mirror of
https://github.com/WordPress/WordPress.git
synced 2024-11-13 06:07:23 +01:00
0f28fc7aed
This changeset adds `spellcheck="false"` attribute to various password fields. The spellcheck global attribute defines whether the element may be checked for spelling errors. The `false` value indicates that the element should not be checked for spelling errors, which is relevant for a password field. Furthermore, and as per MDN specs, using spellchecking can have consequences for users' security and privacy. The specification does not regulate how spellchecking is done and the content of the element may be sent to a third party for spellchecking results. Thus, it is recommended to set `spellcheck` attribute to `false` for elements that can contain sensitive information. Which is the case for password fields. Props dziudek, audrasjb, gainesm, fosuahmed. Fixes #56763. Built from https://develop.svn.wordpress.org/trunk@55094 git-svn-id: http://core.svn.wordpress.org/trunk@54627 1a063a9b-81f0-0310-95a4-ce76da25c4cd
460 lines
17 KiB
PHP
460 lines
17 KiB
PHP
<?php
|
|
/**
|
|
* WordPress Installer
|
|
*
|
|
* @package WordPress
|
|
* @subpackage Administration
|
|
*/
|
|
|
|
// Sanity check.
|
|
if ( false ) {
|
|
?>
|
|
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<title>Error: PHP is not running</title>
|
|
</head>
|
|
<body class="wp-core-ui">
|
|
<p id="logo"><a href="https://wordpress.org/">WordPress</a></p>
|
|
<h1>Error: PHP is not running</h1>
|
|
<p>WordPress requires that your web server is running PHP. Your server does not have PHP installed, or PHP is turned off.</p>
|
|
</body>
|
|
</html>
|
|
<?php
|
|
}
|
|
|
|
/**
|
|
* We are installing WordPress.
|
|
*
|
|
* @since 1.5.1
|
|
* @var bool
|
|
*/
|
|
define( 'WP_INSTALLING', true );
|
|
|
|
/** Load WordPress Bootstrap */
|
|
require_once dirname( __DIR__ ) . '/wp-load.php';
|
|
|
|
/** Load WordPress Administration Upgrade API */
|
|
require_once ABSPATH . 'wp-admin/includes/upgrade.php';
|
|
|
|
/** Load WordPress Translation Install API */
|
|
require_once ABSPATH . 'wp-admin/includes/translation-install.php';
|
|
|
|
/** Load wpdb */
|
|
require_once ABSPATH . WPINC . '/class-wpdb.php';
|
|
|
|
nocache_headers();
|
|
|
|
$step = isset( $_GET['step'] ) ? (int) $_GET['step'] : 0;
|
|
|
|
/**
|
|
* Display installation header.
|
|
*
|
|
* @since 2.5.0
|
|
*
|
|
* @param string $body_classes
|
|
*/
|
|
function display_header( $body_classes = '' ) {
|
|
header( 'Content-Type: text/html; charset=utf-8' );
|
|
if ( is_rtl() ) {
|
|
$body_classes .= 'rtl';
|
|
}
|
|
if ( $body_classes ) {
|
|
$body_classes = ' ' . $body_classes;
|
|
}
|
|
?>
|
|
<!DOCTYPE html>
|
|
<html <?php language_attributes(); ?>>
|
|
<head>
|
|
<meta name="viewport" content="width=device-width" />
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="robots" content="noindex,nofollow" />
|
|
<title><?php _e( 'WordPress › Installation' ); ?></title>
|
|
<?php wp_admin_css( 'install', true ); ?>
|
|
</head>
|
|
<body class="wp-core-ui<?php echo $body_classes; ?>">
|
|
<p id="logo"><?php _e( 'WordPress' ); ?></p>
|
|
|
|
<?php
|
|
} // End display_header().
|
|
|
|
/**
|
|
* Displays installer setup form.
|
|
*
|
|
* @since 2.8.0
|
|
*
|
|
* @global wpdb $wpdb WordPress database abstraction object.
