Setup: Sanity check for invalid table prefixes.

There are some table prefixes (for example, `7e1_`), which MySQL will try and parse as values when they're note quoted in backticks. Because not everything remembers to quote their table names, it's best if we just discourage their use during setup. Fixes #36422. git-svn-id: https://develop.svn.wordpress.org/trunk@37581 602fd350-edb4-49c9-b593-d223f7449a82
2016-05-27 01:53:09 +00:00 · 2016-05-27 01:53:09 +00:00 · c7f8735698
parent ea970f17ad
commit c7f8735698
1 changed files with 6 additions and 0 deletions
--- a/src/wp-admin/setup-config.php
+++ b/src/wp-admin/setup-config.php
@ -278,6 +278,12 @@ switch($step) {
 	if ( ! empty( $wpdb->error ) )
 		wp_die( $wpdb->error->get_error_message() . $tryagain_link );

+	$wpdb->query( "SELECT $prefix" );
+	if ( ! $wpdb->last_error ) {
+		// MySQL was able to parse the prefix as a value, which we don't want. Bail.
+		wp_die( __( '<strong>ERROR</strong>: "Table Prefix" is invalid.' ) );
+	}
+
 	// Generate keys and salts using secure CSPRNG; fallback to API if enabled; further fallback to original wp_generate_password().
 	try {
 		$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_ []{}<>~`+=,.;:/?|';