes #12622

git-svn-id: https://develop.svn.wordpress.org/trunk@13853 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-admin/setup-config.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/wp-admin/setup-config.php b/wp-admin/setup-config.php
index 98618900cb..6298ad5e75 100644
--- a/wp-admin/setup-config.php
+++ b/wp-admin/setup-config.php
@@ -157,7 +157,12 @@ switch($step) {
 	$passwrd = trim($_POST['pwd']);
 	$dbhost  = trim($_POST['dbhost']);
 	$prefix  = trim($_POST['prefix']);
-	if (empty($prefix)) $prefix = 'wp_';
+	if ( empty($prefix) )
+		$prefix = 'wp_';
+
+	// Validate $prefix: it can only contain letters, numbers and underscores 
+	if ( preg_match( '|[^a-z0-9_]|i', $prefix ) ) 
+		wp_die( /*WP_I18N_BAD_PREFIX*/'<strong>ERROR</strong>: "Table Prefix" can only contain numbers, letters, and underscores.'/*/WP_I18N_BAD_PREFIX*/ ); 
 
 	// Test the db connection.
 	/**#@+