|
|
*
|
|
* @param string|null $error
|
|
*/
|
|
function display_setup_form( $error = null ) {
|
|
global $wpdb;
|
|
|
|
$user_table = ( $wpdb->get_var( $wpdb->prepare( 'SHOW TABLES LIKE %s', $wpdb->esc_like( $wpdb->users ) ) ) !== null );
|
|
|
|
// Ensure that sites appear in search engines by default.
|
|
$blog_public = 1;
|
|
if ( isset( $_POST['weblog_title'] ) ) {
|
|
$blog_public = isset( $_POST['blog_public'] ) ? (int) $_POST['blog_public'] : $blog_public;
|
|
}
|
|
|
|
$weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
|
|
$user_name = isset( $_POST['user_name'] ) ? trim( wp_unslash( $_POST['user_name'] ) ) : '';
|
|
$admin_email = isset( $_POST['admin_email'] ) ? trim( wp_unslash( $_POST['admin_email'] ) ) : '';
|
|
|
|
if ( ! is_null( $error ) ) {
|
|
?>
|
|
<h1><?php _ex( 'Welcome', 'Howdy' ); ?></h1>
|
|
<p class="message"><?php echo $error; ?></p>
|
|
<?php } ?>
|
|
<form id="setup" method="post" action="install.php?step=2" novalidate="novalidate">
|
|
<table class="form-table" role="presentation">
|
|
<tr>
|
|
<th scope="row"><label for="weblog_title"><?php _e( 'Site Title' ); ?></label></th>
|
|
<td><input name="weblog_title" type="text" id="weblog_title" size="25" value="<?php echo esc_attr( $weblog_title ); ?>" /></td>
|
|
</tr>
|
|
<tr>
|
|
<th scope="row"><label for="user_login"><?php _e( 'Username' ); ?></label></th>
|
|
<td>
|
|
<?php
|
|
if ( $user_table ) {
|
|
_e( 'User(s) already exists.' );
|
|
echo '<input name="user_name" type="hidden" value="admin" />';
|
|
} else {
|
|
?>
|
|
<input name="user_name" type="text" id="user_login" size="25" value="<?php echo esc_attr( sanitize_user( $user_name, true ) ); ?>" />
|
|
<p><?php _e( 'Usernames can have only alphanumeric characters, spaces, underscores, hyphens, periods, and the @ symbol.' ); ?></p>
|
|
<?php
|
|
}
|
|
?>
|
|
</td>
|
|
</tr>
|
|
<?php if ( ! $user_table ) : ?>
|
|
<tr class="form-field form-required user-pass1-wrap">
|
|
<th scope="row">
|
|
<label for="pass1">
|
|
<?php _e( 'Password' ); ?>
|
|
</label>
|
|
</th>
|
|
<td>
|
|
<div class="wp-pwd">
|
|
<?php $initial_password = isset( $_POST['admin_password'] ) ? stripslashes( $_POST['admin_password'] ) : wp_generate_password( 18 ); ?>
|
|
<input type="password" name="admin_password" id="pass1" class="regular-text" spellcheck="false" autocomplete="new-password" data-reveal="1" data-pw="<?php echo esc_attr( $initial_password ); ?>" aria-describedby="pass-strength-result" />
|
|
<button type="button" class="button wp-hide-pw hide-if-no-js" data-start-masked="<?php echo (int) isset( $_POST['admin_password'] ); ?>" data-toggle="0" aria-label="<?php esc_attr_e( 'Hide password' ); ?>">
|
|
<span class="dashicons dashicons-hidden"></span>
|
|
<span class="text"><?php _e( 'Hide' ); ?></span>
|
|
</button>
|
|
<div id="pass-strength-result" aria-live="polite"></div>
|
|
</div>
|
|
<p><span class="description important hide-if-no-js">
|
|
<strong><?php _e( 'Important:' ); ?></strong>
|
|
<?php /* translators: The non-breaking space prevents 1Password from thinking the text "log in" should trigger a password save prompt. */ ?>
|
|
