From 7bafa5ee43607632b3449787ae492b2799037e36 Mon Sep 17 00:00:00 2001
From: dd32 <dd32@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Sun, 28 Mar 2010 01:57:45 +0000
Subject: [PATCH] Validate Table Prefix in wp-config.php generator. Props
 johnl1479. Fixes #12622

git-svn-id: http://svn.automattic.com/wordpress/trunk@13853 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/setup-config.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/wp-admin/setup-config.php b/wp-admin/setup-config.php
index 98618900c..6298ad5e7 100644
--- a/wp-admin/setup-config.php
+++ b/wp-admin/setup-config.php
@@ -157,7 +157,12 @@ switch($step) {
 	$passwrd = trim($_POST['pwd']);
 	$dbhost  = trim($_POST['dbhost']);
 	$prefix  = trim($_POST['prefix']);
-	if (empty($prefix)) $prefix = 'wp_';
+	if ( empty($prefix) )
+		$prefix = 'wp_';
+
+	// Validate $prefix: it can only contain letters, numbers and underscores 
+	if ( preg_match( '|[^a-z0-9_]|i', $prefix ) ) 
+		wp_die( /*WP_I18N_BAD_PREFIX*/'<strong>ERROR</strong>: "Table Prefix" can only contain numbers, letters, and underscores.'/*/WP_I18N_BAD_PREFIX*/ ); 
 
 	// Test the db connection.
 	/**#@+