Ticket #910 (closed defect: fixed)

Opened 4 years ago

Last modified 2 years ago

Wordpress allows dots in prefix

Reported by: anonymousbugger Assigned to: markjaquith
Priority: normal Milestone:
Component: General Version: 1.5
Severity: minor Keywords: bg|2nd-opinion bg|dev-feedback bg|needs-patch
Cc:

Description

I accidently tried a prefix like wp1.5_ and MySQL showed me a lot of errors in the second step of installation. Wordpress should not allow using characters which MySQL doesn't like.

MySQL v 4.0.23_Debian-6-log on Linux

Change History

02/18/05 17:06:06 changed by anonymousbugger

  • Patch set to No.

06/30/05 04:21:32 changed by markjaquith

  • keywords set to bg|2nd-opinion bg|dev-feedback.
  • owner changed from anonymous to markjaquith.
  • status changed from new to assigned.

What is a valid table name? a-z, 0-9, _ and - right? Something like this could work in install.php somewhere. Thoughts?

<?php // make sure the $table_prefix is valid if ( !preg_match('/[a-z0-9_\-]+$/i', $table_prefix))

die (('The table prefix you chose contains invalid characters. Please edit wp-config.php and ensure that the table prefix only contains letters, numbers, underscores, and dashes.'));

?>

06/30/05 17:46:19 changed by skippy

Dashes are not permitted without backticks. 

<?php
// make sure the $table_prefix is valid
if ( ( !preg_match('/^`[a-z0-9_\-]+`$/i', $table_prefix)) || 
 ( !preg_match('/^[a-z0-9_]+$/i', $table_prefix)) )

    die ('The table prefix you chose contains invalid characters. Please edit wp-config.php and ensure that the table prefix only contains letters, numbers, and underscores.');

?>

Note that explaining the requirement for backticks sufficiently complicates the explanatory note, so I dropped dashes from that. Folks who know can use dashes in backticks, and everyone can use underscores.

06/30/05 18:32:03 changed by markjaquith

Don't forget i18n. And you shouldn't be using because that will always be true 

<?php
// make sure the $table_prefix is valid
if ( ( !preg_match('/^`[a-z0-9_\-]+`$/i', $table_prefix)) && 
 ( !preg_match('/^[a-z0-9_]+$/i', $table_prefix)) )

    die (__('The table prefix you chose contains invalid characters. Please edit wp-config.php and ensure that the table prefix only contains letters, numbers, and underscores.'));

?>

06/30/05 18:32:43 changed by markjaquith

That should read: "shouldn't be using 'OR' (double pipes)"

06/30/05 18:34:49 changed by markjaquith

Oh... wait a tick (pun intended)... backticks have to be around the entire table name. This is just the prefix. Dashes are out, altogether without more changes in WP code. 

<?php
// make sure the $table_prefix is valid
if ( !preg_match('/^[a-z0-9_]+$/i', $table_prefix) )
    die (__('The table prefix you chose contains invalid characters. Please edit wp-config.php and ensure that the table prefix only contains letters, numbers, and underscores.'));

?>

07/01/05 03:31:30 changed by skippy

I agree -- alphanumeric plus underscores.

07/27/05 00:57:32 changed by markjaquith

  • keywords changed from bg|2nd-opinion bg|dev-feedback to bg|2nd-opinion bg|dev-feedback bg|needs-patch.
  • milestone set to 1.6.

Gotta make a patch for this.

08/03/05 00:46:58 changed by matt

  • status changed from assigned to closed.
  • resolution set to fixed.

(In [2745]) Note character restrictions, fixes #910

11/30/06 19:41:47 changed by

  • milestone deleted.

Milestone 2.0 deleted