<?php _e( 'You will need this password to log in. Please store it in a secure location.' ); ?></span></p>
|
|
</td>
|
|
</tr>
|
|
<tr class="form-field form-required user-pass2-wrap hide-if-js">
|
|
<th scope="row">
|
|
<label for="pass2"><?php _e( 'Repeat Password' ); ?>
|
|
<span class="description"><?php _e( '(required)' ); ?></span>
|
|
</label>
|
|
</th>
|
|
<td>
|
|
<input name="admin_password2" type="password" id="pass2" autocomplete="new-password" spellcheck="false" />
|
|
</td>
|
|
</tr>
|
|
<tr class="pw-weak">
|
|
<th scope="row"><?php _e( 'Confirm Password' ); ?></th>
|
|
<td>
|
|
<label>
|
|
<input type="checkbox" name="pw_weak" class="pw-checkbox" />
|
|
<?php _e( 'Confirm use of weak password' ); ?>
|
|
</label>
|
|
</td>
|
|
</tr>
|
|
<?php endif; ?>
|
|
<tr>
|
|
<th scope="row"><label for="admin_email"><?php _e( 'Your Email' ); ?></label></th>
|
|
<td><input name="admin_email" type="email" id="admin_email" size="25" value="<?php echo esc_attr( $admin_email ); ?>" />
|
|
<p><?php _e( 'Double-check your email address before continuing.' ); ?></p></td>
|
|
</tr>
|
|
<tr>
|
|
<th scope="row"><?php has_action( 'blog_privacy_selector' ) ? _e( 'Site visibility' ) : _e( 'Search engine visibility' ); ?></th>
|
|
<td>
|
|
<fieldset>
|
|
<legend class="screen-reader-text"><span><?php has_action( 'blog_privacy_selector' ) ? _e( 'Site visibility' ) : _e( 'Search engine visibility' ); ?> </span></legend>
|
|
<?php
|
|
if ( has_action( 'blog_privacy_selector' ) ) {
|
|
?>
|
|
<input id="blog-public" type="radio" name="blog_public" value="1" <?php checked( 1, $blog_public ); ?> />
|
|
<label for="blog-public"><?php _e( 'Allow search engines to index this site' ); ?></label><br />
|
|
<input id="blog-norobots" type="radio" name="blog_public" value="0" <?php checked( 0, $blog_public ); ?> />
|
|
<label for="blog-norobots"><?php _e( 'Discourage search engines from indexing this site' ); ?></label>
|
|
<p class="description"><?php _e( 'Note: Neither of these options blocks access to your site — it is up to search engines to honor your request.' ); ?></p>
|
|
<?php
|
|
/** This action is documented in wp-admin/options-reading.php */
|
|
do_action( 'blog_privacy_selector' );
|
|
} else {
|
|
?>
|
|
<label for="blog_public"><input name="blog_public" type="checkbox" id="blog_public" value="0" <?php checked( 0, $blog_public ); ?> />
|
|
<?php _e( 'Discourage search engines from indexing this site' ); ?></label>
|
|
<p class="description"><?php _e( 'It is up to search engines to honor this request.' ); ?></p>
|
|
<?php } ?>
|
|
</fieldset>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
<p class="step"><?php submit_button( __( 'Install WordPress' ), 'large', 'Submit', false, array( 'id' => 'submit' ) ); ?></p>
|
|
<input type="hidden" name="language" value="<?php echo isset( $_REQUEST['language'] ) ? esc_attr( $_REQUEST['language'] ) : ''; ?>" />
|
|
</form>
|
|
<?php
|
|
} // End display_setup_form().
|
|
|
|
// Let's check to make sure WP isn't already installed.
|
|
if ( is_blog_installed() ) {
|
|
display_header();
|
|
die(
|
|
'<h1>' . __( 'Already Installed' ) . '</h1>' .
|
|
'<p>' . __( 'You appear to have already installed WordPress. To reinstall please clear your old database tables first.' ) . '</p>' .
|
|
'<p class="step"><a href="' . esc_url( wp_login_url() ) . '" class="button button-large">' . __( 'Log In' ) . '</a></p>' .
|
|
'</body></html>'
|
|
);
|
|
}
|
|
|
|
/**
|
|
* @global string $wp_version The WordPress version string.
|
|
* @global string $required_php_version The required PHP version string.
|
|
* @global string $required_mysql_version The required MySQL version string.
|
|
* @global wpdb $wpdb WordPress database abstraction object.
|
|
*/
|
|
global $wp_version, $required_php_version, $required_mysql_version, $wpdb;
|
|
|
|
$php_version = PHP_VERSION;
|
|
$mysql_version = $wpdb->db_version();
|
|
$php_compat = version_compare( $php_version, $required_php_version, '>=' );
|
|
$mysql_compat = version_compare( $mysql_version, $required_mysql_version, '>=' ) || file_exists( WP_CONTENT_DIR . '/db.php' );
|
|
|
|
$version_url = sprintf(
|
|
/* translators: %s: WordPress version. */
|
|
esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
|
|
sanitize_title( $wp_version )
|
|
);
|
|
|
|
$php_update_message = '</p><p>' . sprintf(
|
|
/* translators: %s: URL to Update PHP page. */
|
|
__( '<a href="%s">Learn more about updating PHP</a>.' ),
|
|
esc_url( wp_get_update_php_url() )
|
|
);
|
|
|
|
$annotation = wp_get_update_php_annotation();
|
|
|
|
if ( $annotation ) {
|
|
$php_update_message .= '</p><p><em>' . $annotation . '</em>';
|
|
}
|
|
|
|
if ( ! $mysql_compat && ! $php_compat ) {
|
|
$compat = sprintf(
|
|
/* translators: 1: URL to WordPress release notes, 2: WordPress version number, 3: Minimum required PHP version number, 4: Minimum required MySQL version number, 5: Current PHP version number, 6: Current MySQL version number. */
|
|
__( 'You cannot install because <a href="%1$s">WordPress %2$s</a> requires PHP version %3$s or higher and MySQL version %4$s or higher. You are running PHP version %5$s and MySQL version %6$s.' ),
|
|
$version_url,
|
|
$wp_version,
|
|
$required_php_version,
|
|
$required_mysql_version,
|
|
$php_version,
|
|
$mysql_version
|
|
) . $php_update_message;
|
|
} elseif ( ! $php_compat ) {
|
|
$compat = sprintf(
|
|
/* translators: 1: URL to WordPress release notes, 2: WordPress version number, 3: Minimum required PHP version number, 4: Current PHP version number. */
|
|
__( 'You cannot install because <a href="%1$s">WordPress %2$s</a> requires PHP version %3$s or higher. You are running version %4$s.' ),
|
|
$version_url,
|
|
$wp_version,
|
|
$required_php_version,
|
|
$php_version
|
|
) . $php_update_message;
|
|
} elseif ( ! $mysql_compat ) {
|
|
$compat = sprintf(
|
|
/* translators: 1: URL to WordPress release notes, 2: WordPress version number, 3: Minimum required MySQL version number, 4: Current MySQL version number. */
|
|
__( 'You cannot install because <a href="%1$s">WordPress %2$s</a> requires MySQL version %3$s or higher. You are running version %4$s.' ),
|
|
$version_url,
|
|
$wp_version,
|
|
$required_mysql_version,
|
|
$mysql_version
|
|
);
|
|
}
|
|
|
|
if ( ! $mysql_compat || ! $php_compat ) {
|
|
display_header();
|
|
die( '<h1>' . __( 'Requirements Not Met' ) . '</h1><p>' . $compat . '</p></body></html>' );
|
|
}
|
|
|
|
if ( ! is_string( $wpdb->base_prefix ) || '' === $wpdb->base_prefix ) {
|
|
display_header();
|
|
die(
|
|
'<h1>' . __( 'Configuration Error' ) . '</h1>' .
|
|
'<p>' . sprintf(
|
|
/* translators: %s: wp-config.php */
|
|
__( 'Your %s file has an empty database table prefix, which is not supported.' ),
|
|
'<code>wp-config.php</code>'
|
|
) . '</p></body></html>'
|
|
);
|
|
}
|
|
|
|
// Set error message if DO_NOT_UPGRADE_GLOBAL_TABLES isn't set as it will break install.
|
|
if ( defined( 'DO_NOT_UPGRADE_GLOBAL_TABLES' ) ) {
|
|
display_header();
|
|
die(
|
|
'<h1>' . __( 'Configuration Error' ) . '</h1>' .
|
|
'<p>' . sprintf(
|
|
/* translators: %s: DO_NOT_UPGRADE_GLOBAL_TABLES */
|
|
__( 'The constant %s cannot be defined when installing WordPress.' ),
|
|
'<code>DO_NOT_UPGRADE_GLOBAL_TABLES</code>'
|
|
) . '</p></body></html>'
|
|
);
|
|
}
|
|
|
|
/**
|
|
* @global string $wp_local_package Locale code of the package.
|
|
* @global WP_Locale $wp_locale WordPress date and time locale object.
|
|
*/
|
|
$language = '';
|
|
if ( ! empty( $_REQUEST['language'] ) ) {
|
|
$language = preg_replace( '/[^a-zA-Z0-9_]/', '', $_REQUEST['language'] );
|
|
} elseif ( isset( $GLOBALS['wp_local_package'] ) ) {
|
|
$language = $GLOBALS['wp_local_package'];
|
|
}
|
|
|
|
$scripts_to_print = array( 'jquery' );
|
|
|
|
switch ( $step ) {
|
|
case 0: // Step 0.
|
|
if ( wp_can_install_language_pack() && empty( $language ) ) {
|
|
$languages = wp_get_available_translations();
|
|
if ( $languages ) {
|
|
$scripts_to_print[] = 'language-chooser';
|
|
display_header( 'language-chooser' );
|
|
echo '<form id="setup" method="post" action="?step=1">';
|
|
wp_install_language_form( $languages );
|
|
echo '</form>';
|
|
break;
|
|
}
|
|
}
|
|
|
|
// Deliberately fall through if we can't reach the translations API.
|
|
|
|
case 1: // Step 1, direct link or from language chooser.
|
|
if ( ! empty( $language ) ) {
|
|
$loaded_language = wp_download_language_pack( $language );
|
|
if ( $loaded_language ) {
|
|
load_default_textdomain( $loaded_language );
|
|
$GLOBALS['wp_locale'] = new WP_Locale();
|
|
}
|
|
}
|
|
|
|
$scripts_to_print[] = 'user-profile';
|
|
|
|
display_header();
|
|
?>
|
|
<h1><?php _ex( 'Welcome', 'Howdy' ); ?></h1>
|
|
<p><?php _e( 'Welcome to the famous five-minute WordPress installation process! Just fill in the information below and you’ll be on your way to using the most extendable and powerful personal publishing platform in the world.' ); ?></p>
|
|
|
|
<h2><?php _e( 'Information needed' ); ?></h2>
|
|
<p><?php _e( 'Please provide the following information. Do not worry, you can always change these settings later.' ); ?></p>
|
|
|
|
<?php
|
|
display_setup_form();
|
|
break;
|
|
case 2:
|
|
if ( ! empty( $language ) && load_default_textdomain( $language ) ) {
|
|
$loaded_language = $language;
|
|
$GLOBALS['wp_locale'] = new WP_Locale();
|
|
} else {
|
|
$loaded_language = 'en_US';
|
|
}
|
|
|
|
if ( ! empty( $wpdb->error ) ) {
|
|
wp_die( $wpdb->error->get_error_message() );
|
|
}
|
|
|
|
$scripts_to_print[] = 'user-profile';
|
|
|
|
display_header();
|
|
// Fill in the data we gathered.
|
|
$weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
|
|
$user_name = isset( $_POST['user_name'] ) ? trim( wp_unslash( $_POST['user_name'] ) ) : '';
|
|
$admin_password = isset( $_POST['admin_password'] ) ? wp_unslash( $_POST['admin_password'] ) : '';
|
|
$admin_password_check = isset( $_POST['admin_password2'] ) ? wp_unslash( $_POST['admin_password2'] ) : '';
|
|
$admin_email = isset( $_POST['admin_email'] ) ? trim( wp_unslash( $_POST['admin_email'] ) ) : '';
|
|
$public = isset( $_POST['blog_public'] ) ? (int) $_POST['blog_public'] : 1;
|
|
|
|
// Check email address.
|
|
$error = false;
|
|
if ( empty( $user_name ) ) {
|
|
// TODO: Poka-yoke.
|
|
display_setup_form( __( 'Please provide a valid username.' ) );
|
|
$error = true;
|
|
} elseif ( sanitize_user( $user_name, true ) !== $user_name ) {
|
|
display_setup_form( __( 'The username you provided has invalid characters.' ) );
|
|
$error = true;
|
|
} elseif ( $admin_password !== $admin_password_check ) {
|
|
// TODO: Poka-yoke.
|
|
display_setup_form( __( 'Your passwords do not match. Please try again.' ) );
|
|
$error = true;
|
|
} elseif ( empty( $admin_email ) ) {
|
|
// TODO: Poka-yoke.
|
|
display_setup_form( __( 'You must provide an email address.' ) );
|
|
$error = true;
|
|
} elseif ( ! is_email( $admin_email ) ) {
|
|
// TODO: Poka-yoke.
|
|
display_setup_form( __( 'Sorry, that is not a valid email address. Email addresses look like <code>username@example.com</code>.' ) );
|
|
$error = true;
|
|
}
|
|
|
|
if ( false === $error ) {
|
|
$wpdb->show_errors();
|
|
$result = wp_install( $weblog_title, $user_name, $admin_email, $public, '', wp_slash( $admin_password ), $loaded_language );
|
|
?>
|
|
|
|
<h1><?php _e( 'Success!' ); ?></h1>
|
|
|
|
<p><?php _e( 'WordPress has been installed. Thank you, and enjoy!' ); ?></p>
|
|
|
|
<table class="form-table install-success">
|
|
<tr>
|
|
<th><?php _e( 'Username' ); ?></th>
|
|
<td><?php echo esc_html( sanitize_user( $user_name, true ) ); ?></td>
|
|
</tr>
|
|
<tr>
|
|
<th><?php _e( 'Password' ); ?></th>
|
|
<td>
|
|
<?php if ( ! empty( $result['password'] ) && empty( $admin_password_check ) ) : ?>
|
|
<code><?php echo esc_html( $result['password'] ); ?></code><br />
|
|
<?php endif; ?>
|
|
<p><?php echo $result['password_message']; ?></p>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
|
|
<p class="step"><a href="<?php echo esc_url( wp_login_url() ); ?>" class="button button-large"><?php _e( 'Log In' ); ?></a></p>
|
|
|
|
<?php
|
|
}
|
|
break;
|
|
}
|
|
|
|
if ( ! wp_is_mobile() ) {
|
|
?>
|
|
<script type="text/javascript">var t = document.getElementById('weblog_title'); if (t){ t.focus(); }</script>
|
|
<?php
|
|
}
|
|
|
|
wp_print_scripts( $scripts_to_print );
|
|
?>
|
|
<script type="text/javascript">
|
|
jQuery( function( $ ) {
|
|
$( '.hide-if-no-js' ).removeClass( 'hide-if-no-js' );
|
|
} );
|
|
</script>
|
|
</body>
|
|
</html>
|